Forum Discussion
Willie Smit
Jul 29, 2020Copper Contributor
WVD in high-security environments
Is there a list of definitive permissions published somewhere (Fall and Spring releases) detailing exactly what permissions are required for WVD, both from a provisioning- and operational point-of-view? I have a large high-security client where functions are separated, in other words, security is handled by a completely different team, projects by an unrelated project team who hands over to the operational teams.
In a previous deployment, using the Fall 2019 version, I was able to determine the following:
- Security team to create RDS tenant as this will not be delegated,
- RDS Contributor assigned to project team (which was the lowest supported permissions),
- Microsoft.Network/virtualNetworks/WRITE permissions to join virtual machines to network (I think this related to an issue in the ARM template but is problematic),
- Active Directory create computer object (or rather domain join) permissions,
- Owner permission required to write captured images to the Shared Gallery.
My deployment stopped at the last point as the security team asked for a full list of all the permissions required as they are not able to entertain back-and-forth requests.
Thanks
No RepliesBe the first to reply