Forum Discussion
AVD Insights - Read access for support techs
Hi there. I'm trying to give our Support Techs reader access to AVD Insights to assist with troubleshooting and to do a bit of upskilling. They currently have Desktop Virtualization User Session Operator rights to enable them to view sessions and log users off, but see nothing when going to the host pool Insights or Legacy tab. I've tried giving them Reader access to the whole host pool, and Monitoring Reader also, but still no joy. Any ideas what I may be missing? Our admins see the Insights just fine. Thanks
SeeInsideSpace Did you happen to get this resolved? I have the same issue for support teams....
No unfortunately not. None of the reader roles when applied to both the host pool and to the log analytics workspace allow them to view Insights. It seems that contributor rights are required which is goes against rule of least privilege for our support desk technicians. Frustrating, as there is much useful data available in the Insights that would help them... Not sure why Microsoft would make this a non read only function.
SeeInsideSpace I found a way to provide access to my users.
Assign them Reader access to the Log Analytics Workspace and respective Resource Groups containing the AVD resources they need to see Insights dashboards for..... You can find more info here:
See the section "My data isn't displaying properly"....
SeeInsideSpace have you tried the "Log Analytics Reader" role?? This should give them the necessary access - you can read more about that here - https://learn.microsoft.com/en-us/azure/azure-monitor/logs/manage-access?tabs=portal
- https://learn.microsoft.com/en-us/azure/virtual-desktop/rbac#desktop-virtualization-host-pool-reader
probably hostpool reader access to view the sessionhosts and it's configuration, for monitoring below role should suffice.
https://learn.microsoft.com/en-us/azure/virtual-desktop/rbac#desktop-virtualization-readerNo joy unfortunately, they just get a message that Azure Monitor is not configured for the host pool, even though it is. I am wondering if some permissions are needed to the Log Analytics Workspace.
