Authentication to session host within Windows Remote Desktop workspace fails

Question

I've gone through the "getting started" {Deploy Azure Virtual Desktop with the getting started feature | Microsoft Learn} with the New Microsoft Entra Domain option to create an Azure Virtual Desktop. That has created everything and I'm able to log into the workspace through various clients including web, desktop client, and Android client.

When I try to log into a VM or application within that workspace, it prompts for the password again, and then rejects the it with the message "The username or password did not work".

The subscription's Entra ID is setup as Hybrid Joined, but I've created a new cloud only user to test with. I don't know if using the New Microsoft Entra Domain option was correct given that there is already a hybrid join setup, but it seemed to be the only option that fit.

Because I'm trying to login from non Entra joined devices, I've set the advanced settings for RDP connections to include targetisaadjoined:i:1. The test user has been assigned the Virtual Machine Login role at the resource group level.

Looking in Log Analytics the fail code is 65002 and reason is "other". Looking up error code 65002 for Entra ID says the following:

Consent between first party application '{applicationId}' and first party resource '{resourceId}' must be configured via preauthorization - applications owned and operated by Microsoft must get approval from the API owner before requesting tokens for that API. A developer in your tenant might be attempting to reuse an App ID owned by Microsoft. This error prevents them from impersonating a Microsoft application to call other APIs. They must move to another app ID they register.

I don't see how that's relevant to trying to log into a session host within Azure Virtual Desktop.

Any assistance would be appreciated.