Merge pull request #8634 from MicrosoftDocs/main

Push2Live

Author: Deland-Han

support/windows-365/connection-error-interactive-window-not-shown.md

@@ -0,0 +1,76 @@
+---
+title: Connection Fails with an Interactive Window Could Not Be Shown Error
+description: Helps resolve the connection error - an interactive window could not be shown.
+manager: dcscontentpm
+ms.date: 04/02/2025
+ms.topic: troubleshooting
+ms.reviewer: kaushika, erikje, v-lianna
+---
+# Windows 365 Link connection fails with error "an interactive window could not be shown"
+
+This article helps resolve the connection error "an interactive window could not be shown."
+
+After you authenticate on the sign-in screen, you might encounter the following error message when connecting to your Cloud PC:
+
+> Something went wrong.  
+An authentication issue occurred where an interactive window could not be shown. Please try again later.
+
+The connection attempts via Windows 365 Link use non-interactive single sign-on and can't prompt for user authentication. If you see this error, Windows 365 resources might be protected by a Conditional Access policy that requires interactive authentication. For more information, see [Set Conditional Access policies for Windows 365](/windows-365/enterprise/set-conditional-access-policies).
+
+The common causes of this error are:
+
+- Missing user action policy
+- Conditional Access policy not assigned
+- Mismatched access controls
+- Unsupported access controls
+
+For configuration details, see [Conditional Access policies for Windows 365 Link](/windows-365/link/conditional-access-policies).
+
+## Missing user action policy
+
+Interactive authentication should occur during the sign-in stage. This commonly requires a new Conditional Access policy because the sign-in only triggers [User actions](/entra/identity/conditional-access/concept-conditional-access-cloud-apps#user-actions) policies to **Register or join devices**, whereas the connection triggers **Resources** policies.
+
+## Conditional Access policy not assigned
+
+If the **User actions** policy exists, confirm if you're in the scope of the assignments of users.
+
+## Mismatched access controls
+
+The sign-in stage generates a security token that is used in the connection stage. If the Conditional Access policies in either stage have the access controls configured differently, an authentication issue might occur. Ensure the access control setting on the **User actions** policy used for the sign-in stage matches (or is stronger than) the setting on the **Resources** policy used for the connection stage.
+
+## Unsupported access controls
+
+A Conditional Access policy applied to resources might use controls that are unavailable for **User actions** policies. Some **Grant** controls, such as device compliance or [custom controls](/entra/identity/conditional-access/controls), can't be used with **User actions** policies. Some **Session** controls, such as **Sign-in frequency**, can't be used with **User actions** policies. If a **User actions** policy applied during the connection stage requires any of these unsupported controls, modifications are required to accommodate the use of Windows 365 Link devices.
+
+## Confirm the problem
+
+Conditional Access sign-in logs can be used to verify how Conditional Access policies are (or aren't) being applied to the sign-in and connection attempts.
+
+1. Sign in to the [Microsoft Entra admin center](https://entra.microsoft.com/) > **Protection** > **Conditional Access** > **Sign-in logs**.
+2. Select the **User sign-ins (interactive)** tab and use filters to find entries for the sign-in. For example, try using:
+
+    - **Resource**: **Device Registration Service**
+    - **Username**: \<enter the UPN of the user>
+    - **Date**: \<select a relevant interval>
+
+3. Select an entry to review if the details are:
+
+    - **Basic info** / **Authentication requirement**: **Single-factor**
+    - **Basic info** / **Status**: **Success**
+    - **Conditional Access** / **Result**: **Not Applied**
+
+4. Select the **User sign-ins (non-interactive)** tab and use filters to find entries for the connection. For example, try using:
+
+    - **Application**: **Windows 365 Client**
+    - **Username**: \<enter the UPN of the user>
+    - **Date**: \<select a relevant interval>
+
+5. Expand the results and select an entry to review if the details are:
+
+    - **Basic info** / **Authentication requirement**: **Multifactor**
+    - **Basic info** / **Status**: **Interrupted**
+    - **Conditional Access** / **Result**: \<any failures occurred>
+
+If you encounter entries similar to the preceding ones, then a combination of those Conditional Access policies likely causes the error.
+
+For configuration details, see [Conditional Access policies for Windows 365 Link](/windows-365/link/conditional-access-policies).

support/windows-365/connection-fails-with-cloud-pc-does-not-support-entra-id-single-sign-on-sso.md

@@ -0,0 +1,35 @@
+---
+title: Connection Fails with Cloud PC Does Not Support Entra ID Single Sign-on
+description: Introduces how to resolve the connection failure with the Cloud PC does not support Entra ID single sign-on error.
+audience: itpro
+manager: dcscontentpm
+ms.date: 04/02/2025
+ms.reviewer: wincicuex, erikje
+ms.topic: troubleshooting
+---
+# Windows 365 Link connection fails with "Cloud PC does not support Entra ID single sign-on"
+
+After a user authenticates on the sign-in page, when the user tries to connect to the Cloud PC, the user might encounter the following message:
+
+> Something went wrong.  
+> Your Cloud PC does not support Entra ID single sign-on.
+
+## Cause
+
+This error commonly occurs when single sign-on (SSO) isn't enabled.
+
+## Resolution
+
+Windows 365 Link requires that [SSO is enabled on the Cloud PC](/windows-365/link/requirements) it connects to.
+
+To confirm the status of SSO on the Cloud PC, follow these steps:
+
+1. Sign in to the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
+2. Navigate to **Devices** > **Device onboarding** > **Windows 365** > **All Cloud PCs**.
+3. Select **Columns** > **Using single sign-on**.
+4. Search the list for the Cloud PC in question by device name or the user's User Principal Name (UPN).
+5. If **Using single sign-on** shows **No**, Windows 365 Link can't connect to it.
+
+## Reference
+
+For details on how to enable SSO on Cloud PCs, see [Configure single sign-on for Windows 365 using Microsoft Entra authentication](/windows-365/enterprise/configure-single-sign-on).

support/windows-365/connection-fails-with-connection-to-the-remote-pc-was-lost.md

@@ -0,0 +1,25 @@
+---
+title: Connection Fails with Connection to the Remote PC Was Lost
+description: Introduces how to resolve the connection failure with the Failed to open a Microsoft Entra ID credential prompt error.
+audience: itpro
+manager: dcscontentpm
+ms.date: 04/02/2025
+ms.reviewer: wincicuex, erikje
+ms.topic: troubleshooting
+---
+# Windows 365 Link connection fails with "connection to the remote PC was lost"
+
+After a user authenticates on the sign-in page, when the user tries to connect to the Cloud PC, the user might encounter the following message:
+
+> Lost connection  
+> The connection to the remote PC was lost. This might be because of a network connection problem. If this keeps happening, ask your admin or tech support for help.
+
+## Cause
+
+This error commonly occurs because of network filtering.
+
+Connecting to a Cloud PC from a Windows 365 Link device has the same network requirements as other clients. The network connection being used might be blocking or filtering the endpoints that are required to use the service.
+
+## Resolution
+
+To resolve this issue, fix the networking problem. For more information, see [End user devices](/azure/virtual-desktop/required-fqdn-endpoint?tabs=azure#end-user-devices).

support/windows-365/connection-fails-with-failed-to-open-a-microsoft-entra-id-credential-prompt.md

@@ -0,0 +1,34 @@
+---
+title: Connection Fails with Failed to Open a Microsoft Entra ID Credential Prompt
+description: Introduces how to resolve the connection failure with the Failed to open a Microsoft Entra ID credential prompt error.
+audience: itpro
+manager: dcscontentpm
+ms.date: 04/02/2025
+ms.reviewer: wincicuex, erikje
+ms.topic: troubleshooting
+---
+# Windows 365 Link connection fails with "Failed to open a Microsoft Entra ID credential prompt"
+
+After a user authenticates on the sign-in page, when the user tries to connect to the Cloud PC, the user might encounter the following message:
+
+> Connection Denied.  
+> Failed to open a Microsoft Entra ID credential prompt. This can happen in SSO-enabled Cloud PCs if this is the first time you are connecting to it, or if you first connected 30 days ago. Connect to your Cloud PC on another device and then try again.
+
+## Cause
+
+This error commonly occurs when single sign-on (SSO) consent is required.
+
+When a user connects to a Cloud PC that has SSO enabled, the user might be prompted for consent to use the authentication token. This issue can happen under several conditions:
+
+* The Cloud PC is newly provisioned.
+* The Cloud PC is reprovisioned.
+* The Cloud PC just has SSO enabled.
+* It's been 30 days since the last time consent was given.
+
+If any of these conditions are true, the next time the user attempts to sign in, consent is required via an interactive prompt. However, the prompt can't be shown on Windows 365 Link because Windows 365 Link uses a non-interactive SSO connection, resulting in the error message.
+
+## Workaround
+
+As a workaround, the user can connect to this Cloud PC from a different device or the [Web Client](https://windows365.microsoft.com) where the prompt can be acknowledged. However, the prompt returns every 30 days.
+
+For configuration details on how to prevent this issue, see [Suppress single sign-on consent prompts for Windows 365 Link](/windows-365/link/single-sign-on-suppress).

support/windows-365/known-issues-enterprise.md

@@ -255,13 +255,21 @@ For newly provisioned Cloud PCs, verify that WebRTC is available. If it's not, y
 
 The following are issues for Windows 365 Frontline:
 
-### Users must wait for about 90 seconds after Reset
+### Users may not be able to access Frontline Cloud PCs in shared mode
 
-When a user performs the **Reset** action on a Frontline Cloud PC in shared mode, the **Connect** button is grayed out for around 90 seconds. During this time, users can't connect to another Frontline Cloud PC.
+When Frontline Cloud PCs in shared mode are assigned to an Entra ID Group with more than 10,000 members, some users might not receive access and might not see the Cloud PC cards in the Windows app.
 
-### Users can select Connect while they're connected to a Frontline Cloud PC in shared mode
+#### Solution
 
-When a user is connected to a Frontline Cloud PC, the connect button in the Windows App remains blue and clickable. If the user selects connect, a new window opens and connects. The previous window remains open with a new connection notification dialog.
+Reduce the Entra ID group membership to be fewer than 10,000 users.
+
+### Number of cloud PCs for Frontline Cloud PCs in shared mode cannot be decreased when all Cloud PC provisioning fails
+
+If provisioning fails due to an Autopilot Device Preparation Profile (DPP) (Preview) failure and results in all Cloud PCs showing no successfully provisioned devices, admins will not be able to decrease the number of Cloud PCs in the reprovision assignments option.
+
+#### Solution
+
+Perform reprovision in the provisioning policy.
 
 ## Next steps
 

support/windows-365/oobe-fails-error-has-occurred.md

@@ -0,0 +1,28 @@
+---
+title: OOBE Fails with an Error Has Occurred Error
+description: Helps resolve the error (An error has occurred) during the Windows Out of Box Experience (OOBE).
+manager: dcscontentpm
+ms.date: 04/02/2025
+ms.topic: troubleshooting
+ms.reviewer: kaushika, erikje, v-lianna
+---
+# Windows 365 Link fails to load OOBE with error "An error has occurred"
+
+This article helps resolve the error "An error has occurred" during the Windows Out of Box Experience (OOBE).
+
+When you first turn on Windows 365 Link, OOBE is loaded to guide you through the process of joining the device to your Microsoft Entra tenant and enrolling the device into Intune management. If a failure occurs, you might encounter the following error message:
+
+> Let's add your Microsoft account  
+An error has occurred. Please try again.
+
+This error commonly occurs due to the following reasons:
+
+- Join permissions
+- Join limits
+- Enrollment restrictions
+
+To complete OOBE, ensure the following items:
+
+- You're allowed to join Windows devices to Microsoft Entra. For configuration details, see [Allow joining Windows 365 Link to Microsoft Entra](/windows-365/link/join-microsoft-entra).
+- You don't exceed the maximum number of devices allowed to join Microsoft Entra ID. For configuration details, see [Allow joining Windows 365 Link to Microsoft Entra](/windows-365/link/join-microsoft-entra).
+- You aren't blocked by platform restrictions that prevent you from enrolling Windows devices in Intune management. For configuration details, see [Configure enrollment restrictions for Windows 365 Link devices](/windows-365/link/enrollment-restrictions).

support/windows-365/oobe-fails-error-something-wrong.md

@@ -0,0 +1,18 @@
+---
+title: OOBE Fails with Something Went Wrong Error
+description: Helps resolve the Something went wrong error during the Windows Out of Box Experience (OOBE).
+manager: dcscontentpm
+ms.date: 04/02/2025
+ms.topic: troubleshooting
+ms.reviewer: kaushika, erikje, v-lianna
+---
+# Windows 365 Link fails to load OOBE with error "Something went wrong"
+
+This article helps resolve the error "Something went wrong" during the Windows Out of Box Experience (OOBE).
+
+When you first turn on Windows 365 Link, OOBE is loaded to guide you through the process of joining the device to your Microsoft Entra tenant and enrolling the device into Intune management. If a failure occurs, you might encounter the following error message:
+
+> Something went wrong.  
+Looks like we can't connect to the URL for your organization's MDM terms of use. Try again, or contact your system administrator with the problem information from this page.
+
+This error commonly occurs because you aren't configured for automatic enrollment in mobile device management (MDM) with Intune. For configuration details, see [Automatically enroll Windows 365 Link in Intune](/windows-365/link/intune-automatic-enrollment).

support/windows-365/toc.yml

@@ -5,10 +5,22 @@ items:
   href: ./health-checks.md
 - name: Connection errors
   href: ./connection-errors.md
+- name: Connection fails with "Cloud PC does not support Entra ID single sign-on"
+  href: connection-fails-with-cloud-pc-does-not-support-entra-id-single-sign-on-sso.md
+- name: Connection fails with "connection to the remote PC was lost"
+  href: connection-fails-with-connection-to-the-remote-pc-was-lost.md
+- name: Connection fails with "Failed to open a Microsoft Entra ID credential prompt"
+  href: connection-fails-with-failed-to-open-a-microsoft-entra-id-credential-prompt.md
+- name: Connection fails with "an interactive window could not be shown"
+  href: ./connection-error-interactive-window-not-shown.md
 - name: Known issues with Windows 365 Business
   href: ./known-issues.md
 - name: Known issues with Windows 365 Enterprise and Frontline
   href: ./known-issues-enterprise.md
+- name: OOBE fails with "Something went wrong"
+  href: ./oobe-fails-error-something-wrong.md
+- name: OOBE fails with "An error has occurred"
+  href: ./oobe-fails-error-has-occurred.md
 - name: Provisioning errors
   href: ./provisioning-errors.md
 - name: Troubleshoot Azure network connections