Hey Neil thanks for sharing that. You didn't configure any NTFS permissions, right? So, if a user knows where the profiles are saved, he could open other profiles or not?
@@virtualmancHi Neil! Is it possible to enable this workaround even without using Nerdio? I mean, just enable on the session host the settings via powershell? thanks!
Hey Steve, yes, it's possible, although more configuration is needed. You need to create a script to run every time the host starts up to mount the file share using the storage account keys as authentication :)
@ thank you for amazing quick response. Will this be officially released by Microsoft that this can be done? I have quite a few clients that have Entra DS and AD servers just because of AVD and would love to removed it and go full Intune cloud only
Storing access keys as plain text in scripts is bad practice and a security vulnerability. A better approach would be to store the keys in a key vault and retrieve them during runtime
Hi Aidan, thanks for the comments! Yes, that is very true and is exactly how I normally do it :) In Nerdio we have these things called Secure Variables and they sold sensitive data like that in the Key Vault and then let you retrieve it using a secure variable :)
Any video recommendation on hardening AVD access from BYOD prospective?
I actualy have a video which touches upon that here - ruclips.net/video/vqFTHgsyoxg/видео.html But that's a really good video topic for the future!
Hey Neil
thanks for sharing that. You didn't configure any NTFS permissions, right? So, if a user knows where the profiles are saved, he could open other profiles or not?
Hey, I can confirm that they would not be able to see or open any other profiles :)
@@virtualmanc great, thanks for your fast reply, top!
@@virtualmancHi Neil! Is it possible to enable this workaround even without using Nerdio? I mean, just enable on the session host the settings via powershell? thanks!
I dont use Nerdio is this still possible?
Hey Steve, yes, it's possible, although more configuration is needed. You need to create a script to run every time the host starts up to mount the file share using the storage account keys as authentication :)
@ thank you for amazing quick response. Will this be officially released by Microsoft that this can be done? I have quite a few clients that have Entra DS and AD servers just because of AVD and would love to removed it and go full Intune cloud only
@@virtualmanc Possible to create video that shows the setup without Nerdio?
Quick question Neil... any chance to setup azure netapp files without joining it to on-prem AD.... maybe configuring the SMB RBAC roles ?
Hello, this is not possible. Azure NetApp Files has to have AD Connectivity.
Storing access keys as plain text in scripts is bad practice and a security vulnerability. A better approach would be to store the keys in a key vault and retrieve them during runtime
Hi Aidan, thanks for the comments! Yes, that is very true and is exactly how I normally do it :) In Nerdio we have these things called Secure Variables and they sold sensitive data like that in the Key Vault and then let you retrieve it using a secure variable :)
@@virtualmanc Hi! thanks for this video. The script that configure the cmdkey must be run at every session host start-up or just once?