Share via

Azure Virtual Desktop Application group assignment using ARM template

Vel 1 Reputation point
2022-01-17T10:30:31.417+00:00

Hi,

I'm new to ARM templates, request your assistance on a small task I'm working on. I'm trying to use ARM template to add Azure AD users to Azure Virtual Desktop Application group, which uses RBAC role assignments to assign "Desktop Virtualization User" role to the user at the Application group scope.

This role assignment requires Principal ID of the Azure AD object, I have come up with a rough ARM template (attached) that would add user to application group if the principal id of the user is supplied in the template. But I would like the ARM template to find out the principal id of the Azure AD user that's passed to it and add that user to the application group.

I could create a Powershell script to find the principal id but could not get it working as a deployment script either, can someone please assist with a way to get principal ID of Azure AD user within an ARM template

.165596-working2.txt

Azure Virtual Desktop
Azure Virtual Desktop
A Microsoft desktop and app virtualization service that runs on Azure. Previously known as Windows Virtual Desktop.
1,385 questions

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. srbhatta-MSFT 8,546 Reputation points Microsoft Employee
    2022-01-20T15:14:38.453+00:00

    Hi @Vel ,

    I have reviewed your requirement and I did a POC in my lab environment to assign role to an Azure AD user by creating a deployment script.
    You can first create a user assigned managed identity.
    Then assign the role in Azure AD to this managed identity using the object id of the managed identity by creating a Deployment script.
    Then run the Deployment script via Powershell.

    Please refer to my lab my here : DeploymentScripts-GitHub-sreeja8

    RoleAssignmentCreate.json - Assigns role to a Resource Group scope to a Azure AD user by dynamically fetching(using deployment script) the Principal ID with display name of the user.

    Parameters.json - Contains parameters.

    New-AzResourceGroupDeployment -ResourceGroupName lab -TemplateFile RoleAssignmentCreate.json -TemplateParameterFile Parameters.json -Name TestDeployment1

    Below is the snippet of code from RoleAssignmentCreate.json file where we are working with the output from a Powershell script.
    Reference link : deployment-script-template-output-from-powershell-script

    166862-2022-01-20-20-36-29-clipboard.png

    Please "**Accept as answer" if this helps you. This will help us and others in the community as well.**

    0 comments