Added Support for EntraID identities by shawntmeyer · Pull Request #754 · Azure/avdaccelerator

shawntmeyer · 2025-02-23T11:14:55Z

Overview/Summary

This PR adds support for Entra ID identities for both FSLogix and AppAttach storage and session host configuration.

This PR fixes/adds/changes/removes

Addresses issue 746

fixes - bugs with finding Azure Virtual Desktop and Azure Virtual Desktop ARM Provider service principals by changing the filter query and adding transforms and if all else fails adding Selector Blade Controls if not found.
fixes - network resource group creation if no networking deployed. This was a portal bug.
addition - Entra ID identity option and updates to conditions on deployments to incorporate this new feature. Existing references to EntraID changed to EntraIDKerberos to allow conditions like contains(item, 'EntraID').
addition - Portal UI changes on both baseline and new Session Host brown field scenarios to support dynamic population of accelerated networking, trusted launch, and availability zone support.
modify - Set-SessionHostConfiguration.ps1 script to utilize storage account keys for entra id support. Removed duplicate parameters to slim down code. Calculation of storage account name from share path. calculation of storage fqdn from sharepath.

Breaking Changes

None encountered during testing but anything else that uses the Set-SessionHostConfiguration.ps1 or the bicep calling this might break. I can work through these other brown field issues if found.

Testing Evidence

Tested both EntraID and ADDS identities multiple times in my commercial and government labs. When testing make sure all files are up to date in your repo as I did change the Set-SessionHostConfig.ps1 script as well.

As part of this Pull Request I have

Read the Contribution Guide and ensured this PR is compliant with the guide
Ensured the resource API versions in .bicep file/s I am adding/editing are using the latest API version possible
Checked for duplicate Pull Requests
Associated it with relevant GitHub Issues
(AVD LZA Team Only) Associated it with relevant ADO Items
Ensured my code/branch is up-to-date with the latest changes in the main branch
Performed testing and provided evidence.
Updated relevant and associated documentation (e.g. Contribution Guide, Module READMEs, Docs etc.)

workload/scripts/Set-SessionHostConfiguration.ps1

* updates * updates * updates * updates * updates * updates * updates * updates * Added Support for EntraID identities (#754) * removed Key expiration * updated Groups UI * entraid support * removed extra if * testing with my branch * remove managementvm on entraid * update portal * updated ui * changed EnterpriseApp to ServicePrincipal * updated portal * fixed avdarm * update RBAC * updated url for script * updated ui * fixed createPrivateDNS parameter * fixed identityDomainName in SessionHost Script * added conditions for storage managed identity * added logging to set session host * changed to -command * configure baseuri back to azure * updated doc for identity info * settings * new session host brownfield fix up * merged files * updated json files * fixed reference to sub * fixed hostpool call * updated reference * fixed portalui for new session hosts * fixed validation on deployment prefix * fixed regex * tag regex * fixed modulo function and portal * fixed portal screen * update set-sessionhostconfig.ps1 * update allowed values for tags * updated batch size * unified changes across baseline and new session hosts * fixed keyvault ref * added index to UI * updated publisher reference for all lowercase * added count to UI * fixed vmsize count reference * fixed custom image in portal ui * updated docs and reverted script path to azure repo * fixed the servicePrincpalApiCalls * fixed condition on serviceprincipal blade controls and outputs. * updated to match azure repo in leue of sync * Update deploy.bicep --------- Co-authored-by: Dany Contreras <78437433+danycontre@users.noreply.github.com> * updates * updates * fixed the filtering and added condition for info box on manageement pane. * fixed filter on sku * updated branch name for tests * added filter for SKU * added Service Principal to Role Assignment * added ServicePrincipal to Role Assignment * changed avdEnterpriseAppId to avdServicePrincipalId * changed branch * update doc * updated share path creation in configureSessionHost.bicep * fixed filesharepath for fslogix * updates * updates * updates * updates * updates * updates * updates * updated new session host portal ui * added filtering for storage Account * allowed descrption on storage account * updates * updates * added new add-on for storage account key rotation * updates * renamed file * fixed file name * improved resource group drop down to show only those with cm-resource-parent tags and show value of hostPool Name to help in selection process * have to disable roaming the recycle bin to prevent corruption of recycle bin with cloud only identities * fixed key path * fixed minor bug in set sessionhost script * updates to api * fixed loop variable * removed bold on Resource Group * fixed set-registryValue error * updated name of deployments * update batch deployment name * updated parameter on Set-RegistryValue call for Entra ID * updated deployment names to increment batchid + 1 * updated logging * fixed parameter on write-log calls * added local group membership for fslogix * added garbage collection to hkcu unload * added error catching * retrieved deppref and environment from rg name * updates * reverting commit * reverting commit * reverted commit * DesktopVirtualization AVM API Version Update for US Gov Support * updated desktopvirtualization application avm api version * updated more modules with gov api version * avm update for subnets and privatednszones * regenerate arm * updated hostpool api version everywhere * fixed appid to search on portal-ui * updated graphapi filter * fixed bug in disk encryption section of UI * PR merge updates * PR merge updates * PR merge updates * PR merge updates * PR merge updates * PR merge updates * PR merge updates * PR merge updates * PR merge updates * PR merge updates --------- Co-authored-by: Dany Contreras <dany.contreras@microsoft.com> Co-authored-by: Shawn Meyer <49066369+shawntmeyer@users.noreply.github.com> Co-authored-by: Shawn Meyer <shmeyer@microsoft.com>

shawntmeyer added 22 commits February 19, 2025 07:12

removed Key expiration

befa09b

Merge branch 'main' of https://github.com/shawntmeyer/avdaccelerator

8ecf2c6

updated Groups UI

49ad8c2

Merge branch 'main' of https://github.com/shawntmeyer/avdaccelerator

996a361

entraid support

288c2f2

removed extra if

15d9a7f

testing with my branch

9e860a6

remove managementvm on entraid

14ba1fa

update portal

95f2bf2

updated ui

52c7105

changed EnterpriseApp to ServicePrincipal

5c620b6

updated portal

9806aa5

fixed avdarm

88176b0

update RBAC

cad8072

updated url for script

5f82f05

updated ui

241b647

fixed createPrivateDNS parameter

7adf066

fixed identityDomainName in SessionHost Script

525960e

added conditions for storage managed identity

81a38bb

added logging to set session host

a105fd2

changed to -command

8c785b4

configure baseuri back to azure

591be5b

github-advanced-security bot found potential problems Feb 23, 2025

View reviewed changes

workload/scripts/Set-SessionHostConfiguration.ps1 Fixed Show fixed Hide fixed

shawntmeyer and others added 4 commits February 23, 2025 06:19

updated doc for identity info

6b0479e

settings

b4c3202

Merge branch 'main' into main

7ca56ad

new session host brownfield fix up

b737533

github-advanced-security bot found potential problems Feb 25, 2025

View reviewed changes

workload/scripts/Set-SessionHostConfiguration.ps1 Dismissed Show dismissed Hide dismissed

shawntmeyer added 2 commits February 25, 2025 16:42

merged files

114e010

updated json files

9f46c44

shawntmeyer added 23 commits February 25, 2025 17:02

fixed reference to sub

1af9ace

fixed hostpool call

77334f1

updated reference

5c61b21

fixed portalui for new session hosts

4cc00b7

fixed validation on deployment prefix

ddd09b8

fixed regex

803d2c8

tag regex

0558199

fixed modulo function and portal

e07456e

fixed portal screen

106a889

update set-sessionhostconfig.ps1

a84d195

update allowed values for tags

492bd5a

updated batch size

e1c0591

unified changes across baseline and new session hosts

b90edce

fixed keyvault ref

c2ad100

added index to UI

8056d66

updated publisher reference for all lowercase

4ac1e60

added count to UI

868b936

fixed vmsize count reference

5238673

fixed custom image in portal ui

9f59ba7

updated docs and reverted script path to azure repo

6febddd

fixed the servicePrincpalApiCalls

cea57f9

fixed condition on serviceprincipal blade controls and outputs.

1428744

updated to match azure repo in leue of sync

d52165f

danycontre changed the base branch from main to EntraID-Storage-Features March 5, 2025 20:25

Update deploy.bicep

d1d1d01

danycontre merged commit d3d80cf into Azure:EntraID-Storage-Features Mar 6, 2025
1 check passed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Added Support for EntraID identities#754

Added Support for EntraID identities#754
danycontre merged 52 commits intoAzure:EntraID-Storage-Featuresfrom
shawntmeyer:main

shawntmeyer commented Feb 23, 2025 •

edited

Loading

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

3 participants

Conversation

shawntmeyer commented Feb 23, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Overview/Summary

This PR fixes/adds/changes/removes

Breaking Changes

Testing Evidence

As part of this Pull Request I have

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

3 participants

shawntmeyer commented Feb 23, 2025 •

edited

Loading