5 Things MSPs Must Know about FSLogix  

Microsoft’s FSLogix is known for being a powerful profile management tool. It has many desirable features for managed service providers (MSPs) operating in Azure.  Launched in 2012 as a startup independent of Microsoft, FSLogix provided a tool to reduce the number of resources, time, and labor required to support virtual desktops. Because of the natural synergies with our mission, Nerdio has been a big fan of FSLogix since the beginning and closely kept an eye on the evolution of their product.  

And we weren’t the only ones! In 2018 Microsoft acquired the company. They noticed the value FSLogix brought to profile and application containerization and the company’s alignment with their own goals as it related to Azure Virtual Desktop (AVD), called Windows Virtual Desktop (WVD) at the time.  

Skip to today and we have seen the investments Microsoft has made into this technology and bringing it to the masses via AVD pay off significantly. MSPs who have an Azure practice have come to rely on FSLogix to optimize their environments.

As Managed Service Providers (MSPs) navigate the intricacies of virtual desktop environments, understanding the transformative capabilities of FSLogix becomes crucial. This blog post serves as an indispensable resource, equipping MSPs with the essential knowledge needed to leverage FSLogix effectively. By exploring the core concepts, benefits, and practical implementation strategies of FSLogix, this article empowers MSPs to optimize performance, streamline management, and enhance user experiences. Whether you’re new to FSLogix or seeking to deepen your understanding, this comprehensive guide offers invaluable insights, best practices, and real-world examples to help MSPs harness the full potential of FSLogix and deliver exceptional virtual desktop solutions to their clients.

Below I outline the five key things your MSP should know when it comes to FSLogix and how you can use them to your advantage. 

1. A Premium Experience Requires Premium Storage 

We see a good deal of our MSP partners leveraging FSLogix alongside Azure Files, a popular solution for hosting files and folders, including user-profiles, on Microsoft Azure. Specifically, they are seeing great results with this combination when using the Premium storage tier because profiles are so read/write-intense. Azure Files Premium coupled with FSLogix maintains the best user experience by providing the highest IOPS and throughput for the disk.  

To further the above benefits while reducing storage costs, combine these technologies with the powerful auto-scaling capabilities available in Nerdio Manager. It helps MSPs eliminate common issues around over-provisioning or incorrectly guessing how much storage is needed by effectively turning the Premium tier into a pay-as-you-go model. 

2. How to Automate the Security and Access You Require  

Azure Virtual Desktop is a service that is constantly improving when it comes to identity and access management (IAM) and ensuring security at scale. Roles-Based Access Controls (RBAC) roles are available in AVD and Nerdio Manager, with the latter giving MSPs the ability to create custom RBAC roles. In ensuring FSLogix helps support your access policies, MSPs can automate setting the Azure Storage File Data SMB Share Contributor Role on the Azure Files profile share for all users within a Security Group.  

This role is required to provide the needed Read/Write access for the profile share. You can read more about this role and others available via Microsoft’s documentation. By automating this setting, MSPs can consistently uphold zero trust principles whenever a new user or group is added.  

Pro Tip – Consider these best practices for NTFS Permissions on the profile share: 

3. Configure Outlook Cache to Avoid Overspending Real CASH 

One of the biggest benefits of FSLogix profiles is the ability to roam the user application caches, for example, Outlook mailbox data, and avoid constantly recreating it. Strategically defining individual cache settings allows MSPs to plan for growth and spending. What most MSPs don’t consider is that if left undefined, application caching can grow quickly and not all of it is crucial to your users’ experience.  

As an example, consider again a user’s Cached Exchange Mode settings. Is it wise to download all their mailbox if they only need “fast/local” access to the last three months’ worth of data?  

Most MSPs find that it is in their best interest to configure a Group Policy Setting to manage Cached Exchange Mode which will define the amount of a user’s profile dedicated to Mailbox content storage. We have seen MSP partners configure this setting for as little as three months and as much as one year. Knowing the details of this setting can allow you to strategically assume/plan for the amount of growth in a user’s profile. Read Microsoft’s documentation about planning and configuring for additional insights and recommendations.  

4. FSLogix Is More Than Just Profile Management  

FSLogix is a great way to create roaming user profiles in non-persistent computer environments like an AVD host pool with users logging into different hosts on what could be a daily basis. Profiles would no longer be dependent on an individual machine due to the added flexibility with FSLogix. This allows MSPs to provide customers dynamic environments with a consistent user experience.  

But FSLogix includes a suite of tools focused on much more than just profile containers. Skilled and advanced MSPs have found value in using FSLogix for roaming Office profiles and cache, and masking applications so only the right users can see and access them. And some also use it for the ability to manage Java versioning. 

5. Why Application Masking May Be Our Favorite Feature  

FSLogix includes some incredible tools to manage application restrictions within multi-user environments. If you only want a subset of users to have access to an application on a multi-session host, you can implement app masking to hide apps from users. Looking to make app masking and management easier? Learn more about how Nerdio Manager helps managed installed apps and rule sets using FSLogix.  

I hope this has been an informative read on what is without a doubt one of the most helpful (but complex!) Azure Virtual Desktop-related technologies. To discuss FSLogix further or how your MSP can benefit from using or optimizing it, you can contact our team or join me at the Nerdio Partner Success Community.  

FSLogix Application Masking  

As a Nerdio partner, you get a standing invitation to our Monthly Partner Webinar. We use these 45-minute sessions to dive into the Azure, AVD and Windows 365 topics and tips most important to MSPs and their technical staff.  

In fact, our June webinar was entirely dedicated to FSLogix – a technology that has many benefits but is a bit complex to learn and master. One of the favorite things partners learned about from that session was the ability to perform application masking with FSLogix.  

For those seeking to enhance security and streamline user experiences in virtual desktop environments, FSLogix Application Masking is a powerful solution worth exploring. This blog post serves as an insightful resource, offering a comprehensive overview of FSLogix Application Masking and its role in controlling application access within virtual desktop infrastructures. As MSPs and IT professionals navigate the complexities of application management, understanding how FSLogix Application Masking works and its practical implementation becomes essential. By examining its functionalities, benefits, and best practices, this article empowers readers with the knowledge needed to leverage FSLogix Application Masking for enhanced security, improved performance, and simplified application access management.

Here we break it down in detail in addition to an overview of how MSPs can deliver it in their clients’ Azure environments.  

What Is Application Masking? 

Application masking is used to manage user access of installed applications. Within a shared AVD computing environment, this can amount to upwards of 80-100 applications. And we know not all users need access to the apps technically available to them.  

Desktop images with lots of apps typically feed one or two host pools. Without a tool like app masking, there’s a somewhat common practice of putting all apps on an image regardless of who could use them. Let’s face it, in today’s busy business climate there are not likely too many of your clients’ employees and contractors with extra time to poke around the environment aimlessly – so it’s not a horrible action to take as an overworked IT pro.  

But let’s talk through how not using app masking could negatively impact your organization. If an employee launches something they’re not supposed to, they could trigger a license issue or take a license out of the available pool and away from a user who needs it to do their job. This could lead to additional licensing fees or issues. Additionally, employees who do not need the app but come across it or are curious about its use, could create demand (or just the appearance of it) for applications they don’t really need. This could unintentionally lead to your clients’ organizations spending money on applications or licenses they do not need.   

How Do MSPs Deliver App Masking with FSLogix?  

Via FSLogix Rules Editor, these are the actions to take per each application you are looking to mask:  

1. Create a rule set  

  • Open FSLogix Rules Editor  
  • Click “File, New”  
  • Create new Rule Set and name it  
  • Choose the application you want to manage 
  • Scan to detect the application settings  
  • Some bulit in functionality with app masking and could manually do these settings  

2. Assign the rule set  

  • Click “File” then “Manage Assignments”  
  • Click “Add” 
  • Configure the assignment  
  • Determine the “Apply” or “Not Apply” status 

3. Deploy the rule set 

  • Copy over FSA and FXR files 
  • Must be on all hosts and client machines  

As (almost) always, there is an easier way to do this through Nerdio Manager for MSP 😊 Watch the below clip to learn how you can automate application masking with FSLogix:  

Looking for more FSLogix content? Check out my blog, ‘5 Things MSPs Must Know about FSLogix.’ And don’t forget to register for our next Monthly Partner Webinar for MSPs happening Wednesday, August 31 at 2pm CST!  

The Community Speaks! Partner Feedback on New Nerdio Manager Support for Intune

It’s been a great 2023 so far for us all here at Nerdio and for our partners, many of which we got to connect with in-person at our annual partner conference back in February!

One of the biggest announcements at the conference happened during our CEO’s keynote speech when he detailed our product roadmap plans for the year for both Nerdio Manager for MSP and Nerdio Manager for Enterprise. You can read the press release for more information on the enterprise side of things.

Today we are super pleased today to share the latest version of Nerdio Manager for MSP – v4 – is now generally available and includes support and a plethora of powerful management and cost-optimization features for Microsoft Intune!

This new release allows MSPs (Managed Service Providers) to incorporate unified endpoint management and cross-tenant management into Nerdio Manager for MSP and their day-to-day operations. MSPs can now utilize powerful Nerdio capabilities such as autoscaling, an intuitive user interface, Scripted Actions, Approval Workflows features, RBAC roles, and more, for efficient endpoint management.

And now MSPs can fully manage customers’ physical devices such as mobile phones, tablets, and laptops with Intune, alongside management of Microsoft Azure, Azure Virtual Desktop, Windows 365, and other native Microsoft technologies and services, in one unified management platform. 

While we’d LOVE to talk endlessly about our favorite new features in Nerdio Manager for MSP v4, we thought it’d be most beneficial to share feedback from actual users. Big thank you to Paul, Andy, and Justin for the below!

Do you have any product feedback or suggestions for new Intune-related features you’d like to see incorporated into our next version? Share it with our team by heading to this linked page on our Community.

Paul O’Brien, Founder and Director, Lucidity

“We do a lot with Microsoft Intune. Historically a lot of our customers either were managed in Intune or they were AVD (Azure Virtual Desktop) — it was kind of one or the other. And as we migrated roughly 50 customers off our remote desktop platform, we had to make the decision which would best suit them.

Some of the smaller clients, it wasn’t financially viable to run AVD. We also get new business in the Intune space where there isn’t a real need for virtual desktops: the customers running SaaS apps, etc. But I think in more recent times Intune and the AVD session hosts have kind of more so come together.

One of the really cool things Nerdio does is it brings all your customers together in one place and provides a detailed audit log too so that we know which engineer did what, on what date, and that kind of thing. We can’t wait to bring that functionality to the rest of our business and accounts using Intune.

It really makes us think. Do we need to go back and look at all our Intune customers, which are nearly equivalent to our number of AVD customers, and see if we can bring them into the fold? At the moment we’re using Nerdio to manage everything with AVD and then just the Microsoft native tools to manage Intune and Endpoint Manager for all the separate customers. We see incredible value in having our help desk support people, our deployment guys, our technicians all in one platform.”

Andy Nolan, Senior Cloud Engineer, Impact Networking

“We’ve been heavily using the new Intune integration – it’s providing the same sort of game changing management features we’ve come to expect in Nerdio Manager for MSP, now going beyond just AVD.

There are a lot of physical endpoints out there, and they all need management. And using Intune with Nerdio Manager for MSP has really allowed us to take control of that. We’re very excited to start implementing it for all our customers where the Intune use case makes sense.

One of the best features that we’ve seen so far is the global policies. We have certain standards and recommendations that we want to apply to our customers at a global level, and previously it was pretty cumbersome to have to go and recreate those per customer. Now we have those stored at our account level for Impact Networking and we can deploy those to our customers as we onboard them. That lets us really ramp up the onboarding of customer devices for Intune while saving on time.”

Justin Vashisht, Chief Technology Officer, Chelsea Technologies

“Our team at Chelsea Tech had a great experience working with Nerdio’s team in private preview to shape the new Intune experience in Nerdio Manager for MSP. The team at Nerdio was attentive to our feedback and worked with us to ensure that the Intune integration would be frictionless to us internally as well as our customers.

Since implementing the feature, we have saved countless hours of work and can now automate our endpoint management processes, making us more efficient. As a service provider specializing in highly regulated industries, the unified Intune experience has been a game-changer for our team and our customers. What used to take days and sometimes weeks now takes just a few clicks.

We highly recommend Nerdio Manager for MSP to other companies looking for a more streamlined, consistent, and efficient approach to managing customers policies.”

How Do I Log into Azure Virtual Desktop for the First Time? 

It’s important to consider security, availability and reliability when developing a virtual desktop strategy. Users want to be able to access their desktop and workloads from anywhere, at any time and from any type of device. For many MSP partners the idea of deploying, securing, and managing gateways and connection brokers seems to be an impossible challenge. Thankfully Microsoft provides the gateway and broker services for Azure Virtual Desktops. They have also compiled “how-to” guides for connecting each client type to AVD that you can find here.  

Regardless of how simple Microsoft has made connecting to Azure Virtual Desktop (AVD), MSPs and enterprise IT pros alike will undoubtedly still be asked, “How do I log into my AVD desktop?” by end users they support. Setting up the AVD client for login is easy and quick and can be completed in a minimal number of steps. All authentication occurs via your organization’s Microsoft tenant without any need to provide consent or accept permissions. 

Below we’ve explained the two most common ways end users will be connecting to AVD – via their web browser (HTML5) or via the Remote Desktop Client available for Windows, Android, macOS, and iOS.  

Web Browser  

Connecting to the AVD via Web Browser provides the greatest number of device options and availability but there is a small cost in the form of end-user experience and functionality.  The best use cases for browser-based access are generally when traveling or using devices that aren’t specific to (owned by) the end user. 

Simply open your HTML5-compatible browser (Chrome, Firefox, Safari, Edge) and visit https://rdweb.wvd.microsoft.com/arm/webclient/index.html  Authenticate using your Microsoft credentials and the browser will list available AVD Desktops and Apps. 

Remote Desktop Client 

The remote desktop client should be considered first when connecting to AVD, especially if remote printing, multiple monitors, or other features not available in HTML5 are needed. 

This is simple to set up but will require administrative rights to install. This can be done in two easy steps: 

  1. The user will need to download the AVD Remote Desktop Client from Microsoft. Example: 64-bit Windows Desktop client  
  1. Second, the user must subscribe to their AVD Workspace. They will either log in with their work or school account and allow Autodiscover to determine the resources available for them, or by providing the specific URL of the AVD resource. This is pictured below.  

Interested in establishing or optimizing your Azure Virtual Desktop environment? Contact our team of experts today to discuss!

FREE NMM-100 Certification Launches to Equip MSPs with the Fundamentals of Nerdio + Azure

Last May we launched the Nerdio Partnerd program to give our MSP and channel partners access to a full arsenal of resources including our NMM-200 certification, discounted pricing, and an asset library with case studies, content white labelling capabilities, testimonials, product demo videos, and more. Today, we are excited to announce the launch of our newest certification program, NMM-100!  

NMM-100 is designed to build partner proficiencies in Microsoft Azure and Nerdio Manager for MSP.  Specifically, we are using this certification to give partners that first leg up when it comes to understanding the terminology, technology and best practices needed to be successful in deploying and managing Azure Virtual Desktop via Nerdio Manager.  

Below we’ve shared details around what the exam covers, resources you can use to prepare for it, and an explanation of how NMM-100 and NMM-200 relate to each other.  

What Does the NMM-100 Exam Entail, and How Should I Prepare?  

Our study curriculum is outlined below. It is a combination of articles and videos intended to give you a comprehensive understanding of Microsoft Azure, Nerdio Manager for MSP, Azure Virtual Desktop and Microsoft 365. 

  • Lesson One – Azure Fundamentals 
  • Lesson Two – Identity Management 
  • Lesson Three – Microsoft 365 
  • Lesson Four – Azure Virtual Desktop 
  • Lesson Five – NMM Fundamentals 
  • Lesson Six – NMM Account Deployment Paths 

The exam contains 60 questions related to the above lessons. We highly recommend you pay close attention when consuming the curriculum material as it closely overlaps with content that will appear in the exam. 

How Does This Relate to the NMM-200 Certification?  

Completion of the NMM-100 exam will ensure you are fluent in the underlying fundamentals needed to succeed with your AVD deployments. NMM-200 is more technically sophisticated than NMM-100, and those prepared to take the level 200 exam need a fair amount of Azure experience and knowledge to be successful in passing. 

NMM-100 is offered FREE to Partnerd members. Partners who pass the exam will be eligible for a 50% discount on the NMM-200 certification. To claim the discount, they must sign up and pay within 90 days of passing NMM-100.  

How Do I Register to Get Certified?

Head to our MSP Certifications page, scroll down and click the “Get Certified” button to start the process. To find the MSP Certifications page manually on the website, look for the ‘For Partners’ tab found at the top of the website (picture below), hover over the tab and select “Get Certified.”

Our certification programs have been carefully crafted to provide partners with the knowledge needed to build a successful (and profitable) cloud practice in Microsoft Azure using Nerdio. We look forward to seeing how the addition of NMM-100 helps accelerate your business and would love to hear any feedback you may have on the exam! Send any feedback (or questions) to certs@getnerdio.com – and best of luck!