Updates to browser-based RDP

1. Update Powershell version requirement
2. Update how to connect with a Microsoft Entra ID-bound username
3. Update size limits on copy/paste.
4. Add clarification on what a virtual network is and how to get the id.

Author: asamborski

src/content/docs/cloudflare-one/connections/connect-networks/use-cases/rdp/rdp-browser.mdx

@@ -13,8 +13,8 @@ import { Render, GlossaryTooltip, Details  } from "~/components"
 Users can connect to an RDP server without installing an RDP client or the [WARP client](/cloudflare-one/connections/connect-devices/warp/) on their device. Browser-based RDP leverages [Cloudflare Tunnel](/cloudflare-one/connections/connect-networks/), which creates a secure, outbound-only connection from your RDP server to Cloudflare's global network. Setup involves running the `cloudflared` daemon on the RDP server (or any other host machine within the private network) and routing RDP traffic over a public hostname.
 
 There are two ways for users to [reach the RDP server in their browser](#4-connect-as-a-user):
-- **App Launcher**: Users can log in to the [Access App Launcher](/cloudflare-one/applications/app-launcher/) with their Cloudflare Access credentials and then initiate an RDP connection within the browser to their Windows machine. Users will authenticate to the Windows machine using their pre-configured Windows username and password. Cloudflare does not manage any credentials on the Windows server.
-- **Direct URL**: A user may also navigate directly to the Windows server at `https://<app-domain>/rdp/<vnet-id>/<target-ip>/<port>`. The authentication flow is the same as for the App Launcher; first users must log in to Cloudflare Access and then use their Windows credentials to authenticate to the Windows machine.
+- **App Launcher (recommended)**: Users can log in to the [Access App Launcher](/cloudflare-one/applications/app-launcher/) with their Cloudflare Access credentials and then initiate an RDP connection within the browser to their Windows machine. Users will authenticate to the Windows machine using their pre-configured Windows username and password. Cloudflare does not manage any credentials on the Windows server.
+- **Direct URL**: A user may also navigate directly to the Windows server at `https://<app-domain>/rdp/<vnet-id>/<target-ip>/<port>`. The authentication flow is the same as for the App Launcher; first users must log in to Cloudflare Access and then use their Windows credentials to authenticate to the Windows machine. To learn more about virtual networks, see [this entry](/cloudflare-one/connections/connect-networks/private-net/cloudflared/tunnel-virtual-networks/).
 
 Browser-based RDP can be used in conjunction with [routing over WARP](/cloudflare-one/connections/connect-networks/use-cases/rdp/rdp-warp-to-tunnel/) so that there are multiple ways to connect to the server. You can reuse the same Cloudflare Tunnel when configuring each connection method.
 
@@ -143,10 +143,22 @@ To connect to a Windows machine over RDP:
 3. Select the target you want to connect to.
 
 	The App Launcher tile will launch a URL of the form `https://<app-domain>/rdp/<vnet-id>/<target-ip>/<port>`. You may also navigate directly to this URL.
+
+	:::note
+		 `Vnet-id` stands for virtual network identifier. [Virtual networks](/cloudflare-one/connections/connect-networks/private-net/cloudflared/tunnel-virtual-networks/) (VNET) allow you to connect private networks that have overlapping IP ranges without creating conflicts for users or services.
+
+		 Your organization may not use virtual networks and so all targets will be added to the default VNET automatically.
+
+		 To find the default VNET, you can use [this API endpoint](https://developers.cloudflare.com/api/resources/zero_trust/subresources/networks/subresources/virtual_networks/methods/list/) to list all virtual networks in your organization. Obtain your default `Vnet-id` by looking for the virtual network with "is_default_network": true.
+	:::
 4. Select the port that you want to connect to. The port selection screen only appears if the Access application allows RDP traffic on multiple ports (for example, port `3389` and port `65321`).
 5. (Optional) In your browser settings, allow the Access application to access the clipboard. Clipboard permissions grant the ability to copy or paste text between the local machine and the remote Windows machine.
 6. Enter your Windows username and password. For more information on supported login credentials, refer to [User identifier formats](#user-identifier-formats).
 
+		:::note
+		Please see [below](#microsoft-entra-id) if you wish to access a Microsoft Entra ID-bound RDP server for further instructions on how to format your username.
+		:::
+
 You now have access to the remote Windows desktop.
 
 ## Compatibility
@@ -175,6 +187,10 @@ Browser-based RDP supports connecting to Windows machines that run the following
 | Other Chromium-based browsers (Opera, Brave) | ✅            |
 | Internet Explorer 11 and below               | ❌            |
 
+### Powershell
+
+Please ensure you are running Powershell 7 to mitigate a prior Microsoft issue where keystrokes are not recorded.
+
 ### User identifier formats
 
 Browser-based RDP supports connecting to Windows machines using the following login credentials:
@@ -210,6 +226,16 @@ Examples:
 Cloudflare will not configure user identifiers on the RDP target. Any user identifier used to authenticate must be pre-configured on the server.
 :::
 
+#### Microsoft Entra ID
+
+User identifiers that are bound to Microsoft Entra ID domains must enter their username as AzureAD\[email protected] or as AzureAD\user. The AzureAD\ prefix is case-insensitive.
+
+The login flow differs slightly when using an Microsoft Entra ID-bound username.
+1. Enter your username in one of the formats outlined above.
+2. Once the username is entered, the password box will disappear, and the RDP connection will initiate.
+3. The RDP server will then prompt for the password before granting you access to your RDP server.
+
+
 ### Cloudflare products
 
  <Render file="access/self-hosted-app/product-compatibility" product="cloudflare-one" />
@@ -219,5 +245,7 @@ Cloudflare will not configure user identifiers on the RDP target. Any user ident
 - **TLS certificate verification**: Cloudflare uses TLS to connect to the RDP target but does not verify the origin TLS certificate.
 - **WARP authentication**: Since browser-based RDP traffic does not go through the WARP client, users cannot use their [WARP session identity](/cloudflare-one/connections/connect-devices/warp/configure-warp/warp-sessions/#configure-warp-sessions-in-access) to authenticate.
 - **Audio over RDP**: Users cannot use their microphone and speaker to interact with the remote machine.
+- **Clipboard size limit**: Data copied to/from your local machine or your browser-based RDP session may not exceed 500 KB.
 - **Clipboard controls**: Admins do not have the ability to restrict copy/paste actions between the remote machine and the user's local clipboard.
 - **File transfers**: Users cannot copy/paste files from their local machine to the remote machine and vice versa.
+