FSLogix Application Masking  

As a Nerdio partner, you get a standing invitation to our Monthly Partner Webinar. We use these 45-minute sessions to dive into the Azure, AVD and Windows 365 topics and tips most important to MSPs and their technical staff.  

In fact, our June webinar was entirely dedicated to FSLogix – a technology that has many benefits but is a bit complex to learn and master. One of the favorite things partners learned about from that session was the ability to perform application masking with FSLogix.  

Here we break it down in detail in addition to an overview of how MSPs can deliver it in their clients’ Azure environments.  

What Is Application Masking? 

Application masking is used to manage user access of installed applications. Within a shared AVD computing environment, this can amount to upwards of 80-100 applications. And we know not all users need access to the apps technically available to them.  

Desktop images with lots of apps typically feed one or two host pools. Without a tool like app masking, there’s a somewhat common practice of putting all apps on an image regardless of who could use them. Let’s face it, in today’s busy business climate there are not likely too many of your clients’ employees and contractors with extra time to poke around the environment aimlessly – so it’s not a horrible action to take as an overworked IT pro.  

But let’s talk through how not using app masking could negatively impact your organization. If an employee launches something they’re not supposed to, they could trigger a license issue or take a license out of the available pool and away from a user who needs it to do their job. This could lead to additional licensing fees or issues. Additionally, employees who do not need the app but come across it or are curious about its use, could create demand (or just the appearance of it) for applications they don’t really need. This could unintentionally lead to your clients’ organizations spending money on applications or licenses they do not need.   

How Do MSPs Deliver App Masking with FSLogix?  

Via FSLogix Rules Editor, these are the actions to take per each application you are looking to mask:  

1. Create a rule set  

  • Open FSLogix Rules Editor  
  • Click “File, New”  
  • Create new Rule Set and name it  
  • Choose the application you want to manage 
  • Scan to detect the application settings  
  • Some bulit in functionality with app masking and could manually do these settings  

2. Assign the rule set  

  • Click “File” then “Manage Assignments”  
  • Click “Add” 
  • Configure the assignment  
  • Determine the “Apply” or “Not Apply” status 

3. Deploy the rule set 

  • Copy over FSA and FXR files 
  • Must be on all hosts and client machines  

As (almost) always, there is an easier way to do this through Nerdio Manager for MSP 😊 Watch the below clip to learn how you can automate application masking with FSLogix:  

Looking for more FSLogix content? Check out my blog, ‘5 Things MSPs Must Know about FSLogix.’ And don’t forget to register for our next Monthly Partner Webinar for MSPs happening Wednesday, August 31 at 2pm CST!  

5 Things MSPs Must Know about FSLogix  

Microsoft’s FSLogix is known for being a powerful profile management tool. It has many desirable features for managed service providers (MSPs) operating in Azure.  Launched in 2012 as a startup independent of Microsoft, FSLogix provided a tool to reduce the number of resources, time, and labor required to support virtual desktops. Because of the natural synergies with our mission, Nerdio has been a big fan of FSLogix since the beginning and closely kept an eye on the evolution of their product.  

And we weren’t the only ones! In 2018 Microsoft acquired the company. They noticed the value FSLogix brought to profile and application containerization and the company’s alignment with their own goals as it related to Azure Virtual Desktop (AVD), called Windows Virtual Desktop (WVD) at the time.  

Skip to today and we have seen the investments Microsoft has made into this technology and bringing it to the masses via AVD pay off significantly. MSPs who have an Azure practice have come to rely on FSLogix to optimize their environments. And MSPs who aren’t in Azure may not know about the benefits FSLogix provides… this article is for you!  

Below I outline the five key things your MSP should know when it comes to FSLogix and how you can use them to your advantage. 

1. A Premium Experience Requires Premium Storage 

We see a good deal of our MSP partners leveraging FSLogix alongside Azure Files, a popular solution for hosting files and folders, including user-profiles, on Microsoft Azure. Specifically, they are seeing great results with this combination when using the Premium storage tier because profiles are so read/write-intense. Azure Files Premium coupled with FSLogix maintains the best user experience by providing the highest IOPS and throughput for the disk.  

To further the above benefits while reducing storage costs, combine these technologies with the powerful auto-scaling capabilities available in Nerdio Manager. It helps MSPs eliminate common issues around over-provisioning or incorrectly guessing how much storage is needed by effectively turning the Premium tier into a pay-as-you-go model. 

2. How to Automate the Security and Access You Require  

Azure Virtual Desktop is a service that is constantly improving when it comes to identity and access management (IAM) and ensuring security at scale. Roles-Based Access Controls (RBAC) roles are available in AVD and Nerdio Manager, with the latter giving MSPs the ability to create custom RBAC roles. In ensuring FSLogix helps support your access policies, MSPs can automate setting the Azure Storage File Data SMB Share Contributor Role on the Azure Files profile share for all users within a Security Group.  

This role is required to provide the needed Read/Write access for the profile share. You can read more about this role and others available via Microsoft’s documentation. By automating this setting, MSPs can consistently uphold zero trust principles whenever a new user or group is added.  

Pro Tip – Consider these best practices for NTFS Permissions on the profile share: 

3. Configure Outlook Cache to Avoid Overspending Real CASH 

One of the biggest benefits of FSLogix profiles is the ability to roam the user application caches, for example, Outlook mailbox data, and avoid constantly recreating it. Strategically defining individual cache settings allows MSPs to plan for growth and spending. What most MSPs don’t consider is that if left undefined, application caching can grow quickly and not all of it is crucial to your users’ experience.  

As an example, consider again a user’s Cached Exchange Mode settings. Is it wise to download all their mailbox if they only need “fast/local” access to the last three months’ worth of data?  

Most MSPs find that it is in their best interest to configure a Group Policy Setting to manage Cached Exchange Mode which will define the amount of a user’s profile dedicated to Mailbox content storage. We have seen MSP partners configure this setting for as little as three months and as much as one year. Knowing the details of this setting can allow you to strategically assume/plan for the amount of growth in a user’s profile. Read Microsoft’s documentation about planning and configuring for additional insights and recommendations.  

4. FSLogix Is More Than Just Profile Management  

FSLogix is a great way to create roaming user profiles in non-persistent computer environments like an AVD host pool with users logging into different hosts on what could be a daily basis. Profiles would no longer be dependent on an individual machine due to the added flexibility with FSLogix. This allows MSPs to provide customers dynamic environments with a consistent user experience.  

But FSLogix includes a suite of tools focused on much more than just profile containers. Skilled and advanced MSPs have found value in using FSLogix for roaming Office profiles and cache, and masking applications so only the right users can see and access them. And some also use it for the ability to manage Java versioning. 

5. Why Application Masking May Be Our Favorite Feature  

FSLogix includes some incredible tools to manage application restrictions within multi-user environments. If you only want a subset of users to have access to an application on a multi-session host, you can implement app masking to hide apps from users. Looking to make app masking and management easier? Learn more about how Nerdio Manager helps managed installed apps and rule sets using FSLogix.  

I hope this has been an informative read on what is without a doubt one of the most helpful (but complex!) Azure Virtual Desktop-related technologies. To discuss FSLogix further or how your MSP can benefit from using or optimizing it, you can contact our team or join me at the Nerdio Partner Success Community.  

How Do I Log into Azure Virtual Desktop for the First Time? 

It’s important to consider security, availability and reliability when developing a virtual desktop strategy. Users want to be able to access their desktop and workloads from anywhere, at any time and from any type of device. For many MSP partners the idea of deploying, securing, and managing gateways and connection brokers seems to be an impossible challenge. Thankfully Microsoft provides the gateway and broker services for Azure Virtual Desktops. They have also compiled “how-to” guides for connecting each client type to AVD that you can find here.  

Regardless of how simple Microsoft has made connecting to Azure Virtual Desktop (AVD), MSPs and enterprise IT pros alike will undoubtedly still be asked, “How do I log into my AVD desktop?” by end users they support. Setting up the AVD client for login is easy and quick and can be completed in a minimal number of steps. All authentication occurs via your organization’s Microsoft tenant without any need to provide consent or accept permissions. 

Below we’ve explained the two most common ways end users will be connecting to AVD – via their web browser (HTML5) or via the Remote Desktop Client available for Windows, Android, macOS, and iOS.  

Web Browser  

Connecting to the AVD via Web Browser provides the greatest number of device options and availability but there is a small cost in the form of end-user experience and functionality.  The best use cases for browser-based access are generally when traveling or using devices that aren’t specific to (owned by) the end user. 

Simply open your HTML5-compatible browser (Chrome, Firefox, Safari, Edge) and visit https://rdweb.wvd.microsoft.com/arm/webclient/index.html.  Authenticate using your Microsoft credentials and the browser will list available AVD Desktops and Apps. 

Remote Desktop Client 

The remote desktop client should be considered first when connecting to AVD, especially if remote printing, multiple monitors, or other features not available in HTML5 are needed. 

This is simple to set up but will require administrative rights to install. This can be done in two easy steps: 

  1. The user will need to download the AVD Remote Desktop Client from Microsoft. Example: 64-bit Windows Desktop client  
  1. Second, the user must subscribe to their AVD Workspace. They will either log in with their work or school account and allow Autodiscover to determine the resources available for them, or by providing the specific URL of the AVD resource. This is pictured below.  

Interested in establishing or optimizing your Azure Virtual Desktop environment? Contact our team of experts today to discuss!

FREE NMM-100 Certification Launches to Equip MSPs with the Fundamentals of Nerdio + Azure

Last May we launched the Nerdio Partnerd program to give our MSP and channel partners access to a full arsenal of resources including our NMM-200 certification, discounted pricing, and an asset library with case studies, content white labelling capabilities, testimonials, product demo videos, and more. Today, we are excited to announce the launch of our newest certification program, NMM-100!  

NMM-100 is designed to build partner proficiencies in Microsoft Azure and Nerdio Manager for MSP.  Specifically, we are using this certification to give partners that first leg up when it comes to understanding the terminology, technology and best practices needed to be successful in deploying and managing Azure Virtual Desktop via Nerdio Manager.  

Below we’ve shared details around what the exam covers, resources you can use to prepare for it, and an explanation of how NMM-100 and NMM-200 relate to each other.  

What Does the NMM-100 Exam Entail, and How Should I Prepare?  

Our study curriculum is outlined below. It is a combination of articles and videos intended to give you a comprehensive understanding of Microsoft Azure, Nerdio Manager for MSP, Azure Virtual Desktop and Microsoft 365. 

  • Lesson One – Azure Fundamentals 
  • Lesson Two – Identity Management 
  • Lesson Three – Microsoft 365 
  • Lesson Four – Azure Virtual Desktop 
  • Lesson Five – NMM Fundamentals 
  • Lesson Six – NMM Account Deployment Paths 

The exam contains 60 questions related to the above lessons. We highly recommend you pay close attention when consuming the curriculum material as it closely overlaps with content that will appear in the exam. 

How Does This Relate to the NMM-200 Certification?  

Completion of the NMM-100 exam will ensure you are fluent in the underlying fundamentals needed to succeed with your AVD deployments. NMM-200 is more technically sophisticated than NMM-100, and those prepared to take the level 200 exam need a fair amount of Azure experience and knowledge to be successful in passing. 

NMM-100 is offered FREE to Partnerd members. Partners who pass the exam will be eligible for a 50% discount on the NMM-200 certification. To claim the discount, they must sign up and pay within 90 days of passing NMM-100.  

How Do I Register to Get Certified?

Head to our MSP Certifications page, scroll down and click the “Get Certified” button to start the process. To find the MSP Certifications page manually on the website, look for the ‘For Partners’ tab found at the top of the website (picture below), hover over the tab and select “Get Certified.”

Our certification programs have been carefully crafted to provide partners with the knowledge needed to build a successful (and profitable) cloud practice in Microsoft Azure using Nerdio. We look forward to seeing how the addition of NMM-100 helps accelerate your business and would love to hear any feedback you may have on the exam! Send any feedback (or questions) to certs@getnerdio.com – and best of luck!