I'm having some trouble with standard users not being able to log into the new Virtual Desktop Infrastructure (VDI) setups, whether they're in existing or newly created host pools. Interestingly, users with admin privileges can log in just fine, and standard users can still access older VDI instances without a hitch. I started with Azure Premium Files for user profiles, but I switched over to NetApp Files. Any advice on what might be going wrong?
4 Answers
Have you checked if the standard users have been assigned the Virtual Machine User Login role? Also, make sure they have the Desktop Virtualization User role. Are the VMs connected to Entra or Active Directory? Do the users receive any error messages when they try to log in using the Windows app?
There are a few things to consider here. Are the users enrolled in Entra or Intune? Also, make sure you included 'targetisaadjoined:i:1' in the configuration. Lastly, confirm that they have the right role-based access control (RBAC) permissions—specifically for Virtual Machine User Logon and that they're using the Windows app to connect.
So, I’m using Azure Active Directory Domain Services (AAD DS), and all the users have the correct permissions. They can log into host pool A but only on older VDIs created around two months ago. When I create new VDIs in that host pool, standard users can't log in; the FSLogix profiles start to load and then they just sign out. Admin users have no problems logging in. We are using the Windows app for Azure connections.
It's worth looking into whether the VMs are joined to Active Directory. Sometimes that can create problems for standard users trying to log in.
Are all the FSLogix profiles on the new VDIs using the same storage account and share as the old VDIs that are working? It might be a permissions issue with the shares you're using. Also, have you tried temporarily disabling FSLogix to see if that resolves the problem?