17/01/2026

GetToTheCloud

Azure Virtual Desktop | FSLogix App Masking with Entra Joined Devices I

Alex ter Neuzen04 mins
Header Avd Fslogix
Reading Time: 2 minutes

If you google Azure Virtual Desktop with FSLogix AppMasking on Entra Joined devices, you will not find such a thing. For example you can use it with Liquit but that is the only method. Further you will find only other administrators asking the same question.

Is it possible to use FSLogix app masking with Azure Virtual Desktop Entra/Azure AD joined

In basics if you look further in the deep ground of google, you will almost find nothing. All the blogposts are writing that an Active Directory is needed. But Entra is also an Active Directory, so why is this not documented?

Entra is indeed an Active Directory but not in the traditional way. Azure Virtual Desktops Entra joined are able to use Entra to login to the desktop, but if you search for variables which will give you the idea that you are domain joined, you will not find it.

Let’s make it clear, I wasn’t able to find a quote which states that it is not supported but also not a quote that is is supported. So actually the situation does not exists. But, local groups are supported and you are able to fill local groups with Entra ID users. So let’s automate that.

Azure Virtual Desktop

So, Azure Virtual Desktop and applications or permissions to applications are basically set with avd app groups and assignments. Those app groups are connected with a MSIX Package or a App Attach package or just installed applications within the sessionhosts. They make it possible to use it as remote app. The new way of working. The modern workplace.

As you can see, FSLogix App Masking isn’t a part of that.

‘A’ Work around

If it is a requirement, you can use FSLogix App Masking with Entra joined devices. But how? Well there are a few steps to implement, and in the next posts I will make it clear. But then still you do not know how?! … Well the trick is: Use local groups with Entra Users in it.

Steps:

  • Create an Azure Function to get all members of application security groups and upload csv’s with UPN’s to Azure Blob Storage (part II)
  • Create FSLogix App rules with assignments to local groups (part III)
  • Create local groups and add UserPrincipals from CSV’s (part IV)

This all we do in an Azure Function and scripting in the Session host.

Share and Enjoy !

Shares

Related News

WP Twitter Auto Publish Powered By : XYZScripts.com

Share

We use cookies to personalise content and ads, to provide social media features and to analyse our traffic. We also share information about your use of our site with our social media, advertising and analytics partners. View more
Cookies settings
Accept
Privacy & Cookie policy
Privacy & Cookies policy
Cookies list
Cookie name Active

Who we are

Our website address is: https://www.gettothe.cloud

Comments

When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection. An anonymized string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service privacy policy is available here: https://automattic.com/privacy/. After approval of your comment, your profile picture is visible to the public in the context of your comment.

Media

If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.

Cookies

If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year. If you visit our login page, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser. When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select "Remember Me", your login will persist for two weeks. If you log out of your account, the login cookies will be removed. If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.

Embedded content from other websites

Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website. These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.

Who we share your data with

If you request a password reset, your IP address will be included in the reset email.

How long we retain your data

If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue. For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.

What rights you have over your data

If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.

Where we send your data

Visitor comments may be checked through an automated spam detection service.
Save settings
Cookies settings