You are eligible to access FSLogix Profile Container, Office 365 Container, Application Masking, and Java Redirection tools if you have one of the following licenses:

• Microsoft 365 E3/E5

• Microsoft 365 A3/A5/ Student Use Benefits

• Microsoft 365 F1/F3

• Microsoft 365 Business

• Windows 10 Enterprise E3/E5

• Windows 10 Education A3/A5

• Windows 10 VDA per user

• Remote Desktop Services (RDS) Client Access License (CAL)

• Remote Desktop Services (RDS) Subscriber Access License (SAL)

FSLogix solutions may be used in any public or private data center if a user has the necessary license.

For more information, see: https://docs.microsoft.com/en-us/fslogix/overview.

FSLogix profiles can also be stored on Azure Files with Active Directory Domain Services or Azure Active Directory Domain Services. Per FSLogix documentation (https://learn.microsoft.com/en-us/azure/virtual-desktop/fslogix-profile-container-configure-azure-files-active-directory), the requirements below need to be met. Once completed, the same NTFS permissions as outlined in the previous chapter need to be applied.

• Host pool where the session hosts are joined to an AD DS domain or Azure AD DS managed domain, and users are assigned.

• A security group in your domain that contains the users who will use FSLogix Profile Containers. If you’re using AD DS, it must be synchronized to Azure AD.

• You Azure subscription must allow you to create a storage account and add role assignments.

• A domain account to join computers to the domain and open an elevated PowerShell prompt.

• The subscription ID of your Azure subscription where your storage account will be.

A computer joined to your domain for installing and running PowerShell modules that will join the storage account to your domain. This device must be running a supported version of Windows. Alternatively, you can use a session host.

Please ensure that FSLogix Office or Profile Container is not configured by GPO on the server(s) as this will cause conflicts with the settings specified in the Parallels RAS Console or Management Portal.

FSLogix profiles can also be stored directly on Azure Page Blobs. When using Azure Page Blobs, it is strongly recommended to store sensitive Azure credentials inside Windows Credential Manager. This prevents exposing sensitive Azure credentials to users with access to the session host registry. Chapter 3 explains how to leverage Azure Page Blobs and provides guidance on how to use Credential Manager to securely store the required Azure credentials. When deciding on the storage type and location, make sure to perform a cost calculation up front as there can be a significant cost difference between various storage solutions in Azure.

Profile Containers store user information in VHD(X) files. These files are stored in a network location. Profile Containers and Office Containers can automatically create the folders and files needed. To avoid security issues, user permissions must be created to allow users to create and use a profile, while not allowing access to other users’ profiles.

Per FSLogix documentation (https://docs.microsoft.com/en-us/fslogix/configure-per-user-per-group-ht), the following is recommended:

For FSLogix Profile Container to work properly, configure your antivirus to exclude the following objects, as per Microsoft’s recommendations:

Files:

• %TEMP%\*\*.VHD

• %TEMP%\*\*.VHDX

• %Windir%\TEMP\*\*.VHD

• %Windir%\TEMP\*\*.VHDX

• \\server-name\share-name\*\*.VHD

• \\server-name\share-name\*\*.VHD.lock

• \\server-name\share-name\*\*.VHD.meta

• \\server-name\share-name\*\*.VHD.metadata

• \\server-name\share-name\*\*.VHDX

• \\server-name\share-name\*\*.VHDX.lock

• \\server-name\share-name\*\*.VHDX.meta

• \\server-name\share-name\*\*.VHDX.metadata