FSLogix profile containers for Entra cloud only identities

Edited: April 8th, 2025

Over the past several weeks, the number of customers seeking this type of guidance has increased significantly. I am glad see that our customers continue to push the boundaries of our product and growing in their Azure based deployments of RDS, Azure Virtual Desktop, and other VDI solutions in Azure.

FSLogix does support non-traditional configurations for Entra only scenarios. We are working to add this to our public documentation, however due to the number of instances where I've been asked about these configurations, a blog post was more immediate.   Customers who have Azure AD cloud only identities can use FSLogix in one of two configurations. This will be the only method available until Azure Files natively support Entra only identities.

Cloud Cache using Azure Page Blob storage account(s)

First, read this article on how to secure the Storage keys.  The document is planned for an update, but the concept is sound.  Next, review the list of recommendations below, before implementing this solution.

NOTE:  These are recommendations for an optimal experience. 

1. Do not use standard tier storage for Azure page blobs for production workloads.
2. Ensure the Azure page blob storage account is in the same region as the virtual machine(s) for optimal performance.
3. The Azure page blob storage account should use zone-redundant storage (ZRS) if available.  If not available, use two (2) unique Azure page blob storage accounts using local-redundant storage (LRS)
4. Ensure the OS volume allocation size matches Azure page blob and the container (VHDx).
5. The virtual machine(s) should have high performaning local OS disks as Cloud Cache will create a local VHD for each profile as the source while keeping the blob versions up to date. Alternatively, the virtual machine could have a high-performance temp or data disk.
6. Typical Azure based deployments recommend 1 user per 1 vCPU. Using Cloud Cache, you should start with 1 user per 2 vCPU and closely monitor CPU and disk I/O. Continue to increase user load on the virtual machine(s) to find the right mix for your workload.
7. Do not use the CcdMaxCacheSizeInMBs setting.
8. Do not use ProfileType 1, 2, or 3.
9. Read all the Cloud Cache configuration settings on our public documentation page.

Below I have provided the PowerShell commands to store the keys and use them in the configuration settings. 

$fslBlob1ConnectString = (Get-AzStorageAccount -ResourceGroupName CONTOSO -Name fslstgacct001premblob).Context.ConnectionString

$fslBlob2ConnectString = (Get-AzStorageAccount -ResourceGroupName CONTOSO -Name fslstgacct002premblob).Context.ConnectionString

& "C:\Program Files\FSLogix\Apps\frx.exe" add-secure-key -key fslstgacct001-CS1 -value $fslBlob1ConnectString

& "C:\Program Files\FSLogix\Apps\frx.exe" add-secure-key -key fslstgacct002-CS1 -value $fslBlob2ConnectString

New-ItemProperty -Path HKLM:\SOFTWARE\FSLogix\Profiles\ -Name CCDLocations -PropertyType multistring -Value ('type=azure,name="AZURE PROVIDER 1",connectionString="|fslogix/fslstgacct001-CS1|";type=azure,name="AZURE PROVIDER 2",connectionString="|fslogix/fslstgacct002-CS1|"') -Force

Alternate options:

Removed previous alternate options as one had a broken link and the other no longer worked and we were unable to get the solution to work successfully.