Forum Discussion
WVD Start on Connect - Custom Role configuration
I followed the instructions to create a new custom role at the Subscription level for the Windows Virtual Desktop app to be able to start/stop my WVD VM's and it works fine.
But, I notice that this role assignment appears on all my resources now in this Azure Subscription (obviously) - even for a lot of resources that are not related to WVD.
Is there a way of assigning this custom role at the Resource Group level instead of at the Subscription level so that I can only apply it to my WVD resources?
- Yes. Search for your custom role in Roles from previously scoped resource. Select the "..." adjacent to your role to get edit option and proceed with required changes.
- Yes the custom role can be created under IAM of RG and be assigned with required permissions (startVM and readVM) which will limit the scope to RG
Thanks for getting back to me on this... But what if I have multiple RG's with WVD session hosts?
Would I need to create the custom role multiple times (one in the IAM of each RG) and then add each of these roles to the enterprise level Windows Virtual Desktop Application?
- Start creating the custom role at Subscription level. In "Assignable Scopes" remove the Subscription and chose multiple RG's to make this role available for these RG's. Hope this helps 🙂
