Windows Authentication on Azure VM using Azure AD account from remote client
Issue
When connecting with Windows Authentication "Cannot connect to 172.16.1.5. The target principal name is incorrect. Cannot generate SSPI context." Nothing appears in the SQL Server log.
Environment/Configuration
O365 Azure VM
SQL Server Standard 2016 SP1, Default Instance, installed on Windows Server 2016
Windows & SQL Server Authentication enabled
Allow Remote Connections To This Server Enabled
Configuration Manager>Protocols for MSSQLSERVER>TCP/IP -> all enabled (IP1, IP2, IP3, IP4, IPALL) port 1433
Azure Joined Workstation
Connected using Peer to Site VPN to Azure virtual network
SSMS 17, can successfully connect using IP or host name using SQL Server Authentication.
Diagnostics
Kerberos Configuration Manager reports that "TCP must be enabled to use Kerberos Authentication on SQL Service 2016 Standard Edition Engine" Windows Firewall is off (temporary while troubleshooting connectivity). It's probably something ridiculous, but I can't find it.