Like many of us working in modern IT environments, I’ve been looking for a way to streamline my tools — and that includes consolidating my desktop into a Linux-based setup. But I ran into a snag: connecting via Remote Desktop to a Windows 11 machine that’s joined to Entra ID (Azure Active Directory) and requires modern Web Authentication and MFA.
In a typical Windows environment, this works flawlessly using mstsc.exe, the built-in Remote Desktop client. But I wanted to see if there was any way to get mstsc.exe working under Linux, or if there were viable alternatives that support the same level of security and user experience.
Update: So this is now working and you can see that post over here!
Meanwhile, please check this article for the struggles I’ve had and please remember to leave a comment!
So, I turned to ChatGPT to walk through the options. Here’s what I found.
The Goal
- Connect from a Linux machine to a Windows 11 PC joined to Entra ID.
- Authenticate using modern WebAuthN credentials (the web login and MFA prompt).
- Avoid falling back to NTLM or legacy authentication, which would mark the device as non-compliant.
- Retain full RDP features like Teams redirection, webcam/mic support, and secure credential brokering.
What ChatGPT Helped Me Uncover
ChatGPT guided me through all the technical options, laid out the pros and cons, and explained why this just doesn’t work natively on Linux today.
What I Tried (or Considered)
- Running mstsc.exe via Wine
Doesn’t work — fails due to missing COM interfaces and WebView2 components. - Native Linux RDP Clients (Remmina, FreeRDP)
Work well with NTLM/NLA, but no support for Entra ID WebAuthN login. - Dockerized or Containerized mstsc.exe
Same issues as Wine, no COM/WebView2 support. - Windows VM on Linux
Works with passthrough but introduces latency and webcam/mic issues. - Setting up an RDS Gateway Server
Helpful for tunneling, but still no WebAuthN/Azure login unless hybrid-joined and configured with NPS + MFA.
Why This Doesn’t Work
COM and WebView2 Are Windows-Only
ChatGPT explained the core blockers:
- COM is a Windows-only architecture and can’t be replicated meaningfully in Wine.
- WebView2 depends on the Windows Edge runtime and Windows APIs.
mstsc.exeuses both to invoke the Azure AD login, credential broker, and modern MFA experiences.
What Does Work
| Option | Status | Notes |
|---|---|---|
| Native mstsc.exe on Windows | ✅ | Works fully with Entra ID and Teams redirection |
| Windows VM on Linux | ✅ | Functional, but with performance/mic/webcam passthrough issues |
| Remmina / FreeRDP | ❌ | No support for WebAuthN or AAD login |
| HTML5 RDP via Windows 365 / AVD | ✅ | Browser-based, supports SSO + MFA, no mstsc.exe needed |
| Azure Bastion | ✅ | Secure but limited — not suitable for Teams calls or webcam use |
Final Takeaway
If you need to RDP into an Entra ID-joined Windows 11 device using WebAuthN and Conditional Access, you’ll need to do it from Windows.
Linux just isn’t there yet — not because it lacks RDP clients, but because Microsoft’s modern authentication stack (COM, WebView2, Azure SSO) is deeply tied to Windows internals and not available cross-platform.
That said, ChatGPT saved me hours of research by breaking this all down in a clear, structured way — helping me eliminate dead ends and understand why things behave the way they do.
Have you hit this same limitation? Let me know how you’ve worked around it — or if you’ve spotted any progress in the Linux RDP world that I missed!
Or check out my other Linux articles here!
Update 10th March 2026
So I won’t let this die until it will work so from time to time I will check in to see if it’s been fixed or build for Linux so I can eventually ditch Windows.
While doing some research, I’ve found the best example of this XKCD comic.
support for fido2/webauthn virtual channel protocol · Issue #8730 · FreeRDP/FreeRDP
In this GitHub Issue, we see that SBDJUK seems to have a working solution to this issue. But then no update since Jan 2024. Plenty of members try to get a response, but nothing.
Hopefully one day we will get an answer or working solution.
This worked for my RDP-from-Linux-to-Windows requirements: https://gist.github.com/savaged/99ee2a293df64c3abd9e9f1ddb6a4ca8
Hey, thanks for the comment. I’m unable to disable NTLM on my work device which is the main problem. On other devices I’ve disabled NTLM and it’s worked fine. WebAuth is the problem in this case.
It does work with freerdp, at least in a very clunky state now:
You need to use the /sec:aad flag:
xfreerdp3 /v: /u: /sec:aad /dynamic-resolution
Then you get a prompt with a URL. You paste that in the MS authenticated browser. Now the page might fail there, showing an error. So, you have to have the Browser-Dev tools open. Then copy the URL it redirected right into the freerdp terminal.
Yes, this is super, super alpha. But there is hope as some point it will be more polished.
Is there a particular version of xFreeRDP3 that you need for this?
Works for me with 3.24.2
Definitely is clunky, but it works. I was able to use the .rdp file copied from my windows device with `xfreerdp3 connection.rdp` Then watch the console output for an authentication link, authenticate, and paste the redirected link back in.