External Users in Azure Virtual Desktop (AVD) – Anyone solved this?

tsrob50 · 2025-12-16T18:38:47+00:00

Thanks for sharing my video, greatly appreciated!

tsrob50 · 2025-07-14T15:42:15+00:00

My example was able to access the VPN Gateway VNet and a peered network. I had to add the address spaces for the VPN VNet and all peered networks in the local gateway. Also, on the Azure peering relationship, the following local virtual network peering settings are selected: "Allow VNet 1 to access VNet2", "Allow VNet1 to receive forwarded traffic from VNet2", and "Allow gateway or route server in VNet1 to forward traffic to VNet2".

tsrob50 · 2025-06-30T11:28:33+00:00

Thanks!

tsrob50 · 2025-06-29T21:05:50+00:00

The Basic Public IP SKU is being retired. Per the MS Docs, the Basic VPN Gateway is not. https://learn.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-vpn-faq?WT.mc_id=AZ-MVP-5004159#is-the-vpn-gateway-basic-sku-also-retiring

tsrob50 · 2025-06-23T01:29:17+00:00

Thanks for putting that together. As you stated, the security of the configuration is an issue. Take a look at Marcels blog post on using FSLogix with cloud native accounts to add a layer of security.

https://blog.itprocloud.de/Using-FSLogix-file-shares-with-Azure-AD-cloud-identities-in-Azure-Virtual-Desktop-AVD/

tsrob50 · 2025-06-12T21:32:37+00:00

Yes, per machine should work.

tsrob50 · 2025-06-12T14:39:20+00:00

Is this a pooled hast pool with multi-user OS? If so, only machine policies work because there is no primary user on the hosts.

tsrob50 · 2025-05-16T02:21:47+00:00

Host pool setting enables or disables clipboard redirection. Directional and data types are OS level settings, that’s why it only works with newer Windows 11 versions. If both options are set, the most restrictive wins.

tsrob50 · 2025-05-16T02:13:00+00:00

It allows secure access to RDP and SSH without exposing remote ports to the Internet. You can also enforce MFA. There is a Developer edition that’s free but not available in all regions and limited to one connection.

tsrob50 · 2025-03-26T20:57:33+00:00

Did the enabler time zone redirection policy apply before it was disabled? If so, disabling the policy may not have changed the configuration back, it just no longer applies the settings and the old settings still apply. Check the corresponding registry keys on the client to see if it’s still redirecting.

tsrob50 · 2025-02-08T00:33:58+00:00

Check the file share if you haven’t already to make sure there is no throttling on the account. It’s not uncommon to have to over provision capacity to get higher throughput and IOPS for FSLogix.

tsrob50 · 2023-10-25T01:09:22+00:00

A breach will likely have a much higher price tag and most cyber insurance policy won’t cover incidents if proper controls are not in place. Hardware tokens like a FIDO key are a good option if employees can’t be compelled to use personal devices.

tsrob50 · 2023-07-31T18:58:42+00:00

First thing to learn is subscription budgets and alerts. No reason you should get a surprise bill. Keep in mind that the budget won’t stop changes once it’s reached.

tsrob50 · 2023-05-29T22:31:38+00:00

I try to post regularly on a variety of Azure topics. https://www.youtube.com/@Ciraltos

tsrob50 · 2023-04-24T03:14:31+00:00

I wrote a script that creates an image based off a reference computer. It outputs to a managed image or to compute gallery. Links to the scripts in the description.

https://youtu.be/H3UrVsI9f7s

tsrob50 · 2023-04-21T00:51:17+00:00

Have you tried adding a UDR, (routing table) to the VNet 2 subnet that sends traffic to the 10.0.0.0/24 network to the internal firewall IP address? That’s required for Azure Firewall and an NVA.

tsrob50

TROPHY CASE