Support RDP to Entra Joined windows machines

[SamStenton]

Is your feature request related to a problem? Please describe. For Windows VMs we often join them to Microsoft AAD/Entra and enforce SSO with people's user accounts instead of local users. On a Mac this is achieved using the enablerdsaadauth RDP parameter.

Achieving this without Boundary on a Mac can be done with the following RDP uri:

open -W -u 'rdp://full%20address=s%3A{{my_azure_ad_joined_machine}}%3A3389&enablerdsaadauth=i%3A1'

Result

Providing the username= param will pre-populate and jump straight through to SSO.

Describe the solution you'd like I'm unsure if feasible, but a credential store or the ability to pass through additional RDP parameters enabling enablerdsaadauth would be what is needed.

Describe alternatives you've considered As expected, doing the following just ignores the extra param and prompts for username/password:

boundary connect -exec open -target-id ttcp_oaKprXtMlf -- -n -W rdp://full%20address=s={{boundary.addr}}&enablerdsaadauth=i%3A1

Explain any additional use-cases I've not tested the experience on a Windows clients, nor have I explored AAD login to linux boxes.

Additional context Boundary is awesome for our Linux machines, but for AAD Joined machines it's a no-go for us until a solution like this works.

[learhy]

Hi Sam,

Sorry about the relative quiet on this one. We were reviewing this recently and the question was asked if you’ve tried this with a two-step process like:

$ boundary connect -target-id ttcp_oaKprXtMlf

$ open -W -u 'rdp://127.0.0.1%3A{{local-port}}%3A3389&enablerdsaadauth=i%3A1'

Dan