Azure Virtual Desktop | FSLogix App Masking with Entra Joined Devices III

ByAlex ter Neuzen 28/05/202428/05/2024

Reading Time: 3 minutes

Now we have exported all the users in the specific app groups to a blob container. We need to create also FSLogix App Masking rules and Assignments. We use the FSLogixRulesEditor for this. It can be found in the download of the latest agent.

Using (link) will create the app masking rules and sets. But we are using local groups. So let’s do this with some random applications.

Local groups

To create the correct app masking assignments, we need to create the local groups first that are defined in the function app. For this demo we create:

app_group1
app_group2
app_group3

Those groups will be empty on this machine where we create the app masking assignments and rules.

App masking rules and sets

After installing the FSLogix App Masking rules application you can start it from the Start Menu

For this demo we locate the files in a folder on the desktop called FSLogixRules

Notepad

We will create a rule for Notepad.exe to hide from start menu with app group app_group1. For this we start with a blank rule.

Select New Rule and browse to the location of the executable.

Add the users which the must be applied to. In this case we state:

The hiding rule is applied to Everyone unless you are in the app group app_group1 or you are user vmadmin. The rules are always working from top to down. Selecting the group or user will provide you the option if the rule must applied to that user/group or not. Click OK and Save.

Microsoft Edge

Creating a new rule for Microsoft Edge.

Use the Choose from installed programs the Microsoft Edge. Use the SCAN button to get all associated files and registry keys.

When everything is captured, you can edit the rules to what you need. The assignment can be done like the same as with Notepad.

The current user is not a member of App_group2 and is also not vmadmin. If you want to test your rules and assignment you can click Apply Rules to System. You will see the Edge icon will disappear.

Now we need to upload the files to the Azure Storage Blob Container.

This can be done through the portal or through a drive mapping

We have created a different blob for the rules.

Alex ter Neuzen

IT Professional on a journey to discover the cloud platforms and become certified and an expert.
A Blog that follows the journey to get to the Cloud.

Powershell | MCT | Azure Certified | MCSA | Microsoft 365

Cloud | M365 | Tenant to Tenant Migration

M365 Cross Tenant Migration | Part I

ByAlex ter Neuzen 02/01/202305/01/2023

Reading Time: 6 minutesAt the 1st. of November 2022 Microsoft released the Cross Tenant User Data Migration option in M365. Giving administrators to consolidate multiple tenants to a single tenant.

Azure | Azure Active Directory | Cloud | Identity | Security

Azure | Get Notified when Break Glass account is used

ByAlex ter Neuzen 04/05/202303/05/2023

Reading Time: 5 minutesA Break Glass Account is an emergency account that grants access to critical resources when regular credentials are unavailable. It plays a vital role in ensuring business continuity during a crisis and enables a response strategy for cybersecurity threats. Shared and privileged accounts are the two types of Break Glass Accounts, and their use must be controlled and monitored to avoid security risks.

Azure | Azure Active Directory | Azure Virtual Desktop | Cloud | Security

Azure | Secure Azure Virtual Desktop with MFA !!UPDATE!!

ByAlex ter Neuzen 13/06/202413/06/2024

Reading Time: < 1 minuteSince my last post in 2023 there is something changed. You are able to set SSO for Entra ID to login to Azure Virtual Desktop. If you have a Conditional Access Policy which is targeted to Azure Virtual Desktop, these changes are required before 26 June 2024.

Azure | Azure Virtual Desktop | Security

Azure Virtual Desktop | Sessionhosts monitoring

ByAlex ter Neuzen 26/06/202426/06/2024

Reading Time: 3 minutesAugust 31th 2024 the Log Analytics Agent will be deprecated. Replace it with the Azure Monitor Agent. Use this blog to get to know how and setup an Azure Policy to automate it for you.

Azure Virtual Desktop | Image Builder part I

ByAlex ter Neuzen 28/05/202428/05/2024

Reading Time: 2 minutesAzure Virtual Desktop (AVD) is a desktop and app virtualization service running on the cloud. It’s the only virtual desktop infrastructure (VDI) that delivers simplified management, multi-session Windows 10/11, optimizations for Microsoft 365 Apps for enterprise, and support for Remote Desktop Services (RDS) environments. One of the key components of AVD is the use of “Golden…

Cloud | M365 | Tenant to Tenant Migration

M365 Cross Tenant Migration | Part III

ByAlex ter Neuzen 02/01/202309/01/2023

Reading Time: < 1 minuteCreating migration batches for the users that are created for migration.