Here are my thoughts on how to deploy this solution side by side with UEM. Note: This is untested. I merely have been doing research on FSLogix and implying my knowledge on how things work in ...
See more...
Here are my thoughts on how to deploy this solution side by side with UEM. Note: This is untested. I merely have been doing research on FSLogix and implying my knowledge on how things work in UEM to see how to deploy both of them on the same VM. Take everything I say with a grain of salt Personalization - It looks like to get both UEM and FSLogix to behave well together you will have to configure DireFlex to only export at logoff all items under "Personalization" just to backup user configurations in case of the vhd disk corruption. Or simply disable all the items. You wouldn't want a user to start completely from scratch in case of a disk corruption. However, in theory you should be backing these vhd disks as part of your solution. One could argue why not just restore the vhd from backup and voila. User is back to working in minutes. Picking up exactly where he/she left off at. - Importing Personalization items at logon could cause some serious issues as the data already exists on the mounted disk and both UEM and FSLogix may end up importing the same data at the same time. User Environment - I would still use UEM for ADMX-base settings deployments. - I would disable OST policy from UEM "App Volumes" - I would still utilize the following: Drive mappings, Environment Variables, File Type Associations, Horizon Smart Policies, Logon Tasks, Log off Tasks, Printer Mappings, Privilege Elevation, Triggered Tasks, - I am sort of undecided about Application Blocking considering FSLogix has a similar module called "App Masking" that seems to be doing the same thing but better. I do not need to block an application if I am already masking it for those who are not entitled to it. I am a little conflicted but I do however still find some good use cases for Application Blocking. Especially for an environment like where I currently worked at. We block applications like mstsc.exe to prevent users from remoting to another workstation and potentially copy and paste PHI documents. I don't believe I should/can mask an application like mstsc. - I would use Registry Settings with a condition if key value doesn't already exists. - I would use shortcut with a condition if folder exists and also check "Skip if shortcut already exists." - I never used the Windows Settings feature. It is the legacy way of doing things. Condition Set - I would still use condition sets