Update storage-files-identity-auth-hybrid-identities-enable.md

intune settings and kerb ticket extra note info

Author: rladbsal

articles/storage/files/storage-files-identity-auth-hybrid-identities-enable.md

@@ -206,10 +206,16 @@ Use one of the following three methods:
 
 Configure this Intune [Policy CSP](/windows/client-management/mdm/policy-configuration-service-provider) and apply it to the client(s): [Kerberos/CloudKerberosTicketRetrievalEnabled](/windows/client-management/mdm/policy-csp-kerberos#cloudkerberosticketretrievalenabled), set to 1
 
+> **Note:** When configuring **CloudKerberosTicketRetrievalEnabled** via Intune, use the **Settings Catalog** instead of the OMA-URI method.  
+> The OMA-URI method does **not** work on **Azure Virtual Desktop (AVD) multi-session** devices. AVD multi-session is a common deployment scenario for **Entra Kerberos with hybrid identities**, including configurations involving **Entra ID Join**, **FSLogix**, and **Azure Files**.  
+> Using the Settings Catalog ensures proper application of the policy in multi-session environments.
+
 # [Group Policy](#tab/gpo)
 
 Configure this group policy on the client(s) to "Enabled": `Administrative Templates\System\Kerberos\Allow retrieving the Azure AD Kerberos Ticket Granting Ticket during logon`
 
+This setting allows the client to retrieve a cloud-based Kerberos Ticket Granting Ticket (TGT) during user logon.
+
 # [Registry Key](#tab/regkey)
 
 Set the following registry value on the client(s) by running this command from an elevated command prompt: