Questo browser non è più supportato.
Esegui l'aggiornamento a Microsoft Edge per sfruttare i vantaggi di funzionalità più recenti, aggiornamenti della sicurezza e supporto tecnico.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(147.20000000000002, 89%, 24%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EE%3C/text%3E%3C/svg%3E)
Hello, we recently enabled Defender for Cloud on our Azure virtual desktop session hosts using Microsoft.Azure.AzureDefenderForServers.MDE.Windows extension. We suddenly noticed that some users started to be forcefully logged off from their Virtual desktop sessions and often were unable to log in again.
We had to disable Defender for Cloud monitoring to make users log in again and staying logged in without issues.
In our Virtual desktop environment we use FSLogix Profiles: maybe there is a conflict between FSLogix and Defender for Cloud? Is there a way to configure both products to work correctly?
Un servizio di virtualizzazione di Microsoft desktop e app eseguito in Azure. Precedentemente noto come Desktop virtuale Windows.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(249.60000000000002, 21%, 34%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMD%3C/text%3E%3C/svg%3E)
quando si abilita Defender per il Cloud sui session host AVD che eseguono FSLogix, e la buona notizia è che è completamente risolvibile senza dover disabilitare permanentemente il monitoraggio di Defender.
Quando l'estensione MDE.Windows viene distribuita da Defender for Cloud, attiva la protezione in tempo reale (RTP) di Microsoft Defender sui tuoi host di sessione. FSLogix funziona montando il profilo di ciascun utente come disco virtuale VHD/VHDX al momento dell'accesso e smontandolo al momento della disconnessione. Senza le esclusioni corrette, lo scanner in tempo reale di Defender intercetta queste operazioni sul file system e provoca violazioni di condivisione sui file VHDX a metà sessione, motivo per cui gli utenti vengono disconnessi e il nuovo accesso viene bloccato.
La Soluzione: Configurare le Esclusioni Antivirus di FSLogix
La documentazione ufficiale dei requisiti preliminari FSLogix di Microsoft elenca tutte le esclusioni necessarie. Queste devono essere applicate su ogni host di sessione AVD — tramite GPO, Intune o PowerShell.
Ecco un rapido snippet di PowerShell per iniziare:
FSLogix exclusions for Defender / MDE on AVD session hosts
Add-MpPreference -ExclusionProcess "frxsvc.exe"
Add-MpPreference -ExclusionProcess "frxccds.exe"
Add-MpPreference -ExclusionProcess "frxdrv.sys"
Add-MpPreference -ExclusionProcess "frxdrvvt.sys"
Add-MpPreference -ExclusionProcess "frxccd.sys"
Add-MpPreference -ExclusionPath "$env:ProgramFiles\FSLogix\Apps"
Add-MpPreference -ExclusionPath "$env:ProgramData\FSLogix"
Add-MpPreference -ExclusionExtension ".VHD"
Add-MpPreference -ExclusionExtension ".VHDX"
Sostituire con il percorso reale dei vostri file Azure o della condivisione SMB
$SharePath = "\\storageaccount.file.core.windows.net\sharename"
Add-MpPreference -ExclusionPath $SharePath
Verifica le esclusioni applicate
Get-MpPreference | Select-Object ExclusionPath, ExclusionExtension, ExclusionProcess
Vorrete inoltre escludere esplicitamente i percorsi di condivisione SMB per i vostri file contenitore VHD/VHDX, inclusi i file di blocco e di metadata:
\\<share>\*\*.VHD(.lock / .meta / .metadata)
\\<share>\*\*.VHDX(.lock / .meta / .metadata)
%TEMP%\*\*.VHD and %WINDIR%\TEMP\*\*.VHDX
And these registry keys should be excluded too:
HKLM\SOFTWARE\FSLogix\
HKLM\SOFTWARE\Policies\FSLogix\
Metodo di Onboarding VDI :
A parte le esclusioni, è consigliabile verificare come MDE sia configurato sui vostri host. Per le configurazioni AVD non persistenti, Microsoft suggerisce di utilizzare lo script di onboarding specifico per VDI—posizionarlo nell'immagine di riferimento e attivarlo tramite un GPO di avvio invece di fare affidamento solo sull'estensione MDE di Windows Azure. Assicuratevi di non fare l'onboarding dell'immagine di riferimento stessa, ma solo degli host di sessione al loro avvio. Se utilizzate solo l'estensione Azure su host condivisi o non persistenti, potreste incorrere in dispositivi duplicati e altri problemi.
FSLogix Antivirus Exclusions
https://learn.microsoft.com/en-us/fslogix/overview-prerequisites
Onboard AVD Windows Devices to MDE:
https://learn.microsoft.com/en-us/defender-endpoint/onboard-windows-multi-session-device
Non-Persistent VDI Onboarding for MDE:
https://learn.microsoft.com/en-us/defender-endpoint/configure-endpoints-vdi
Defender for Cloud + MDE Integration:
https://learn.microsoft.com/en-us/azure/defender-for-cloud/integration-defender-for-endpoint
Grazie,
Manish.
I wanted to check if my last response made sense. I’d be glad to assist further or explain anything in more detail
Hello Manish, sorry for the late response, we had a short holiday period here in Italy. Yes, your comment made sense, so you are working on our problem? Do you need further informations? Feel free to use English as language. Thanks
Ciao @EB
Ti chiedo gentilmente di controllare la mia risposta che ho condiviso in precedenza e farmi sapere se ti è stata utile?
Hi @EB
I kindly ask you to check my answer that I shared earlier and let me know if it was helpful to you?
Hi, thank you all for your responses, we are implementing the exclusions and configurations you provided.
We will update you after a short testing period.
Regards
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(105.60000000000001, 79%, 20%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3END%3C/text%3E%3C/svg%3E)
Hey! Sorry you’re running into this—what you’re describing (users getting forcefully disconnected and then unable to log back in after enabling Defender for Cloud on AVD session hosts) is commonly caused by real-time Microsoft Defender (MDE) inspection interacting with FSLogix profile VHD/VHDX access.
When Defender for Cloud deploys the MDE.Windows extension, it enables Microsoft Defender real-time protection on the session hosts.
With FSLogix, user profiles are typically mounted/unmounted as VHD/VHDX virtual disks during sign-in and sign-out. Without the right exclusions, the Defender real-time scanner can interfere with those file-system operations, which may lead to profile/container access conflicts mid-session—and that can surface as forced logoffs and failed reconnections.
The fix is usually to configure the required Microsoft Defender Antivirus exclusions for FSLogix on each AVD session host (via GPO, Intune, or PowerShell). Apply these exclusions consistently to every host in the host pool(s).
Here’s a starting PowerShell snippet for Defender exclusions (FSLogix-focused):
FSLogix exclusions for Defender / MDE on AVD session hosts
Add-MpPreference -ExclusionProcess "frxsvc.exe"
Add-MpPreference -ExclusionProcess "frxccds.exe"
Add-MpPreference -ExclusionProcess "frxdrv.sys"
Add-MpPreference -ExclusionProcess "frxdrvvt.sys"
Add-MpPreference -ExclusionProcess "frxccd.sys"
Add-MpPreference -ExclusionPath "$env:ProgramFiles\FSLogix\Apps"
Add-MpPreference -ExclusionPath "$env:ProgramData\FSLogix"
Add-MpPreference -ExclusionExtension ".VHD"
Add-MpPreference -ExclusionExtension ".VHDX"
If your FSLogix containers are stored on an SMB share, also exclude the share path, for example:
$SharePath = "\\storageaccount.file.core.windows.net\sharename"
Add-MpPreference -ExclusionPath $SharePath
Depending on your FSLogix configuration, you may also need exclusions covering:
(These details are called out in the FSLogix prerequisites/Defender exclusion guidance.)
After applying, confirm with:
Get-MpPreference | Select-Object ExclusionPath, ExclusionExtension, ExclusionProcess
In most cases, you don’t need to disable Defender for Cloud. Instead, you keep Defender on and adjust exclusions so FSLogix VHD/VHDX mounting/unmounting isn’t blocked/flagged.
Note: This content was drafted with the help of an AI system. Please verify the information before relying on it for decision-making.