Merge pull request #8043 from Deland-Han/migration-avd

Migration AVD articles.

Author: Deland-Han

.openpublishing.redirection.json

@@ -6915,11 +6915,6 @@
       "redirect_url": "/previous-versions/troubleshoot/windows-server/windows-virtual-desktop-blank-screen",
       "redirect_document_id": false
     },
-    {
-      "source_path": "support/azure/virtual-desktop/welcome-virtual-desktop.yml",
-      "redirect_url": "/azure/virtual-desktop",
-      "redirect_document_id": false
-    },
     {
       "source_path": "support/windows-client/windows-troubleshooters/introduction-to-troubleshootingscript-toolset-tss.md",
       "redirect_url": "/troubleshoot/windows-client/windows-tss/introduction-to-troubleshootingscript-toolset-tss",

support/azure/index.yml

@@ -114,6 +114,11 @@ productDirectory:
     links:
     - url: site-recovery/welcome-site-recovery.yml
       text: Troubleshooting articles for Site Recovery
+  - title: Azure Virtual Desktop
+    imageSrc: "https://learn.microsoft.com/static/ui/media/product/azure/virtual-desktop.svg"
+    links:
+    - url: virtual-desktop/welcome-virtual-desktop.yml
+      text: Troubleshoot common Azure Virtual Desktop issues
   - title: Virtual Machines
     imageSrc: "https://static.docs.com/ui/media/product/azure/virtual-machine.svg"
     links:

support/azure/virtual-desktop/includes/include-troubleshoot-azure-ad-joined-connections-all.md

@@ -0,0 +1,35 @@
+---
+
+ms.reviewer: daknappe
+ms.topic: include
+ms.date: 11/21/2022
+---
+
+### Your account is configured to prevent you from using this device
+
+If you come across an error saying **Your account is configured to prevent you from using this device. For more information, contact your system administrator**, ensure the user account was given the [Virtual Machine User Login role](/entra/identity/devices/howto-vm-sign-in-azure-ad-windows#azure-role-not-assigned) on the VMs. 
+
+### The user name or password is incorrect
+
+If you can't sign in and keep receiving an error message that says your credentials are incorrect, first make sure you're using the right credentials. If you keep seeing error messages, check to make sure you've fulfilled the following requirements:
+
+- Have you assigned the **Virtual Machine User Login** role-based access control (RBAC) permission to the virtual machine (VM) or resource group for each user?
+- Does your Conditional Access policy exclude multifactor authentication requirements for the **Azure Windows VM sign-in** cloud application?
+
+If you've answered no to either of those questions, you'll need to reconfigure your multifactor authentication. To reconfigure your multifactor authentication, follow the instructions in [Enforce Microsoft Entra multifactor authentication for Azure Virtual Desktop using Conditional Access](/azure/virtual-desktop/set-up-mfa?tabs=avd#azure-ad-joined-session-host-vms#azure-ad-joined-session-host-vms).
+
+> [!IMPORTANT] 
+> VM sign-ins don't support per-user enabled or enforced Microsoft Entra multifactor authentication. If you try to sign in with multifactor authentication on a VM, you won't be able to sign in and will receive an error message.
+
+If you have [integrated Microsoft Entra logs with Azure Monitor logs](/entra/identity/monitoring-health/howto-integrate-activity-logs-with-azure-monitor-logs) to access your Microsoft Entra sign-in logs through Log Analytics, you can see if you've enabled multifactor authentication and which Conditional Access policy is triggering the event. The events shown are non-interactive user login events for the VM, which means the IP address will appear to come from the external IP address from which your VM accesses Microsoft Entra ID. 
+
+You can access your sign-in logs by running the following Kusto query:
+
+```kusto
+let UPN = "userupn";
+AADNonInteractiveUserSignInLogs
+| where UserPrincipalName == UPN
+| where AppId == "372140e0-b3b7-4226-8ef9-d57986796201"
+| project ['Time']=(TimeGenerated), UserPrincipalName, AuthenticationRequirement, ['MFA Result']=ResultDescription, Status, ConditionalAccessPolicies, DeviceDetail, ['Virtual Machine IP']=IPAddress, ['Cloud App']=ResourceDisplayName
+| order by ['Time'] desc
+```

support/azure/virtual-desktop/includes/include-troubleshoot-azure-ad-joined-connections-android-chrome-os.md

@@ -0,0 +1,10 @@
+---
+
+ms.reviewer: daknappe
+ms.topic: include
+ms.date: 11/21/2022
+---
+
+### Error code 2607 - We couldn't connect to the remote PC because your credentials did not work
+
+If you come across an error saying **We couldn't connect to the remote PC because your credentials did not work. The remote machine is AADJ joined.** with error code 2607 when using the Android client, ensure that you [enabled connections from other clients](/entra/identity/devices/howto-vm-sign-in-azure-ad-windows#connect-using-the-other-clients).

support/azure/virtual-desktop/includes/include-troubleshoot-azure-ad-joined-connections-web.md

@@ -0,0 +1,14 @@
+---
+
+ms.reviewer: daknappe
+ms.topic: include
+ms.date: 11/21/2022
+---
+
+### Sign in failed. Please check your username and password and try again
+
+If you come across an error saying **Oops, we couldn't connect to *NAME*. Sign in failed. Please check your username and password and try again.** when using the web client, ensure that you [enabled connections from other clients](/entra/identity/devices/howto-vm-sign-in-azure-ad-windows#connect-using-the-other-clients).
+
+### We couldn't connect to the remote PC because of a security error
+
+If you come across an error saying **Oops, we couldn't connect to *NAME*. We couldn't connect to the remote PC because of a security error. If this keeps happening, ask your admin or tech support for help.**, you have Conditional Access policies restricting access. Follow the instructions in [Enforce Microsoft Entra multifactor authentication for Azure Virtual Desktop using Conditional Access](/azure/virtual-desktop/set-up-mfa?tabs=avd#azure-ad-joined-session-host-vms#azure-ad-joined-session-host-vms) to enforce Microsoft Entra multifactor authentication for your Microsoft Entra joined VMs.

support/azure/virtual-desktop/includes/include-troubleshoot-azure-ad-joined-connections-windows.md

@@ -0,0 +1,22 @@
+---
+
+ms.reviewer: daknappe
+ms.topic: include
+ms.date: 11/21/2022
+---
+
+### The logon attempt failed
+
+If you come across an error saying **The logon attempt failed** on the Windows Security credential prompt, verify the following:
+
+- You're using a device that is Microsoft Entra joined or Microsoft Entra hybrid joined to the same Microsoft Entra tenant as the session host.
+- The [PKU2U protocol is enabled](/windows/security/threat-protection/security-policy-settings/network-security-allow-pku2u-authentication-requests-to-this-computer-to-use-online-identities) on both the local PC and the session host.
+- [Per-user multifactor authentication is disabled](/azure/virtual-desktop/set-up-mfa?tabs=avd#azure-ad-joined-session-host-vms#azure-ad-joined-session-host-vms) for the user account as it's not supported for Microsoft Entra joined VMs.
+
+### The sign-in method you're trying to use isn't allowed
+
+If you come across an error saying **The sign-in method you're trying to use isn't allowed. Try a different sign-in method or contact your system administrator**, you have Conditional Access policies restricting access. Follow the instructions in [Enforce Microsoft Entra multifactor authentication for Azure Virtual Desktop using Conditional Access](/azure/virtual-desktop/set-up-mfa?tabs=avd#azure-ad-joined-session-host-vms#azure-ad-joined-session-host-vms) to enforce Microsoft Entra multifactor authentication for your Microsoft Entra joined VMs.
+
+### A specified logon session does not exist. It may already have been terminated.
+
+If you come across an error that says, **An authentication error occurred. A specified logon session does not exist. It may already have been terminated**, verify that you properly created and configured the Kerberos server object when [configuring single sign-on](/azure/virtual-desktop/configure-single-sign-on).