- Microsoft is sunsetting Azure Classic "(not Azure Virtual Desktop (AVD)); - Microsoft Article
- NFA sunset occurs February 20th, 2023
- Only new NFA account creation will be unavailable on November 30th 2021
- NFA will be fully supported until the official sunset - firstname.lastname@example.org
- We encourage all partners to watch this video, read all of our supporting KB's and consider preparing for migrations in 2022. The entire Nerdio team is here to support and guide all of our amazing partners during this transition.
We have created a new version of this guide here - https://help.nerdio.net/hc/en-us/articles/8639188644109
NONE OF THE STEPS HAVE CHANGED. We updated the format based on partner feedback. Please keep that feedback coming!
Before you begin
NMM consists of an application that sits in your MSP tenant and connects from there to your customer's tenants. The first step is to install NMM into your Azure tenant. To do this, follow this written guide or this series of videos. Also review our guide regarding Azure Resource Provider Registration, prior to installing NMM.
*** The required resource providers HERE will need to be registered in the customers Azure subscription prior to migration***
NFA to NMM Migration Guidance is spread across multiple Help Center articles. We recommend reading in the order below.
Based on the above Discovery you should know be aware of your Identity Type.
- If your identity is Hybrid Active Directory (Domain Trust) Considerations for Hybrid AD "Domain Trust" Environments (HAD)
- Still unsure if you have Hybrid AD(HAD) - You can confirm via the NAP
This migration document follows the path of least change to ensure a simple and fast migration. Other modifications shouldn't be considered until after this migration is completed
IMPORTANT - Review and plan based on existing Security Groups and automations.
- Nerdio for Azure included Identity management and automations that are no longer available in NMM. Specifically, Nerdio for Azure would place newly created computers or users into any or all of the following security group(s) to enable specific GPO's:
- "VDI Computer Group" - Personal Desktops(AVD)
- "RDSH Computer Group" - RDS Hosts and AVD Pools
- "RDS Users Group" - Users assigned to an RDS based Host or AVD based desktop
- MSP partners should consider reviewing all security groups and GPO's in full and determining best practices for new users and computers going forward. Commonly partners are achieving this via OU based policies.
The NAP does provide automation to assist with the migration. Steps 1 - 3 are provided to allow for manual migration. Please review this guide for details on the automations which is also addressed in step 4 below. This video below will walk you through the automation steps.
Note - Steps 1-3 below are only valid if you don't use automated migration in NFA. Please skip to STEP 4 if the automated migration tool is being used.
Step 1 - Adding your customer's account
Step 3 - Image Considerations
- Creating a New Desktop Image (Recommended)
- Importing NFA images
- (IMPORTANT) - Imported Image Cleanup
- Setting as Image
*Reminder if using automations - they end here!
Step 4 - Configuring Host Pools
- (Optional) Importing Personal Desktops
Step 5 - Adding users to new host pools
Step 6 - Cutover to NMM
- New to NMM - Common Errors and Guides
- Discuss Migrating with other MSP Partners in the Nerdio Community Forums
Final Step - Post Migration Cleanup Guidance
Step 1 - Adding your customer's account
To manage your customer's account, you will need an Azure login with GA and subscription owner permissions. Follow the guide for adding an account. Since you're connecting to an existing NFA account, keep the following points in mind:
- In Step 1, tell NMM to Use existing Active Directory
- In Step 2, select the region of the existing NFA account, and the LAN subnet of the existing VNET. This will be the default subnet for new hosts.
We recommend creating a new resource group for the NMM host VMs to keep them separate from the NFA resources. but it is acceptable to select the existing RG here if you will not be creating a new one for the NMM resources.
- We will connect to the existing NFA resource group in a later step, but it is acceptable to select the existing RG here.
- In Step 3 provide your existing AD domain info
- In Step 4, you can specify the UNC path to the profiles share on the existing FS01, or you can create a new Azure Files share if you'd like to decommission FS01 eventually. Using an Azure Files share will require migrating existing profiles (or recreating as new profiles).
- Example of Nerdio Default - \\fs01.nerdio.int\Profiles\%Username%
Step 2 - Configuring NMM for NFA Resource Management
Connecting to the NFA resource group and DMZ subnet
If you did not specify the existing NFA resource group when connecting to the NFA account, go to Settings -> Azure Environment in the left menu, and click Link under Linked resource groups.
Select your existing NFA resource group. This will allow you to see an manage the VMs in the NFA resource group from NMM.
Also in the Azure environment page, link to the existing DMZ subnet by clicking Link under Linked Networks
Select the DMZ subnet and click OK
Change FSLogix Volume Type if not VHDX
Note - Nerdio Manager(NMM) used VHDX by default. You will want to confirm the volume type in NFA and MATCH IT in NMM!
If your existing FSLogix profiles are using VHD as the volume type (as opposed to VHDX), you will need to configure NMM to use VHD as well.
To do so, navigate to Settings -> Integrations and click on the link under FSLogix Profiles storage to bring up the FSLogix configuration option.
Change the "VolumeType" key from "vhdx" to "vhd." Also, add %username% to the FSLogix profiles path.
Note: All new users created post-NFA to NMM migration will not have their Desktop/Documents/Favorites redirected to \\FS01\Users. Their documents will be self-contained in the FSLogix profile container.
Step 3 - Desktop Images
*Note - If using NFA CORE, Step 3 and beyond won't apply unless you want to create new AVD resources
Create a new image (Nerdio Recommended Step!)
To create a brand new image for use with NMM, click the Add from Azure Library button and select an Azure image such as Windows 10 EVD.
*Nerdio Note! - If you used the Import NFA Image Feature in NMM the AVD Agent and FSLogix Agent are automatically uninstalled. Please review the Import logs to confirm these actions completed successfully
Importing NFA images
Important - Please also review SafeDNS section
Importing AVD Pool image
To import a pool image (e.g. "Pool-A00"), navigate to Desktop Images and click the Add from Azure Library button.
Give the new image a name and select your NFA image in the Azure Image dropdown menu. NOTE: check the "Do not create image object" option.
Importing WVDSH00 Image
To import the WVDSH00 image, you will need to export the OS disk using a SAS URL. Ensure the AVDSH00 VM is powered off, then find AVDSH00 in the Azure portal. Select Disks and open the OS disk.
Select Disk Export and click the Generate URL button
Copy the generated URL:
In NMM, navigate to AVD -> Desktop Images and click the Add from Azure VM button.
Give the new image a name, and paste the generated URL into the SAS URL field. Check the "Do not create image object" option. You may wish to provide custom credentials for a local administrator user on the VM.
Note: we do not suggest using the "Uninstall FSLogix app" option at this stage, because it is advisable to confirm and copy your FSLogix configuration before uninstalling the app.
Step 3b - (Important!) - Imported Image Cleanup
Uninstall AVD Agent
Completely uninstall all traces of AVD agent. Remove it from Control Panel>Programs and Features (make sure all components are gone after a reboot) and remove all traces from registry
Microsoft Guidance - [External Link]
Once the new image VM has been created in NMM, you will need to start it up, login to it, and uninstall FSLogix.
*You may wish to review any FSLogix registry settings under HKLM\Software\FSLogix in the Windows registry.
Microsoft Guidance - [External Link]
The FSLogix settings can then be re-created in NMM. To do so, navigate to Settings -> Integrations and click on the appropriate FSLogix Profile to bring up the FSLogix configuration option.
Once the FSLogix registry settings have been copied to NMM, proceed with uninstalling FSLogix from Windows. After uninstalling, ensure C:\Program Files\FSLogix and HKLM\Software\FSLogix are fully deleted.
Log out of the image VM. In NMM, navigate to Desktop Images and click Set as Image in the dropdown menu next to the image VM.
Remove SafeDNS Agent from Imported Image(s)
Step 4 - Configuring New AVD Host Pools
To create a host pool, follow the article on creating host pools in NMM. If you imported an image from NFA in the previous section, select that image when creating the new host pool. Add one or two users to the host pool to be able to verify the host pool has been created properly.
Once the host pool is created, set the Auto-scale settings to mirror the settings used in NFA. Note that there will be more options available in NMM than there were in NFA.
For more information on host pools in NMM, see the Overview of Host Pools.
(Optional) Importing Personal Desktops
Personal Desktops created in NFA will have to be moved to AVD ARM manually (or you may continue operating them in AVD Classic, though NMM will not be able to see or manage them).
To migrate the personal desktops, create a new Single User Desktop (personal) pool in NMM, and set the host count to 0.
Then register the existing VMs to the new host pool, following Microsoft's documentation.
Step 5 - Adding users to new host pools
Now that the new NMM host pool is ready, it's time to assign users and/or groups to the new host pool. Follow the Overview of Users and Overview of Groups articles to assign users and groups to the host pools.
At this point, users will have access to both the NFA desktops and the NMM desktops. When you are ready, you can un-assign them from their desktops in NFA so that they will only have the option of signing into the NMM desktops.
Step 6 - Testing and Cutover to NMM
Now that users have been migrated to the NMM environment, you can turn down the NFA environment. The steps to do so are
SafeDNS was an inclusive feature of NFA and isn't included in NMM. Partners will need modify current DNS settings and consider what DNS service they will use going forward.
Note: If you imported your desktop image from NFA you may need to uninstall the SafeDNS client from the image
Steps to remove SafeDNS
- From DC01, open up the DNS Manager and right-click "DC01", then select properties.
- From the "Forwarders" tab, click Edit and add an IP address to a public DNS server such as Google (188.8.131.52, 184.108.40.206) or CloudFlare (220.127.116.11)
- From your account in the Nerdio Admin Portal, expand the Network tab on the left and select Firewall.
- Click "Add Rule"
- Allow outbound traffic from any source using port 53 to the IP you used for the new forwarder.
- Ensure that the priority is above the existing system rule titled "Allow DNS to SafeDNS" (use a number lower than 501)
- Save the rule and confirm that DNS is functioning as expected.
- Obtain your SafeDNS password or set one: Setting up and gaining access to the SafeDNS portal
- Uninstall from your image after you import (the standard uninstall requires the username/password)
Disable auto-scale on NFA host pools
In NFA portal, navigate to Servers, find your host pool and select Manage Auto Scale from the drop down menu
- Shut down all old host pools in NFA portal
- Disable auto-scale on all servers / personal desktops (in NFA portal)
- Configure auto-scale on servers in NMM portal
New to NMM - Common Errors and Guides
|Prev <-- Planning for Migration||Next --> Post Migration Cleanup|