Forum Discussion
MSIX app attach Azure portal integration public preview
hello Stefan
I checked once again permissions for session host on both share (RBAC) and directory level (NTFS) but I still have this error : “...Error accessing virtual disk at…”
Note that Host and storage account are joined to an Azure ADDS (not classic ADDS)
-RBAC : my host has the role Storage File Data SMB Share Contributor on the Storage account
(it’s also a member of an Azure AD group with this role)
-NTFS level : my Host has -modify- on the storage account’ Share
Note that the host can access and mount this vhd \\stoxxx.file.core.windows.net\msix\GoogleChrome_68.46.66.0_x64__74vyvr5aw93s6.vhdx
I tried put the vhd on a local share and it works like a charm.
Please help me to find where is my mistake with Azure File permissions in the Azure ADDS scenario.
Best regards
biginquebec130
Pretty sure this isnt supported. Games a bogey with AAD DS as there is no hybrid join capability so no writing back the devices to AAD. You're giving the Managed Identity of the VM access to FileShare, this isnt the AD object for which it'll determine has the correct NTFS permissions.
Keen to get confirmation/roadmap item for this scenario though as we have a few environments that use standalone AAD DS as opposed to classic ADDS with Synchronization.- You´re probably right ; but note that I could give NTFS rights to AADDS host -
so the problem could be that there is no writeback to AAD...I never had to do the writeback with AD DS But as per the Azure Files team the group where the hosts are added must come from on prem hence if the group is created in Azure AD and there is no write back it makes sense why stuff is broken. I will need to follow up with them once they are back too see if we Azure AD DS supports computer object access.
