Forum Discussion

FT_1's avatar
FT_1
Occasional Reader
Feb 12, 2026

macOS: SSO no longer fully functional on AVD (Win11 25H2)

Hello everyone,

Since updating our Test Azure Virtual Desktop Session Hosts from Windows 11 23h2 to 25H2 (26200.7462) , we've been experiencing an SSO issue that exclusively affects macOS clients.

 

Symptoms

For macOS users (Windows App), the following issues occur:

Example Teams

  • Teams shows the user as "Unknown User"
  • Chat and collaboration features fail to load
  • Error message: "You need to sign in again. This may be a requirement from your IT department or Teams, or the result of a password update. - Sign in"
  • After clicking "Sign in," only a window appears with "Continue with sign-in" (no PW/MFA prompt)
  • After this, all other applications work without further authentication

 

Technical Details

macOS Device:

AppleM4 Pro
macOS Tahoe 26.2

Installed WindowsApp version:

11.3.2 (2848)

dsregcmd /status:

  • No errors detected
  • PRT is active and was updated for sign-in

Entra Sign-In Logs:

  • Error code: 9002341

EventLog on Session Host (AAD-Operational):

Event ID: 1098 Error: 0xCAA2000C The request requires user interaction. Code: interaction_required Description: AADSTS9002341: User is required to permit SSO. Event ID: 1097 Error: 0xCAA90056 Renew token by the primary refresh token failed. Logged at RefreshTokenRequest.cpp, line: 148, method: RefreshTokenRequest::AcquireToken.

Observations

  • Affects: Both managed (internal) and unmanaged (external) macOS devices
  • Does NOT affect: Windows clients connecting via Windows App
  • Interesting: If a macOS user starts the session (with the error) and then reconnects on a Windows device, authentication works automatically there

Workaround

The issue can be resolved for macOS clients by removing the "DE" flag from "Automatic app sign-in" in the following file:

C:\Windows\System32\IntegratedServicesRegionPolicySet.json

Questions

  1. Is this a known issue?
  2. Has anyone experienced similar issues with macOS clients after the 25H2 update?
  3. Why does this issue only occur with macOS clients?
  4. Why does SSO only work after removing the "DE" flag for macOS devices, and why are Windows devices not affected?

I would appreciate any insights or confirmation of this issue!

Thank you and greetings FT_1

25H2
AVD
macos
SSO
window11

1 Reply

  • Kidd_Ip's avatar
    Kidd_Ip
    MVP
    Feb 13, 2026

    This issue has been identified as a known limitation affecting macOS clients connecting to Azure Virtual Desktop (AVD) following the upgrade of session hosts to Windows 11 version 25H2. The error code AADSTS9002341 (interaction_required) signifies that silent token acquisition cannot be completed and requires explicit user interaction. However, the Windows App for macOS does not correctly present the necessary authentication prompt, resulting in failed single sign-on attempts.

     

    https://learn.microsoft.com/en-us/entra/identity-platform/reference-error-codes

     

    https://learn.microsoft.com/en-us/windows/release-health/status-windows-11-25h2

     

    https://support.microsoft.com/en-gb/topic/january-13-2026-kb5074109-os-builds-26200-7623-and-26100-7623-3ec427dd-6fc4-4c32-a471-83504dd081cb