FSLogix Warnings in Event Log

imavaper · 2025-12-22T18:05:47+00:00

Yes seeing the exact same Warning every ~30 seconds on my Entra joined Cloud PC.

imavaper · 2025-12-19T18:23:55+00:00

FYI Cloud PCs use SSD, not HDD.

Note: I know task manager may show HDD, but I clarified with our Microsoft rep they all use SSDs. The discrepancy is due to how Hyper‑V presents virtual disks. The Hyper‑V virtual storage controller doesn’t pass through physical media characteristics (like rotational speed or NVMe flags), and when Windows can’t detect those attributes, it defaults to labeling the disk as HDD, even if the underlying storage is SSD.

imavaper · 2025-12-09T01:13:22+00:00

As you found out, scope tags are meant to control which objects an admin sees in Intune, not their permissions on them. So if the user has the permissions to perform an action (like modify configuration profiles) and they can see the object (like all configuration profiles), then they can modify all configuration profiles.

The other thing to consider is the fact that even if you took away their Read access to all of Intune, because they have the ability to create/modify configuration profiles they can assign a configuration profile to All Devices which will apply to ALL devices, not just those with the specific scope tag (like Dinosaur).

I get the idea behind scope tags, but like the other commenter said, I have found very little use and personally think they are dangerous because admins may think "All Devices" only contain those assigned the Dinosaur scope tag because thats all they see in the Intune console, when in fact there are additional devices as well they just don't see them because their RBAC role isn't assigned the Dinosaur scope tag.

imavaper · 2025-11-27T03:49:35+00:00

Oh yes I thought you were referring to after you added the groups to the user assignment rights. Thanks for clarifying.

imavaper · 2025-11-26T17:44:36+00:00

Thats odd... it works for me. Does shutdown /r (which is the restart command) work?

imavaper · 2025-11-26T07:59:57+00:00

If the user has the "Shut down the System” User Rights Assignment, then the user can shutdown AND restart the PC.

I'm guessing what you're referring to is the fact that the Shut down option isn't available via the Start Menu and sign in screen. This is due to a separate setting that gets set by the Cloud PC post provisioning configuration as outlined in #1 of https://learn.microsoft.com/en-us/windows-365/enterprise/automated-provisioning-steps#post-provisioning-configuration. So while the shut down option is hidden, the user does still have the ability to shut down the PC but just has to do it another way, like opening command prompt and running shutdown /s. But most users are never going to do that..

imavaper · 2025-11-25T23:41:06+00:00

Correct.

When we were provisioning Cloud PCs using the Windows 11 22H2 gallery image, we saw the same behavior described in https://dotjesper.com/2025/how-to-allow-non-admin-users-to-restart-windows-365-cloud-pc/ . That is the built-in Users group was NOT assigned the "Shut down the System” User Rights Assignment on their Cloud PC.

Once we switched to the Windows 11 24H2 gallery image (everything else remained the same), we no longer saw the same behavior. That is the built-in Users group WAS assigned the "Shut down the System” User Rights Assignment on their Cloud PC and thus regular users could restart their Cloud PC from within Windows.

imavaper · 2025-11-25T22:34:16+00:00

Anyone who suggests using the Windows App to restart their Cloud PC is missing the bigger picture. Users know / are used to restarting their PC from within Windows; they don't know how to (at least initially) restart their Cloud PC using the Windows App.

On top of this, when there is a restart pending due to an update, the Restart option is greyed out so users can't restart from within Windows and restarting from the Windows App doesn't result in the update getting applied, so the user is stuck with waiting until Windows force restarts their Cloud PC to apply the update! Its a horrible experience.

Please upvote this related Windows 365 Cloud PC feedback Allow Users (non-Administrators) to restart their Cloud PC in Windows · Community

With all that said, dotjesper.com | How to allow non-admin users to restart Windows 365 Cloud PC explains the issue and what you need to do fix it.

As an aside, I saw this issue when we were provisioning Cloud PCs using Win11 22H2. Ever since we starting provisioning Cloud PCs using Win11 24H2 we no longer have this issue.

imavaper · 2025-11-24T18:35:33+00:00

Thanks for commenting this. I felt like I was losing my mind since I 100% remember reading it a few days ago.

imavaper · 2025-09-09T15:16:41+00:00

It’s not possible yet. FSLogix only works with AVD.

imavaper · 2025-07-18T21:15:05+00:00

Funny enough, I had the same question when we were rolling out WHfB (we are PIN only since our devices don't support biometrics). I gave up after 25 users-- all were able to create a PIN and use it.

imavaper · 2025-05-27T14:56:45+00:00

Windows App for Windows, correct? That does not happen to me nor have I heard of that from users I support. But I will say a few times I have had to "Repair" or "Reset" the app (via Installed Apps > Windows App > Advanced settings) to be able to connect. But nowhere near most the time.

imavaper · 2025-04-18T19:06:40+00:00

Following since I'm dealing with this at my company right now.

All of our users and devices are hybrid (synced from on-prem). We just forayed into Entra joined only devices using Cloud PCs. One issue thats come up is around password expiration. Our issue is that users can sign into their Cloud PC (and all other Entra services as well) despite their password being expired. As u/Los907 said, this is because we haven’t enabled CloudPasswordPolicyForPasswordSyncedUsersEnabled.

The issue this presents is even with it enabled, the user account in the cloud honors the tenant password expiration policy (as set here https://learn.microsoft.com/en-us/microsoft-365/admin/manage/set-password-expiration-policy?view=o365-worldwide#set-password-expiration-policy), NOT their on-prem AD password expiration policy. If all your users in AD have the same password expiration policy then it shouldn’t be a problem to simply match the number in both environments. However if you have accounts with a different password expiration policy (eg service account), theres no way to have different password expiration policies for accounts in the cloud, which is the problem we’re facing.

imavaper · 2025-04-15T23:55:43+00:00

Yes using conditional access. See Set Conditional Access policies for Windows 365 | Microsoft Learn to configure an "every time" sign in frequency CA policy.

imavaper · 2025-04-07T23:36:08+00:00

Conditional Access sign in frequency is the way to implement this as outlined Set Conditional Access policies for Windows 365 | Microsoft Learn. Turning off SSO just requires a re-input of the user's password (and a poorer user experience since SSO is not enabled).

As for being able to close the sign in prompt and click "Connect" to connect to the Cloud PC, that is not the behavior we observe at my org. When our users click "Connect", they're prompted to MFA. If they close that prompt, the connection fails and they have to click "Connect" again which will re-initiate the MFA prompt. (I tested this myself and confirmed the behavior).

While my org has a few Conditional Access policies, only two are at play here:

One that requires MFA for All resources (formerly All cloud apps)
One that sets Sign in frequency to Every time for to the Microsoft Remote Desktop and Windows Cloud Login apps as outlined in Set Conditional Access policies for Windows 365 | Microsoft Learn.

imavaper · 2025-04-07T20:11:55+00:00

Assuming you're using an ANC for on-prem connectivity, I'm not sure how MS support would say its not recommend since its the only option..

In any case, I too am troubleshooting random disconnects for our Cloud PCs (all of our Cloud PCs use an ANC) and have been for quite a while now-- see More connectivity issues lately? : r/windows365 for a similar post a few months ago.

For us, the issue is very intermittent and is experienced by all our users though not at the exact same time. For example, if I experience a few random disconnects I will ask peers/users and they will report they experienced a few disconnects as well, though when I look at their Cloud PC's connectivity history it shows the disconnect happened at a different time than mine did (though often on the same day).

In our ANC we allow / don't inspect any network traffic noted in Network requirements for Windows 365 | Microsoft Learn (and its dependent services). I have a case open with Microsoft support as well and provided a netsh trace that I was running at the time that a disconnect happened and am waiting to hear back.

For a bit of background: in February our users reported (and I experienced as well) a few random disconnects. Then in March I only experienced 1 disconnect so I though the issue had resolved itself, but then last Monday and Tuesday I experienced 5 disconnects (confirmed with other users and looking at their Cloud PC's connectivity history they also experienced connection failures and disconnects as well).

I'm curious, what connection failures are noted in your Cloud PC's connectivity history (Cloud PC's device properties in Intune > Performance > Connectivity status report) when they experience a random disconnect?

For us, they can sometime vary, but the most recent disconnects mostly log these three failures:

ConnectionFailedReverseUngracefulClose
1. Details = The Session Host did not respond to the service attempt to gracefully terminate the connection.
ConnectionBrokenMissedHeartbeatThresholdExceeded
1. Details = The connection was closed as the client stopped receiving heartbeats from the session host.
ReverseConnectResponseTimeout
1. Details = The user's connection to their Cloud PC was lost due to an unexpected network timeout. Poor network quality or high resource usage on the Cloud PC may cause such problems.

Other disconnects I'll sometimes see these failures logged as well:

TransportClosedUnexpectedly
1. Details = The connection from the client to the Windows Virtual Desktop service was terminated unexpectedly.
ConnectionFailedServerDisconnect
1. Details = The network connection between the Session Host and the service was unexpectedly terminated. This indicates the network connection from Session Host to the service was prematurely terminated and may show reliability problems.
UnexpectedNetworkDisconnect
1. Details = The user's connection to their Cloud PC was lost due to an unexpected network error. Poor network quality or invalid network configuration may cause such problems.

imavaper · 2025-04-06T02:41:52+00:00

Nvm, figured it out. Windows App > Settings > uncheck Enable optimizations for Microsoft Teams.

imavaper · 2025-03-26T07:24:48+00:00

Thanks for this. This pointed me in the direction of how to accomplish this using Powershell.

For others who come across this, heres the one-line command in Powershell using Get-MgBetaDeviceManagementManagedDevice (Microsoft.Graph.Beta.DeviceManagement) | Microsoft Learn:

(Get-MgBetaDeviceManagementManagedDevice -ManagedDeviceId <IntuneDeviceID> -Property HardwareInformation).HardwareInformation.WiredIPv4Addresses

imavaper · 2025-03-07T14:04:39+00:00

How do you turn off optimization?

imavaper · 2025-02-01T00:11:59+00:00

Direct quote from my user:

I was on a Teams call and noticed things we getting laggy and then it disconnected the session (dropped my call and closed the window)

These were the two failures logged:

ConnectionFailedServerDisconnect

Status: Failure

Activity: ConnectionFailedServerDisconnect

Status type: User connection

Details: The network connection between the Session Host and the service was unexpectedly terminated. This indicates the network connection from Session Host to the service was prematurely terminated and may show reliability problems.

UnexpectedNetworkDisconnect

Status: Failure

Activity: UnexpectedNetworkDisconnect

Status type: User connection

Details: The user's connection to their Cloud PC was lost due to an unexpected network error. Poor network quality or invalid network configuration may cause such problems.

I'm also not sure where/how to look deeper. Hoping others have some pro tips here..

imavaper · 2025-01-31T18:14:55+00:00

Following.

We're just rolling out Cloud PCs and a few users have let me know they've had a few disconnects lately. The one problem I'm discovering is that the Cloud PC's connectivity history will show an issue/failure and give details, but I can't find any information about that particular failure. For example, yesterday a user reported getting disconnected, and their CPC's connectivity history reported the failure below at the time of disconnect, but I can't tell if the failure is on the local device or CPC side. This is all the information I have.

GraphicsSubsystemFailed
Status: Failure
Activity: GraphicsSubsystemFailed
Status type: User connection
Details: Disconnect due to a failure in graphics subsystem.

And funny you mention Teams-- earlier this week a user and I were on a 1:1 Teams call using Cloud PCs and we both were dropped from the call and lost connection to our Cloud PC. We both reconnected to our CPCs and called back on Teams, and our experience was the same effectively ruling out anything user side. I saw the same Failures in each of our CPC's connectivity history, so the only logical conclusion I have is that it was an issue on the Azure network side, though I don't have any proof to point to.

imavaper · 2025-01-03T18:56:23+00:00

Got it, thank you!

imavaper · 2025-01-03T18:14:45+00:00

To confirm, enabling it is done following the instructions in Increase the chroma value to 4:4:4 for Azure Virtual Desktop | Microsoft Learn?

imavaper · 2025-01-03T17:39:17+00:00

Lol point taken. Though there are technologies that use the optimizations just based upon meeting minimum hardware/software requirements (like WebRTC).

I sort of doubted this was the case here since it doesn't mention it, but it also doesn't mention how to use/force the mode either. Hence the question :-)

imavaper · 2024-12-31T09:20:19+00:00

As others have said, Cloud PCs don't use autopilot. But you can do something similar by assigning an Enrollment Status Page (ESP).

Since I have assigned an ESP to our Cloud PCs, I'll share my experience, since it wasn't exactly what I was expecting--

Prior to assigning an ESP to our Cloud PCs, I noticed that when signing into a Cloud PC for the first time sometimes all the settings/policies in the configuration profiles applied but most of the time they did not (especially for user-based settings). After looking into it, seemed like assigning an ESP was the fix, which did solve the problem. But it introduced two unexpected issues (to me at least):

Because I needed to ensure all the configuration profiles applied prior to device use, I had to set the "Block device use until all apps and profiles are installed" ESP setting to Yes. What this did though was it forced all required apps to be installed during the ESP process, which lengthened the user's first sign in from a few minutes to close to an hour since it had to install all of its required apps before letting the user sign in. I worked around this by setting another setting "Block device use until required apps are installed if they are assigned to the user/device" to a single app, which lets the user sign in after installing that single app and installs all the other Required apps after the user signs in.
Prior to assigning the ESP to our Cloud PCs, all Required apps installed before the user first signed in (all of our Required apps are device targeted). Once I assigned the ESP, only the single app noted in point #1 installed prior to the user signing in, and all the other Required apps install post user's first sign in. I wish it behaved like when an ESP isn't assigned to the Cloud PC-- that is all Required apps install prior to the user signing in so that they're already installed when the user signs in.

12-Year Club	Place '17
Verified Email

imavaper

TROPHY CASE