TL;DR: Remote Desktop is disabled by default on Azure Local nodes after deployment, by design. To enable it for a maintenance or workload-deployment window, connect to the node via remote PowerShell and run Enable-ASRemoteDesktop. Disable it again with Disable-ASRemoteDesktop as soon as you're done.

Recommended action:

  1. From an admin workstation, open PowerShell as Administrator.

  2. Open a remote PowerShell session to the target Azure Local node, signing in with your deployment user credentials (the local administrator account is renamed after deployment, so use the account you used to deploy the cluster, not a default Administrator):

    $ip = "<IP address of the Azure Local node>"
Enter-PSSession -ComputerName $ip -Credential (Get-Credential)

  3. Inside the remote session, enable RDP on that node:

    Enable-ASRemoteDesktop

  4. RDP into the node from your admin workstation, complete the work that required RDP, then sign out.

  5. Re-open a remote PowerShell session to the node and disable RDP again:

    Disable-ASRemoteDesktop

  6. If you need RDP on more than one node — for example to step through several nodes during a workload deployment — repeat steps 2–5 on each node individually. Enable-ASRemoteDesktop and Disable-ASRemoteDesktop act on the local node where they're run; they don't enable RDP cluster-wide.

Why:

Azure Local hardens itself at deployment time by disabling RDP and renaming the built-in local administrator account. The two Enable-ASRemoteDesktop / Disable-ASRemoteDesktop cmdlets are the supported way to toggle that hardening setting — they apply the change consistently with the rest of the platform's posture, which means your cluster stays in its supported configuration. Using netsh, the System Properties UI, or other ad-hoc methods to enable RDP can leave the node in a state Microsoft and DataON support will flag.

Going forward:

Treat enabled RDP as a temporary state, not a permanent one. The recommended pattern is: enable, do the work, disable, in the same maintenance window. If you find yourself routinely needing RDP for day-to-day administration, that's usually a sign the work could be done over remote PowerShell, Windows Admin Center, or the Azure portal instead — those paths don't require relaxing the node's security posture. Whenever you do enable RDP, only the node you ran the cmdlet on is affected; if you forget which nodes you toggled, sign in to each and run Disable-ASRemoteDesktop to be safe.

Optional details:

The local administrator account is renamed by the deployment process; the account you use to authenticate the remote PowerShell session and the subsequent RDP login is your deployment user, not Administrator. The full Azure Local deployment context, including the post-deployment hardening state that disables RDP, is documented at Deploy Azure Local via the Azure portal.