PR feedback

Author: haywoodsloan

support/power-platform/power-automate/desktop-flows/troubleshoot-ui-flow-invalid-credentials-error-using-aad-account.md

@@ -1,13 +1,15 @@
 ---
 title: Desktop flow invalid credentials error when using a Microsoft Entra account
-description: Resolves the InvalidConnectionCredentials or WindowsIdentityIncorrect error that occurs when you run a desktop flow using a Microsoft Entra account.
+description: Learn how to resolve InvalidConnectionCredentials, WindowsIdentityIncorrect, and AADSTS50126 errors in Power Automate desktop flows caused by Microsoft Entra account issues.
 ms.reviewer: guco，aartigoyle, v-shaywood
 ms.date: 08/20/2024
 ms.custom: sap:Desktop flows\Cannot create desktop flow connection
 ---
 # Desktop flow invalid credentials error when you use a Microsoft Entra account
 
-This article provides a resolution for the `InvalidConnectionCredentials` or `WindowsIdentityIncorrect` error code that occurs when you run a desktop flow using a [Microsoft Entra account](/entra/fundamentals/whatis#terminology).
+This article provides resolutions for the `InvalidConnectionCredentials` or `WindowsIdentityIncorrect` errors that might occur when you run a desktop flow using a [Microsoft Entra account](/entra/fundamentals/whatis#terminology). These errors typically indicate issues with device join status, account synchronization, or credential mismatches between the desktop flow connection and the target machine. 
+
+This article also covers the `AADSTS50126` error, which occurs when credential validation fails because of an invalid username or password, particularly in scenarios involving federated users.
 
 _Applies to:_   Power Automate  
 _Original KB number:_   4555623
@@ -86,7 +88,7 @@ You might encounter the error when using a Microsoft Entra account for several r
 
 To resolve an AADSTS50126 error, the preferred and most secure method is to configure [Certificate-Based Authentication (CBA)](/power-automate/desktop-flows/configure-certificate-based-auth).
 
-If you can't configure CBA, federated users can use an alternative approach when administrators of the on-premises Identity Provider (IdP) configure Password Hash Sync (PHS) to synchronize password hashes to the cloud. In this scenario, federated users can authenticate directly against Microsoft Entra ID (ESTS) by configuring a Home Realm Discovery (HRD) policy that explicitly allows cloud password validation.
+If you can't configure CBA, federated users can use an alternative approach when administrators of the on-premises Identity Provider (IdP) configure [password hash synchronization](/entra/identity/hybrid/connect/whatis-phs) (PHS) to synchronize password hashes to the cloud. In this scenario, federated users can authenticate directly against Microsoft Entra ID (ESTS) by configuring a [Home Realm Discovery](/entra/identity/enterprise-apps/home-realm-discovery-policy) (HRD) policy that explicitly allows cloud password validation.
 
 To enable this configuration, set the following HRD policy value:
 
@@ -99,3 +101,4 @@ For detailed instructions, see [Enable direct ROPC authentication of federated u
 - [Create desktop flow connections](/power-automate/desktop-flows/desktop-flow-connections)
 - [Invalid credentials error when running desktop flows in Power Automate for desktop](invalid-credentials-errors-running-desktop-flows.md)
 - ["Logon type has not been granted" error when running a desktop flow or creating a connection](logon-type-has-not-been-granted.md)
+- [What is federation with Microsoft Entra ID?](/entra/identity/hybrid/connect/whatis-fed)