Merge pull request #263219 from dknappettmsft/avd-troubleshoot-entra-id-connections-update-app-id

prmerger-automator[bot] · web-flow · commit 78dc46813680 · 2024-01-15T14:31:21.000Z
AVD troubleshoot Entra ID connections update App ID
diff --git a/articles/virtual-desktop/includes/include-troubleshoot-azure-ad-joined-connections-all.md b/articles/virtual-desktop/includes/include-troubleshoot-azure-ad-joined-connections-all.md
@@ -16,20 +16,20 @@ If you can't sign in and keep receiving an error message that says your credenti
 - Have you assigned the **Virtual Machine User Login** role-based access control (RBAC) permission to the virtual machine (VM) or resource group for each user?
 - Does your Conditional Access policy exclude multifactor authentication requirements for the **Azure Windows VM sign-in** cloud application?
 
-If you've answered "no" to either of those questions, you'll need to reconfigure your multifactor authentication. To reconfigure your multifactor authentication, follow the instructions in [Enforce Microsoft Entra multifactor authentication for Azure Virtual Desktop using Conditional Access](../set-up-mfa.md#azure-ad-joined-session-host-vms).
+If you've answered no to either of those questions, you'll need to reconfigure your multifactor authentication. To reconfigure your multifactor authentication, follow the instructions in [Enforce Microsoft Entra multifactor authentication for Azure Virtual Desktop using Conditional Access](../set-up-mfa.md#azure-ad-joined-session-host-vms).
 
 > [!IMPORTANT] 
 > VM sign-ins don't support per-user enabled or enforced Microsoft Entra multifactor authentication. If you try to sign in with multifactor authentication on a VM, you won't be able to sign in and will receive an error message.
 
-If you can access your Microsoft Entra sign-in logs through Log Analytics, you can see if you've enabled multifactor authentication and which Conditional Access policy is triggering the event. The events shown are non-interactive user login events for the VM, which means the IP address will appear to come from the external IP address that your VM accesses Microsoft Entra ID from. 
+If you have [integrated Microsoft Entra logs with Azure Monitor logs](/entra/identity/monitoring-health/howto-integrate-activity-logs-with-azure-monitor-logs) to access your Microsoft Entra sign-in logs through Log Analytics, you can see if you've enabled multifactor authentication and which Conditional Access policy is triggering the event. The events shown are non-interactive user login events for the VM, which means the IP address will appear to come from the external IP address from which your VM accesses Microsoft Entra ID. 
 
 You can access your sign-in logs by running the following Kusto query:
 
 ```kusto
 let UPN = "userupn";
 AADNonInteractiveUserSignInLogs
 | where UserPrincipalName == UPN
-| where AppId == "38aa3b87-a06d-4817-b275-7a316988d93b"
+| where AppId == "372140e0-b3b7-4226-8ef9-d57986796201"
 | project ['Time']=(TimeGenerated), UserPrincipalName, AuthenticationRequirement, ['MFA Result']=ResultDescription, Status, ConditionalAccessPolicies, DeviceDetail, ['Virtual Machine IP']=IPAddress, ['Cloud App']=ResourceDisplayName
 | order by ['Time'] desc
 ```
