In the newest release of FSLogix (FSLogix Release Notes – FSLogix | Microsoft Learn) a new VHDX compaction feature is enabled by default. As most of you probably know, VHDX files dynamically grow but don’t dynamically shrink on their own. For example, if you download a 5GB ISO file to your FSLogix profile desktop, your […]
FSLogix automatic VHDX disk compaction Read More »
Teams is my go-to collaboration application, but the popularity of Zoom makes it a necessary app for many organizations. If you have clients using AVD or Windows 365 personal desktops, there is a specific VDI installer for Zoom so your users get the best possible experience. The way Zoom VDI works is pretty neat. The
Installing Zoom for AVD & Windows 365 Read More »
Most AVD environments I’ve worked with rely on FSLogix using VHD locations for profile storage. If you already have VHD Locations configured and you want to move to Cloud Cache, this guide will walk you through the process (along with a mistake I made so you don’t make the same one). I couldn’t find much
Transition AVD FSLogix Profiles from VHDLocations to Cloud Cache Read More »
I’ve made it a priority recently to push organizations away from active directory domain controllers and adopt Azure AD Joined devices as much as possible. AVD has often been a hurdle since it’s usually configured to use pooled desktops, which rely on FSLogix, which use SMB shares, which rely on Kerberos authentication, which traditionally relies
Azure AD Joined AVD with FSLogix + AAD Kerberos authentication Read More »
BitLocker on removable drives is known as “BitLocker to go”, but I will just refer to it as BitLocker in this writing. Requiring BitLocker on removable drives is fairly easy with the built-in Intune Endpoint Security profile templates. Some of you may be thinking removable storage should be completely blocked for security reasons. I agree
In this post I’ll take a closer look at how AADJ machines authenticated with an AD Synced identity can seamlessly access on-prem resources. This includes things like SMB file shares or other applications that require AD USER authentication. It’s important to remember if you have services utilizing machine authentication, those devices will need to remain AD joined
This is a short holiday week for me, so this post is quick and basic. It’s surprising to me how many tenants I encounter that have no dynamic groups configured. Many IT teams are still manually adding/removing devices or users from assigned groups. For anyone not using dynamic groups, you need to start using them.
Back to Basics – Use Dynamic Groups Wherever Possible Read More »
Microsoft’s new authentication strength options for Conditional Access is awesome, and I encourage you to start using this feature. This post will add some clarification on using Conditional Access for MFA, how to add a FIDO2 security key as an authentication method, and then how to use conditional access to protect certain applications with different levels
