Blog Post

Security, Compliance, and Identity Blog
2 MIN READ

Disable User Profile Disks (UPDs) in Azure RemoteApp

MicrosoftSecurityandComplianceTeam's avatar
Sep 08, 2018
First published on CloudBlogs on Nov 11, 2015
Hello everyone, this is Pavithra Thiruvengadam from the Azure RemoteApp team. I am writing to let you know that as part of Azure RemoteApp service, we have the ability to disable User Profile Disks (UPDs). To read more about UPDs (also known as User VHD, uVHD) and related questions, please visit our UPD documentation page . Some key scenarios where this would come into play are:
  1. For customers who need to have complete access and control of user data (for audit and review purposes such as financial institutions).
  2. For customers who have 3 rd party user profile management solutions on premise and would like to continue using them in their domain-joined Azure RemoteApp deployment.  This would require the profile agent to be loaded into the gold image.
  3. For customers who don’t need any local data storage, have all data in the cloud (such as OneDrive for Business) or file share and would like to control saving of data locally using Azure RemoteApp.
For these scenarios, Azure RemoteApp has the option of disabling the use of User Profile Disks. It can be done on both domain-joined as well as non-domain joined deployments. Please note that this is not an admin-controlled option and for this to be enabled, the customers will have to contact the product team . This can be done either through support or by writing to remoteappforum@microsoft.com . One of our MVPs, Freek Berson, has a detailed write-up on this: http://microsoftplatform.blogspot.nl/2015/11/azure-remoteapp-without-user-profile.html In summary, the main issue that must be addressed here is that if you disable UPDs, local/cached user profiles will be created. If these are not cleaned up upon user logoff, the disk will eventually get filled and the VM will become unresponsive. If you are using a 3 rd party management solution, please ensure the software is configured to clean up the local user profile. If you are not using a 3 rd party solution, the following registry keys need to be set in the template image to perform the cleanup:
[HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftWindowsSystem] "DeleteRoamingCache"=dword:00000001
[HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftWindowsSystem] "LocalProfile"=dword:00000000
We are excited to bring you this capability, and hope it enables admins to better manage their users’ data on Azure RemoteApp. Your feedback is important to us, and we look forward to continue to improve your organization’s Azure RemoteApp experience. Note: Questions and comments are welcome. However, please DO NOT post a request for troubleshooting by using the comment tool at the end of this post. Instead, post a new thread in the Azure RemoteApp forum .
Published Sep 08, 2018
Version 1.0
No CommentsBe the first to comment