Skip to main content

Creating user profiles for Entra-joined Azure Virtual Desktops (AVD) primarily involves configuring FSLogix Profile Containers. This ensures that user profiles are portable and persistent across sessions, even though the session hosts are Entra-joined.

Here's a step-by-step guide:

Step 1: Prepare Your Storage for FSLogix Profiles

You'll need a file share that can be accessed by your AVD session hosts and where user profile disks will be stored. Azure Files is a common and recommended solution for this.

  1. Create an Azure Storage Account:
    • Go to the Azure portal, search for "Storage accounts," and click "Create."
    • Choose your subscription and resource group.
    • Give it a unique name (e.g., avdprofilesstorage).
    • Select a region.
    • For performance, consider "Premium" with "File shares" as the account kind, or "Standard" with "ZRS" or "GRS" redundancy for resilience.
    • Keep other settings as default or configure them according to your needs.
    • Click "Review + create," then "Create."
  2. Create an Azure File Share:
    • Once the storage account is deployed, navigate to it.
    • Under "Data storage," click "File shares."
    • Click "+ File share."
    • Give it a name (e.g., profiles).
    • Specify a quota (e.g., 1TB or based on your user count).
    • Click "Create."
  3. This is crucial for Entra-joined VMs to authenticate to the file share.
    • Navigate to your storage account.
    • Under "Data management," select "File shares."
    • Click on "Active Directory settings" (it might be under "Security + networking" > "File shares" > "AD settings").
    • Select "Azure Active Directory (AAD) Kerberos" or "Hybrid Azure Active Directory (AD DS) Kerberos" if your environment is hybrid. For pure Entra Join, AAD Kerberos is the way.
    • Follow the prompts to enable it. This involves creating an Entra ID application registration and granting permissions.
  4. Assign Share-Level Permissions:
    • Go to your file share.
    • Click on "Access control (IAM)."
    • Click "Add" > "Add role assignment."
    • Assign the "Storage File Data SMB Share Contributor" role to the Azure AD group containing your AVD users and the Azure AD group containing your AVD session host computer objects.
    • Assign "Storage File Data SMB Share Elevated Contributor" if you need to allow users to modify permissions on their own profiles, though "Contributor" is often sufficient.
    • Click "Review + assign."
  5. Configure NTFS Permissions on the File Share:
    While Azure AD Kerberos handles share access, you still need proper NTFS permissions within the share itself. You'll usually do this by mounting the share to a temporary VM (that is Entra-joined or Hybrid-joined) and setting the permissions.
    • Mount the Azure File share to a temporary Entra-joined or Hybrid-joined Windows VM:

codePowershell

net use Z: \\<storageaccountname>.file.core.windows.net\profiles /user:AzureAD\<your_upn>

    • Set the following NTFS permissions on the root of the profiles share:
      • CREATOR OWNER: Full Control (Applies to: Subfolders and files only)
      • Azure AD Group for AVD Users: Read & Execute, List Folder Contents, Read (Applies to: This folder, subfolders and files)
      • Azure AD Group for AVD Session Hosts: Read & Execute, List Folder Contents, Read, Write, Create Folders/Append Data (Applies to: This folder, subfolders and files)
      • SYSTEM: Full Control (Applies to: This folder, subfolders and files)
      • Administrators (of the AVD session hosts): Full Control (Applies to: This folder, subfolders and files)
    • You can set these using icacls:

codeCmd

icacls Z:\ /grant "Azure AD Group Name for AVD Users":(OI)(CI)R

icacls Z:\ /grant "Azure AD Group Name for AVD Session Hosts":(OI)(CI)R

icacls Z:\ /grant "Azure AD Group Name for AVD Session Hosts":(OI)(CI)W

icacls Z:\ /grant "SYSTEM":(OI)(CI)F

icacls Z:\ /grant "Builtin\Administrators":(OI)(CI)F

icacls Z:\ /setowner "Builtin\Administrators"

Note: Replace Z: with your mounted drive letter and "Azure AD Group Name" with the actual names of your Entra ID groups.

    • A good example of the final NTFS permissions could look like this:

 

 

A screenshot of a computer AI-generated content may be incorrect.

Step 2: Configure FSLogix on AVD Session Hosts

FSLogix agents are typically pre-installed on Azure Virtual Desktop images. You just need to configure them.

  1. Use Group Policy (Local or Centralized):
    For Entra-joined VMs, you can use Intune to deliver administrative templates for FSLogix, or configure them locally on the AVD master image. Using Intune is more scalable for larger deployments.
    • Option A: Configure via Intune (Recommended for Entra-joined):
      • Download the FSLogix Administrative Templates (.admx and .adml files) from the Microsoft FSLogix GitHub release page.
      • Import the .admx and .adml files into Intune. (Devices > Configuration profiles > Import ADMX).
      • Create a new Configuration Profile in Intune:
        • Profile type: "Settings catalog" or "Custom" (if using imported ADMX directly).
        • Search for "FSLogix" or specifically for "Profile Containers."
        • Configure the following settings:
          • Enabled: Yes
          • VHDLocation: \\<storageaccountname>.file.core.windows.net\profiles
          • DeleteLocalProfileWhenVHDShouldApply: Yes (Recommended to ensure profiles are always loaded from FSLogix)
          • SizeInMBs: (e.g., 30000 for 30GB, adjust as needed)
          • FlipFlopProfileDirectoryName: 1 (Recommended to avoid issues with concurrent logons if using multiple session hosts)
          • Include ProfileList in Roaming: No (This prevents issues with cached profiles)
      • Assign this profile to the Entra ID group containing your AVD session host computer objects.
    • Option B: Configure Locally on the Master Image:
      • Open gpedit.msc on your AVD master image.
      • Navigate to Computer Configuration > Administrative Templates > FSLogix > Profile Containers.
      • Configure the same settings as above (Enabled, VHDLocation, DeleteLocalProfileWhenVHDShouldApply, SizeInMBs, FlipFlopProfileDirectoryName, Include ProfileList in Roaming).
      • Save the changes and generalize your master image.
  2. Verify FSLogix Installation (if needed):
    • On a session host, check for the FSLogix Apps service in services.msc.
    • Check for the FSLogix installation directory: C:\Program Files\FSLogix\Apps.

Step 3: Test User Profiles

  1. Ensure your test users are assigned to an AVD group that grants them access to the session hosts.
  2. Log in with a Test User:
    • Use an Entra ID user account that has been assigned to an AVD group.
    • Log in to an AVD session.
    • The first login will create the FSLogix profile container. This might take a bit longer.
  3. Verify Profile Creation:
    • Go to your Azure File share (\\<storageaccountname>.file.core.windows.net\profiles).
    • You should see a folder structure like profiles\<username_SID>. Inside, there will be a VHD or VHDX file.
    • On the AVD session host, check C:\Users. You should see a symbolic link for the user's profile, pointing to the FSLogix mounted VHD. You can also check the ProfileList registry key at HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList.
  4. Test Persistence:
    • Create some files or change desktop settings in the user's AVD session.
    • Log off.
    • Log back in. Verify that the changes are still there.

Important Considerations:

  • FSLogix Cloud Cache: For greater resiliency and performance, especially in multi-region deployments or if you need to withstand storage outages, consider configuring FSLogix Cloud Cache. This allows profiles to be replicated to multiple storage locations.
  • Security Groups: Use dedicated Entra ID security groups for AVD users and AVD session host machines to simplify permission management.
  • Monitoring: Monitor your Azure File share usage and performance to ensure it can handle your user load.
  • Antivirus Exclusions: Configure antivirus exclusions for FSLogix directories and VHD(X) files on your AVD session hosts to prevent performance issues.
  • Master Image Updates: When updating your AVD master image, ensure that any local FSLogix configurations are reapplied or that your Intune profile is still correctly deployed.
  • FSLogix Version: Keep your FSLogix agents updated to benefit from the latest features and bug fixes.
  • Delegated Administration: If you have separate teams for AVD and identity, ensure proper delegation of permissions for managing Entra ID groups and Azure Storage.

By following these steps, you can successfully implement persistent user profiles for your Entra-joined Azure Virtual Desktops using FSLogix.

 

Popular posts from this blog

IDENTIFY TO FIND YOUR FIRE:

Discovering Passion & Niche with Purpose In a world full of voices, how do you hear your own? If you’ve ever felt the tension between having a powerful story and not knowing how to package it , the IDENTIFICATION framework becomes more than a business tool—it becomes a spiritual compass. Here’s how to use it not just to monetize a skill, but to uncover the soul print of your purpose . I – Industry Mapping Ask: What spaces already exist where I feel energized—yet I also see something missing? Passion blooms at the intersection of curiosity and calling. Look beyond buzzwords and into movements that stir your spirit : Is it personal finance for families ? Is it edutainment that empowers children? Is it soul-based entrepreneurship that feels alive ? Try: Write down 5 digital spaces where you could spend hours exploring (hint: not scrolling, but solving). D – Demand Signals Ask: What do people constantly ask me about—or what problems do I instinctively try to solve? S...
Read more

The Importance of Content Marketing in 2026: Building Trust, Driving Leads and Growing Your Business

 The Importance of Content Marketing in 2026: Building Trust, Driving Leads and Growing Your Business Content marketing is not a passing trend – it has become the backbone of modern marketing and sales strategies. Companies that consistently educate and engage their audience with blogs, videos , podcasts and other formats are seeing measurable results in brand awareness, lead generation and revenue. By 2026, content marketing is no longer optional: over 82 % of companies use it and more than 54 % plan to increase their investment . In today’s competitive landscape, high‑quality, customer‑focused content builds trust, attracts qualified prospects and nurtures loyalty throughout the buyer journey. Pervasive adoption and why it matters Widespread usage: Research shows that 73 % of B2B marketers and 70 % of B2C marketers include content marketing in their strategies . Within organisations, dedicated content teams are becoming the norm; 73 % of major o...
Read more

FAST FRAMEWORKS:

Structure for the Soul. Strategy for the Seed. At FavorSeeds , we don’t just teach financial tools—we plant systems of transformation. Behind every product, tracker, and challenge we offer lies a foundational code. A sacred rhythm. A set of spiritual structures designed to bring your vision into reality. We call them the FavorSeeds Frameworks : IDENTIFICATION — The art of knowing what to plant IMPLEMENTATION — The process of planting it with power and purpose These frameworks aren’t just theories—they’re active lenses. They shape how you think, move, and manifest your financial and spiritual goals. Why Frameworks Matter Most people are handed fragmented financial advice without a meaningful foundation. Budget this. Save that. Hustle here. Meditate there. But you’re not just managing money. You’re managing meaning. The FavorSeeds Frameworks give you structure and direction—without separating spirit from strategy. They help you discern what truly matters to yo...
Read more
  A slow or unstable internet connection can be incredibly frustrating, but many common issues can be resolved with a bit of troubleshooting. This guide will walk you through a series of steps to diagnose and fix your internet connection. Step 1: Basic Checks & Restarting Your Equipment Often, the simplest solutions are the most effective. Check Cables:  Ensure all cables connected to your modem and router are securely plugged in. This includes the power cables, the Ethernet cable connecting your modem to your router (if you have separate devices), and the cable coming from your internet service provider (ISP) – usually coaxial or fiber optic. Restart Your Modem and Router:  This is the golden rule of internet troubleshooting. Unplug  both your modem and router from their power sources. Wait for at least  30 seconds . This allows the devices to fully power down and clear their temporary ...
Read more

WHAT WE OFFER:

 Planting Tools for Prosperity & Purpose At FavorSeeds , we don’t just teach financial literacy —we awaken generational wisdom , one framework at a time. Our services are rooted in a simple truth: true wealth starts from within, then blossoms outward into legacy, abundance, and peace of mind. Through a fusion of structured strategy , gamified learning , and spiritually aligned coaching , we help families, individuals, and businesses unlock the tools they need to thrive—not just survive. Our Signature Services Framework Activation Dive deep into our signature IDENTIFICATION and IMPLEMENTATION systems—designed to decode limiting money beliefs and implement breakthrough strategies . Gamified Financial Literacy Tools Transform complex money topics into fun, interactive experiences. From kids to elders, everyone gets to play—and prosper. Spiritual Wealth Alignment Because true financial clarity includes the soul. Integrate vision-mapping , affirmations , and our 120-Day Spir...
Read more
 Digital Marketing Trends and Strategies for SMBs in 2026 Small and mid‑sized businesses (SMBs) are competing in an environment where digital marketing changes faster than ever. The rise of artificial intelligence (AI), voice search and social commerce are reshaping how customers discover, evaluate and purchase products. To succeed, SMBs must understand the trends shaping 2026 and implement strategies that build trust, visibility and conversion—without breaking the budget. AI becomes the backbone of digital marketing AI‑driven personalization is now standard. Advances in machine learning mean even small businesses can personalize messaging at scale. Twilio’s research shows that 92 % of companies use AI‑driven personalization to drive growth . AI tools automate tasks like content creation, segmentation and performance analysis, freeing owners to focus on strategy . AI marketing tools are accessible. According to a U.S. Chamber of Commerce report cited by Thryv, 58...
Read more
 Social Media Monetization for Beginners Social media platforms offer numerous avenues for monetization, even for beginners without specialized skills. The key lies in understanding different strategies, creating valuable and authentic content, and consistently engaging with an audience. Here are the primary ways one can monetize social media: • Direct Monetization Methods     ◦ Sponsored Posts and Brand Partnerships: Once you build a decent following, companies will pay you to promote their products or services through your posts, stories, or videos. These often involve a fixed fee per post or campaign and require you to demonstrate influence and an active community. It's crucial to promote products you genuinely like and to be transparent with disclosures about paid partnerships.     ◦ Affiliate Marketing: This involves promoting other companies' products or services using unique links. You earn a commission when someone makes a purchase through your link. Pla...
Read more
Sports Buzz: October 15, 2025 – The Moments Everyone’s Talking About  From emotional playoff breakthroughs to unexpected celebrity antics, here’s what’s lighting up the sports world today:  Mariners Fans in Tears as Playoff Dream Comes True Seattle Mariners fans are shedding tears of joy as their team is on the verge of making history. After a 21-year playoff drought, the Mariners are now just one game away from their first-ever World Series appearance. The emotional journey culminated in a viral moment when lifelong fan Saul Spady was seen weeping on national television after a dramatic playoff win. His reaction has become a symbol of the catharsis and joy possible in sports, resonating deeply with fans who have devoted years to their teams.  NFL Expands Global Reach with Flag Football Showcase in Saudi Arabia The NFL is taking major steps toward global expansion by hosting the Fanatics Flag Football Classic in Riyadh , Saudi Arabia , on March 21, 2026. The e...
Read more
Building Online Presence : A Skill-Free Income Guide Building a strong online presence is fundamental for generating income without prior skills, and it involves several key strategies, from mindset to practical execution. Foundational Mindset Shifts for Success Developing the right mindset is the starting point for building an online presence, influencing your motivation and ability to overcome challenges. • Embrace Learning and Adaptability Your ability to succeed online without specific skills starts with believing that change is possible and that you can learn as you go. The digital world changes rapidly, so being open to trying new methods and adapting your approach is crucial to keep moving forward. • Persistence Over Perfection View setbacks as opportunities to learn rather than failures, which helps build resilience. Recognize that success comes from persistence, not perfection. Small, consistent wins build confidence. • Focus on What You Control Concentrate on your effort, att...
Read more