App Attach Cloud Shares in 3 Easy Steps
Вставка
- Опубліковано 11 лип 2024
- Are you ready to switch to a 100% cloud managed Azure Virtual Desktop environment? In this video, I will show you how to deliver applications dynamically to your AVD users without any traditional infrastructure. 🔥AFTER THIS 👉 • 3 Ways To GET MSIX Fil... 👈
▬▬▬▬▬▬ C H A P T E R S 📲 ▬▬▬▬▬▬
0:00 App Attach Cloud Shares
1:00 Step 1
1:50 Step 2
2:00 Step 3
2:54 Wrap Up
▬▬▬▬▬▬ R E S O U R C E S 📡 ▬▬▬▬▬▬
► App Attach Docs: review.learn.microsoft.com/en...
▬▬▬▬▬▬ S U P P O R T 💰 ▬▬▬▬▬▬
► Become a Learner TODAY: tinyurl.com/AzureAcademy-Subs...
► Twitter: / msazureacademy100
► LinkedIn: / dean-cefola-2902934b
#TheAzureAcademy #AzureVirtualDesktop #AppAttach - Наука та технологія
Thank you Dean. Really awesome content from you.
👍☺️👍 anytime
Great Video! Thank you very much for this. 😀
Any time
Thanks!
Thanks for your support!
Awesome! Working on it now. I am new with InTune and AVD Management. Do you have any existing videos for this, or is it possible to do a deep dive? I wasn't able to find anything AVD-Intune Specific.
The most used features of Intune for AVD are configuration policies...which are like GPOs. There is now native AVD and FSLogix policies in tune, like I showed in this video. But I also did this video on migrating from traditional GPO to Intune policy ua-cam.com/video/qhZKxJf-ImU/v-deo.html
let me know if you want a deeper look at something in particular in Intune.
@@AzureAcademySilly question but does the Cloud Share require that the machines be Entra joined vs. AD?
Cloud Joined or Hybrid Joined...YES. If you are only AD Joined...then you should use AD Authenticated App Attach shares.
Great video! What are your thoughts on file storage for a company? If a company is using Azure Virtual Desktop and they migrate their file server to Azure files, would the concept in this video help? It seems like authenticating to an Azure File share still requires Active Directory.
Thanks! The authentication you use depends on your security. Generally in a file server you need user level authentication...the method for App Attach is VM / Computer level authentication, so it would not work. For user level auth, you need either Active Directory or cloud based Kerberos auth.
Watch this video to learn about those. ua-cam.com/video/suvDH-yNL88/v-deo.html
On the storage account do we need to setup any form of identity based access or do we leave that not configured?
Nope, not needed for this to work
I’m curious how people deal with avd internal/external policies. For example we have a desktop in Citrix used by both internal and external users but configure different policies depending on user entry point. For external users we block things like drive mapping/clipboard and also add some optimisations due to lower bandwidth. How can this be replicated with avd? Having to use multiple host pools and different rdp properties on each one just means more machines running and more to manage. There
Must be an easier way ? Thanks for your videos btw they are very useful as we being a journey to try to move away from Citrix for desktops
I am assuming you are asking about users who are internal some days and external on others and want different controls for the same user in different places.
This is done with 3 things, Entra ID Conditional Access Policies and host pool RDP Properties and private endpoints.
CA Policies control authentication access and requirements like a location or IP range
HP Properties control behaviors and control inside the sessions, like slowing printers or clipboard.
Private endpoints would take pool 1 and only allow internal access and pool 2 allows external access.
This is kind of like CA Policy location controls…
But CA policies are all or nothing, so in this case you are better off just using the policies for enforcing MFA and device compatibility and leave the location enforcement to the private endpoints.
Yes this means you would need a dedicated pool for external and another for internal users.
Let me know what you think
yeah that's what i figured, dedicated pools for internal/external is not that practical as it means we'd need multiple pools depending on the desktop/apps if there have to be available both internally and externally. Would apps/desktops be hidden from the remote desktop client if access wasn't allowed or would they just fail to load. If multiple pools apps/desktops would need different names depending on external available versus internally available?. It also sounds like it could be a lot more to manage.@@AzureAcademy
You would name them internal and external for the same app / desktop
And if they tried to access the internal when they are external it would fail to connect.
I agree this is not the optimal solution and I am talking to the product team about improving this.
Awesome video!
Whenever I try to create the app attach (in cloud-only), I receive this error message: "Error expanding msix app attach package. The MSIX Application metadata expand request failed on all Session Hosts that it was sent to. Session Host: , Virtual disk not found at ≤//FireFox-ESR_v115.6.0.cim≥."
It happens with the CIM and the VHDX formats.
Do you have any tips or ideas we can try?
Thanks! Either your app attach file and host pool aren’t in the same region
Or
Your MSIX file isn’t packaged correctly
Or
The MSIX file doesn’t have a certificate
Or
The certificate expired
@@AzureAcademy, do we need to repackage the MSIX packages we get from vendors (i.e. Microsoft Store, Evergreen, etc) with a valid certificate? I saw in one of your other replies that vendors have to have a valid certificate to be able to publish in the Microsoft Store. If that is true, the Certificate and MSIX File shouldn't be a problem, right?
The only way to know if your package has a certificate issue is to check the properties of the package and look at the certificate and check for expiration.
Then verify that cert is on the host…then you are fine
@@AzureAcademy I have the same issue, is it the host pool or host pool sessions hosts that need to be same Region as app attach file.... Thanks for your marvelous videos
The host pool and the App Attach files need to be in the same region. The session hosts technically can work in a different region, however I recommend they are in the same region for performance sake