วีดีโอ

Thanks Aprajita!

Glad it helped you Sergio!

Hi Rafał, The ug-uks-wvd group in this demo contains the AVD users and has the Storage File Data SMB Share Contributor role to access the storage resource in Azure. Permissions are also granted and set at the Windows security level for access. The FSLogix VHD location is specified for the Azure storage path that was created and accessed as specified in the GPO. You could create different groups to divide your storage and apply permissions accordingly to the Azure storage as above. There is a Microsoft doc for User profile management for AVD with FSLogix profile containers which outlines best practices and permissions learn.microsoft.com/en-us/azure/virtual-desktop/fslogix-profile-containers

Hello, Full AVD video is located here th-cam.com/video/rKjdAOl0THo/w-d-xo.html Thanks

Merci Salah!

14:00 nevermind

Yes this is all possible, glad you found in the video ok!

@@CloudInspired I find it hard to find a use for loop. Or how to use it in a team or project.

Check out the prerequisites for Azure Virtual Desktop learn.microsoft.com/en-us/azure/virtual-desktop/prerequisites To use FSLogix profile containers with AVD you will require a AD DS domain or Microsoft Entra Domain Services where a AVD host pool with session hosts are joined. Security groups will also be needed, if you're using AD DS, this must be synchronized to Microsoft Entra ID.

Thank you! 👍

Thanks Adewale

I don't think it is possible because it doesn't care about receiving the sensitive information from any channels.

Welcome aboard!

Hi Wesley, the Azure portal was used and shown in the video to assign the built-in roles to the Entra identity of a user for granting share-level permissions.

Hi Perez, Microsoft purview is a service which provides a set of solutions govern, protect, and manage data. Check out the licensing to enable Microsoft DLP here for more info. learn.microsoft.com/en-us/office365/servicedescriptions/microsoft-365-service-descriptions/microsoft-365-tenantlevel-services-licensing-guidance/microsoft-365-security-compliance-licensing-guidance#microsoft-purview-data-loss-prevention-data-loss-prevention-dlp-for-exchange-online-sharepoint-online-and-onedrive-for-business

Hello, have you double checked the SMB permissions on azure file share that hosts user profiles for users those will be signing in learn.microsoft.com/en-us/fslogix/how-to-configure-storage-permissions

Hello, yes the ug-uks-wvd group in this demo contains the AVD users and has the Storage File Data SMB Share Contributor role to access the storage resource in Azure. Permissions are also granted and set at the Windows security level for access. The FSLogix VHD location is specified for the Azure storage path that was created and accessed as specified in the GPO. If you require selected users for FSlogix testing, you could create a test group and apply permissions accordingly to the Azure storage as above.

Hi Paul, Glad it answered all your questions and thanks for your comment. There are options to configure your DNS settings for private endpoints listed in this Microsoft article which should help. learn.microsoft.com/en-us/azure/private-link/private-endpoint-dns#azure-services-dns-zone-configuration

Thanks Tenzin, glad it helped you!

Hi Ehab, there could be multiple reasons for the policy not working. I would confirm that the DLP policies are configured correctly and enabled from compliance portal. In addition, confirm that the correct content sources are selected. This article also explains how the DLP compliance portal works with DLP and mail flow rules in the Exchange admin center learn.microsoft.com/en-us/purview/dlp-how-dlp-works-between-admin-centers?view=o365-worldwide For licensing requirements this should help. learn.microsoft.com/en-us/purview/endpoint-dlp-getting-started#skusubscriptions-licensing

Hello, I'm sorry you felt this way. However the video is at an advanced level. Prerequisites and a good understanding of VMware and Azure environments would be required to understand the content being discussed in this video. I would recommend you study some basics around VMware and Azure and the tooling used (i.e networking, virtual machines, azure migrate, DR/Migration concepts) before watching this video. Thanks and good luck!

Hi Ajith, do you mean use an existing VPN connection? I dont think that is possible at this time.

Hello, thanks for your comment. If you follow the video exactly it should work as shown. At what point is this not working and what are you exepriencing?

Thanks Sunny

Hi Haonan thanks for your comment. Domain Controllers in this AVD demo are in the Azure cloud and Microsoft Entra ID and AD DS synchronized. However check out supported identity scenarios below. There are also several network requirements you need to meet to successfully deploy Azure Virtual Desktop. One of which is join session hosts to the domain, therefore if your Domain Controllers are not in Azure you need connectivity to them. Best to check out all the prerequisites for Azure Virtual Desktop below that covers different scenarios learn.microsoft.com/en-us/azure/virtual-desktop/prerequisites?tabs=portal

@@CloudInspired Hey there, thank you so much for your detailed response! I will check the settings as you suggested, however, if it is possible to configure FSLogix on AVD totally on native cloud (e.g., no domain controller, no AADS, no Entra Domain Service, etc.)? Thank you!

No problem Haonan, glad to help you! To use FSLogix profile containers with AVD you will require a AD DS domain or Microsoft Entra Domain Services where a AVD host pool with session hosts are joined. Security groups will also be needed, if you're using AD DS, this must be synchronized to Microsoft Entra ID. PowerShell scripts will also need to be run to join the storage account to your domain.

@@CloudInspired Thank you so much, that's very clear answer! Now we are trying to implement FSLogix on pure cloud AVD so need to avoid on-prem things haha

OK best of luck hope it all goes well

Thanks glad you like it. Spread the word!..

Your welcome!

Thanks Chris

Hi Alexis, thanks for your comment. The preview requires a Microsoft Entra ID P1 license and Administrators who interact with Global Secure Access preview features must have the Global Secure Access Administrator role. Check out the Prerequisites here learn.microsoft.com/en-us/entra/global-secure-access/how-to-get-started-with-global-secure-access .Also how to Set up connector server learn.microsoft.com/en-us/entra/architecture/sse-deployment-guide-private-access#deploy-and-test-microsoft-entra-private-access Anything in the Global Secure Access client logs? Troubleshoot issues in the Global Secure Access client for Windows learn.microsoft.com/en-us/troubleshoot/azure/entra/global-secure-access/troubleshoot-global-secure-access-client-windows-issues

Hi Leonardo, thanks for your comment. Its interesting you have found those results from your testing. Windows 365 uses the RDP protocol which dynamically adjusts various parameters to deliver the best user experience. The Microsoft articles below give different scenario examples on bandwidth required for running popular applications for Windows 365 cloud pc, i.e. Microsoft apps, word, excel and web browsing including video playback. Network requirements for Windows 365 cloud pc learn.microsoft.com/en-us/windows-365/enterprise/requirements-network Remote Desktop Protocol (RDP) bandwidth requirements and use cases learn.microsoft.com/en-us/azure/virtual-desktop/rdp-bandwidth

Hi Daniel, DLP policy will encrypt outgoing messages as shown and the recipient will receive an link for encrypted messages.

Hi Giorgio, thanks! The preview requires a Microsoft Entra ID P1 license. To use the Microsoft 365 traffic forwarding profile, a Microsoft 365 E3 license is recommended. A E5 license will cover all the above. Microsoft Licensing requirements might change after general availability.

​@@CloudInspired hi! Thanks for the answer! I have unlocked the microsoft entra Suite trial to test it. Now I have a problem the "Global Secure Access Client - disabled by your organization", I don't understand why the client don't function

@@CloudInspired I have configured the agent in 2 server for ridondancy, and after I have configured the "same" configuration like your demo. I have installed the client in my device AzureADJoined but I have the alert "Global Secure Access Client - disabled by your organization" and I can't nothing, can you help me? :/

Glad you enjoyed it

Hello, you would need to Configure single sign-on for Azure Virtual Desktop using Microsoft Entra ID authentication. Details are here learn.microsoft.com/en-us/azure/virtual-desktop/configure-single-sign-on

Thanks Fabien for your comment and advice.

Hello, there is a article here to troubleshooting issues where the hybrid migration endpoint cannot be created learn.microsoft.com/en-gb/archive/blogs/exovoice/troubleshooting-issues-where-the-migration-endpoint-cannot-be-created-in-hybrid-scenarios .Please also check your firewall it must allow the incoming connections on URL containing /ews/mrsproxy.svc, in case it is using URL filtering, or if possible, you can allow all the incoming traffic on port 443. If you are using an IP filtering configuration in the firewall, you should make sure that you have the updated Exhange Online IP list in the firewall configuration, you can find IP ranges list for Exchange Online in that article. Also using the Test-MigrationServerAvailability command you can test access to the MRSProxy. Hope that helps.

You are very welcome Morne!

Thanks Yu, Glad it was helpful!

Thanks John! Glad you enjoyed.

Authentication Context is basically a tag that you can apply to SharePoint Online sites. You can then create a conditional access policies to use the context to control access to the SharePoint site. The sensitivity label method would be recommened to allow multiple settings to be applied as shown in the video.

You are welcome

Thanks and your welcome