Conditional Access is constantly evolving and adding new features. One of the newer features is conditional access for workload identities. This allows us to secure service principals for our app registrations. At the moment, this is limited to two conditions – service principal risk and/or Locations. Personally, I’d like to see grant controls for compliant […]
Testing Conditional Access for Workload Identities Read More »
Whether you love it or hate it, AD Connect is still vital to many organizations. As more organizations shift away from Hybrid joined devices, some applications or business processes still rely on AD Windows Authentication for applications or Kerberos for legacy services, like SMB file shares. For that, AD connect is still required for SSO
AD Connect Sync Issues – Manually Hard Match User Identities Read More »
This post is quick, but useful if you’re dealing with sporadic FSLogix issues that can’t be reproduced. Especially if you have users who tell you about issues more than two days after they’ve occurred. The FSLogix logs are located under %programdata%\Fslogix\Logs. By default, logs are kept for two days. If you suspect FSLogix is to
Increase FSLogix Log Retention Period Read More »
I dealt with an interesting support issue recently that turned out to be an extremely simple fix, but the culprit took couple of hours to find, so I thought I’d share it. I also wanted to share this so people (hopefully) aren’t so quick to blame FSLogix for anything related to profile issues with AVD.
Troubleshooting Strange Temporary profile Issues with AVD & FSLogix Read More »
I came across an interesting Microsoft learn page about using custom attributes on a user’s profile card a couple of weeks ago and did some testing. I felt the MS Learn article was a bit confusing, so I made this post to help clarify some things. Extension Attributes are essentially custom values you can add
In the newest release of FSLogix (FSLogix Release Notes – FSLogix | Microsoft Learn) a new VHDX compaction feature is enabled by default. As most of you probably know, VHDX files dynamically grow but don’t dynamically shrink on their own. For example, if you download a 5GB ISO file to your FSLogix profile desktop, your
FSLogix automatic VHDX disk compaction Read More »
Teams is my go-to collaboration application, but the popularity of Zoom makes it a necessary app for many organizations. If you have clients using AVD or Windows 365 personal desktops, there is a specific VDI installer for Zoom so your users get the best possible experience. The way Zoom VDI works is pretty neat. The
Installing Zoom for AVD & Windows 365 Read More »
Most AVD environments I’ve worked with rely on FSLogix using VHD locations for profile storage. If you already have VHD Locations configured and you want to move to Cloud Cache, this guide will walk you through the process (along with a mistake I made so you don’t make the same one). I couldn’t find much
Transition AVD FSLogix Profiles from VHDLocations to Cloud Cache Read More »
I’ve made it a priority recently to push organizations away from active directory domain controllers and adopt Azure AD Joined devices as much as possible. AVD has often been a hurdle since it’s usually configured to use pooled desktops, which rely on FSLogix, which use SMB shares, which rely on Kerberos authentication, which traditionally relies
Azure AD Joined AVD with FSLogix + AAD Kerberos authentication Read More »
BitLocker on removable drives is known as “BitLocker to go”, but I will just refer to it as BitLocker in this writing. Requiring BitLocker on removable drives is fairly easy with the built-in Intune Endpoint Security profile templates. Some of you may be thinking removable storage should be completely blocked for security reasons. I agree