How to implement FSLogix Profile container using Azure Files and Active Directory authentication for Windows Virtual Desktop (WVD)
With FSLogix Profile container you can maintain user context (for example application settings) in non-persistent environments like within a Pooled Windows Virtual Desktop Host pool. It will optimize the sign-in time for the end user because the user profiles are stored in VHD(X) file that is mounted to the concerning Session host VM every time the user signs in and therefor nothing has to be downloaded first.
There are several options for the storage location like an existing (or new) Windows File server, but since Azure Files with Active Directory authentication is GA, I personally prefer this option. Azure Files is an Azure service that is scalable on-demand and which is not dependent on a VM that needs to be running 24/7.
//
In this blog I will show you step-by-step how to deploy FSLogix Profile container user Azure Files and Active Directory authentication for Windows Virtual Desktop. This blog is divided into the following steps:
Create a Storage account with a Private endpoint
Create a File Share
Enable Active Directory authentication on the Storage account
Configure Storage account Access control (IAM)
Configure NTFS rights on the Azure File Share
Install FSLogix Profile Container in your WVD Host pool
Configure FSLogix Profile Container via GPO
Test the results
Prerequisites
The following prerequisites must be in place:
Up and running Azure tenant, including configured with Azure AD Connect
Up and running Windows Virtual Desktop environment ( click here for guide )
Azure Global Administrator account
Owner permissions on the Azure subscription
For the local domain you need to have the rights to create groups, users, add ADMX files to the Policy repository and create and edit GPO objects
Performance and Account type
During the creation of the storage account you get the option to select Standard (HHD) with account type GPv2 or Premium (SSD) with account type FileStorage . Premium storage account have more IOPS, but file share size is provisioned (Standard HHD is Pay-as-you-Go), so in general you pay more for your storage, at least in the beginning. Standard storage account general-purpose file shares are good for dev/test environments with up to 200 concurrent active users.
Step 1 : Create a Storage account with a Private endpoint
Login to the Microsoft Azure Portal to perform the steps below.
Open the Storage accounts blade and click the + Add button to add a new storage account.
Select your Subscription and Resource group (or create a new one). Give this storage account a name (must be globally unique) and select the Azure Location .
Select the Performance type, Account kind (see intro of this blog for more info) and Replication type and click Next : Networking
Select...