We find MSIX App Attach to be a rather impressive and useful feature, so we’ll be discussing it in this article. Let’s delve into MSIX App Attach and learn how to implement it.
Understanding MSIX App Attach
Before diving into the step-by-step instructions on setting up MSIX App Attach, it’s crucial to comprehend its functionality and advantages. The most remarkable aspect of App Attach is that it does not employ a conventional MSIX/MSIXBUNDLE package; instead, it utilizes .VHD, .VHDX, and .CIM files to deliver applications to active user sessions in Azure Virtual Desktop.
.VHD, .VHDX, and .CIM files are virtual hard disks (VHD) that can be attached to your computer by double-clicking on them. For instance, if you mount a VHD, open the Computer Management utility, and go to Disk Management, you’ll see the attached virtual hard drive.
Virtual Hard Drive Note: To convert an MSIX to a VHD/VHDX/CIM, follow specific steps. For a detailed guide, refer to the Prepare an MSIX image for Azure Virtual Desktop Microsoft article.
It’s important to note that MSIX App Attach does not necessitate Azure Virtual Desktop. By using PowerShell scripts, you can establish the same environment; just follow these steps in this precise order:
Now that we’ve grasped what App Attach is and how it operates, let’s examine the prerequisites for Azure Virtual Desktop:
- Azure AD Domain Services
- Storage Accounts
- Assign MSIX packages via App Attach
Creating Azure AD Domain Services
The first task in Azure is to create a new Azure AD Domain Services (Azure AD DS). This service provides managed domain services such as domain join, group policy, lightweight directory access protocol (LDAP), and Kerberos/NTLM authentication. To create an Azure AD DS, click on the Create button and enter the required information.
Important: Ensure you assign the AADS to the same resource group where you created your Azure Virtual Desktop.
Account Creating a File Share in Azure Portal
We need a file share to store all our MSIX App Attach packages. To create one, follow these steps:
- Go to the Azure portal and search for Storage Accounts.
- Click on Create and provide the following:
b. Resource Group (ensure it’s in the same resource group as your Azure Virtual Desktop)
c. Storage Account name
d. Region e. Redundancy (Storage type)
Create Storage Account The remaining settings are optional (we chose the default settings).
- Customize the storage if desired, or continue by clicking Review + Create.
- After creating the storage account, add a new file share by navigating to the storage account and selecting the File shares option.
- Click the +File share button. A window will appear for you to enter the Share Name and the desired Tier.
- Click the Review +Create button.
Azure File Share Configuration
Synchronizing File Share with Azure Active Directory One of the final steps is to sync the file share with Azure Active Directory (that’s why we enabled Azure AD Domain Services earlier).
- Return to your Storage accounts, select File shares, and click on the Active Directory button.
- A new window will prompt you to choose the Azure Active Directory Domain Services and click on Configure.
- Check the Enable Azure Active Directory Domain Services (Azure AD DS) for this file share checkbox (in the upper right corner).
Active Directory Setup Setting Permissions
Now that our Azure Virtual Desktop, Azure AD Domain Services, and Storage Account are configured, it’s time to add the appropriate permissions for the virtual machine to access the file share.
Here’s how to do that:
- Navigate to the Storage accounts.
- Select your previously created storage account.
- Go to Access Control(IAM).
- Here, click on Add and add the following roles:
a. Storage Account Contributor
b. Storage Blob Data Contributor
c. Storage Blob Data Reader
d. Storage File Data SMB Share Contributor
e. Virtual Machine Administrator Login
f. Virtual Machine Contributor
For each of these roles, your account and virtual machine must be added like this:
IAM Storages Tip: If you need to grant access to multiple users or machines, it’s easier to create a group in Azure Active Directory that includes both the machines and the users.
Azure Active Directory Group Assigning MSIX Packages via App Attach
With everything configured, it’s time to assign our VHD, VHDx, or CIM files via App Attach.
Follow these steps:
- Go to Azure Virtual Desktop and select your Host Pools.
- In your host pool, find the MSIX Packages option. Click on the +Add option. Add MSIX Packages
- You’ll be prompted to provide an MSIX image path – this path must correspond to the storage account path created earlier.
- To add files to your Storage Account, navigate to the file share and click on Upload. Add Files to Storage Account The path that must be specified for MSIX App Attach is as follows:
- Once the path is provided to Azure, several options will appear, such as Display name, Registration Type, and State (it must be set to active). AVD MSIX App Attach
- To create the application group for assignment, click on Application Groups in your host pool. Application Groups
- In the app group, select Applications and click on the +Add option: Add Applications Group
- Choose your MSIX package from the list and click Save. Select MSIX Group The sync with AD may take some time, but the application will appear on your virtual machine after a few minutes.
Several steps must be completed for MSIX App Attach to function efficiently. Keep in mind that this article and the previous one, Azure Virtual Desktop – Step by Step Guide, are intended to demonstrate how things work from a basic perspective. We even encountered a minor issue with obtaining access to the Azure Storage Account with our Azure Virtual Desktop, which is further discussed in the MSIX App Attach Code 400 error article.
Would you like us to explore this topic in more depth? Click this link!