Share via

AVD pooled host pool with 20 session hosts, EDS, Azure Files FSLogix – what is the Microsoft-recommended production pattern for true scale-out/scale-in?

Paul 20 Reputation points
2026-04-03T12:05:24.2133333+00:00

We have an AVD pooled environment with approximately 20 session hosts. We need a production-stable design that supports:

Microsoft Entra Domain Services (EDS) for session host domain join

Azure Files for FSLogix profile containers

true scale-out / scale-in of hosts based on demand

maintaining minimum warm capacity

safe drain/removal of hosts during scale-in

Could you please confirm the Microsoft-recommended and supported production pattern for this requirement?

Specifically:

What is the recommended way to achieve true elasticity for pooled session hosts in production?

Is EDS + Azure Files + FSLogix the correct supported identity/profile combination here?

Is breadth-first the preferred load-balancing method when elasticity is required?

Are there any key caveats or unsupported combinations we should avoid?

Azure Virtual Desktop
Azure Virtual Desktop

A Microsoft desktop and app virtualization service that runs on Azure. Previously known as Windows Virtual Desktop.

0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest

  1. AI answer

    2026-04-03T12:05:45.18+00:00

    For a 16‑host pooled Azure Virtual Desktop (AVD) environment using Microsoft Entra–based identity and Azure Files with FSLogix, the context supports the following design principles and combinations.

    1. Recommended way to achieve elasticity for pooled session hosts

    A production pattern for “true” scale‑out/scale‑in focuses on:

    • Use pooled host pools with multi‑session session hosts where possible to reduce cost per user and improve elasticity.
    • Choose a load‑balancing algorithm aligned with cost vs. experience:
      • Depth-first: Saturates one session host at a time before using others. This is explicitly called out as more cost‑efficient and particularly beneficial in scale‑down scenarios because it fully utilizes a host before moving to the next. This pattern works well with aggressive scale‑in (fewer active hosts, more idle hosts that can be shut down).
      • Breadth-first: Distributes sessions across hosts for better user experience but less efficient for scale‑in because more hosts are partially utilized.
    • Use Azure Policy and infrastructure as code (for example, Azure VM Image Builder and the Virtual Desktop Accelerator) to standardize host configuration, which is important when frequently adding/removing hosts.
    • Use validation host pools to test AVD agent and image changes before rolling them into the elastic production pool.

    Within the provided context, depth‑first load balancing is the explicitly recommended option when cost efficiency and scale‑down behavior are priorities.

    1. Identity and profile combination: EDS + Azure Files + FSLogix

    The context describes supported identity and storage combinations for FSLogix profile containers on Azure Files:

    • Azure Files can be used with FSLogix profile containers.
    • Identity options for Azure Files + FSLogix include:
      • On‑premises Active Directory Domain Services (AD DS).
      • Microsoft Entra Kerberos (for hybrid or cloud‑only identities) with Microsoft Entra joined or hybrid joined session hosts.
      • Microsoft Entra Domain Services (EDS) as a managed directory service for cloud‑only identities.

    The article on storing FSLogix profile containers on Azure Files with AD DS or Microsoft Entra Domain Services explicitly documents this pattern as supported.

    Therefore, Microsoft Entra Domain Services + Azure Files + FSLogix is a documented and supported combination for profile containers.

    1. Load-balancing preference when elasticity is required

    The host pool settings guidance states:

    • Breadth-first load balancing: Distributes user sessions across session hosts and can improve user experience.
    • Depth-first load balancing: Saturates one session host at a time before assigning users to others, ensuring efficient use of resources and being “particularly cost-effective” and “especially beneficial in scale-down scenarios.”

    For “true elasticity” with frequent scale‑in/scale‑out and a focus on cost efficiency, the documented guidance favors depth-first because it concentrates load, allowing unused hosts to be powered off or removed more cleanly. Breadth-first is more appropriate when user experience (evenly loaded hosts) is prioritized over aggressive scale‑in.

    1. Key caveats and combinations to avoid

    From the context:

    • When using Azure Files for FSLogix:
      • Ensure identity‑based authentication is configured correctly (AD DS, Microsoft Entra Kerberos, or Microsoft Entra Domain Services) and that the right SMB permissions and Azure RBAC roles are assigned.
      • Use a storage account in the same Azure region and resource group as the AVD host pool to minimize latency and avoid cross‑region data transfer costs.
      • Be aware that premium (SSD) Azure file shares do not offer geo‑redundancy, which affects disaster recovery design.
    • For FSLogix profile containers on Azure Files with AD DS or Microsoft Entra Domain Services:
      • Session hosts must be joined to the corresponding domain (AD DS or Microsoft Entra Domain Services managed domain).
      • Local profiles on session hosts must be removed before FSLogix can take over profile management.
      • An upcoming Windows Server Kerberos hardening change requires upgrading to AES‑SHA1 for SMB file shares hosting FSLogix containers to avoid access issues.
    • For Microsoft Entra joined session hosts:
      • Access to Azure Files shares using Microsoft Entra Kerberos for FSLogix profiles is fully supported for hybrid users, and in preview for cloud‑only and external identities. This preview status is a caveat when designing production environments that rely on cloud‑only identities with Microsoft Entra joined VMs.

    In summary:

    • AVD pooled host pools with multi‑session hosts, depth-first load balancing, and standardized images (via IaC) form the recommended pattern for elastic, cost‑efficient scale‑out/scale‑in.
    • Microsoft Entra Domain Services + Azure Files + FSLogix is a documented, supported combination for profile containers.
    • Depth‑first load balancing is the recommended method when elasticity and cost‑efficient scale‑down are primary goals; breadth‑first is more about user experience.
    • Ensure correct identity configuration, regional alignment of storage and host pools, awareness of Azure Files redundancy characteristics, and compliance with upcoming Kerberos encryption changes. Avoid relying on preview features (such as cloud‑only identities with Microsoft Entra joined VMs + Azure Files via Entra Kerberos) for strict production requirements.

    References:

    AI-generated content may be incorrect. Read our transparency notes for more information.

    Was this answer helpful?

    1 person found this answer helpful.
  2. Ankit Yadav 14,455 Reputation points Microsoft External Staff Moderator
    2026-04-03T12:43:18.73+00:00

    Hey Paul,

    it sounds like you’re building a 20-node AVD pooled host pool using Entra Domain Services (EDS) + Azure Files for FSLogix and you want true on-demand scale-out/scale-in with safe host drain and a warm-pool of spare capacity. Here’s the Microsoft-recommended pattern:

    1. Identity & Profile Store • Yes – EDS + Azure Files (SMB) + FSLogix is a supported, production-grade combination. • EDS will domain-join your session hosts without a full AD infrastructure, and Azure Files meets the FSLogix profile container requirements.
    2. True Elasticity via Autoscale Scaling Plans • Use the built-in “Autoscale” scaling plans in Azure Virtual Desktop (dynamic scaling). • Define schedule phases (ramp-up, peak, ramp-down, off-peak) with: – Minimum percent of hosts (warm capacity) – Capacity thresholds (e.g. 50–75%) to trigger scale-out early – Ramp-up start times 30–60 minutes before first logins • This approach spins up hosts ahead of demand, keeps a baseline set running, and removes idle hosts safely when not needed.
    3. Load Balancing Algorithm • Ramp-up (elastic fill): Breadth-First – Distributes new connections across all running hosts. – Combined with a scaling plan minimum host setting, it ensures you have “x” VMs up before peak. • Peak/Ramp-down/Off-peak (session density optimization): Depth-First – Packs sessions onto fewer hosts, then scales in idle hosts. • You can mix algorithms per schedule phase in your scaling plan.
    4. Safe Drain & Removal of Hosts • Configure your scale-in phase to: – Force sign-off or allow graceful disconnect – Stop VMs only when they have zero active sessions • Scaling plans handle host drain automatically if you enable the “Stop VMs when session count = 0” option.
    5. Key Caveats & Gotchas • Breadth-First alone won’t start deallocated hosts on connect unless you also use a scaling plan (or “Start VM on Connect”). • If you rely solely on “Start VM on Connect,” sessions will keep flowing to the first available running host until it’s full. • Make sure your max session limit per host is set (not “unbounded”) so that new hosts actually start. • Always test your ramp-up settings ahead of production to tune minimum percentages and capacity thresholds.

    Put it all together in a single scaling plan that:

    • Ramps up with Breadth-First + 20–30% minimum hosts 30–60 minutes before work hours
    • Shifts to Depth-First during peak to maximize density
    • Drains and deallocates unused hosts automatically after hours

    Hope this helps you achieve a fully elastic, production-grade AVD pooled environment!

    References

    Note: This content was drafted with the help of an AI system. Please verify the information before relying on it for decision-making.

    Was this answer helpful?

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.