Thank you for your support!

Yes FSLogix is the same in RDS or AVD but you will also need licenses to run it in RDS

First off…I haven’t run into that issue. Please contact support to make them aware of this…I don’t think that should happen there might be an Active Directory setting causing it. Can you also share a link to the script you are using to get a new ticket so others can benefit?

In blob there is no way to isolate which is why the best practice, better performance and security is to use SMB with Azure Files Shares then you can do this what I showed in the video

Yes, To perform CRUD operations on FSLogix user profile shares, you can follow these general steps: ### Create 1. **Set up FSLogix Profile Containers**: Install FSLogix and configure profile containers 2. **Configure Storage**: Set up an SMB file share with NTFS and share-level permissions 3. **Registry Settings**: Add necessary registry settings for FSLogix 4. **Create Profile Container**: Specify the location for the containers and ensure they are correctly attached ### Read 1. **Verify Configuration**: Check the registry settings and ensure the profile container is correctly attached 2. **List Redirects**: Use the `frx list-redirects` command to list the profile containers ### Update 1. **Modify Registry Settings**: Adjust registry settings if needed 2. **Resize Containers**: Change the size of the profile container if necessary 3. **Update Storage**: Modify the storage location or settings as required ### Delete 1. **Remove Registry Entries**: Delete the relevant registry entries for the profile container 2. **Delete Profile Container**: Remove the profile container from the storage location 3. **Clean Up**: Ensure all references to the profile container are removed.

@@AzureAcademy Hi Dean! Maybe I can clarify my question. I am trying to access the files within the user's VHDX disk image itself. So far, I haven't found a way for an admin to add a file to a new user's files after their FSLogix profile is created.

To do that you have to mount the vhd when it is not in use, the access the file system and add or remove what you need, then unmount This can all be done as a script as well

@@AzureAcademy Thank you!

Anytime!

Azure Files Shares are INFINITELY BETTER vs VMs with a file server role. VMs cost more, You have to manage the OS, disks, performance etc yourself, Setup and manage your own backup and DR to protect the profiles etc. Azure Files does all that for you…and it costs less.

there are two account keys, and if the key you are using rotates, you would need to re-run the script. Remember this is not a long-term solution, but rather a way to use a cloud only set up until the product team comes out with a product feature or solution.

Thanks for letting me know, stay tuned!

Everyone is allowed by default to use FSLogix, if they have permissions to log onto the VM. I generally exclude admins so they still get in to troubleshoot if there’s a problem. You can run this on a cloud joined VM by Either as a deployment script as part of your build process or a powershell script deployed from Intune after they are built are 2 easy ways to go.

I haven’t had that issue with my multisession VMs. But when I did my device assignment I did it to all devices. I don’t think this is an issue because the FSLogix settings will only impact VMs with FSLogix installed, and that’s my AVD VMs…make sense

There is NO scenario I can think of why you would need to keep each users data in their own storage account. The proper permissions on the Azure Files Shares isolate each user to their own folder on the share so they can’t see or do anything with anyone else’s learn.microsoft.com/en-us/fslogix/how-to-configure-storage-permissions#recommended-acls If you still think you need that, please share details and help me understand the scenario. Then I can help find you a way to do it

@@AzureAcademyit was more to group customers together for billing purposes. We have an application customers currently access via citrix and have no ability to easily chargeback for storage costs. By having each customer in their own storage account (some customers have 2 users, others have 20 for example) they can be accurately billed for app storage usage and profile usage, and also allows all data for one customer to be easily exported in the event of a GDPR/Subject access request/Offboarding process. Hopefully I've explained the requirement a bit more clearly now

Then you are aligning a single file share to a host pool…which is a best practice And since you can’t tag a file share you have to do costing at the storage account level So you need 1 storage account with 1 file share per customer…makes sense

Thanks Malcolm!

The issue may be your FSLogix redirections.xml file excluding outlook…remove it try again and let me know

Thanks for watching…here ya go! kzbin.info/www/bejne/eJC1Y3WfarikjNEsi=fb9znK5FeEIZ6AGK

Intune just started supporting multisession VMs but it seems that all Intune policies which are more user centric do not get applied the way you expect to a multisession computer. So you can force it to work if you apply to all devices…but be careful what you apply to all devices

Not really…much the same info just updated some of the methods and redirection info

A few options here: when I use OneDrive I setup my user profile and OneDrive to be the same place. C:\users\dean\desktop is in the FSLogix profile. But I redirect it to c:\users\Dean\onedrive\Desktop This can be done by right clicking on the desktop folder, properties, location tab Change the location path. This way most of my profile data is in OneDrive and syncs across my devices You can also execute this with a REGEDIT script Does this sound like what you are trying to do

Would be good to see recommendations on how to stop onedrive from filling up profile containers. Storage sense isn’t the answer since vms are mostly not running 24/7 for even the 1 day policy to kick in since it runs randomly. How do people keep onedrive in check ?

Storage sense isn’t supported on multisession anyway… for OneDrive I usually have a bunch of group policies that I use to limit the amount of space someone can download as well as used files on demand and known folder redirection’s, which limits one drive to the minimum‘s then I can also use the redirection’s XML file to take the rest out of my profile Than anything that they download during their session is on the local computer not the profile

@@AzureAcademy that is one way but in multi session you then run the risk of running out of local disk space if many users are downloading onedrive files and crashing the machine. Machines cost money in azure so we tend to run them with minimal amounts of disk space on c:. All onedrive really needs is a purge policy which would be to define a period of time when files that have not been accessed in the profile container are set back to online mode which is essentially just an attrib flag. Then the profile container compaction option could do the rest at logoff, but to my knowledge no such policy exists

That purge policy is what storage sense does…unfortunately it is not supported or recommended on windows multi-session today Disk is not the most expensive part of a VM, powering it on and running IS. So I suggest rethinking your strategy ☺️ the normal VM disk size for the Azure marketplace images is 127GB if you are using VHDLocations with FSLogix, then EVERYTHING in the profile is written to the file share and has NO Impact on local disk, including OneDrive. However, if you are using Cloud Cache and redirections you are impacting the C:\ drive. So you have to pick your poison. Then use OneDrive policy and redirections to limit impact and also consider the user experience. Example: OneDrive files on demand is great for saving space BUT it means the user needs to download that same spreadsheet each time they log in…which takes a second or 2 longer…is that ok to save a little space?

Thanks! Why the hesitation of full Azure AD Join VMs?

@@AzureAcademy I guess from an AVD perspective it just seems like its not fully baked yet. I definitely agree that AAD Kerberos is cool and a unique way to make things happen but definitely seems like some security concerns still. I have no doubt that Microsoft will have this completely revamped before too much longer. Also what is the secret to getting a fast track engineer to help us out? We have been trying to go through our partnership to get a fast track engineer like you engaged with our team. We are an MSP moving our entire customer base from on prem VMware to Azure. We are currently working on fully automating AVD with ADO and Bicep! Your videos have greatly helped with that process! So thank you for all you do.

FastTrack engages with customers through nominations Click here for details www.microsoft.com/azure/partners/fasttrack-for-azure

You are welcome!

That is interesting, I don’t remember admins not having access to the share with default share permissions. Is this in the docs? You are 100% right that domain admins are not synced by default

@@AzureAcademy I replied, but KZbin removed the reply I guess because I included a link? Anyways, this excerpt from the pertinent document ("Assign share-level permissions") explains: "... If you intend to use a specific Azure AD user or group to access Azure file share resources, that identity must be a hybrid identity that exists in both on-premises AD DS and Azure AD"

Right, except the admin group over the share needs to be the share elevated contributor so they can set the NTFS permissions in windows I use a domain admin account for that And I have that account synced into Azure AD And I use default share permissions and it all works

@@AzureAcademy Yes, but when AD Connect first came out, Microsoft advised not to sync Domain Admin accounts to Azure AD for security reasons. To be honest, it's annoying to have to administer Azure Files using another account. I'm a little torn about what's the best approach... When setting NTFS root permissions, I mount the share using the storage key, then dismount it and remove the storage key too. It's cumbersome, but hopefully the most secure approach.

That’s how I do it too then I JOIN the storage account to AD, add NTFS permissions then remove the key

Thanks for letting me know! Stay tuned!

Awesome, I agree some videos are WAAAAAY too long 👍 I hope you subscribed for more ☺️

Cool, thanks for letting me know Len! Stay Tuned!

I’m not aware of search indexing being broken…? Broken how? Interesting idea on the video too!

@@AzureAcademy yes been broken since at least December 2022. Windows 10 multi session is ok, it’s broken on windows 11 Multi session and windows server 2022 I believe. There are a few online forums about it and MS have been testing private fixes for the last couple of months. It pretty much blocks a production windows 11 multi session right now unless you don’t need the search index working

I haven’t really found search indexing to be a production stopping feature for customers… what makes you think it is?

@@AzureAcademy without it working you get a horrible message on windows11 when you click on the start button that says search indexing is off, also it means none of the search options are available In outlook and they are greyed out which is a major issue for our users

I don’t experience either of those issues with my Windows 11 Multi-Session VMs! Did you build them from a custom image?

It’s because I set the videos to auto caption…it’s the way to activate the translations into 100+ languages so people can watch the video and understand in their own language…a lot of non-English folks watch my videos too…sorry for your inconvenience 🤷🏼‍♂️

@@AzureAcademy people can take care of themselves and are more than capable to set up global CC settings on youtube. You’re actually helping no one and just inconveniencing your viewers. I have never experienced this with a channel. No need to be snarky. Why don’t you poll your viewers and find out how wrong you are.

Interesting perspective Kal. many people have thanked me for having it enabled, you are the first person in over 2.8M views to complain about it…

@@AzureAcademy I just don’t see the logic behind it. Once you enable CC on any video on youtube, the setting is automatically applied on every video you watch thereafter. The opposite should also be true. When I turn off CC on any video the setting is applied to every video after. But not for your channel. You’re the CC saviour nobody asked for. It’s unnecessary. I have never experienced this with any other channels I watch. So not many youtubers do this. Put up an impartial poll and prove me wrong. Or don’t. Either way, I’m obviously watching many of your videos and enjoying the content otherwise. I wouldn’t care to express my frustration if I didn’t.

I do appreciate the feedback, Of course I could be wrong here, but I appreciate your input, and you are right, People who spend a lot of time on KZbin definitely know to press C if they want the captions, and someone included them. I just found that many people commented that they appreciated them being on, especially since the auto translate feature became a thing, but I Will put up a poll and see how people feel about it…Thanks Again! ☺️

Gotta say…your wounds may be self inflicted with FSLogix. Blob storage with cloud cache is not the best performing option, SMB is far better. I have deployed and configured hundreds of customers covering almost 100,000 users around the globe…it absolutely works as advertised. Are there issues with a profile here or there becoming corrupt…YES but as a whole, when it’s setup correctly, works amazingly well.

You got it, stay tuned!

Thanks for sharing, stay tuned!

great, Stay Tuned!

Thanks for letting mess know! Stay tuned!

Working on it, Stay Tuned

LOL Spy Satellites, I'm always watching 😉🤣

Awesome, stay tuned!

Thanks! Stay tuned