As the successor of Roaming User Profiles, UPD stores user profiles in a VHD/VHDX container. This container mounts on a machine upon the user logging in. Microsoft is no longer actively developing UPD and as a result it is considered a legacy technology. Management of UPD in Parallels RAS is only available when upgrading from previous versions of Parallels RAS and is no longer available in new deployments of Parallels RAS.

The limitations of this technology are:

• UDP cannot be used on multiple devices concurrently. Once VHD(X) is mounted for the user, it cannot be mounted on a different device if the user still has an active session on the given session host. If a user connects to another session host while the UPD is already in use, a temporary profile is created.

• UPD requires a configuration at the level of RDS collections. Should there be a user with the ability to log on to several collections, a separate profile will be used for each collection. In Parallels RAS this applies to RDSH host pool. Whenever a user connects to two servers that belong to different RDSH host pool, the second RDP session uses a temporary profile.

• Windows deletes the search index for a user profile when the UPD disconnects at logoff. The search index is recreated upon every login. This means that Windows search is not usable in non-persistent VDI environments. This issue also extends to Outlook search capabilities on RD Session Hosts.

• UPD is supported on RD Session Hosts and Windows client systems in VDI. Physical Windows client machines are not supported.

This document describes how to configure FSLogix Profile Containers and Office Containers using Parallels® RAS.

FSLogix Profile Container is a remote profile solution for non-persistent environments. It is supported in Parallels RAS starting from version 18. FSLogix Profile Container redirects the entire user profile to a remote location and maintains user context in non-persistent environments, minimizing sign-in times, providing native profile experience, and eliminating compatibility issues. Being the successor of Roaming Profiles and User Profile Disks, FSLogix Profile Container is the preferred profile management solution in Parallels RAS.

FSLogix Office Container is focused on storing only the profile content unique to Microsoft 365 (Office) applications. Previously, it was possible to use FSLogix Office Container with Parallels RAS, but it required management outside of Parallels RAS. Starting from version 19.3, management and configuration can be performed from within Parallels RAS Console and Management Portal. Office Container is used when it is necessary to separate Office data and other profile data. It provides protection from data loss or corruption in one of the containers and allows organizations to have different container sizes to accommodate specific workloads or data synchronized from, for example, Microsoft OneDrive.

Native FSLogix Profile Container and Office Container require manual configuration via the registry or group policy. Parallels RAS makes this process more efficient for administrators by allowing them to manage all Profile Container-related settings via Parallels RAS Console or Parallels RAS Management Portal.

You are eligible to access FSLogix Profile Container, Office 365 Container, Application Masking, and Java Redirection tools if you have one of the following licenses:

• Microsoft 365 E3/E5

• Microsoft 365 A3/A5/ Student Use Benefits

• Microsoft 365 F1/F3

• Microsoft 365 Business

• Windows 10 Enterprise E3/E5

• Windows 10 Education A3/A5

• Windows 10 VDA per user

• Remote Desktop Services (RDS) Client Access License (CAL)

• Remote Desktop Services (RDS) Subscriber Access License (SAL)

FSLogix solutions may be used in any public or private data center if a user has the necessary license.

For more information, see: https://docs.microsoft.com/en-us/fslogix/overview.

To configure user profile from the RAS Console:

1. Follow the instruction from section New FSLogix deployment via Parallels RAS and open the User Profile tab.

2. Specify the following:

   • The location type. In the Location of profile disks list box, specify your existing SMB or Cloud Cache locations where your FSLogix profiles are stored.

   • Profile disk format, allocation type, and default size of the profile.

3. Click the Additional Settings button to configure FSLogix per your requirements, including:

   • User exclusions

   • Folder exclusions

   • FSLogix settings (https://docs.microsoft.com/en-us/fslogix/profile-container-configuration-reference)

To configure profiles in Parallels RAS Management Portal:

1. Go to Infrastructure > RD Sessions Hosts.

2. Select the RD Session Host that you need.

3. Go to Properties > User Profile.

4. Specify the settings as described above for the Parallels RAS Console.

FSLogix profiles can also be stored directly on Azure Page Blobs. When using Azure Page Blobs, it is strongly recommended to store sensitive Azure credentials inside Windows Credential Manager. This prevents exposing sensitive Azure credentials to users with access to the session host registry. Chapter 3 explains how to leverage Azure Page Blobs and provides guidance on how to use Credential Manager to securely store the required Azure credentials. When deciding on the storage type and location, make sure to perform a cost calculation up front as there can be a significant cost difference between various storage solutions in Azure.

FSLogix profiles can also be stored on Azure Files with Active Directory Domain Services or Azure Active Directory Domain Services. Per FSLogix documentation (https://learn.microsoft.com/en-us/azure/virtual-desktop/fslogix-profile-container-configure-azure-files-active-directory), the requirements below need to be met. Once completed, the same NTFS permissions as outlined in the previous chapter need to be applied.

• Host pool where the session hosts are joined to an AD DS domain or Azure AD DS managed domain, and users are assigned.

• A security group in your domain that contains the users who will use FSLogix Profile Containers. If you’re using AD DS, it must be synchronized to Azure AD.

• You Azure subscription must allow you to create a storage account and add role assignments.

• A domain account to join computers to the domain and open an elevated PowerShell prompt.

• The subscription ID of your Azure subscription where your storage account will be.

A computer joined to your domain for installing and running PowerShell modules that will join the storage account to your domain. This device must be running a supported version of Windows. Alternatively, you can use a session host.

Please ensure that FSLogix Office or Profile Container is not configured by GPO on the server(s) as this will cause conflicts with the settings specified in the Parallels RAS Console or Management Portal.

In addition to tools for configuration and management of FSLogix Profile Containers, Parallels RAS supports configuration and management of FSLogix Office Containers. Below you will find the benefits of this solution used alone and together with Profile Containers.

As stated above, Profile Container is used to redirect the full user profile, while Office Container redirects only the local user files for Microsoft Office (for example .OST files for Microsoft Outlook and the Microsoft OneDrive cache). Office Container is especially useful for customers who are satisfied with their existing profile management solution and only want to enhance user experience with Microsoft 365 applications or use Profile Container and Office Container together.

Using Profile Container and Office Container together

The most important benefits of using both solutions are:

• Office data is separated from other profile data.

• If Office Container or Profile Container is damaged, the remaining data is kept intact. This can be useful when a problem occurs with Office Data which can be recovered from the server because the Office Container can be deleted without impacting the rest of the user configuration.

• Office Container may be used with Profile Container as a mechanism to specify which Office components will have their data included in the container.

• When using both Office Container and Profile Container, you have more granular control over the amount of data a user is allowed to store for each of the types of data.

For more information, see https://docs.microsoft.com/en-us/fslogix/profile-container-office-container-cncpt.

As the successor of Roaming User Profiles and UPDs, FSLogix Profile Container has many advantages, such as:

• Can be mounted to any computer (including physical Windows client systems).

• The folder where the VHD is mounted is masked, therefore tricking the OS into believing that the profile is mounted locally and thus avoiding problems with file access by using junction points.

• FSLogix allows simultaneous read access to the profile when the user is connected to more than one session at a time.

FSLogix works with Office 365, for example, it can keep Outlooks OST files and OneDrive, though OneDrive sync app does not support running multiple instances of the same container simultaneously (https://docs.microsoft.com/en-us/onedrive/sync-vdi-support).

• Ability to keep certain directories local. By default, the profile container consists of the entire Windows profile except for the Temp and Internet Explorer cache folders. If needed, an administrator can specify what parts of the user profile must be persistent in the profile container. Any part of the profile that is excluded will be deleted at logoff.

This technology was introduced by Microsoft more than 20 years ago. With Roaming User Profiles, the local profile is transferred to a network location so that a user can access it on multiple machines. The disadvantages of this approach are:

• Slow login. Large roaming profiles take a long time to download, and sometimes users may need to wait more than a minute, depending on the profile size.

• Slow logoff. A roaming profile needs to be uploaded back at logoff, and if this process is interrupted (for example, due to a network failure or power outage) the profile can be corrupted. This results in the creation of a temporary profile and the help of an IT specialist may be required to address the issue for the affected user.

• Folder redirection creates a large amount of SMB traffic between the desktop and the file server. Each request to a file is treated as a new connection.

• Every issue described above will also result in increased consumption of network resources.

Users connect to their non-persistent working environments in different ways, depending on how desktops and applications are delivered. When using virtual desktops and remote applications, users may:

• Have one connection to a single instance of Windows at a time

• Have multiple concurrent connections to a single instance of Windows

• Have multiple concurrent connections to multiple instances of Windows at the same time

It is important to configure Profile Container correctly for use with concurrent connections and multiple connections.

1. Back up your existing profiles. It is highly unlikely that profile data can be lost or corrupted, but it is best practice to have a valid backup prior to any change in the profile configuration.

2. Turn off the GPO configuration of FSLogix Profile Containers. This step is important because you cannot have both GPO and Parallels RAS management of FSLogix profiles enabled at the same time.

3. Before configuring FSLogix profiles for a server in a RAS Farm, make sure there are no user sessions running on the server. As a suggestion, you can make the transition in a maintenance window out of working hours.

When you enable FSLogix for a new host while running the wizard, no additional steps are necessary. On wizard completion, the host is rebooted and is added to the active load balancing. An existing host must be rebooted manually using the Tasks > Tools > Reboot menu option.

To reboot an existing host with Parallels RAS Management Portal:

1. Go to Infrastructure.

2. Select the RD Session Host that you need.

3. Go to Overview > expand Control > Reboot.

The following are general best practices for using FSLogix profile containers.

• For optimal performance, the storage solution and the FSLogix profile containers should exist in the same data -center location.

• Exclude the VHD(X) files for profile containers from antivirus scanning to avoid performance bottlenecks.

• In the case of AVD, Microsoft recommends using a separate profile container per host pool while having two active sessions.

For more information, see https://docs.microsoft.com/en-us/azure/architecture/example-scenario/wvd/windows-virtual-desktop-fslogix.

In addition to SMB locations, FSLogix introduced the Cloud Cache technology (https://docs.microsoft.com/en-us/fslogix/cloud-cache-resiliency-availability-cncpt. Please review the list of advantages and disadvantages of each approach before d)eciding on which type of locations to use.

Microsoft allows moving current Profile Container implementations to Cloud Cache. To start using Cloud Cache, replace the VHDLocations setting with CCDLocations. CCDLocations and VHDLocations may not be used in the same implementation simultaneously.

A Cloud Cache Provider contains both the profile container and associated metadata, while a traditional VHDLocation contains only the profile container. If Cloud Cache points to profile containers without metadata, the metadata will be created. When the metadata is added, the Profile Container location is converted to a Cloud Cache provider.

If a user has profile containers in more than one CCDLocation, the profile container listed first in CCDLocations will be updated to a Cloud Cache provider. All other profile containers in the same CCDLocations string will be deleted and replaced from the first Cloud Cache Provider.

There's no mechanism to merge multiple profile containers into a single profile.

With Profile Container, multiple connections are supported by using VHD(X) difference disks. Profile Container is configured for multiple connections using ProfileType. When configuring Profile Container, ProfileType can be set to one of four modes. Parallels RAS allows you to configure these profile types from within Parallels RAS Console.

To select a profile type:

1. In the Profile Settings dialog, select the Advanced tab.

2. Select the Profile type option.

3. Select one of the four modes that are available. Multiple connections are not supported for Office Container.

The profile types are explained in the section below.

Mode 0 (Normal profile)

Sign on:

• Client tries to attach the VHD(X) file directly. No difference disks are used. If concurrent access is attempted, it will fail with a sharing violation (error 20).

Sign out:

• Client detaches the VHD(X) file.

Mode 1 (RW profile)

Sign on:

• Client attempts to open the RW.VHD(X) difference disk with Read/Write access. If it is successful, it merges the difference disk to the parent. If it completes the merge, the RW.VHD(X) file is deleted.

• Client creates a new RW.VHD(X) difference disk.

• Client attaches the RW.VHD(X) as the Profile VHD.

Sign out:

• Client detaches the RW.VHD(X) difference disk (the user's Profile VHD/X).

• Client attempts to open the RW.VHD(X) difference disk with Read/Write access. If it is successful, it merges the difference disk to the parent. If it completes the merge, the RW.VHD(X) file is deleted.

Mode 2 (RO profile)

Sign on:

• Client attempts to open the RW.VHD(X) difference disk with Read/Write access. If it is successful, it merges the difference disk to the parent. If it completes the merge, the RW.VHD(X) file is deleted.

• Client attempts to delete the previous RO difference disk (if it exists).

• Client creates the new RO difference disk.

• Client attached the RO difference disk as the user's Profile VHD.

Sign out:

• Client detaches the RO difference disk.

• Client deletes the RO difference disk.

• Client attempts to open the RW.VHD(X) difference disk with Read/Write access. If it is successful, it merges the difference disk to the parent. If it completes the merge, the RW.VHD(X) file is deleted.

Mode 3 (RW/RO profile)

Sign on:

• Client checks to see if a RW.VHD(X) file exists. If it doesn't, the client takes the RW role and performs the same steps as ProfileType = 1. If the RW.VHD(X) file does exist, the client takes the RO role and does the same steps as ProfileType = 2.

General Information

• RO difference disks are stored in the local temp directory and are named %usersid%_RO.VHD(X).

• The RW difference disk is stored on the network next to the parent VHD(X) file and is named RW.VHD(X).

• The merge operation can be safely interrupted and continued. If one client begins the merge operation and the operation is interrupted (e.g. the client is powered off), another client can safely continue and complete the merge. For this reason, both the RW and RO clients begin by attempting a merge of the RW.VHD(X).

• Merge operations on ReFS file system, where the difference disk and the parent reside on the same ReFS volume, are nearly instantaneous no matter how large the difference disk is.

• Merge operations can only be done if there are no open handles to either the difference disk or the parent VHD(X). For this reason, the RO client also attempts to merge the RW VHD(X) as it may be the last session to disconnect.

For more information, see https://docs.microsoft.com/en-us/fslogix/configure-concurrent-multiple-connections-ht.

In this section, we describe how to configure existing FSLogix Profile Containers to be managed by Parallels RAS. FSLogix Profile Container configuration defines how and where the profile is redirected. Normally, you configure profiles through registry settings and GPO. Parallels RAS gives you the ability to configure profiles from the Parallels RAS Console or RAS Management Portal without using external tools.

For existing configuration, please note the following:

• There is no need to change the existing profiles themselves as they will stay the same.

• You can keep using the existing FSLogix Profile Container locations (SMB or Cloud Cache).

Profile Containers store user information in VHD(X) files. These files are stored in a network location. Profile Containers and Office Containers can automatically create the folders and files needed. To avoid security issues, user permissions must be created to allow users to create and use a profile, while not allowing access to other users’ profiles.

Per FSLogix documentation (https://docs.microsoft.com/en-us/fslogix/configure-per-user-per-group-ht), the following is recommended:

Cloud Cache is a technology that allows FSLogix Profile Container data to be stored in multiple locations at once, including traditional on-premises SMB shares and public cloud storage providers, and to enable real time, 'active-active' redundancy for Profile Container. Cloud Cache also uses a local cache of the profile disk to service all reads from a redirected profile after the first read. Cloud Cache can protect users from short-term loss of connectivity to remote profile containers. When using Cloud Cache, CCDLocations replaces VHDLocations. CCDLocations and VHDLocations cannot be used at the same time. Note that storing profiles in multiple locations at once generates more Azure consumption. Azure Blob storage specifically can be expensive in certain use cases. In general, always use the to calculate Azure consumption costs up front.

Pros:

• Seamless failover should the loss of a single storage location occur.

• Real-time, active-active redundancy for Profile Container .

• Native cloud storage such as Azure Blob, can be utilized.

• Useful if you have latency issues between the location of storage and location of workloads.

Cons:

• Logon and logoff delays that impact the user experience. This delay is variable based on many factors such as the location of the container in relation to the location of workloads.

• A less mature solution.

• I/O capabilities must be considered as it affects user experience. See best practices for Cloud Cache below.

Parallels RAS allows you to configure Cloud Cache from within Parallels RAS Console.

To configure Cloud Cache:

1. Open the User profile tab.

2. Click Configure general settings and select the Cloud Cache tab.

From here you can configure all advanced settings related to Cloud Cache.

FSLogix provides options to enable advanced logging for all of the FSLogix components. Parallels RAS allows you to configure advanced logging from within RAS Console.

To configure advanced logging:

1. Open the User profile tab.

2. Click Configure general settings and select the Logging tab.

From here you can configure all advanced settings related to logging. Specify for which components you want to enable logging, and provide a log level, retention period, and log directory.

Cloud Cache is useful for creating profile high availability in physical environments. The recommended configuration when using Cloud Cache for physical machines that may go offline (for example, a notebook computer) is:

• CCDLocations should be configured so that the first Cloud Cache Provider is placed on the local drive.

• ClearCacheOnLogoff would generally be set to 1, to avoid eventually having two full copies of the profile on the local machine.

For more detailed information, see article “Cloud Cache to create resiliency and availability” at https://docs.microsoft.com/en-us/fslogix/cloud-cache-resiliency-availability-cncpt.

For FSLogix Profile Container to work properly, configure your antivirus to exclude the following objects, as per Microsoft’s recommendations:

Files:

• %TEMP%\*\*.VHD

• %TEMP%\*\*.VHDX

• %Windir%\TEMP\*\*.VHD

• %Windir%\TEMP\*\*.VHDX

• \\server-name\share-name\*\*.VHD

• \\server-name\share-name\*\*.VHD.lock

• \\server-name\share-name\*\*.VHD.meta

• \\server-name\share-name\*\*.VHD.metadata

• \\server-name\share-name\*\*.VHDX

• \\server-name\share-name\*\*.VHDX.lock

• \\server-name\share-name\*\*.VHDX.meta

• \\server-name\share-name\*\*.VHDX.metadata

To achieve high availability for FSLogix Profile Container on-premises, Parallels recommends using multiple SMB locations with a single VHD path and Distributed File System Namespace in front of one or many SMB locations (note that only one SMB location can be active at one time) as active-passive HA. DFSR is applicable to NTFS-based SMB locations, but a third-party synchronization tool, such as https://bvckup2.com/kb/beyond-robocopy, is required for ReFS.

Multiple locations can be specified from the User Profile tab by clicking on the [+] button.

For FSLogix Profile Container in the cloud (e.g. Microsoft Azure), multiple storage solutions are available, with the recommended ones being Azure Files and Azure NetApp Files. Additional best practices apply, such as setting up the storage solution in the same datacenter location and excluding the VHD(X) files for Profile Container from antivirus scanning. For more information about FSLogix Profile Container and Azure deployment options, see https://docs.microsoft.com/en-us/azure/virtual-desktop/create-fslogix-profile-container.

More information on DFS and DFSR can be found at https://technet.microsoft.com/enus/library/jj127250.aspx.

For information about migrating to FSLogix Profile Container, visit https://www.christiaanbrinkhoff.com/2020/02/14/youtube-how-to-migrate-from-upd-to-fslogix-profile-container-profiles-to-windows-virtual-desktop/.

Pros:

• Less impact on writes caches such as I/O capabilities.

• Faster logon/logoff times in comparison to Cloud Cache.

Cons:

• Manual replication requirements and an active-passive methodology only.

• Lack of seamless failover.

• Can only consume SMB locations. Azure Files can be used as well. For more information, see: https://www.christiaanbrinkhoff.com/2020/03/01/learn-here-how-to-configure-azure-files-with-active-directory-ad-authentication-for-fslogix-profile-container-and-msix-app-attach/.

• https://docs.microsoft.com/en-us/azure/virtual-desktop/create-fslogix-profile-container

• https://jkindon.com/fslogix-cloud-cache-lessons-learned-in-azure/

• https://jkindon.com/architecting-for-fslogix-containers-high-availability/

• https://www.christiaanbrinkhoff.com/2020/02/14/youtube-how-to-migrate-from-upd-to-fslogix-profile-container-profiles-to-windows-virtual-desktop/

• https://www.christiaanbrinkhoff.com/2020/03/01/learn-here-how-to-configure-azure-files-with-active-directory-ad-authentication-for-fslogix-profile-container-and-msix-app-attach/

• https://christiaanbrinkhoff.com/2019/03/21/the-future-of-roaming-profiles-add-fast-logon-performance-and-office-365-support-to-your-virtual-desktop-vdi-daas-environment-with-microsoft-fslogix-profile-container-including-existing-uem-sol/

FSLogix can be configured on the User profile tab. To reach it follow the steps below.

RD Session Hosts:

1. In Parallels RAS Console, go to Farm > RD Session Hosts > Host pools.

2. Right-click the Host pool you need and select Properties.

3. Select the User profile tab.

1. In Parallels RAS Management Portal, go to Infrastructure > Host pools.

2. Select the host pool you need.

3. Go to Properties > User Profile.

VDI:

1. In Parallels RAS Console, go to Farm > VDI > Host pools tab.

2. Right-click the host pool you need and select Properties.

3. Select the User profile tab.

Azure Virtual Desktop:

1. In Parallels RAS Console, go to Farm > Azure Virtual Desktop > Host Pools tab.

2. Right-click the host pool that you need and select Properties.

3. Select the User Profile tab.

The most recent instructions are also available in Parallels RAS Administrator's Guide: https://download.parallels.com/ras/v19/docs/en_US/Parallels-RAS-19-Administrators-Guide.pdf

FSLogix configuration can either be enforced on an individual server or on multiple servers at once using host pools Group Defaults. For testing purposes, when configuring RDSH, it is recommended to test FSLogix configuration on a single machine before applying the settings to all machines.

To enable FSLogix on a single machine:

1. On the User Profile tab, clear the Inherit default settings checkbox.

2. In the Technology the drop-down menu, select FSLogix.

FSLogix Profile Containers settings are described below.

Deployment method: Here you need to select a method that Parallels RAS will use to install FSLogix agent on individual hosts. You can select from one of the following:

Install manually: Select this option if you want to install FSLogix agent on every host yourself. If this option is selected, Parallels RAS will not attempt to install FSLogix on a host.

Install online: The default method. This option installs FSLogix agent on session hosts from the Internet. Select one of the Parallels supported FSLogix versions from the drop-down list or select Custom URL and specify a download URL. Click the Detect latest button to automatically obtain a URL of the latest FSLogix version.

Install from a network share: Select this option if you have the FSLogix installation files on a network share and specify its location.

Push from RAS Connection Broker: This option allows you to upload the FSLogix installation archive to the RAS Connection Broker server. When you enable FSLogix on a session host, it will be push installed on the host from the RAS Connection Broker server.

To configure the FSLogix profile container or Office Container disk details, select User Profile Containers or Use Office Containers and open the Disks tab.

Location type: Select a location type for profile disks (SMB Location or Cloud Cache).

Location of profile disks: Specify one or more locations per FSLogix requirements (https://docs.microsoft.com/en-us/fslogix/profile-container-configuration-reference). SMB Location stands for VHDLocations, Cloud Cache – CCDLocations.

Example SMB location:

The value is constructed as:

<\Location1\Folder1>

Example Cloud Cache based on an SMB location: :

The value is constructed as:

type=smb,connectionString=<\Location1\Folder1>

Example Cloud Cache based on Azure Page Blobs location:

The value is constructed as:

type=azure,connectionString=”|fslogix/ConnectionString|”

Note that ‘fslogix/ConnectionString’ is a reference to a system stored in Windows Credential Manager. That system credential contains the full string pointing to the Azure Page Blob. It is advised to use Windows Credential Manager because otherwise you would expose sensitive Azure credentials to any user who has access to the session host registry. The full string is constructed as:

"DefaultEndpointsProtocol=https;AccountName=<accountname>;AccountKey=<Accountkey>;EndpointSuffix=core.windows.net"

This string can be retrieved from your storage account in Azure. Inside the Azure Portal, navigate to the storage account, click Access Keys, and copy the contents of Connection String as shown below.

To create, delete, and view system credentials from Windows Credential Manager, use the frx.exe command which is a part of FSLogix. For example, to create a new system credential, run the following command:

C:\Program Files\FSLogix\Apps\frx.exe add-secure-key -key ConnectionString -value "DefaultEndpointsProtocol=https;AccountName=<accountname>;AccountKey=<Accountkey>;EndpointSuffix=core.windows.net" creates a key called ‘ConnectionString’, matching the previous example. Note that adding ‘fslogix/’ is not required as this is added automatically by frx.exe. For more information on working with Credentials Manager see https://learn.microsoft.com/en-us/fslogix/configure-cloud-cache-tutorial#protect-azure-key-with-credential-manager.

Profile disk format: Select from VHD or VHDX according to your requirements. VHDX is a newer format and has more features.

Allocation type: Select Dynamic or Full. This setting is used in conjunction with the Default size setting (see below) to manage the size of a profile. Dynamic causes the profile container to use the minimum space on disk, regardless of the allocated default size. As a user profile is filled with more data, the amount of data on the disk will grow to the size specified in the Default size but will never exceed it.

Default size: Specifies the size of newly created VHD(X) in megabytes.

Users and Groups: This tab allows specifying include and exclude user and group lists. By default, “Everyone” is added to the User inclusion list. If you want some user profiles to remain local, you can add those users to the exclude list. Users and groups can exist in both lists, but the exclude list takes priority in this case.

Folders: Here you may specify include and exclude lists for folders. Select from common folders or specify your own. Please note that folders must reside in the user profile path.

• Advanced: This tab allows modifying advanced FSLogix Profile Container and Office Container settings. To modify a setting, highlight it and click the Edit button (alternatively, you may use the Tasks > Edit option from drop down menu in the upper right corner of the tab). Things to consider:

  • By default, all settings are disabled.

  • To enable a setting, select the checkbox in front of its name.

  • A description for each setting is provided in the same window.

Note: Please ensure that you’re familiar with the settings before modifying them. For further information regarding FSLogix Profile Containers configurations, see https://learn.microsoft.com/en-us/fslogix/reference-configuration-settings.

The Advanced tab of Profile Container settings allows you to change settings that are specific to Profile Container.

The Advanced tab of Office (ODFC) Container settings allows you to change settings that are specific to Office Container.

Configure general App Services settings

There are 3 settings that apply to both Profile and the Office Container.

To configure App Services settings:

1. Open the User profile tab.

2. Click Configure general settings and select the App Services tab.

Cleanup Invalid Sessions: In cases where a user's session terminates abruptly, the VHD(X) mounted for the user's profile isn't properly detached and the user's next sign-in may not successfully attach their VHD(X) container. Enable this setting, and FSLogix will attempts to clean up these invalid sessions and allow a successful sign-in.

Roam Recycle Bin: When enabled, this setting creates a redirection for the user's specific Recycle Bin into the VHD(X) container. This allows the user to restore items regardless of the machine from where they were deleted.

VHD Compact Disk: When enabled, this setting attempts to compact the VHD disk during the sign-out operation. It is designed to automatically reduce the?size of the container file depending on a predefined threshold.

Cloud Cache technology allows storing multiple copies (per Microsoft, the practical limit is 4) of Profile Containers on SMB file shares and keeping its data in sync without the need to deploy complex replication infrastructure. Note though that logon and logoff delays may impact the user experience.

Examples of usage:

• Keeping copies of profiles in several storage locations (disaster recovery data center).

• Replicating data to the more cost-effective storage.

• Migrating from one storage location to another.

To configure multiple Cloud Cache locations (corresponds to CCDLocations setting), simply add them using the [+] button on the User Profile tab.

Profile Container will read data from a provider if the data needed does not already exist in the Local Cache file. When configuring Cloud Cache locations, the order Providers are listed defines the order Profile Container uses them for reading. If the first path specified is unavailable, then Profile Container will attempt to read from the second Provider and so on.

Cloud Cache will always write to all Providers specified in CCDLocations, unless a specified Provider isn't available.

Because the Local Cache file will service most I/O requests, the performance of the Local Cache file will define the user experience. It is critical that the storage used for the Local Cache file is high-performing and highly available. It is also suggested that any storage used for the local cache file should be a physically attached storage or have reliability and performance characteristics that meet or exceed high-performing physically attached storage. When using Cloud Cache, FSLogix profiles can be stored on Azure Files as well as directly on Azure Page Blobs. For Azure Page Blobs, it is important to secure sensitive Azure credentials by using Credential Manager. This is explained in Chapter 3.