You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: support/windows-365/connection-error-interactive-window-not-shown.md
+12-12Lines changed: 12 additions & 12 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -1,6 +1,6 @@
1
1
---
2
-
title: Connection Fails With Error "an Interactive Window Could Not Be Shown"
3
-
description: Helps resolve the connection error "an interactive window could not be shown."
2
+
title: Connection Fails with an Interactive Window Could Not Be Shown Error
3
+
description: Helps resolve the connection error - an interactive window could not be shown.
4
4
manager: dcscontentpm
5
5
ms.date: 04/02/2025
6
6
ms.topic: troubleshooting
@@ -24,30 +24,30 @@ The common causes of this error are:
24
24
- Mismatched access controls
25
25
- Unsupported access controls
26
26
27
-
For more information about the configuration details, see [Conditional Access policies for Windows 365 Link](/windows-365/link/conditional-access-policies).
27
+
For configuration details, see [Conditional Access policies for Windows 365 Link](/windows-365/link/conditional-access-policies).
28
28
29
29
## Missing user action policy
30
30
31
-
Interactive authentication should occur during the sign-in stage. This commonly requires a new Conditional Access policy because the sign-in only triggers [User actions](/entra/identity/conditional-access/concept-conditional-access-cloud-apps#user-actions) policies to **Register or join devices**, where the connection triggers **Resources** policies.
31
+
Interactive authentication should occur during the sign-in stage. This commonly requires a new Conditional Access policy because the sign-in only triggers [User actions](/entra/identity/conditional-access/concept-conditional-access-cloud-apps#user-actions) policies to **Register or join devices**, whereas the connection triggers **Resources** policies.
32
32
33
33
## Conditional Access policy not assigned
34
34
35
-
If the **User actions** policy exists, confirm if you're in the scope of the users assignments.
35
+
If the **User actions** policy exists, confirm if you're in the scope of the user assignments.
36
36
37
37
## Mismatched access controls
38
38
39
-
The sign-in stage generates the security token that is used in the connection stage. If the Conditional Access policies in either stage have the access controls configured differently, an authentication issue might occur. Ensure the access controls setting on the **User actions** policy used for the sign-in stage matches (or is stronger than) the setting on the **Resources** policy used for the connection stage.
39
+
The sign-in stage generates a security token that is used in the connection stage. If the Conditional Access policies in either stage have the access controls configured differently, an authentication issue might occur. Ensure the access control setting on the **User actions** policy used for the sign-in stage matches (or is stronger than) the setting on the **Resources** policy used for the connection stage.
40
40
41
41
## Unsupported access controls
42
42
43
-
A Conditional Access policy applied to resources might use controls unavailable for **User actions** policies. Some **Grant** controls such as device compliance or [custom controls](/entra/identity/conditional-access/controls) can't be used with **User actions** policies. Some **Session** controls such as **Sign-in frequency** can't be used with **User actions** policies. If a **User actions** policy applied during the connection stage requires any of these unsupported controls, modifications are required to accommodate the use of Windows 365 Link devices.
43
+
A Conditional Access policy applied to resources might use controls that are unavailable for **User actions** policies. Some **Grant** controls, such as device compliance or [custom controls](/entra/identity/conditional-access/controls), can't be used with **User actions** policies. Some **Session** controls, such as **Sign-in frequency**, can't be used with **User actions** policies. If a **User actions** policy applied during the connection stage requires any of these unsupported controls, modifications are required to accommodate the use of Windows 365 Link devices.
44
44
45
45
## Confirm the problem
46
46
47
47
Conditional Access sign-in logs can be used to verify how Conditional Access policies are (or aren't) being applied to the sign-in and connection attempts.
48
48
49
49
1. Sign in to the [Microsoft Entra admin center](https://entra.microsoft.com/) > **Protection** > **Conditional Access** > **Sign-in logs**.
50
-
2. Select the **User sign-ins (interactive)** tab, and use filters to find entries for the sign-in. For example, try using:
50
+
2. Select the **User sign-ins (interactive)** tab and use filters to find entries for the sign-in. For example, try using:
51
51
52
52
-**Resource**: **Device Registration Service**
53
53
-**Username**: \<enter the UPN of the user>
@@ -59,7 +59,7 @@ Conditional Access sign-in logs can be used to verify how Conditional Access pol
If you encounter entries similar to the preceding ones, then it's likely the combination of those Conditional Access policies are the cause of the error.
74
+
If you encounter entries similar to the preceding ones, then a combination of those Conditional Access policies likely causes the error.
75
75
76
-
For more information about the configuration details, see [Conditional Access policies for Windows 365 Link](/windows-365/link/conditional-access-policies).
76
+
For configuration details, see [Conditional Access policies for Windows 365 Link](/windows-365/link/conditional-access-policies).
0 commit comments