Merge pull request #114325 from Heidilohr/work-mfa-fixes

Fixes based on customer feedback.

Author: PRMerger18

articles/virtual-desktop/create-host-pools-azure-marketplace.md

@@ -36,6 +36,8 @@ You'll also need to know the following things:
 - Where the source of the image you want to use is. Is it from Azure Gallery or is it a custom image?
 - Your domain join credentials.
 
+Also, make sure you've registered the Microsoft.DesktopVirtualization resource provider. If you haven't already, go to **Subscriptions** , select the name of yoru subscription, and then select **Azure resource providers**.
+
 When you create a Windows Virtual Desktop host pool with the Azure Resource Manager template, you can create a virtual machine from the Azure gallery, a managed image, or an unmanaged image. To learn more about how to create VM images, see [Prepare a Windows VHD or VHDX to upload to Azure](../virtual-machines/windows/prepare-for-upload-vhd-image.md) and [Create a managed image of a generalized VM in Azure](../virtual-machines/windows/capture-image-resource.md).
 
 If you don't have an Azure subscription already, make sure to [create an account](https://azure.microsoft.com/free/?WT.mc_id=A261C142F) before you start following these instructions.

articles/virtual-desktop/create-host-pools-powershell.md

@@ -32,7 +32,7 @@ Run the following cmdlet to sign in to the Windows Virtual Desktop environment:
 New-AzWvdHostPool -ResourceGroupName <resourcegroupname> -Name <hostpoolname> -WorkspaceName <workspacename> -HostPoolType <Pooled|Personal> -LoadBalancerType <BreadthFirst|DepthFirst|Persistent> -Location <region> -DesktopAppGroupName <appgroupname> 
 ```
 
-This cmdlet will create the host pool, workspace and desktop app group. Additionally, it will register the desktop app group to the workspace. You can only create a workspace with this cmdlet, not use an existing workspace in this cmdlet. 
+This cmdlet will create the host pool, workspace and desktop app group. Additionally, it will register the desktop app group to the workspace. You can either create a workspace with this cmdlet or use an existing workspace. 
 
 Run the next cmdlet to create a registration token to authorize a session host to join the host pool and save it to a new file on your local computer. You can specify how long the registration token is valid by using the -ExpirationHours parameter.
 

articles/virtual-desktop/expand-existing-host-pool.md

@@ -53,7 +53,7 @@ To expand your host pool by adding virtual machines:
 
 7. Select the resource group you want to create the VMs under, then select the region. You can choose the current region you're using or a new region.
 
-8. Enter the new total number of session hosts you want into **Number of VMs**. For example, if you're expanding your host pool from five session hosts to eight, enter **8**. 
+8. Enter the number of session hosts you want to add to your host pool into **Number of VMs**. For example, if you're expanding your host pool by five hosts, enter **5**.
 
     >[!NOTE]
     >You can't edit the size or image of the VMs because it's important to ensure that all VMs in the host pool are the same size.

articles/virtual-desktop/overview.md

@@ -96,9 +96,9 @@ The Azure virtual machines you create for Windows Virtual Desktop must have acce
 |wvdportalstorageblob.blob.core.windows.net|443|Azure portal support|AzureCloud|
 
 >[!IMPORTANT]
->We recommend you use the service tags instead of URLs in most cases to prevent service issues. Unblocking these URLs is essential for a reliable Windows Virtual Desktop deployment. Blocking access to these URLs is unsupported and will affect service functionality. These URLs only correspond to Windows Virtual Desktop sites and resources, and don't include URLs for other services like Azure Active Directory.
->
 >Windows Virtual Desktop now supports the FQDN tag. For more information, see [Use Azure Firewall to protect Window Virtual Desktop deployments](../firewall/protect-windows-virtual-desktop.md).
+>
+>We recommend you use FQDN tags or service tags instead of URLs to prevent service issues. The listed URLs and tags only correspond to Windows Virtual Desktop sites and resources. They don't include URLs for other services like Azure Active Directory.
 
 The following table lists optional URLs that your Azure virtual machines can have access to:
 

articles/virtual-desktop/set-up-mfa.md

@@ -41,10 +41,13 @@ This section will show you how to create a Conditional Access policy that requir
    - Under **Include**, select **Select users and groups** > **Users and groups** > Choose the group created in the prerequisites stage.
    - Select **Done**.
 6. Under **Cloud apps or actions** > **Include**, select **Select apps**.
-   - Choose **Windows Virtual Desktop**, then **Select**, and then then **Done**.
+   - Choose **Windows Virtual Desktop** (App ID 9cdead84-a844-4324-93f2-b2e6bb768d07), then **Select**, and then then **Done**.
 
      ![A screenshot of the Cloud apps or actions page. The Windows Virtual Desktop and Windows Virtual Desktop Client apps are highlighted in red.](media/cloud-apps-enterprise.png)
 
+     >[!NOTE]
+     >To find the App ID of the app you want to select, go to **Enterprise Applications** and select **Microsoft Applications** from the application type drop-down menu.
+
 7. Under **Access controls** > **Grant**, select **Grant access**, **Require multi-factor authentication**, and then **Select**.
 8. Under **Access controls** > **Session**, select **Sign-in frequency**, set the value to **1** and the unit to **Hours**, and then select **Select**.
 9. Confirm your settings and set **Enable policy** to **On**.