Merge pull request #301789 from rladbsal/patch-27

prmerger-automator[bot] · web-flow · commit 8dec3f101ba5 · 2025-06-27T21:17:47.000Z
Update storage-files-identity-auth-hybrid-identities-enable.md
diff --git a/articles/storage/files/storage-files-identity-auth-hybrid-identities-enable.md b/articles/storage/files/storage-files-identity-auth-hybrid-identities-enable.md
@@ -206,10 +206,17 @@ Use one of the following three methods:
 
 Configure this Intune [Policy CSP](/windows/client-management/mdm/policy-configuration-service-provider) and apply it to the client(s): [Kerberos/CloudKerberosTicketRetrievalEnabled](/windows/client-management/mdm/policy-csp-kerberos#cloudkerberosticketretrievalenabled), set to 1
 
+> > [!NOTE]
+> > When configuring **CloudKerberosTicketRetrievalEnabled** via Intune, use the **Settings Catalog** instead of the OMA-URI method.  
+> The OMA-URI method does **not** work on **Azure Virtual Desktop (AVD) multi-session** devices. AVD multi-session is a common deployment scenario for **Entra Kerberos with hybrid identities**, including configurations involving **Entra ID Join**, **FSLogix**, and **Azure Files**.  
+
+
 # [Group Policy](#tab/gpo)
 
 Configure this group policy on the client(s) to "Enabled": `Administrative Templates\System\Kerberos\Allow retrieving the Azure AD Kerberos Ticket Granting Ticket during logon`
 
+This setting allows the client to retrieve a cloud-based Kerberos Ticket Granting Ticket (TGT) during user logon.
+
 # [Registry Key](#tab/regkey)
 
 Set the following registry value on the client(s) by running this command from an elevated command prompt: 
