FSLogix Biggest Issue Azure Virtual Desktop
Рет қаралды 10,524
AVD Admins: Fix FSLogix’s Worst Problem Now with the Ultimate Guide to FSLogix Storage Permissions for Azure Virtual Desktop! 🔥AFTER THIS 👉 kzfaq.info/get/bejne/otxynK-bnNWld2g.html 👈
▬▬▬▬▬▬ C H A P T E R S 📲 ▬▬▬▬▬▬
00:00 The Biggest Issue In FSLogix
00:31 Supported Options
01:46 The Fastest Storage
03:35 The Best Bang For Your Buck
06:08 Azure Permissions
08:00 Windows NTFS Permissions
11:45 100% Cloud, The Right Way!
14:47 Configure FSLogix
16:10 Wrap Up
▬▬▬▬▬▬ R E S O U R C E S 📡 ▬▬▬▬▬▬
► FSLogix Storage Options: learn.microsoft.com/en-us/fslogix/concepts-container-storage-options
► FSLogix Storage Permissions: learn.microsoft.com/en-us/fslogix/how-to-configure-storage-permissions
► My GitHub Repo: github.com/DeanCefola/Azure-WVD/blob/master/PowerShell/FSLogixSettingsOnly.ps1
► 100% Cloud Script: raw.githubusercontent.com/DeanCefola/Azure-WVD/master/PowerShell/FSLogix100Cloud.ps1
▬▬▬▬▬▬ S U P P O R T 💰 ▬▬▬▬▬▬
► Become a Learner TODAY: tinyurl.com/AzureAcademy-Subscribe
► Twitter: MSAzureAcademy
► LinkedIn: www.linkedin.com/in/dean-cefola-2902934b
#TheAzureAcademy #FSLogix #AzureVirtualDesktop
@OS-qh7ww 4 ай бұрын
Thanks for sharing your knowledge! It was definitely worth it, looking forward to the next Cloud Cache episode.
@AzureAcademy 4 ай бұрын
Thanks for watching…here ya go! kzfaq.info/get/bejne/eMWCZaWamrnVhqM.htmlsi=fb9znK5FeEIZ6AGK
@srinivast.p.9301 Жыл бұрын
Thnx for the knowledge share,definitely worth the watch,waiting for next Cloud Cache.
@AzureAcademy Жыл бұрын
Thanks for letting me know! Stay tuned!
@Twikkilol 4 ай бұрын
Thank you so much! I was really looking for 100% cloud solution.
@AzureAcademy 4 ай бұрын
You are welcome!
@malcolmwalker2852 Жыл бұрын
Great Work Dean.
@AzureAcademy Жыл бұрын
Thanks Malcolm!
@lillilblurkin Жыл бұрын
Great Video! Appreciate all the awesome content. This is a great 15 min refresher on doing things right. Today we use ADDS with Azure Premium Files. Have found this to be a very simple solution. We then use GPO templates to export for all of our clients with all the FSlogix settings that we need. Most likely we will migrate all these to Intune soon but still cant pull the trigger on full AAD implementation.
@AzureAcademy Жыл бұрын
Thanks! Why the hesitation of full Azure AD Join VMs?
@lillilblurkin Жыл бұрын
@@AzureAcademy I guess from an AVD perspective it just seems like its not fully baked yet. I definitely agree that AAD Kerberos is cool and a unique way to make things happen but definitely seems like some security concerns still. I have no doubt that Microsoft will have this completely revamped before too much longer. Also what is the secret to getting a fast track engineer to help us out? We have been trying to go through our partnership to get a fast track engineer like you engaged with our team. We are an MSP moving our entire customer base from on prem VMware to Azure. We are currently working on fully automating AVD with ADO and Bicep! Your videos have greatly helped with that process! So thank you for all you do.
@AzureAcademy Жыл бұрын
FastTrack engages with customers through nominations Click here for details www.microsoft.com/azure/partners/fasttrack-for-azure
@mosksky Жыл бұрын
TY Dean!!! definitely cloud cache :)
@AzureAcademy Жыл бұрын
Cool, thanks for letting me know Len! Stay Tuned!
@mosksky 6 ай бұрын
Thanks!
@AzureAcademy 6 ай бұрын
Thank you for your support!
@mmiltenburg 3 ай бұрын
Your way of explaining things is favourite to me: fast 😁 Some people take forever😂
@AzureAcademy 3 ай бұрын
Awesome, I agree some videos are WAAAAAY too long 👍 I hope you subscribed for more ☺️
@user-kh8we1oo5s Жыл бұрын
Big thanks for the helpfull info. How can we control the include/exclude groups for FSLogix in the 100% Cloud setup for AAD users and groups only?
@AzureAcademy Жыл бұрын
Everyone is allowed by default to use FSLogix, if they have permissions to log onto the VM. I generally exclude admins so they still get in to troubleshoot if there’s a problem. You can run this on a cloud joined VM by Either as a deployment script as part of your build process or a powershell script deployed from Intune after they are built are 2 easy ways to go.
@niranmanandhar8517 Жыл бұрын
Great work and yes would like to know the about cloud cache. Is it correct best practice if we were to enable cloud cache would be to create two separaate profile and 365 containers and keep it separate?.
@AzureAcademy Жыл бұрын
Thanks for letting me know, stay tuned!
@samaelambrona3036 10 ай бұрын
Hello Dean, Great video showing all the options. I have one doubt though. In the part of the Azure AD joined vm. You run a script with a key taken from the storage account however, this key rotates from time to time. Do you need to run the script every time the key rotates, or the key is only used once? Best regards
@AzureAcademy 10 ай бұрын
there are two account keys, and if the key you are using rotates, you would need to re-run the script. Remember this is not a long-term solution, but rather a way to use a cloud only set up until the product team comes out with a product feature or solution.
@ctxshekhar7979 Жыл бұрын
Hi Dean - I have a AVD environment as all the sessions hosts are AD DS domain joined. I am using the fslogix for the profile management. Once the user login to the AVD Session host and when he opens the outlook/teams or any office 365 apps it prompts for the password. This happens every time no matter which ever the session host he connects. When we remove the fslogix GPO object the SSO works as the office365 wont prompt for the password. FYI, the same fslogix GPO settings works for the Hybrid AD Joined AVD setup. Can you please help here what could be the issue ?
@AzureAcademy Жыл бұрын
The issue may be your FSLogix redirections.xml file excluding outlook…remove it try again and let me know
@user-kh8we1oo5s Жыл бұрын
Hi Dean, i am running into a showblocker of the cloud only setup. After importing the FSLogix ADMX into Intune and creating a new "Device configuration" it is always presented as "Not applicable". I figured out that it is a topic of the Multi User Win11. It works fine Single user Win 11. But most Device configurations (also the existing ones for Autopilot machines) are not applicable for Multi User OS. Do you have any idea about this issue? thanks and best regards - Werner
@AzureAcademy Жыл бұрын
I haven’t had that issue with my multisession VMs. But when I did my device assignment I did it to all devices. I don’t think this is an issue because the FSLogix settings will only impact VMs with FSLogix installed, and that’s my AVD VMs…make sense
@marshalexander99 9 ай бұрын
Great video Dean. How does FSLogix work in the scenario where profiles need to be on multiple storage accounts? I'm thinking here a scenario whereby you host an AVD environment but need to keep the data for each customer in their own storage account.
@AzureAcademy 8 ай бұрын
There is NO scenario I can think of why you would need to keep each users data in their own storage account. The proper permissions on the Azure Files Shares isolate each user to their own folder on the share so they can’t see or do anything with anyone else’s learn.microsoft.com/en-us/fslogix/how-to-configure-storage-permissions#recommended-acls If you still think you need that, please share details and help me understand the scenario. Then I can help find you a way to do it
@marshalexander99 8 ай бұрын
@@AzureAcademyit was more to group customers together for billing purposes. We have an application customers currently access via citrix and have no ability to easily chargeback for storage costs. By having each customer in their own storage account (some customers have 2 users, others have 20 for example) they can be accurately billed for app storage usage and profile usage, and also allows all data for one customer to be easily exported in the event of a GDPR/Subject access request/Offboarding process. Hopefully I've explained the requirement a bit more clearly now
@AzureAcademy 6 ай бұрын
Then you are aligning a single file share to a host pool…which is a best practice And since you can’t tag a file share you have to do costing at the storage account level So you need 1 storage account with 1 file share per customer…makes sense
@osuperfly Жыл бұрын
Hi Dean, I tried Intune ADMX import and realized that my policy won’t work with AVD Windows 10 MultiSession VMs. Is that right?
@AzureAcademy Жыл бұрын
Intune just started supporting multisession VMs but it seems that all Intune policies which are more user centric do not get applied the way you expect to a multisession computer. So you can force it to work if you apply to all devices…but be careful what you apply to all devices
@BuggageandGlitchage Жыл бұрын
Wow, this is going down the rabbit hole. I always use your az-140 videos to set up my FSLogix which seem to work perfectly, am I missing a trick?
@AzureAcademy Жыл бұрын
Not really…much the same info just updated some of the methods and redirection info
@alozborne Жыл бұрын
Would love to see a video on the nuances of combining traditional folder redirection with fslogix containers and OneDrive. I would love to be able to redirect Documents, Desktop, and Downloads to an Azure File share, have the rest of the profile reside in an fslogix container, yet still give users access to the OneDrive app (no syncing) within the AVD session. I tried this, but folder redirection and the OneDrive app don't play well together. Ended up having to scrap the plan to use folder redirection. I prefer to use traditional folder redirection for Documents, Desktop, and Downloads as restores require first restoring the fslogix container, mounting that (and praying that it's healthy), and then finally pulling files out of it.
@AzureAcademy Жыл бұрын
A few options here: when I use OneDrive I setup my user profile and OneDrive to be the same place. C:\users\dean\desktop is in the FSLogix profile. But I redirect it to c:\users\Dean\onedrive\Desktop This can be done by right clicking on the desktop folder, properties, location tab Change the location path. This way most of my profile data is in OneDrive and syncs across my devices You can also execute this with a REGEDIT script Does this sound like what you are trying to do
@steveturnbull9869 Жыл бұрын
Would be good to see recommendations on how to stop onedrive from filling up profile containers. Storage sense isn’t the answer since vms are mostly not running 24/7 for even the 1 day policy to kick in since it runs randomly. How do people keep onedrive in check ?
@AzureAcademy Жыл бұрын
Storage sense isn’t supported on multisession anyway… for OneDrive I usually have a bunch of group policies that I use to limit the amount of space someone can download as well as used files on demand and known folder redirection’s, which limits one drive to the minimum‘s then I can also use the redirection’s XML file to take the rest out of my profile Than anything that they download during their session is on the local computer not the profile
@steveturnbull9869 Жыл бұрын
@@AzureAcademy that is one way but in multi session you then run the risk of running out of local disk space if many users are downloading onedrive files and crashing the machine. Machines cost money in azure so we tend to run them with minimal amounts of disk space on c:. All onedrive really needs is a purge policy which would be to define a period of time when files that have not been accessed in the profile container are set back to online mode which is essentially just an attrib flag. Then the profile container compaction option could do the rest at logoff, but to my knowledge no such policy exists
@AzureAcademy Жыл бұрын
That purge policy is what storage sense does…unfortunately it is not supported or recommended on windows multi-session today Disk is not the most expensive part of a VM, powering it on and running IS. So I suggest rethinking your strategy ☺️ the normal VM disk size for the Azure marketplace images is 127GB if you are using VHDLocations with FSLogix, then EVERYTHING in the profile is written to the file share and has NO Impact on local disk, including OneDrive. However, if you are using Cloud Cache and redirections you are impacting the C:\ drive. So you have to pick your poison. Then use OneDrive policy and redirections to limit impact and also consider the user experience. Example: OneDrive files on demand is great for saving space BUT it means the user needs to download that same spreadsheet each time they log in…which takes a second or 2 longer…is that ok to save a little space?
@jadan2000 5 ай бұрын
hello. I currently use AVD for one of my clients. Their AVD was already built before they started working with me. They have The Fslogix profile disks sitting on a file server ( Azure VM) instead of azure file storage. Which, in your opinion is the better option between Azure file storage or a vm file server?
@AzureAcademy 5 ай бұрын
Azure Files Shares are INFINITELY BETTER vs VMs with a file server role. VMs cost more, You have to manage the OS, disks, performance etc yourself, Setup and manage your own backup and DR to protect the profiles etc. Azure Files does all that for you…and it costs less.
@worldofhemu Жыл бұрын
Cloud cache
@AzureAcademy Жыл бұрын
Awesome, stay tuned!
@Mkt6040 Жыл бұрын
Since FSLogix was acquired by Microsoft, I don’t think they have done a great job with its integration when it comes to ease of setting it up and ironing out the issues that your traditional RDS have had such as roaming/FSLogix corrupt profile issues, corrupt outlook OSTs and Teams profiles. I have open cases with Microsoft on these issues. AVD without FSLogix profiles is the best user and admin experience (how a PaaS or SaaS solution should be). I long for the day it would work as “advertised” and the setup would be simple and part of the host pool and VM deployment wizard (replace these scripts, manual permission set up and registry key changes with GUI check boxes). I have cloud only set up with blob storage (CCD locations).
@AzureAcademy Жыл бұрын
Gotta say…your wounds may be self inflicted with FSLogix. Blob storage with cloud cache is not the best performing option, SMB is far better. I have deployed and configured hundreds of customers covering almost 100,000 users around the globe…it absolutely works as advertised. Are there issues with a profile here or there becoming corrupt…YES but as a whole, when it’s setup correctly, works amazingly well.
@diegomartinez447 Жыл бұрын
Cloud Cache!
@AzureAcademy Жыл бұрын
Thanks for sharing, stay tuned!
@sophware Жыл бұрын
Cloud Cache
@AzureAcademy Жыл бұрын
Thanks! Stay tuned
@steveturnbull9869 Жыл бұрын
Search index with fslogix - completely broken on windows 11 multi session. Would be good to see videos on actual known issues too which have no fix
@AzureAcademy Жыл бұрын
I’m not aware of search indexing being broken…? Broken how? Interesting idea on the video too!
@steveturnbull9869 Жыл бұрын
@@AzureAcademy yes been broken since at least December 2022. Windows 10 multi session is ok, it’s broken on windows 11 Multi session and windows server 2022 I believe. There are a few online forums about it and MS have been testing private fixes for the last couple of months. It pretty much blocks a production windows 11 multi session right now unless you don’t need the search index working
@AzureAcademy Жыл бұрын
I haven’t really found search indexing to be a production stopping feature for customers… what makes you think it is?
@steveturnbull9869 Жыл бұрын
@@AzureAcademy without it working you get a horrible message on windows11 when you click on the start button that says search indexing is off, also it means none of the search options are available In outlook and they are greyed out which is a major issue for our users
@AzureAcademy Жыл бұрын
I don’t experience either of those issues with my Windows 11 Multi-Session VMs! Did you build them from a custom image?
@alozborne Жыл бұрын
One thing that's not clear in this video is that, by disabling "default share-level permissions" when using a hybrid Azure AD + AD DS authentication setup, Domain Admin accounts won't have access to the Azure File share. That's because, despite adding the NTFS permissions as per your video, Domain Admins are not synced to Azure AD when using AD Connect. The only way I have found to grant Domain Admins FC access to Azure File shares is to enable "default share-level permissions" and then configure NTFS root permissions as per your video
@AzureAcademy Жыл бұрын
That is interesting, I don’t remember admins not having access to the share with default share permissions. Is this in the docs? You are 100% right that domain admins are not synced by default
@alozborne Жыл бұрын
@@AzureAcademy I replied, but KZfaq removed the reply I guess because I included a link? Anyways, this excerpt from the pertinent document ("Assign share-level permissions") explains: "... If you intend to use a specific Azure AD user or group to access Azure file share resources, that identity must be a hybrid identity that exists in both on-premises AD DS and Azure AD"
@AzureAcademy Жыл бұрын
Right, except the admin group over the share needs to be the share elevated contributor so they can set the NTFS permissions in windows I use a domain admin account for that And I have that account synced into Azure AD And I use default share permissions and it all works
@alozborne Жыл бұрын
@@AzureAcademy Yes, but when AD Connect first came out, Microsoft advised not to sync Domain Admin accounts to Azure AD for security reasons. To be honest, it's annoying to have to administer Azure Files using another account. I'm a little torn about what's the best approach... When setting NTFS root permissions, I mount the share using the storage key, then dismount it and remove the storage key too. It's cumbersome, but hopefully the most secure approach.
@AzureAcademy Жыл бұрын
That’s how I do it too then I JOIN the storage account to AD, add NTFS permissions then remove the key
@stormlight1553 Жыл бұрын
!!! CLOUD CACHE
@AzureAcademy Жыл бұрын
Thanks for letting mess know! Stay tuned!
@pacifier316 Жыл бұрын
CLOUD CACHE
@AzureAcademy Жыл бұрын
Working on it, Stay Tuned
@kal_the_pal Жыл бұрын
why do your videos always force CC? I have to manually toggle it off every single time. Just for your channel. It’s frustrating.
@AzureAcademy Жыл бұрын
It’s because I set the videos to auto caption…it’s the way to activate the translations into 100+ languages so people can watch the video and understand in their own language…a lot of non-English folks watch my videos too…sorry for your inconvenience 🤷🏼♂️
@kal_the_pal Жыл бұрын
@@AzureAcademy people can take care of themselves and are more than capable to set up global CC settings on youtube. You’re actually helping no one and just inconveniencing your viewers. I have never experienced this with a channel. No need to be snarky. Why don’t you poll your viewers and find out how wrong you are.
@AzureAcademy Жыл бұрын
Interesting perspective Kal. many people have thanked me for having it enabled, you are the first person in over 2.8M views to complain about it…
@kal_the_pal Жыл бұрын
@@AzureAcademy I just don’t see the logic behind it. Once you enable CC on any video on youtube, the setting is automatically applied on every video you watch thereafter. The opposite should also be true. When I turn off CC on any video the setting is applied to every video after. But not for your channel. You’re the CC saviour nobody asked for. It’s unnecessary. I have never experienced this with any other channels I watch. So not many youtubers do this. Put up an impartial poll and prove me wrong. Or don’t. Either way, I’m obviously watching many of your videos and enjoying the content otherwise. I wouldn’t care to express my frustration if I didn’t.
@AzureAcademy Жыл бұрын
I do appreciate the feedback, Of course I could be wrong here, but I appreciate your input, and you are right, People who spend a lot of time on KZfaq definitely know to press C if they want the captions, and someone included them. I just found that many people commented that they appreciated them being on, especially since the auto translate feature became a thing, but I Will put up a poll and see how people feel about it…Thanks Again! ☺️
@deo-max9229 Жыл бұрын
I am building a house. How did you know?😅
@AzureAcademy Жыл бұрын
LOL Spy Satellites, I'm always watching 😉🤣
@gbaity Жыл бұрын
Cloud cache
@AzureAcademy Жыл бұрын
You got it, stay tuned!
@kmajors Жыл бұрын
Cloud Cache
@AzureAcademy Жыл бұрын
great, Stay Tuned!
notebook-31
Рет қаралды 102 М.
ГЛАЗУРЬ СТЕКЛО для iPhone и аксессуары OTU
Рет қаралды 6 МЛН