-
Notifications
You must be signed in to change notification settings - Fork 193
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Documentation Issue] - Subscription level access or RG level access for AVD SP #615
Comments
@apple-sauce thank you for your feedback, our general recommendation is to grant access at the subscription level, given the fact that if you do at resource group level you will need to make sure host pools and VMs are resource groups are included. The AVD LZA does it at resource group level because we are granting RBAC access on the required resource groups of the deployment, we don't do it at subscription level because we don't own the subscription and we don't know what other resources your subscription may contain. Are you having issues with auto scaling of your session hosts? Please let us know if additional information is needed. |
Let us know the feedback or general question
From the avd link - https://learn.microsoft.com/en-us/azure/virtual-desktop/autoscale-create-assign-scaling-plan?tabs=portal#assign-the-desktop-virtualization-power-on-off-contributor-role-with-the-azure-portal
More specifically "Assigning this role at any level lower than your subscription, such as the resource group, host pool, or VM, will prevent autoscale from working properly."
After running the accelerator, we noticed that the perms for the azure virtual desktop service principal assigned the rights at the resource group level and NOT the subscription level which is what your documentation states
The text was updated successfully, but these errors were encountered: