some users cannot connect to entra joined azure multi-session virtual desktop

Question

I have been trying to add some new outside contractors to our multi-session entra joined azure virtual desktop. They are all in the same security groups and excepted from the same CA policies but 2 of them are simply unable to connect with the pop up: 'Your credentials did not work'. Tried everything I know and not making any progress.

Answer 1

1. Confirm Basic Requirements
   Make sure users have the correct licenses Go to Azure Portal > Azure Virtual Desktop > Host Pools > Assignments. Confirm the user is assigned to the appropriate application group (e.g., Desktop Application Group).
2. Check Device Join Status
   On the session host VM (RDP or console login), run

      dsregcmd /status
   

   Check for:
   • AzureADJoined: YES
   • Device is in compliance and shows as “Hybrid or Azure AD Joined”
3. Verify Entra ID Conditional Access
   • Go to Entra ID (Azure AD) > Security > Conditional Access.
   • Make sure there’s no policy that:

     - Blocks AVD access (e.g., requiring compliant devices, MFA issues).
     
           - Blocks the user location/IP/device.
     

   Try temporarily excluding a user from conditional access policy to verify.
4. RDP Client Requirements
   Ensure users are using supported Remote Desktop clients:
   • Windows Remote Desktop Client (MSRDC) from Microsoft Store.
   • Or the latest version from Microsoft website.
   1. Check Host Pool Settings
      Host Pool must be configured with: Validation environment: false RDP Properties with correct redirect and SSO options.
5. Check Session Host Status
   Go to AVD → Host Pools → Session Hosts. Make sure:
   • Session host shows "Available" and not "Unavailable".
   • Check health status.
   Restart the session host if needed.
   1. Network and DNS
      If using Private Link or NSG: Make sure users can resolve and connect to the AVD gateway and host. Check DNS and firewall/NAT rules.