Blog Post

Azure Virtual Desktop Blog
1 MIN READ

Announcing Public Preview of FSLogix profiles for Azure AD-joined VMs in Azure Virtual Desktop

DavidBelanger's avatar
DavidBelanger
Icon for Microsoft rankMicrosoft
Dec 01, 2021

We're excited to announce the public preview of FSLogix profiles for Azure AD-joined VMs in Azure Virtual Desktop. The preview allows you to create an Azure Files share to store the FSLogix profiles and configure it to support Azure AD authentication. For customers trying to reduce cost, it’s now possible to deploy a pooled environment using Azure AD-joined Windows 10/11 Enterprise multi-session VMs.

 

The initial release for Azure AD-joined VMs in September was focused on deploying personal desktops that leverage a local user profile. Each user had their own virtual machine to use for their daily tasks. The added support for FSLogix profiles combines the cost optimization of using a pooled environment shared among users with the key benefits of Azure AD-joined VMs: 

  • no line-of-sight to a domain controller
  • simplified deployment, and
  • enhanced management with Intune

 

The new Azure AD functionality leveraged in this preview allows Azure AD to issue Kerberos tickets to access SMB shares. This removes the need to have access to a domain controller from the session host VM and network share. You can now store your FSLogix user profiles on Azure Files shares and access them from Azure AD-joined VMs. This functionality currently requires the users to have hybrid identities, managed in Active Directory. 

 

To learn more and get started, visit our documentation page.

Published Dec 01, 2021
Version 1.0
updates

37 Comments

Show More
  • Alex_Vernel's avatar
    Alex_Vernel
    Copper Contributor
    Dec 02, 2021

    DavidBelanger Currently have a traditional RDS 'farm' setup in Azure, with a DC and AADS. The aim is to go cloud-only, if we were to jump on this (after it's out of preview), is it likely going to be easy to transition to cloud-only when that is supported?

  • SGerrishMSTech's avatar
    SGerrishMSTech
    Brass Contributor
    Dec 02, 2021

    DavidBelanger Thanks for the clarification! It took me a little bit after my initial response of "why?" to realize this situation can exist for some, though less common. Great work, and I look forward to the future of AVD with Azure AD only!

  • DavidBelanger's avatar
    DavidBelanger
    Icon for Microsoft rankMicrosoft
    Dec 02, 2021

    Thank you for the feedback SGerrishMSTechnbird22 and TrasmusenLindberg. There is additional work needed to support cloud-only environments. We know how important it is and it's on our roadmap but will take a bit longer to fully enable. The current release is beneficial for customers who already have an on-prem AD environment but want to remove the line-of-sight to the domain controller and use Azure AD-joined session hosts.

  • TrasmusenLindberg's avatar
    TrasmusenLindberg
    Brass Contributor
    Dec 02, 2021

    Great to see that we are moving forward. However, i want this "You must create these accounts in Active Directory and sync them to Azure AD." to be changed to "You can create these accounts in Azure Active Directory." Keep up the work, looking forward to the day when i can utilize Azure-AD joined AVD's on my customers!

  • nbird22's avatar
    nbird22
    Iron Contributor
    Dec 02, 2021

    Fabian Bader I dont think that was his point. The point here is this is a great step forward but you ultimately still need AD or AADDS as it still only works with hybrid identities which begs the question why would you bother at this stage?

  • SGerrishMSTech's avatar
    SGerrishMSTech
    Brass Contributor
    Dec 01, 2021

    Not be a party pooper but what's the point if my users still need Active Directory?