Updates for CI 8945

ryanberg-aquent · ryanberg-aquent · commit 942e21c39286 · 2026-01-13T07:10:17.000-10:00
diff --git a/support/azure/kubernetes-fleet/toc.yml b/support/azure/kubernetes-fleet/toc.yml
@@ -1,6 +1,8 @@
+items:
 - name: Welcome
   href: welcome-azure-kubernetes-fleet.yml
-
+- name: Unable to connect to Azure Fleet Manager
+  href: unable-connect-azure-fleet-manager.md
 - name: Cluster Resource Placement
   items:
     - name: Troubleshooting Cluster Resource Placement 
diff --git a/support/azure/kubernetes-fleet/unable-connect-azure-fleet-manager.md b/support/azure/kubernetes-fleet/unable-connect-azure-fleet-manager.md
@@ -0,0 +1,54 @@
+---
+title: Unable to connect to Azure Fleet Manager
+description: This article provides guidance for when you’re unable to connect to Azure Fleet Manager.
+ms.date: 01/13/2026
+ms.author: jarrettr
+ms.reviewer: chiragpa, v-ryanberg 
+ms.service: azure-kubernetes-fleet-manager
+ms.custom: sap:Other issue or questions related to Fleet manager
+---
+# Unable to connect to Azure Fleet Manager
+
+This article provides guidance for when you’re unable to connect to Azure Fleet Manager.
+
+## Symptoms
+
+You try to connect to Azure Fleet Manager by retrieving the kubeconfig file for the Fleet Manager hub cluster. You initially run this command: 
+
+```powershell
+
+az fleet get-credentials --resource-group \${GROUP} --name
+
+```
+
+You then run this command:
+
+```powershell
+
+kubectl get pods
+
+```
+
+On the Fleet Manager API server, you see a prompt asking you to enter a device code in another browser to authenticate.
+
+If your organization enforces Conditional Access policies that block device code flows, you might see something like the following message: “Your sign-in was successful but does not meet the criteria to access this resource. For example, you might be signing in from a browser, app, location, or an authentication flow that is restricted by your admin.”
+
+The following is an example of such a message:
+
+:::image type="content" source="../media/unable-connect-azure-fleet-manager/no-access-message.png" alt-text="Example of Conditional Access blocking device code flow." lightbox="../media/unable-connect-azure-fleet-manager/no-access-message.png":::
+
+## Cause
+
+The kubeconfig generated by `az fleet get-credentials` defaults to device code authentication. Conditional Access policies can block this flow, preventing access to the Fleet Manager API server.
+
+## Resolution
+
+Convert the kubeconfig to use Azure CLI authentication instead of device code authentication with the following command:
+
+```powershell
+
+kubelogin convert-kubeconfig -l azurecli
+
+```
+
+This updates the kubeconfig so that it authenticates using your existing Azure CLI sign-in session, bypassing the device code prompt.
diff --git a/support/azure/media/unable-connect-azure-fleet-manager/no-access-message.png b/support/azure/media/unable-connect-azure-fleet-manager/no-access-message.png
