How to Use Azure Files with Entra ID Joined Method for AVD

How to Use Azure Files with Entra ID Joined Method for AVD

This is a workaround until Microsoft fully supports Entra ID with Kerberos. Instead of using Azure Blob Storage, Azure Files Premium can run much faster and supports backups in Nerdio Manager.

Create the Required Azure Resources

The first step is to create the required Azure resources. This includes a storage account and a file share in the storage account.

To create the required Azure resources:

  1. In the Azure portal, navigate to Storage accounts.

  2. Select + Create.

  3. Enter the following information:

    • Subscription - Resource Group: From the drop-down lists, select the desired subscription and resource group.

    • Storage account name: Type the name of the storage account.

    • Region: From the drop-down list, select the region.

    • Performance: Select Premium.

    • Premium account type: From the drop-down list, select File shares.

    • Redundancy: From the drop-down list, select the desired redundancy level.

  4. Once you have entered all the desired information, select Review and then Create.

  5. Once the storage account is created, navigate into the storage account.

  6. On the blade on the left side, in the Data storage section, select File shares.

  7. Select + File share.

  8. Enter the following information:

    • Name: Type the name of the file share.

    • Provisioned capacity: Type 100.

    • Protocol: Select SMB.

  9. Once you have entered all the desired information, select Create.

  10. Record the UNC path of the new file share. For example, \\[[STORAGEACCOUNTFQDN]\[FILESHARE].

  11. On the blade on the left side, in the Security + networking section, select Access keys.

  12. Copy the Key for Key1 to Notepad.

Create a Scripted Action in Nerdio Manager

The next step is to create a scripted action for Entra ID Joined Windows credential manager.

To create the scripted action:

  1. In Nerdio Manager, navigate to Scripted ActionsWindows scripts.

  2. Select Add scripted action.

  3. Enter the following information:

    • Name: Type EntraIDWindowsCredentialManager.

    • Description: Type the script's description.

    • Tags: From the drop-down list, select optional tags for the script. These tags are used for searching and organization.

    • Script Execution Mode: From the drop-down list, select Individual with restart.

    • Script: Paste the following into the script.

      cmdkey.exe /add:[[STOREAGE ACCOUNT FQDN]] /user:localhost\[[STORAGE ACCOUNT NAME]] /pass:[[STORAGE ACOUNT KEY]]

      # Check if the key exists
      if (-not(Test-Path "HKLM:\Software\Policies\Microsoft\AzureADAccount")) {

      # Create the key if it doesn't exist

      New-Item -Path "HKLM:\Software\Policies\Microsoft\AzureADAccount" -Force
      }

      # Add or modify the property

      New-ItemProperty -Path "HKLM:\Software\Policies\Microsoft\AzureADAccount" -Name "LoadCredKeyFromProfile" -Value 1 -Type DWord -Force

      For example:

      cmdkey.exe /add:aadjazfileswinhart.file.core.windows.net /user:localhost\aadjazfileswinhart /pass:h/0xqVkR6V5KaJNoFWEYCXSwP5kXjXLcTXViWrbFqfskMLvmlizotlBRLFw+f6HEupw5cKw0IKvV+AStMO632Q==

      # Check if the key exists

      if (-not(Test-Path "HKLM:\Software\Policies\Microsoft\AzureADAccount")) {

      # Create the key if it doesn't exist

      New-Item -Path "HKLM:\Software\Policies\Microsoft\AzureADAccount" -Force
      }

      # Add or modify the property

      New-ItemProperty -Path "HKLM:\Software\Policies\Microsoft\AzureADAccount" -Name "LoadCredKeyFromProfile" -Value 1 -Type DWord -Force

  4. Once you have entered all the desired information, select Save & close.

Configure the Host Pools in Nerdio Manager

The next step is to configure the host pools. This includes the FSLogix and VM Deployment settings.

To configure the host pools:

  1. In Nerdio Manager, Locate the host pool you wish to work with.

  2. From the action menu, select Properties > FSLogix.

  3. Enter the following information:

    • FSLogix Profiles path: Type the file share's UNC path \\[[STORAGEACCOUNTFQDN]\[FILESHARE] that you previously recorded.

      Note: For example, \\aadjazfileswinhart.file.core.windows.net\profiles

    • FSLogix Registry Options: Add "AccessNetworkAsComputerObject"=dword:1.

  4. Once you have entered all the desired information, select Save.

  5. Navigate to the VM Deployment tab.

  6. In the Scripted Actions section, enter the following information:

    • Run Scripted actions when host VM is CREATED: If necessary, toggle on this option.

    • Windows scripts: From the drop-down list, select EntraIDWindowsCredentialManager.

  7. Once you have entered all the desired information, select Save or Save & close.

Was this article helpful?

0 out of 0 found this helpful
Have more questions? Submit a request

Comments (0 comments)

Please sign in to leave a comment.