[v13] Adds an admonition about Teleport not currently supporting Azure AD

docs/pages/desktop-access/active-directory-manual.mdx

@@ -31,6 +31,20 @@ This guide requires you to have:
 - An Active Directory domain, configured for LDAPS (Teleport requires an
   encrypted LDAP connection). Typically this means installing
   [AD CS](https://learn.microsoft.com/en-us/windows-server/identity/ad-cs/)
+
+<Admonition title="Azure AD" type="warning">
+
+Microsoft's Azure Active Directory (Azure AD) offering does not support the
+Kerberos authentication protocol, which is required for Teleport's
+certificate-based authentication.
+
+At this time, Teleport does not support integration with Azure AD, however
+Teleport Enterprise customers can access Windows desktops (including those
+joined to Azure AD) using local accounts via the process described in [Getting
+Started with Desktop Access](./getting-started.mdx).
+
+</Admonition>
+
 - Access to a Domain Controller
 
 (!docs/pages/includes/edition-prereqs-tabs.mdx!)

docs/pages/desktop-access/active-directory.mdx

@@ -19,6 +19,19 @@ The features documented on this page are available in Teleport `10.2.6` and high
 This guide will help you configure Teleport and Active Directory in order to
 provide secure, passwordless access to Windows desktops.
 
+<Admonition title="Azure AD" type="warning">
+
+Microsoft's Azure Active Directory (Azure AD) offering does not support the
+Kerberos authentication protocol, which is required for Teleport's
+certificate-based authentication.
+
+At this time, Teleport does not support integration with Azure AD, however
+Teleport Enterprise customers can access Windows desktops (including those
+joined to Azure AD) using local accounts via the process described in [Getting
+Started with Desktop Access](./getting-started.mdx).
+
+</Admonition>
+
 <Details title="Compare Desktop Access to other RDP clients">
 
 The Teleport Desktop Service is designed to be a secure access solution for Windows
@@ -84,7 +97,7 @@ block to a temporary location. Click **Next**.
 
 On the Linux host where you will run the Teleport Desktop Service, create a file
 called `/etc/teleport.yaml` and paste the configuration provided by the output
-of the previous step. 
+of the previous step.
 
 <Notice type="tip">
 
@@ -112,19 +125,19 @@ proxy_service:
 windows_desktop_service:
   enabled: yes
   ldap:
-    addr:     '10.10.1.50:636'
-    domain:   'windows.teleport.example.com'
+    addr: '10.10.1.50:636'
+    domain: 'windows.teleport.example.com'
     username: 'WIN\svc-teleport'
     server_name: 'windows-server-hostname'
     # insecure_skip_verify prevents teleport from authenticating the LDAP CA
     # against the systems trust store.
     insecure_skip_verify: false
     ldap_ca_cert: |
-        -----BEGIN CERTIFICATE-----
-        MIIDnzCCAoegAwIBAgIQT/UIn+MT4aZC9ix/QuiV9zANBgkqhkiG9w0BAQsFADBi
-        ...
-        31qA4dO3if7RdikD9hVbiIF9jQ==
-        -----END CERTIFICATE-----
+      -----BEGIN CERTIFICATE-----
+      MIIDnzCCAoegAwIBAgIQT/UIn+MT4aZC9ix/QuiV9zANBgkqhkiG9w0BAQsFADBi
+      ...
+      31qA4dO3if7RdikD9hVbiIF9jQ==
+      -----END CERTIFICATE-----
 
   discovery:
     base_dn: '*'