Seeking Help with Azure AVD Setup and File Share Access

By
Keven Krok
-
0
9
Asked By CloudWhizKid42 On

Hey everyone,

I'm looking for some guidance on setting up an Azure AVD solution that is entirely cloud-based, with session hosts managed by Intune. Here's what I've tried so far:

**Attempt 1:** I set up a domain using Microsoft Entra Domain Services and created a file share with Entra authentication enabled. While both AVD and FSLogix worked, Intune couldn't manage the session hosts, which Microsoft indicated is a limitation.

**Attempt 2:** I tried a different approach by creating a new storage account with Microsoft Entra Kerberos. I set permissions to Enabled for the Storage File Data SMB Share Contributor role and included the AVD Users group. I deployed a VM that's joined to Entra ID and enrolled in Intune, and user sign-ins plus SSO work great. However, I'm having trouble accessing the file share—authentication fails despite entering the right credentials, and running klist shows no Kerberos tickets.

Anyone have any suggestions on how to tackle the file share access issue? Thanks!

3 Answers

Answered By TechGuruMike On

To make Entra Kerberos work, you need a domain controller in your setup that’s hybrid joined with Entra. Your MEDS deployment can help here, but it's not a good idea to join your AVD session hosts to it. Stick with your second attempt, ensuring your domain is hybrid synced. Entra itself can’t generate Kerberos tickets, but a traditional DC can manage that for you. If you're still using MEDS from attempt 2, consider deploying a classic DC on B-Series VMs.

Answered By AVD_Expert21 On

While I’m not directly addressing your issue, I want to point out that using Intune for AVD setups can be tricky. AVD is designed for flexible desktop and app deployment, similar to Citrix, while Intune focuses on more static resources. They don't always mesh well, especially since AVD instances can change frequently. We struggled with this too, finding that managing updates and patches required a different approach.

Answered By CloudNinja77 On

You might be looking at the wrong concepts. When you say "cloud-only AVD," it usually suggests there won't be a traditional file share involved, meaning Intune would handle things. If you really want to keep it cloud-only, consider moving your file shares to SharePoint, which could solve your access issues.

Related Questions

LEAVE A REPLY

Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.