AzureAD RDP
From Realm Business Systems Ltd
https://www.hanselman.com/blog/how-to-remote-desktop-rdp-into-a-windows-10-azure-ad-joined-machine
on the target Pc;
gpedit.msc Computer / Administrator / System / Logon / disable PIN login / gpupdate /force
Turn off NLA
So, back to the old Remote Desktop Connection app. Turns out for whatever reason, you need to save the RDP file and open it in a text editor. Add these two lines at the end (three if you want to save your username, then include the first line there)
username:s:.\AzureAD\YOURNAME@YOURDOMAIN.com enablecredsspsupport:i:0 authentication level:i:2
Note that you have to use the style .\AzureAD\email@domain.com
The leading .\AzureAD\ is needed - that was the magic in front of my email for login. Then enablecredsspsupport along with authentication level 2 (settings that aren't exposed in the UI) was the final missing piece.