[Question/Feedback]: AMBA AVD alerts - permissions issue

Question

[Question/Feedback]: AMBA AVD alerts - permissions issue

abkgaard opened this issue 4 months ago · 0 comments

Check for previous/existing GitHub issues

I have checked for previous/existing GitHub issues

Description

When deploying the AMBA AVD accelerator (https://azure.github.io/azure-monitor-baseline-alerts/patterns/specialized/avd/), you will find that the automation account responsible for collecting hostpool capacity data fails due to lack of permission.

For hostpool capacity (Get-HostPoolInfo.ps1), Desktop Virtualization Reader is granted only on the resource group where session hosts reside. If we have host pool resources in one resource group, and session hosts in another, the permissions will not be granted for the host pool resources.
That means when the runbook runs Get-AzWvdHostPool, it does not get any host pools, but also just returns an empty array output.
Suggestion: In the scenario that host pool and session hosts are not in the same resource group, grant Desktop Virtualization Reader on both resource groups instead of just the session host