Gotcha, but just to be clear, you're saying that the local AppData folder within the base image will not be used by security scanning software or apps that are or aren't controlled by DEM?

sjesse

I should just ask, do you redirect your appdata folder via DEM? I'm assuming you don't. 

IF you don't redirect them, the files are in the clones instead of a file serve so they are still there. So they may or may not be scanned depending on your security software. I redirect AppData currently but am migrating to fslogix profile containers . There is a place for not redirecting them or not using a profile contaior, but you need to make sure you profile everything.

Just curious why you're adding another layer of complexity with fslogix when it's kinda redundant with DEM as far as user profile and config data? Are you trying to improve login speeds? 

There are things like holding outlook data and other things DEM can't do, and remember DEM will not capture everything. Remember the profile still exists and anything not in DEM is lost on logout, this way is a failback for anything missed. There isn't too much extra complexity, you just need AD ,and agent, and a file server. Its enabled by gpo so I only use it if needed, not by default. Its much faster then writable volumes with appvolumes.