Many organizations opt for non-persistent environments, such as pooled Azure Virtual Desktops to provide access to enterprise resources to remote employees at affordable costs. However, the issue with such pooled virtual machines, data is lost after a session ends. With FSLogix profiles containers, admins can maintain user context, such as application settings in non-persistent environments. With FSLogix, sign-in time for end-users is significantly reduced as user profiles are stored in VHD(X) files that are mounted on each session host VM (virtual machines) at the time of sign-in without having to download each time. In this article, we will examine how to use FSLogix profiles on Azure Files for Azure AD (Active Directory) joined VMs (virtual machines).
What Are the Advantages of Storing FSLogix User Profiles on Azure Files for Azure Active Directory (AD)-joined VMs?
Using Azure Files share to store FSLogix profiles can be used to authenticate hybrid user identities with Azure Active Directory. Here are the advantages of storing FSLogix user profiles on Azure Files for Azure Active Directory (AD)-joined VMs.
- Costs can be reduced with pooled environments using Azure AD-joined Windows 10/11 Enterprise multi-session VMs.
- Line-of-sight domain controllers are not required from Hybrid Azure AD-joined and Azure AD-joined VMs.
- Kerberos authentication can be used for accessing resources, simplifying the deployment process.
- Managing virtual machines is simpler with tools available in Intune.
- The service is scalable on demand and does not depend on a VM that needs to be running 24/7.
How to Implement FSLogix Profiles for Azure AD-Joined VMs in Azure Virtual Desktop?
Follow the steps below to configure Azure AD-Joined VM for FSLogix profiles stored in Azure Files.
- Create an Azure storage account and enable Azure AD authentication. Retrieve the Kerberos keys for the account. Note that the Azure AD Kerberos functionality is only available for Windows 10/11 Enterprise single or multi-session and Windows Server 2022.
- Create an application for the storage account and configure the Azure AD service principal for it before setting a password for the account.
- Configure the API permissions from the Azure Portal for the newly created application.
- Create an Azure Files share in the Azure storage account to store FSLogix profiles. Share-level and directory-level permissions have to be configured on the newly created Azure Files share to provide the appropriate access to users.
- Configure session hosts to access Azure file shares from an Azure AD-joined VM for FSLogix profiles, and then configure the VM with FSLogix.
- Test the deployment by signing in with a user account after installing and configuring FSLogix.
Apps4Rent Can Help with Azure Virtual Desktop Customization
The use of FSLogix profiles for Azure AD-joined VMs is useful for customers who already have an on-prem AD environment but need to remove the line-of-sight to the domain controller and use hybrid identities. However, there are additional steps involved in supporting cloud-only environments. Besides, these customizations require the use of PowerShell scripts.
As a Microsoft Gold Partner for Cloud Platform and Cloud Productivity, Apps4Rent can help enterprises deploy, customize, and secure virtual desktops with our managed Azure services. Contact our Azure specialists, available 24/7 via phone, email, and chat for help.