Skip to main content

How to Restore Azure AD-Joined VMs and Maintain Azure AD Connectivity

How to Restore Azure AD-Joined VMs and Maintain Azure AD Connectivity

Updated today

Overview

This article addresses an issue where Azure AD-joined virtual machines (VMs) lose their Azure AD connectivity after being restored from a Druva backup.

This typically occurs because the restoration process (Phase-1) focuses on restoring the VM and its data, but does not automatically re-apply original source VM configurations, such as specific extensions and public IPs. The automatic application of these settings is slated for a future product enhancement (Phase-2) and is not currently supported by Druva.

Target Audience: This article is intended for Cloud Administrators and Infrastructure Engineers who need to restore access to Azure AD-integrated workloads.

Related Error Messages:

  • "The sign-in method you're trying to use isn't allowed" during RDP/SSH attempts.

  • "The account is not authorized to log in from this station" when attempting Azure AD credential login.

Procedures Covered:

  1. Re-enabling Azure AD Login on a Restored VM

Re-enabling Azure AD Login on a Restored VM

The following procedure outlines the manual steps required to re-establish the trust relationship between the restored VM and Azure Active Directory.

Prerequisites

  • The Azure VM has been successfully restored from a backup.

  • You have administrative access to the Azure subscription and the restored VM.

  • You must have Managed Identity Operator and Virtual Machine Contributor roles assigned on the restored VM's resource group.

Steps

1. Enable System-Assigned Managed Identity

This action creates a unique identity for the restored VM in Azure AD, allowing it to authenticate with Azure services.

  1. In the Azure portal, navigate to the restored VM.

  2. Under the Settings section in the left-hand sidebar, select Identity.

  3. Set the Status to On under the System assigned tab.

  4. Click Save and select Yes to confirm.

2. Add the Azure AD Login Extension

The extension is the software component that allows the OS to process Azure AD credentials.

  1. In the Azure portal, navigate to the restored VM's overview page.

  2. Under Settings, select Extensions + applications.

  3. Click + Add.

  4. Search for "AAD" or "Azure AD" and select the appropriate version:

    • Azure AD-based login for Windows

    • Azure AD-based login for Linux

  5. Click Review + create, then Create.

3. Assign a Public IP (Optional)

If the original source VM relied on a Public IP for connectivity, this must be manually associated with the new Network Interface (NIC) created during restore.

  1. Navigate to the restored VM's Networking settings.

  2. Select the Network Interface associated with the VM.

  3. Under Settings, click on IP configurations.

  4. Click on the primary IP configuration (e.g., ipconfig1).

  5. Set Public IP address to Associate and select the appropriate IP address.

  6. Click Save.

Related Articles
How to back up VMs in Azure VMware Solution
Restore Azure virtual machines
Azure VM FAQs
Restore of Azure VM to another subscription fails
Druva Supportability Matrix for Azure VMs with Different Disk Encryption Types
Did this answer your question?