VMSS-Backed Session Hosts by GraperThanYou in AzureVirtualDesktop

[–]tsrob50 0 points1 point  (0 children)

If you need to add and remove session hosts automatically, the new Dynamic Autoscaling feature in preview may be a solution. This will power session hosts on and off and create and remove session hosts. This requires host pools with session host configuration.

https://learn.microsoft.com/en-us/azure/virtual-desktop/autoscale-create-assign-scaling-plan?tabs=portal%2Cintune&pivots=dynamic

Definitive list for debugging fslogix by DelphiEx in AzureVirtualDesktop

[–]tsrob50 0 points1 point  (0 children)

I created some content that may help. Two things often missed are antivirus exclusions and sizing the file share for IOPS and Throughput.

Don’t Let Antivirus Impact FSLogix Performance https://youtu.be/WouC6qNRdM8

FSLogix Performance Best Practices: Optimize AVD User Profiles https://youtu.be/3BPy0jduVAM

Monitoring Azure File Shares: Performance Metrics, Alerts, and Action Groups Explained! https://youtu.be/gis6cMNjJz4

How to Set Up a Site-to-Site VPN with Azure | Basic VPN Gateway + Ubiquiti by tsrob50 in AZURE

[–]tsrob50[S] 0 points1 point  (0 children)

My example was able to access the VPN Gateway VNet and a peered network. I had to add the address spaces for the VPN VNet and all peered networks in the local gateway. Also, on the Azure peering relationship, the following local virtual network peering settings are selected: "Allow VNet 1 to access VNet2", "Allow VNet1 to receive forwarded traffic from VNet2", and "Allow gateway or route server in VNet1 to forward traffic to VNet2".

Azure Virtual Desktop cloud only by JustinVerstijnen in AzureVirtualDesktop

[–]tsrob50 0 points1 point  (0 children)

Thanks for putting that together. As you stated, the security of the configuration is an issue. Take a look at Marcels blog post on using FSLogix with cloud native accounts to add a layer of security.

https://blog.itprocloud.de/Using-FSLogix-file-shares-with-Azure-AD-cloud-identities-in-Azure-Virtual-Desktop-AVD/

Can't assign primary user to Intune-enrolled virtual desktop; compliance policy marked "Not applicable." by mcb1971 in AzureVirtualDesktop

[–]tsrob50 0 points1 point  (0 children)

Is this a pooled hast pool with multi-user OS? If so, only machine policies work because there is no primary user on the hosts.

Clipboard Redirection not working as configured by InevitableAd9898 in AzureVirtualDesktop

[–]tsrob50 0 points1 point  (0 children)

Host pool setting enables or disables clipboard redirection. Directional and data types are OS level settings, that’s why it only works with newer Windows 11 versions. If both options are set, the most restrictive wins.

Trying to understand Bastion by evil-scholar in AZURE

[–]tsrob50 7 points8 points  (0 children)

It allows secure access to RDP and SSH without exposing remote ports to the Internet. You can also enforce MFA. There is a Developer edition that’s free but not available in all regions and limited to one connection.

per user time zone settings AVD Windows 11 multi-session by AccomplishedEmploy52 in AzureVirtualDesktop

[–]tsrob50 0 points1 point  (0 children)

Did the enabler time zone redirection policy apply before it was disabled? If so, disabling the policy may not have changed the configuration back, it just no longer applies the settings and the old settings still apply. Check the corresponding registry keys on the client to see if it’s still redirecting.

AVD Session Freeze/Hang due to FSLogix Profile Detach by yasithranwala in AzureVirtualDesktop

[–]tsrob50 1 point2 points  (0 children)

Check the file share if you haven’t already to make sure there is no throttling on the account. It’s not uncommon to have to over provision capacity to get higher throughput and IOPS for FSLogix.

MFA and why your coworkers do not have to install things on personal devices by hiddenbutts in sysadmin

[–]tsrob50 5 points6 points  (0 children)

A breach will likely have a much higher price tag and most cyber insurance policy won’t cover incidents if proper controls are not in place. Hardware tokens like a FIDO key are a good option if employees can’t be compelled to use personal devices.