From c48064a25a400052d6811a7d10c5a443f585f965 Mon Sep 17 00:00:00 2001
From: jbyway <30424593+jbyway@users.noreply.github.com>
Date: Wed, 15 Oct 2025 17:41:57 +0800
Subject: [PATCH] Add troubleshooting for external identities login issues

Added troubleshooting information for external identities encountering login issues due to cross-tenant access restrictions.
---
 ...e-troubleshoot-azure-ad-joined-connections-all.md | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/support/azure/virtual-desktop/includes/include-troubleshoot-azure-ad-joined-connections-all.md b/support/azure/virtual-desktop/includes/include-troubleshoot-azure-ad-joined-connections-all.md
index d6fbd7f4df1..aa28eeb582a 100644
--- a/support/azure/virtual-desktop/includes/include-troubleshoot-azure-ad-joined-connections-all.md
+++ b/support/azure/virtual-desktop/includes/include-troubleshoot-azure-ad-joined-connections-all.md
@@ -35,3 +35,15 @@ AADNonInteractiveUserSignInLogs
 | project ['Time']=(TimeGenerated), UserPrincipalName, AuthenticationRequirement, ['MFA Result']=ResultDescription, Status, ConditionalAccessPolicies, DeviceDetail, ['Virtual Machine IP']=IPAddress, ['Cloud App']=ResourceDisplayName
 | order by ['Time'] desc
 ```
+### External Identities are unable to discover resources or login to their Cloud PC
+If your Entra ID tenant restricts cross-tenant access and external collaboration settings, you may encounter an error when External Identities attempt to connect. 
+
+> Log Name: Microsoft-Windows-AAD, Event ID: 1081, Error Message: OAuth response error: interaction_required, Error description: AADSTS500213: The resource tenant's cross-tenant access policy does not allow this user to access this tenant.
+
+You will need to allow the following applications for external identities to successfully login.
+
+- Azure Virtual Desktop
+- Windows Azure Active Directory
+- Windows Cloud Login
+- Azure Windows VM Sign-In
+- Windows 365 (if allocating Windows 365 Cloud PCs)