Like many of us working in modern IT environments, I’ve been looking for a way to streamline my tools — and that includes consolidating my desktop into a Linux-based setup. But I ran into a snag: connecting via Remote Desktop to a Windows 11 machine that’s joined to Entra ID (Azure Active Directory) and requires modern Web Authentication and MFA.
In a typical Windows environment, this works flawlessly using mstsc.exe
, the built-in Remote Desktop client. But I wanted to see if there was any way to get mstsc.exe
working under Linux, or if there were viable alternatives that support the same level of security and user experience.
So, I turned to ChatGPT to walk through the options. Here’s what I found.
The Goal
- Connect from a Linux machine to a Windows 11 PC joined to Entra ID.
- Authenticate using modern WebAuthN credentials (the web login and MFA prompt).
- Avoid falling back to NTLM or legacy authentication, which would mark the device as non-compliant.
- Retain full RDP features like Teams redirection, webcam/mic support, and secure credential brokering.
What ChatGPT Helped Me Uncover
ChatGPT guided me through all the technical options, laid out the pros and cons, and explained why this just doesn’t work natively on Linux today.
What I Tried (or Considered)
- Running mstsc.exe via Wine
❌ Doesn’t work — fails due to missing COM interfaces and WebView2 components. - Native Linux RDP Clients (Remmina, FreeRDP)
✅ Work well with NTLM/NLA, but ❌ no support for Entra ID WebAuthN login. - Dockerized or Containerized mstsc.exe
❌ Same issues as Wine — no COM/WebView2 support. - Windows VM on Linux
✅ Works with passthrough, but ⚠️ introduces latency and webcam/mic issues. - Setting up an RDS Gateway Server
✅ Helpful for tunneling, but ❌ still no WebAuthN/Azure login unless hybrid-joined and configured with NPS + MFA.
Why This Doesn’t Work
COM and WebView2 Are Windows-Only
ChatGPT explained the core blockers:
- COM is a Windows-only architecture and can’t be replicated meaningfully in Wine.
- WebView2 depends on the Windows Edge runtime and Windows APIs.
mstsc.exe
uses both to invoke the Azure AD login, credential broker, and modern MFA experiences.
What Does Work
Option | Status | Notes |
---|---|---|
Native mstsc.exe on Windows | ✅ | Works fully with Entra ID and Teams redirection |
Windows VM on Linux | ✅ | Functional, but with performance/mic/webcam passthrough issues |
Remmina / FreeRDP | ❌ | No support for WebAuthN or AAD login |
HTML5 RDP via Windows 365 / AVD | ✅ | Browser-based, supports SSO + MFA, no mstsc.exe needed |
Azure Bastion | ✅ | Secure but limited — not suitable for Teams calls or webcam use |
Final Takeaway
If you need to RDP into an Entra ID-joined Windows 11 device using WebAuthN and Conditional Access, you’ll need to do it from Windows.
Linux just isn’t there yet — not because it lacks RDP clients, but because Microsoft’s modern authentication stack (COM
, WebView2
, Azure SSO) is deeply tied to Windows internals and not available cross-platform.
That said, ChatGPT saved me hours of research by breaking this all down in a clear, structured way — helping me eliminate dead ends and understand why things behave the way they do.
What’s Next?
- Keep a dedicated Windows device for secure RDP access.
- Consider using Windows 365 or Azure Virtual Desktop for browser-based remote access from Linux.
- Keep an eye on FreeRDP or Wine for future support (though unlikely in the near term).
Have you hit this same limitation? Let me know how you’ve worked around it — or if you’ve spotted any progress in the Linux RDP world that I missed!
Or check out my other Linux articles here!