Setup Azure Virtual Desktop "AVD" and FSLogix Complete Step by Step Guide and Demo
ฝัง
- เผยแพร่เมื่อ 6 ต.ค. 2024
- Complete step by step guide and demo showing Azure Virtual Desktop (AVD) how to setup, configure and implement from the start a fully working AVD solution using FSLogix profiles with Azure premium storage private endpoint with Active Directory integration. This will help you build a virtualized desktop infrastructure VDI solution at enterprise scale from start to finish.
👌 Contents of this video 👌
00:08 Intro
03:36 Create Azure storage account for FSLogix
05:42 Create a storage private endpoint
06:36 Create DNS zone for private endpoint
07:29 Create premium file share for performance IOPS
11:18 Azure storage Active Directory integration
13:58 Assign Azure and NTFS permissions on AVD FSLogix Share
17:00 FSLogix GPO Admin Template install
18:11 FSLogix standard config
21:03 Register resource providers
21:31 Create a Azure Virtual Desktop gold image and install apps
23:27 Install FSLogix and apps in gold image
24:09 Sysprep AVD gold image
24:36 Capture the AVD image in the image gallery (Azure compute galleries)
25:33 Creating a AVD host pool from the image gallery
30:00 Add users to access AVD
30:22 Install the Remote Desktop Client
30:43 Testing FSLogix user profiles permissions
31:47 Testing FSLogix user profiles between hosts
33:39 FSLogix Antivirus file and folder exclusions
33:55 Conditional Access policy targeting AVD
34:36 No computer password expire
35:02 Ending and finish up
Required FQDNs and endpoints for Azure Virtual Desktop
learn.microsof...
Set up FSLogix Profile Container with Azure Files and Active Directory Domain Services or Microsoft Entra Domain Services
learn.microsof...
Powershell to enable Active Directory authentication for Azure file shares
learn.microsof...
FSLogix Recommended ACL ans Storage Permissions
learn.microsof...
FSLogix Configuration examples
learn.microsof...
FSLogix AntiVirus file and folder exclusions
learn.microsof...
#virtualdesktop
#azurevirtualdesktop
#avd
#fslogix
#vdi
#daas
#azure
#microsoft
#virtualization
#remotework
#desktopvirtualization
#virtualdesktopinfrastructure
#workfromhome
#desktop - วิทยาศาสตร์และเทคโนโลยี
This is the most complete AVD's production environment tutorial I have ever seen. Thank you very much...truly appreciate your share
Thanks glad you like it. Spread the word!..
Excellent , AVD detail in half an hour :)👍
Thank you! 👍
This is precisely what I've been searching for.
Thanks Tenzin, glad it helped you!
Excellent video. Thanks a lot for sharing! 👍
Thanks John! Glad you enjoyed.
super useful, keep going... thank you!
Thanks Yu, Glad it was helpful!
Thank you this was a very good Video.
You are very welcome Morne!
Great video, thanks for sharing
Your welcome!
Might have missed it in the video, but you didn't talk about enabling share-level permissions on the fileshare once the storage account is AD joined and before you start setting the ACL's in windows.
Hi Wesley, the Azure portal was used and shown in the video to assign the built-in roles to the Entra identity of a user for granting share-level permissions.
Im so thankful for your video since it answered almost all my questions! The only part im having problems with is the dns config of my private endpoint. Since im not aware of a seperate dns server in my company my endpoint is registered with a ".windows" fqdn. Is it neccessary to create a seperate dns server or is there a workaround? kind regards
Hi Paul, Glad it answered all your questions and thanks for your comment.
There are options to configure your DNS settings for private endpoints listed in this Microsoft article which should help.
learn.microsoft.com/en-us/azure/private-link/private-endpoint-dns#azure-services-dns-zone-configuration
Thanks for the video - Very concise and clear. However, when trying to mount the drive, I'm met with authentication failure - permission denied. Did anyone else have this and know a way around it?
Hello, have you double checked the SMB permissions on azure file share that hosts user profiles for users those will be signing in learn.microsoft.com/en-us/fslogix/how-to-configure-storage-permissions
Thank you for this great video! May I ask is this tutorial for pure cloud environment?
Hi Haonan thanks for your comment.
Domain Controllers in this AVD demo are in the Azure cloud and Microsoft Entra ID and AD DS synchronized.
However check out supported identity scenarios below.
There are also several network requirements you need to meet to successfully deploy Azure Virtual Desktop.
One of which is join session hosts to the domain, therefore if your Domain Controllers are not in Azure
you need connectivity to them.
Best to check out all the prerequisites for Azure Virtual Desktop below that covers different scenarios
learn.microsoft.com/en-us/azure/virtual-desktop/prerequisites?tabs=portal
@@CloudInspired Hey there, thank you so much for your detailed response! I will check the settings as you suggested, however, if it is possible to configure FSLogix on AVD totally on native cloud (e.g., no domain controller, no AADS, no Entra Domain Service, etc.)? Thank you!
No problem Haonan, glad to help you! To use FSLogix profile containers with AVD you will require a AD DS domain or Microsoft Entra Domain Services where a AVD host pool with session hosts are joined. Security groups will also be needed, if you're using AD DS, this must be synchronized to Microsoft Entra ID. PowerShell scripts will also need to be run to join the storage account to your domain.
@@CloudInspired Thank you so much, that's very clear answer! Now we are trying to implement FSLogix on pure cloud AVD so need to avoid on-prem things haha
OK best of luck hope it all goes well
Will fslogix profiles only apply to users in the ug-uks-wvd group, since it is tied to the Storage File Data SMB Share Contributor Role? Asking because I'd like to have fslogix only apply to only a subset of users first for testing purposes. Thanks for the video!
Hello, yes the ug-uks-wvd group in this demo contains the AVD users and has the Storage File Data SMB Share Contributor role to access the storage resource in Azure. Permissions are also granted and set at the Windows security level for access. The FSLogix VHD location is specified for the Azure storage path that was created and accessed
as specified in the GPO. If you require selected users for FSlogix testing, you could create a test group and apply permissions accordingly to the Azure storage as above.
subscribed! great content, will appreciate a lot if you can make chapters on your videos, thank you
Welcome aboard!
is it possible in 2024-OCT to have a 100% cloud only AVD with FSLogix ???
Check out the prerequisites for Azure Virtual Desktop learn.microsoft.com/en-us/azure/virtual-desktop/prerequisites
To use FSLogix profile containers with AVD you will require a AD DS domain or Microsoft Entra Domain Services where a AVD host pool with session hosts are joined. Security groups will also be needed, if you're using AD DS, this must be synchronized to Microsoft Entra ID.
Is there any way to avoid the second login when connecting to the AVD windows 10 desktop ?
I have a project where we have a local AD and various servers that can’t go away. Those are being moved as is to azure virtual servers using the replication appliance. Users are all synced to Entra and what not.
They want the Azure windows 11 multisession virtual desktops to be domain joined to the “local” AD. And of course if I show them they have to login twice to get into a desktop session, they will get all salty on me.
Hello, you would need to Configure single sign-on for Azure Virtual Desktop using Microsoft Entra ID authentication. Details are here learn.microsoft.com/en-us/azure/virtual-desktop/configure-single-sign-on