Public/Enable-AvdStartVmOnConnect.ps1
function Enable-AvdStartVmOnConnect { <# .SYNOPSIS Enable WVD Start VM on Connect .DESCRIPTION This function will enable the start VM on connect option in the hostpool and will configure the Azure AD permissions. It will create a new role (WVD Start VM on connect) in the Azure AD .PARAMETER HostPoolName Enter the name of the hostpool you want to enable start vm on connnect. .PARAMETER ResourceGroupName Enter the name of the resourcegroup where the hostpool resides in. .PARAMETER Force Set these parameter to force changing the ValidationEnvironment to true. .EXAMPLE Enable-WvdStartVmOnConnect -HostPoolName wvd-hostpool-001 -ResourceGroupName rg-wvd-001 #> [CmdletBinding(DefaultParameterSetName = 'Hostpool')] param ( [parameter(Mandatory)] [parameter(ParameterSetName = 'Hostpool')] [ValidateNotNullOrEmpty()] [string]$HostpoolName, [parameter(Mandatory)] [parameter(ParameterSetName = 'Hostpool')] [ValidateNotNullOrEmpty()] [string]$ResourceGroupName, [switch]$Force ) Begin { AuthenticationCheck } Process { try { $parameters = @{ HostPoolName = $HostpoolName ResourceGroupName = $ResourceGroupName } $Hostpool = Get-AzWvdHostPool @parameters if ($Force){ Update-AzWvdHostPool @parameters -ValidationEnvironment:$true } if ($Hostpool.ValidationEnvironment -eq $true) { Update-AzWvdHostPool @parameters -StartVMOnConnect:$true Write-Verbose "Hostpool $($Hostpool.Hostpoolname) updated, StartVMOnConnect is set to $true" } } catch { Throw "The hostpooltype for provided hostpool $Hostpoolname must be a validation enviroment" } #Region get Windows Virtual Desktop Service Principal $GraphResource = "https://graph.microsoft.com" $GraphHeader = GetAuthToken -resource $GraphResource $ServicePrincipalURL = "$($GraphResource)/beta/servicePrincipals?`$filter=displayName eq 'Windows Virtual Desktop'" $ServicePrincipals = Invoke-RestMethod -Method GET -Uri $ServicePrincipalURL -Headers $GraphHeader #Endregion $SubscriptionId = [Microsoft.Azure.Commands.Common.Authentication.Abstractions.AzureRmProfileProvider]::Instance.Profile.DefaultContext.Subscription.Id $ScopeResourceGroup = (Get-AzResource -ResourceID (Get-AvdLatestSessionHost @parameters).ResourceId).ResourceGroupName $Scope = "subscriptions/$($SubscriptionId)/Resourcegroups/$ScopeResourceGroup" $AzureResource = "https://management.azure.com" $AzureHeader = GetAuthToken -resource $AzureResource #Region create custom role # Building a new role GUID $RoleGuid = (New-Guid).Guid # Generating the role body $RoleBody = @{ name = $RoleGuid properties = @{ roleName = "WVD Start VM on connect" description = "This role is used to start VM when connecting" assignableScopes = @( $Scope ) permissions = @( @{ actions = @( "Microsoft.Compute/virtualMachines/start/action", "Microsoft.Compute/virtualMachines/read" ) notActions = @() dataActions = @() notDataActions = @() } ) } } $RoleJsonBody = $RoleBody | ConvertTo-Json -Depth 5 $DefinitionUrl = "$($AzureResource)/$Scope/providers/Microsoft.Authorization/roleDefinitions/$($RoleGuid)?api-version=2018-07-01" $CustomRole = Invoke-RestMethod -Method PUT -Body $RoleJsonBody -Headers $AzureHeader -URi $DefinitionUrl #Endregion #region create assignment # New assignment GUID $ServicePrincipals.value.id | foreach { $AssignGuid = (New-Guid).Guid $AssignURL = "$AzureResource/$Scope/providers/Microsoft.Authorization/roleAssignments/$($AssignGuid)?api-version=2021-04-01-preview" $assignBody = @{ properties = @{ roleDefinitionId = $CustomRole.id principalId = $_ } } $JsonBody = $assignBody | ConvertTo-Json Invoke-RestMethod -Method PUT -Uri $AssignURL -Headers $AzureHeader -Body $JsonBody } } } |