Appendix E: Configuring FlexApp Integration with AVD App Attach

Microsoft has added the ability for third-parties to integrate with AVD App Attach, which allows assignment of FlexApp packages in the same way AVD Administrators may already be assigning MSIX App Attach packages to end-users. In addition, the same PowerShell scripts that Administrators may already be using to manage assignment of App Attach packages can be easily repurposed for FlexApp-based App Attach packages.

This allows an AVD Administrator to eliminate use of the ProfileUnity & FlexApp Management Console for basic user or group-based FlexApp assignments to AVD users. Additional assignments and other modules within ProfileUnity may continue to be done via the console and would apply on top of any AVD-based FlexApp assignments.

FlexApp integration supports both presentation methods available –full-desktop and Remote App. FlexApp integration also supports both registration modes, register on-demand, and register at log on. On-demand registration utilizes Liquidware’s FlexApp Click-to-Layer technology to display shortcuts quickly and only registers the application to the system the first time a user on that machine launches it. At-logon registration uses the normal FlexApp registration method of fully adding the application into the Operating System at log-on time. The default is at log-on, but it can be changed on a per App attach package-basis in the Configuration blade.

Important: These steps assume you already have an AVD infrastructure setup, including Host pools and Application groups. These steps also require that you have the necessary permissions to create Resource groups, create and assign a Custom role, create an Entra ID App registration, and create new or manage existing AVD Host pools and Application groups.

Azure and Entra ID Configuration

Create New App Registration

  1. Log in to the Azure Portal > Microsoft Entra ID blade > App registrations screen with the appropriate Azure Administrator-level credentials.
  2. Click New registration at the top, provide the requested information, and then click Register.
  3. On the Overview page of your new App registration, copy/save the Application (client) ID and Directory (tenant) ID.

  4. Note: You will need the Application (client) ID and Directory (tenant) ID later.

  5. Navigate to the Certificates & secrets page on the left, click New client secret under the Client secrets tab, fill in the information, and click Add.Copy/save the Value.

  6. Note: You will need the Value later and Azure will not show you the Value again after you navigate from this screen.

Create and Assign New Custom Role

  1. Navigate within the Azure Portal to the Subscriptions blade and click on the subscription hosting your AVD environment.
  2. Click on the Access control (IAM) blade, then the +Add dropdown, and then click Add custom role.
  3. Name the new custom role and then click Next.
  4. Click +Add permissions and search for the permissions listed in the table below. Add each permission in order and after each selection, click Review + create.
  5. +Add permissions Review + create
    Microsoft.Resources/subscriptions/read Read: Get Subscriptions
    Microsoft.Resources/subscriptions/resourceGroups/read Read: Get Resource Group
    Microsoft.DesktopVirtualization/appattachpackages Read, Write, Delete appattachpackages
    Microsoft.DesktopVirtualization/hostpools (optional) Read, Write hostpools

    Note: This allows automatically assigning packages to a host pool, saving post-sync configuration time, if desired.
  6. Review the selections and then click Create.
  7. At the Access control (IAM) blade, click the +Add dropdown and then select Add role assignment.
  8. Search for the new custom role, click to select it and then click Next.
  9. Click +Select members, search for the name of your new App registration, highlight it, and then click the Select button.
  10. Click Review + assign, review the assignment, and then click Review + assign to complete the selection.

Create New Resource Group (optional)

This will create a new resource group to hold the FlexApp App Attach Packages.

  1. Within the Azure Portal, navigate to the Resource groups screen, and then click +Create.
  2. Select the correct Subscription, give the new resource group a name, select the correct Region, and then click Review + create.
  3. Review the selections and then click Create.

ProfileUnity & FlexApp Management Console Configuration

Add Microsoft Entra ID Tenant

  1. Login to the ProfileUnity Console web UI as an Administrator-level account and then navigate to the Administration > Access and Authentication tab in the upper-right.
  2. Under Directory Services, click Add Microsoft Entra ID Tenant, enter a Tenant Name, paste in the details copied in steps 3 and 4 when the new App registration was created, and then click Save.

  3. Note: Use a Tenant Name that will make it easier for you to remember or identify in the future.

Configure FlexApp Package Information Sync to Azure Resource Manager (ARM)

  1. Navigate to the Settings tab of the Administration screen, scroll down, and expand the AVD App Attach section.
  2. Select the new Tenant Name and fill in the rest of the fields in order.

  3. Note: You must click on a search result to select it. If you are not sure what to search for, you can enter three consecutive SPACE characters to return all results.Host Pool Name is optional and requires read and write permissions to the selected subscription’s host pools. It will only populate when the proper permissions are set.

  4. When complete, click Update in the top-right.

  5. Note: At this point, only new packages will automatically be added to the ARM. To add the existing FlexApp inventory into the ARM, click Sync Packages.

If you view the App Attach Packages screen of the Azure Portal, all of the FlexApp packages are listed.