AzureAD RDP

https://www.hanselman.com/blog/how-to-remote-desktop-rdp-into-a-windows-10-azure-ad-joined-machine

on the target Pc;

gpedit.msc Computer / Administrator / System / Logon / disable PIN login / gpupdate /force

Turn off NLA

So, back to the old Remote Desktop Connection app. Turns out for whatever reason, you need to save the RDP file and open it in a text editor. Add these two lines at the end (three if you want to save your username, then include the first line there)

username:s:.\AzureAD\YOURNAME@YOURDOMAIN.com enablecredsspsupport:i:0 authentication level:i:2

Note that you have to use the style .\AzureAD\email@domain.com

The leading .\AzureAD\ is needed - that was the magic in front of my email for login. Then enablecredsspsupport along with authentication level 2 (settings that aren't exposed in the UI) was the final missing piece.