Authorize AVD session host for Azure files

Franjo87 21 Reputation points
2021-10-12T13:42:37.093+00:00

Hi all,

I'm working on a proof of concept implementation of Azure Virtual Desktop.

I want to allow my session host to access an Azure Files file share as described in the following article:

https://learn.microsoft.com/en-us/azure/virtual-desktop/azure-files-authorization

The goal is to add VHDs containing MSIX packages.

As a prerequisite I have to add the session host in Azure AD DS to a group. The group will then assigned to the access control of the files share.

The problem is, that AD DS does not allow to make changes to group memberships.

The question is how to grant the session host read access to the file share using Azure Active Directory Domain Services?

I cannot add the session host's computer account to a group nor can I choose the session host in the control access list of the file share directly.

Kind regards
Franjo

Azure Virtual Desktop
Azure Virtual Desktop
A Microsoft desktop and app virtualization service that runs on Azure. Previously known as Windows Virtual Desktop.
1,368 questions
0 comments
Accepted answer
  1. vipullag-MSFT 24,211 Reputation points Microsoft Employee
    2021-10-13T14:19:53.013+00:00

    @Franjo87

    Apologies for delayed response on this.

    AAD DS is not supported in the MSIX App Attach context due to the direction of the sync, i.e. AAD to AAD DS and not the other way around which is a requirement for App Attach. Refer this FAQ once.

    You can use MSIX App Attach and Azure AD DS with a different storage solution. You can create a security group with the computer objects that will only live in AD and use that with an IaaS file server or Azure NetApp Files for the share permissions.

    Hope this helps.
    Please 'Accept as answer' if the provided information is helpful, so that it can help others in the community looking for help on similar topics.

    0 comments

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest