Merge pull request #287941 from dknappettmsft/sso-kerberos-link

prmerger-automator[bot] · web-flow · commit 08bcd9b37690 · 2024-10-07T08:49:25.000Z
Sso kerberos link
diff --git a/articles/virtual-desktop/configure-single-sign-on.md b/articles/virtual-desktop/configure-single-sign-on.md
@@ -195,21 +195,21 @@ To configure the service principal, use the [Microsoft Graph PowerShell SDK](/po
    Remove-MgServicePrincipalRemoteDesktopSecurityConfigurationTargetDeviceGroup -ServicePrincipalId $WCLspId -TargetDeviceGroupId "<Group object ID>"
    ```
 
-## Create a Kerberos Server object
+## Create a Kerberos server object
 
-If your session hosts meet the following criteria, you must [Create a Kerberos Server object](../active-directory/authentication/howto-authentication-passwordless-security-key-on-premises.md#create-a-kerberos-server-object):
+If your session hosts meet the following criteria, you must create a Kerberos server object. For more information, see [Enable passwordless security key sign-in to on-premises resources by using Microsoft Entra ID](/entra/identity/authentication/howto-authentication-passwordless-security-key-on-premises), specifically the section to [Create a Kerberos Server object](../active-directory/authentication/howto-authentication-passwordless-security-key-on-premises.md#create-a-kerberos-server-object):
 
-- Your session host is Microsoft Entra hybrid joined. You must have a Kerberos Server object to complete authentication to a domain controller.
+- Your session host is Microsoft Entra hybrid joined. You must have a Kerberos server object to complete authentication to a domain controller.
 
-- Your session host is Microsoft Entra joined and your environment contains Active Directory domain controllers. You must have a Kerberos Server object for users to access on-premises resources, such as SMB shares, and Windows-integrated authentication to websites.
+- Your session host is Microsoft Entra joined and your environment contains Active Directory domain controllers. You must have a Kerberos server object for users to access on-premises resources, such as SMB shares and Windows-integrated authentication to websites.
 
 > [!IMPORTANT]
-> If you enable single sign-on on Microsoft Entra hybrid joined session hosts without creating a Kerberos server object, one of the following things can happen: 
+> If you enable single sign-on on Microsoft Entra hybrid joined session hosts without creating a Kerberos server object, one of the following things can happen when you try to connect to a remote session: 
 >
 > - You receive an error message saying the specific session doesn't exist.
 > - Single sign-on will be skipped and you see a standard authentication dialog for the session host. 
 >
-> To resolve these issues, create the Kerberos Server object, then connect again.
+> To resolve these issues, create the Kerberos server object, then connect again.
 
 ## Review your conditional access policies
 
