Posted at the request of Microsoft support:
When deploying an Azure Virtual Desktop (formerly WVD) Host Pool with AzureAD-only auth, the pool VMs requires the ability to access https://login.microsoftonline.com/<tenantID>; and https://login.microsoftonline.com/<tenantID>/sidtoname on the default AzureAD tenant for their authorization flow. However, both URLs fail with a 400 error (both from the AVD VM and when I try to reach them locally from my browser) for my tenantID GUID. I would have assumed that the above URLs are always available for an AzureAD tenant, but clearly something in the tenant configuration is off.
Might someone have thoughts regarding how these endpoints might have been disabled for the AzureAD tenant and how they might be re-enabled?