Thanks for your feedback! I'll definitely consider creating a video on using private endpoints and addressing public access concerns. Stay tuned! For my customer production environments I ALWAYS use private endpoints, but this is just my homelab environment which has no data worth stealing on it!
I see others have asked for this but can we get a version for the admins who dont have nerdio. Can someone create the nerdio steps by hand so we can get this working? The title of this video was misleading as it doesnt mention anything about nerdio
You can find what you need here - nmehelp.getnerdio.com/hc/en-us/articles/26124360018445-How-to-Use-Azure-Files-with-Entra-ID-Joined-Method-for-AVD, you would just need to modify that with your environment. So the script to run you could use something like Azure DevOps, packer, terraform, Azure VM Extensions or anything like that. But i hear ya and I will do a video on how to do it soon without Nerdio :)
You can see the script which you need to run here - nmehelp.getnerdio.com/hc/en-us/articles/26124360018445-How-to-Use-Azure-Files-with-Entra-ID-Joined-Method-for-AVD - all you need to is to make sure thats run each time a host is created. You can use Azure DevOps or any other method you want to use to ensure its ran each time
@@virtualmanc After adding the script, what is next. You did several other nerdio steps. If you cant create another video, can someone provide a link to documentation to get this working?
Hey Steve, yes, it's possible, although more configuration is needed. You need to create a script to run every time the host starts up to mount the file share using the storage account keys as authentication :)
@ thank you for amazing quick response. Will this be officially released by Microsoft that this can be done? I have quite a few clients that have Entra DS and AD servers just because of AVD and would love to removed it and go full Intune cloud only
Hey Neil thanks for sharing that. You didn't configure any NTFS permissions, right? So, if a user knows where the profiles are saved, he could open other profiles or not?
@@virtualmancHi Neil! Is it possible to enable this workaround even without using Nerdio? I mean, just enable on the session host the settings via powershell? thanks!
Storing access keys as plain text in scripts is bad practice and a security vulnerability. A better approach would be to store the keys in a key vault and retrieve them during runtime
Hi Aidan, thanks for the comments! Yes, that is very true and is exactly how I normally do it :) In Nerdio we have these things called Secure Variables and they sold sensitive data like that in the Key Vault and then let you retrieve it using a secure variable :)
@2:26 - Please, can we not do PUBLIC Access for storage?
can you do a video with using PRIVATE ENDPOINT?
Thanks for your feedback! I'll definitely consider creating a video on using private endpoints and addressing public access concerns. Stay tuned! For my customer production environments I ALWAYS use private endpoints, but this is just my homelab environment which has no data worth stealing on it!
Any video recommendation on hardening AVD access from BYOD prospective?
I actualy have a video which touches upon that here - ua-cam.com/video/vqFTHgsyoxg/v-deo.html But that's a really good video topic for the future!
I see others have asked for this but can we get a version for the admins who dont have nerdio. Can someone create the nerdio steps by hand so we can get this working? The title of this video was misleading as it doesnt mention anything about nerdio
You can find what you need here - nmehelp.getnerdio.com/hc/en-us/articles/26124360018445-How-to-Use-Azure-Files-with-Entra-ID-Joined-Method-for-AVD, you would just need to modify that with your environment. So the script to run you could use something like Azure DevOps, packer, terraform, Azure VM Extensions or anything like that. But i hear ya and I will do a video on how to do it soon without Nerdio :)
can you show STEP 3, 4, etc..: for normal azure admins?
(non nerdio)
can we just modify the registry manually to store the access info?
You can see the script which you need to run here - nmehelp.getnerdio.com/hc/en-us/articles/26124360018445-How-to-Use-Azure-Files-with-Entra-ID-Joined-Method-for-AVD - all you need to is to make sure thats run each time a host is created. You can use Azure DevOps or any other method you want to use to ensure its ran each time
@@virtualmanc After adding the script, what is next. You did several other nerdio steps. If you cant create another video, can someone provide a link to documentation to get this working?
I dont use Nerdio is this still possible?
Hey Steve, yes, it's possible, although more configuration is needed. You need to create a script to run every time the host starts up to mount the file share using the storage account keys as authentication :)
@ thank you for amazing quick response. Will this be officially released by Microsoft that this can be done? I have quite a few clients that have Entra DS and AD servers just because of AVD and would love to removed it and go full Intune cloud only
@@virtualmanc Possible to create video that shows the setup without Nerdio?
Quick question Neil... any chance to setup azure netapp files without joining it to on-prem AD.... maybe configuring the SMB RBAC roles ?
Hello, this is not possible. Azure NetApp Files has to have AD Connectivity.
Hey Neil
thanks for sharing that. You didn't configure any NTFS permissions, right? So, if a user knows where the profiles are saved, he could open other profiles or not?
Hey, I can confirm that they would not be able to see or open any other profiles :)
@@virtualmanc great, thanks for your fast reply, top!
@@virtualmancHi Neil! Is it possible to enable this workaround even without using Nerdio? I mean, just enable on the session host the settings via powershell? thanks!
Storing access keys as plain text in scripts is bad practice and a security vulnerability. A better approach would be to store the keys in a key vault and retrieve them during runtime
Hi Aidan, thanks for the comments! Yes, that is very true and is exactly how I normally do it :) In Nerdio we have these things called Secure Variables and they sold sensitive data like that in the Key Vault and then let you retrieve it using a secure variable :)
@@virtualmanc Hi! thanks for this video. The script that configure the cmdkey must be run at every session host start-up or just once?