When and how often to run script for accessing FSLogix profile container?
I am reposting this question that I originally asked at https://docs.microsoft.com/en-us/answers/questions/299540/when-and-how-often-to-run-script-for-accessing-fsl.html,because they told me to check with the product team. Hopefully I'm in the right place. I am trying to create a WVD host pool that will contain multiple VMs based on a golden image. The users in this host pool should have access to FSLogix profiles that are stored in Azure files. At https://docs.microsoft.com/en-us/azure/virtual-desktop/create-profile-container-adds#get-the-storage-account-access-key, there are a series of commands that must be run to provide the correct user access from the VM to the share that houses the profile. I am thinking that I'll have to configure a startup script on my golden image so that any session host created from the image will run that whole series of commands each time it boots. Am I thinking about this correctly or is there a better approach?Assigning permissions when using Azure Files for FSLogix Profiles in WVD
My goal is to use a share in Azure Files to house the FSLogix profiles for users in a Windows Virtual Desktop (WVD) environment that is part of an Azure Active Directory Domain Services (AADDS) domain. I am following instructions at https://docs.microsoft.com/en-us/azure/virtual-desktop/create-profile-container-adds. There are two places to set permissions to the fileshare -- within the Azure portal and at the virtual machine level. In the Azure portal, you assign permissions to an Azure AD identity. At the VM level, you assign permissions to an Active Directory object that exists within the AADDS domain. If you want to assign these permissions at the user level, there doesn't seem to be a problem. But I want to assign permissions at a group level, and I'm getting stuck. As far as I can tell, in the Azure portal you can only assign permissions to Security groups, not to Microsoft 365 groups. (When I go to the Role Assignments page and click Add, my Microsoft 365 groups do not appear.) But at the VM/domain level, you can only assign permissions to objects with an email address. Microsoft 365 groups have an e-mail address, but Security groups in Azure do not. Does this mean we have to maintain two groups for each set of WVD users with FSLogix profiles -- a matching pair of M365 and Security groups with the same membership?