diff --git a/.github/ISSUE_TEMPLATE/testplan.md b/.github/ISSUE_TEMPLATE/testplan.md
index e3d3e0d75c718..7f7d4d1abe675 100644
--- a/.github/ISSUE_TEMPLATE/testplan.md
+++ b/.github/ISSUE_TEMPLATE/testplan.md
@@ -1238,7 +1238,7 @@ tsh bench web sessions --max=5000 --web user ls
         - [ ] A folder from inside the shared directory can be copy-pasted to another folder inside shared directory (and its contents retained)
   - RBAC
     - [ ] Give the user one role that explicitly disables directory sharing (`desktop_directory_sharing: false`) and confirm that the option to share a directory doesn't appear in the menu
-- Per-Session MFA (try webauthn on each of Chrome, Safari, and Firefox; u2f only works with Firefox)
+- Per-Session MFA
   - [ ] Attempting to start a session no keys registered shows an error message
   - [ ] Attempting to start a session with a webauthn registered pops up the "Verify Your Identity" dialog
     - [ ] Hitting "Cancel" shows an error message
@@ -1282,6 +1282,10 @@ tsh bench web sessions --max=5000 --web user ls
   - Set up Teleport in a trusted cluster configuration where the root and leaf cluster has a w_d_s connected via tunnel (w_d_s running as a separate process)
     - [ ] Confirm that windows desktop sessions can be made on root cluster
     - [ ] Confirm that windows desktop sessions can be made on leaf cluster
+- Screen size
+    - [ ] Desktops that specify a fixed `screen_size` in their spec always use the same screen size.
+    - [ ] Desktops sessions for desktops which specify a fixed `screen_size` do not resize automatically.
+    - [ ] Attempting to register a desktop with a `screen_size` dimension larger than 8192 fails.
 - Non-AD setup
   - [ ] Installer in GUI mode finishes successfully on instance that is not part of domain
   - [ ] Installer works correctly invoked from command line
@@ -1412,7 +1416,7 @@ TODO(lxea): replace links with actual docs once merged
 
 ## SSH Connection Resumption
 
-Verify that SSH works, and that resumable SSH is not interrupted across a Teleport Cloud tenant upgrade. 
+Verify that SSH works, and that resumable SSH is not interrupted across a Teleport Cloud tenant upgrade.
 |   | Standard node | Non-resuming node | Peered node | Agentless node |
 |---|---|---|---|---|
 | `tsh ssh` | <ul><li> [ ] </ul></li> | <ul><li> [ ] </ul></li> | <ul><li> [ ] </ul></li> | <ul><li> [ ] </ul></li> |
diff --git a/docs/pages/desktop-access/reference/configuration.mdx b/docs/pages/desktop-access/reference/configuration.mdx
index ed148288da5e9..589248bf34404 100644
--- a/docs/pages/desktop-access/reference/configuration.mdx
+++ b/docs/pages/desktop-access/reference/configuration.mdx
@@ -43,3 +43,26 @@ desktop sessions are performed over this tunnel. To enable this mode, ensure
 that `windows_desktop_service.listen_addr` is *unset*, and point
 `teleport.proxy_server` at a Teleport Proxy.
 
+## Screen size
+
+By default, Teleport will set the screen size of the remote desktop session
+based on the size of your browser window. In some cases, you may wish to
+configure specific hosts to use a specific screen size. To do this, set the
+`screen_size` attribute on the `windows_desktop_resource`:
+
+```yaml
+kind: windows_desktop
+metadata:
+  name: fixed-screen-size
+spec:
+  host_id: 307e091b-7f6b-42e0-b78d-3362ad10b55d
+  addr: 192.168.1.153:3389
+  non_ad: true
+
+  # Optional - ensures that all sessions use the same screen size,
+  # no matter what the size of the browser window is.
+  # Leave blank to use the size of the browser window.
+  screen_size:
+    width: 1024
+    height: 768
+```
\ No newline at end of file
diff --git a/docs/pages/reference/resources.mdx b/docs/pages/reference/resources.mdx
index b4be31487fbfc..248d774601869 100644
--- a/docs/pages/reference/resources.mdx
+++ b/docs/pages/reference/resources.mdx
@@ -154,7 +154,7 @@ desktops this way:
    connections to the host. If you have multiple such services, you can create
    multiple `windows_desktop` resources with different `host_id` values.
 1. If you intend to log in to the desktop with local Windows users you must set
-   `non_ad: true`. If you intent to log in with Active Directory users, leave
+   `non_ad: true`. If you intend to log in with Active Directory users, leave
    `non_ad` unset (or false), and specify the Active Directory domain in the
    `domain` field.
 
@@ -170,6 +170,13 @@ spec:
   addr: 192.168.1.153:3389
   domain: ""
   non_ad: true
+
+  # Optional - ensures that all sessions use the same screen size,
+  # no matter what the size of the browser window is.
+  # Leave blank to use the size of the browser window.
+  screen_size:
+    width: 1024
+    height: 768
 version: v3
 ```