Microsoft’s FSLogix is known for being a powerful profile management tool. It has many desirable features for managed service providers (MSPs) operating in Azure. Launched in 2012 as a startup independent of Microsoft, FSLogix provided a tool to reduce the number of resources, time, and labor required to support virtual desktops. Because of the natural synergies with our mission, Nerdio has been a big fan of FSLogix since the beginning and closely kept an eye on the evolution of their product.
And we weren’t the only ones! In 2018 Microsoft acquired the company. They noticed the value FSLogix brought to profile and application containerization and the company’s alignment with their own goals as it related to Azure Virtual Desktop (AVD), called Windows Virtual Desktop (WVD) at the time.
Skip to today and we have seen the investments Microsoft has made into this technology and bringing it to the masses via AVD pay off significantly. MSPs who have an Azure practice have come to rely on FSLogix to optimize their environments. And MSPs who aren’t in Azure may not know about the benefits FSLogix provides… this article is for you!
Below I outline the five key things your MSP should know when it comes to FSLogix and how you can use them to your advantage.
1. A Premium Experience Requires Premium Storage
We see a good deal of our MSP partners leveraging FSLogix alongside Azure Files, a popular solution for hosting files and folders, including user-profiles, on Microsoft Azure. Specifically, they are seeing great results with this combination when using the Premium storage tier because profiles are so read/write-intense. Azure Files Premium coupled with FSLogix maintains the best user experience by providing the highest IOPS and throughput for the disk.
To further the above benefits while reducing storage costs, combine these technologies with the powerful auto-scaling capabilities available in Nerdio Manager. It helps MSPs eliminate common issues around over-provisioning or incorrectly guessing how much storage is needed by effectively turning the Premium tier into a pay-as-you-go model.
2. How to Automate the Security and Access You Require
Azure Virtual Desktop is a service that is constantly improving when it comes to identity and access management (IAM) and ensuring security at scale. Roles-Based Access Controls (RBAC) roles are available in AVD and Nerdio Manager, with the latter giving MSPs the ability to create custom RBAC roles. In ensuring FSLogix helps support your access policies, MSPs can automate setting the Azure Storage File Data SMB Share Contributor Role on the Azure Files profile share for all users within a Security Group.
This role is required to provide the needed Read/Write access for the profile share. You can read more about this role and others available via Microsoft’s documentation. By automating this setting, MSPs can consistently uphold zero trust principles whenever a new user or group is added.
Pro Tip – Consider these best practices for NTFS Permissions on the profile share:
3. Configure Outlook Cache to Avoid Overspending Real CASH
One of the biggest benefits of FSLogix profiles is the ability to roam the user application caches, for example, Outlook mailbox data, and avoid constantly recreating it. Strategically defining individual cache settings allows MSPs to plan for growth and spending. What most MSPs don’t consider is that if left undefined, application caching can grow quickly and not all of it is crucial to your users’ experience.
As an example, consider again a user’s Cached Exchange Mode settings. Is it wise to download all their mailbox if they only need “fast/local” access to the last three months’ worth of data?
Most MSPs find that it is in their best interest to configure a Group Policy Setting to manage Cached Exchange Mode which will define the amount of a user’s profile dedicated to Mailbox content storage. We have seen MSP partners configure this setting for as little as three months and as much as one year. Knowing the details of this setting can allow you to strategically assume/plan for the amount of growth in a user’s profile. Read Microsoft’s documentation about planning and configuring for additional insights and recommendations.
4. FSLogix Is More Than Just Profile Management
FSLogix is a great way to create roaming user profiles in non-persistent computer environments like an AVD host pool with users logging into different hosts on what could be a daily basis. Profiles would no longer be dependent on an individual machine due to the added flexibility with FSLogix. This allows MSPs to provide customers dynamic environments with a consistent user experience.
But FSLogix includes a suite of tools focused on much more than just profile containers. Skilled and advanced MSPs have found value in using FSLogix for roaming Office profiles and cache, and masking applications so only the right users can see and access them. And some also use it for the ability to manage Java versioning.
5. Why Application Masking May Be Our Favorite Feature
FSLogix includes some incredible tools to manage application restrictions within multi-user environments. If you only want a subset of users to have access to an application on a multi-session host, you can implement app masking to hide apps from users. Looking to make app masking and management easier? Learn more about how Nerdio Manager helps managed installed apps and rule sets using FSLogix.
I hope this has been an informative read on what is without a doubt one of the most helpful (but complex!) Azure Virtual Desktop-related technologies. To discuss FSLogix further or how your MSP can benefit from using or optimizing it, you can contact our team or join me at the Nerdio Partner Success Community.