Virtual Desktop Service

Redirecting Storage Platform to Azure Files

Contributors kris-gillette-netapp


Virtual Desktop Service deployment technologies allow for a variety of storage options depending on the underlying infrastructure. This guide addresses how to make a change to using Azure Files post-deployment.


Create the new storage layer

  1. Log in to Azure with the global admin account

  2. Create a new Storage Account in the same location and resource group as the workspace


  3. Create the data, home, and pro file shares under the storage account


Set Up Active Directory

  1. Create a new Organization Unit named “Storage Account” under the Cloud Workspace > Cloud Worksapce Service Accounts OU


  2. Enable AD DS authentication (must be done using PowerShell)

    1. DomainAccountType should be “ServiceLogonAccount

    2. OraganizationalUnitDistinguishedName is the distinguished name of the OU created in the previous step (ie “OU=Storage Account,OU=Cloud Workspace Service Accounts,OU=Cloud Workspace,DC=TrainingKrisG,DC=onmicrosoft,DC=com”)

Set the Roles for the Shares

  1. In the Azure portal, give "`Storage File Data SMB Share Elevated Contributor`” role to CloudWorkspaceSVC and Level3 Technicians


  2. Give "Storage File Data SMB Share Contributor" role to the “<company code>-all users” group


Create the directories

  1. Create a directory in each share (data, home, pro) using the company code as the name (In this example, the company code is “kift”)


  2. In the <company code> directory of the pro share, create a “ProfileContainers” directory


Set the NTFS Permissions

  1. Connect to the shares

    1. Navigate to the share under the storage account in the Azure portal, click the three dots, then click Connect


    2. Choose Active Directory for Authentication method and click the Copy to clipboard icon in the lower right corner of the code


    3. Log in to the CWMGR1 server with an account that is a member of the Level3 Technicians group

    4. Run the copied code in PowerShell to map the drive

    5. Do the same for each share while choosing a different drive letter for each

  2. Disable inheritance on the <company code> directories

  3. System and the AD Group ClientDHPAccess should have Full Control to the <company code> directories

  4. Domain Computers should have Full Control to the <company code> directory in the pro share as well as the ProfileContainers directory within

  5. The <company code>-all users AD group should have List folder/read data permissons to the <company code> directories in the home and pro shares

  6. The <company code>-all users AD group should have the below Special permissions for the directory in the data share


  7. The <company code>-all users AD group should have the Modify permission on the ProfileContainers directory

Update Group Policy Objects

  1. Update the GPO <company code> users located under Cloud Workspace > Cloud Workspace Companies > <company code> > <company code>-desktop users

    1. Change the Home drive mapping to point the new home share


    2. Change the Folder Redirection to point the home share for Desktop and Documents



Update the share in Active Directory Users and Computers

  1. With classic or hybrid AD, the share in the company code OU needs to be updated to the new location


Update Data/Home/Pro paths in VDS

  1. Log in to CWMGR1 with an account in the Level3 Technicians group and launch Command Center

  2. In the Command drop down, select Change Data/Home/Pro Folders

  3. Click the Load Data button, then be sure the proper company code is selected from the drop down

  4. Enter the new patsh for the data, home, and pro locations

  5. Uncheck the Is Windows Server box

  6. Click the Execute Command button


Update FSLogix profile paths

  1. Open registry editory on the session hosts

  2. Edit the VHDLoccations entry at HKLM\SOFTWARE\FSLogix\Profiles to be the UNC path to the new ProfileContainers directory


Configure Backups

  1. It is recommended to set up and configure a backup policy for the new shares

  2. Create a new Recovery Services Vault in the same resource group

  3. Navigate to the vault and select Backup under Getting Started

  4. Choose Azure for where the workload is running and Azure file share for what you want to back up then click Backukp

  5. Select the storage account used to create the shares

  6. Add the shares to back up

  7. Edit and Create a backup policy that fits your needs