Skip to content
Schoolyear AVD

Changelog

2025-01-24: Abillity to connect exams to internal services

We updated both our avdcli and deployment template to allow customers to connect to internal services from within the exam sessionhost VMs.

What does this mean ?

You can now build images with applications that require an internal connection like License Servers. You can find a full guide on how to do so in the Internal Services section in the sidebar.

Update to the latest avdcli and deployment template to use this feature by following the Practical Image Building Guide:

Image Building Guide

2025-01-22: No more EntraID Groups

Up until now, Schoolyear AVD required extensive permissions in EntraId to manage groups and group members. Schoolyear AVD created a user group for each exam and added the students as members. EntraId has no option for scoping these permissions so Schoolyear AVD required Group.Create, Group.ReadWrite.All and GroupMember.ReadWrite.All. Some customers, rightfully, had doubts about giving an internal party these permissions, and we didn’t like having such extensive permissions either.

We’re happy to announce Schoolyear AVD no longer requires these permissions to work. This change is available in production to all customers starting today.

Instead of creating a group, assigning roles to that group and then adding students to that group, the Exam Orchestrator will now add these roles directly to each individual student.

What changed

  • The exam orchestrator now checks if your deployment template has a groupId parameter. If it does, it will create a group and add students to that group. If not, it will expect the new appGroupId output parameters to be returned from the deployment template. Schoolyear AVD will add students to this AVD Application Group instead of adding them to an Entra Group.
  • The new deployment template will return this appGroupId instead of having a groupId parameter.

Because the Exam Orchestrator checks if your deployment template still has the groupId parameter, this change is backwards compatible. However, we do advise all customers to migrate to a newer version of the deployment template.

How to migrate?

  1. Update all your deployment templates to the latest version. Perform the following steps for all your images:

    1. Run avdcli image package.
    2. Take the deployment template from the resulting ./out folder.
    3. Search-and-replace the parameters still left in the deployment template (see the quick-start guide).
    4. Create a new version in the Template Spec resource that belongs to this image.
    5. Reconfigure the AVD Add-on to use the new Template Spec version.

  2. Remove the following permissions from the Schoolyear AVD App Registration:

    • Group.Create
    • Group.ReadWrite.All
    • GroupMember.ReadWrite.All

  3. Test if your new deployment templates work as expected and students are able to log into the exam environment.