More security around using Custom Script Extensions and Session Host Configuration
We are currently implementing and testing the new Session Host Configuration and Session Host Management features. We rely on Custom Script Extensions to implement some functionality immediately to the newly deployed Session Hosts instead of waiting for GPOs or other to take effect. We don't add these changes to the golden images. Currently the Custom Script Extensions functionality definable in the Session Host Configuration only allows to define a script URL. What is the intended mechanism of authentication for this solution? Currently it seems that its only possible to use an anonymous access level Blob. Defining a token within the script URL is not great due to the fact that the URL is viewable in plain text via the Azure Portal. Neither of those will satisfy. Key vault references are used when defining credentials for domain join and local admin accounts for the Session Hosts. Would it be possible to have key vault references for CSE Storage Account Name/Key or SAS token or the possibility to define a Managed Identity instead. These can be defined when deploying the CSEs manually. Please guide me as to what the best solution would be to this topic. Many thanks in advance.
Azure Virtual Desktop for Guest User / B2b Identity
All of our external customers have their own AAD / Entra ID and wish to not manage multiple identities. As we present our applications via AVD, it requires them to have a separate identity in our tenant currently. AVD should support guest accounts from another tenant to be able to sign in. Currently, per the documentation and per the ticket I just worked with Microsoft support: Azure Virtual Desktop doesn't support external identities, including guest accounts or business-to-business (B2B) identities. Whether you're serving internal commercial purposes or external users with Azure Virtual Desktop, you'll need to create and manage identities for those users yourself. Please continue development to allow guest accounts that have been invited into a tenant to sign in to AVD machines. Thanks!Add Search to Remote Desktop client for Windows
As an Azure Administrator responsible for managing extensive cloud infrastructure, I rely heavily on this client to access multiple Azure Virtual Desktop (AVD) environments. My current responsibilities involve managing a large and growing pool of AVDs, each providing access to a specific environment (e.g., development, staging, production, or customer-specific resources). Currently, I have no easy or efficient way to look up the relevant AVD within the client interface. The lack of a search bar forces me to manually scroll through long lists of connection icons and names whenever I need to switch contexts. This process is time-consuming, prone to error, and significantly hinders my productivity, especially during time-sensitive administrative tasks or troubleshooting efforts. Implementing a simple, functional search bar would drastically improve the user experience for administrators like myself by providing immediate access to the required virtual desktop connection.
Update 'Update-AzWvdSessionHost' cmdlet
Today via the PowerShell cmdlet 'Update-AzWvdSessionHost', an administrator can assign a user to a session host without the user being assigned to the applicationgroup. This can cause some confusion to administrators if they are able to perform this task as the user will not be able to see the host in the Windows App. The suggestion would be to either put in a check which denies the assignment if the user is not associated with the applicationgroup directly or indirectly via group association. Or, update the cmdlet to also add an assignment to the application group by adding a required parameter which would assign the user to the application group. It's a small tweak but it may help with the overall stability of the Desktop.Virtualization PowerShell stack. Thanks!Fslogix. Add a command line to release the profile.
Hello. Add a command line with arguments to be able to release frozen folders in FSlogix. If you don't want to fix the problem, let me automate it myself. In large RDS installations, constant freezes and further duplication of local_%username% folders cause problems.
I would like AVD to support in-place upgrades
I'm using Windows 11 multi-session (23H2) with an AVD. I'm disappointed that in-place upgrade to 24H2 is not supported. It's nonsense that the only way to upgrade to 24H2 or 25H2 is to create a new environment from the Marketplace. No one wants to spend a lot of time creating an environment every year. Please support in-place upgrades.Add the Networking Tab in the Host Pool Creation Wizard in the Azure Portal
Just like we have a Networking tab in the Storage Account where public access can be disabled and private endpoints enabled, there should be a similar option available during Host Pool creation in the Azure Portal. In my customer environment, which is a banking organization, a policy is enforced that does not allow any resource to be created with public access—it blocks the creation outright. az policy assignment create \ --name "DenyPublicAccess" \ --scope "/subscriptions/<subscription-id>" \ --policy "/providers/Microsoft.Authorization/policyDefinitions/<policy-definition-id>" The policy they use is named "Public network access should be disabled for PaaS services", which prevents the creation of a Host Pool unless public access is disabled. Currently, this setting cannot be configured during Host Pool creation in the Azure Portal, as the networking tab is only available after the Host Pool is created, allowing you to disable public access and enable private endpoints. For BFSI customers, requesting a policy relaxation is difficult. While this may be achieved through automation, the option should also be available in the Azure Portal. Otherwise, it creates a contradiction—there is a policy to disable public access, but no way to comply with it during the initial creation.Windows App - Account Picker During Startup
Windows App is showing additional improvements to the overall VDI experience. As an Architect working for a consulting company, I have multiple clients with AVD environments I have to log into. One of the major benefits of Remote Desktop is that when opening, the window provides visibility to all signed in accounts. With Windows App, when opening the application, I'm in the most recent account. To benefit us that work in multiple environments, allow us the capability to choose which account I want to work in when opening the application. If Windows App only has one account associated, it can default to that account. But if there are two accounts present, allow the user to choose which one they want to go into at the onset.Windows 11 language packs
Hello, I would like to have a clarification. The documentation page to install language packs on win11 Install language packs on Windows 11 Enterprise VMs in Azure Virtual Desktop - Azure | Microsoft Learn is referring to a win 10 page. https://download.microsoft.com/download/7/6/0/7600F9DC-C296-4CF8-B92A-2D85BAFBD5D2/Windows-10-1809-FOD-to-LP-Mapping-Table.xlsx Is this documentation up to date? If not, where can I find the list for win11 language packs mapping table ? Thank you
