A Step-by-Step Guide to Connect to Azure Virtual Desktop

Connecting to Azure Virtual Desktop is a straightforward process that requires a few simple steps. You'll need to have an Azure subscription and an Azure Virtual Desktop environment set up.

First, ensure you have the Azure Virtual Desktop client installed on your device. This can be downloaded from the Microsoft website.

To connect to your Azure Virtual Desktop, navigate to the Azure portal and sign in with your Azure account credentials.

Next, click on the "Azure Virtual Desktop" icon in the Azure portal, and select the session host pool you want to connect to.

To get started with connecting to Azure Virtual Desktop, you'll need to prioritize security. Security should always be job #1 in whatever we do in IT today, so let's start by setting up a Point-to-Site VPN to tunnel our traffic.

This process begins with creating a virtual network, followed by some necessary configurations. To function within an enterprise, Windows Virtual Desktop requires a DNS and AD infrastructure, so we'll ensure these are set up and configured correctly.

Here's a quick checklist to get you started:

By following these initial steps, you'll be well on your way to successfully connecting to Azure Virtual Desktop.

Now is the perfect time to adopt cloud desktops because it's the next step in the evolution of digital transformation.

Cloud desktops offer the same scalability potential as enterprise web-based applications, allowing you to quickly deploy desktops to your employees and customers.

You can centralize everything, including applications and data, to increase performance potential.

Traditional VDI achieves this, but deploying a cloud desktop platform is far simpler from a configuration and deployment perspective.

Getting Started with Windows Virtual Desktop (WVD) requires a solid foundation in security, infrastructure, and authentication.

Security is job number one in IT today, and WVD is no exception. We need to set up a Point-to-Site VPN to tunnel our traffic, starting with the creation of a virtual network followed by necessary configurations.

To function within an enterprise, WVD requires a DNS and AD infrastructure, which we'll help you set up and configure correctly. This includes ensuring that users can authenticate successfully to utilize the new virtual desktops and resources.

Azure AD Connect is necessary to unite your on-prem environment with your Azure one. We'll guide you through the procedures to ensure users can authenticate successfully to access the new virtual desktops and resources.

To manage and interact with Windows Virtual Desktop, you'll need to install the PowerShell cmdlets.

To connect to Azure Virtual Desktop, you'll need to meet some key requirements. You'll need to fund the project with Azure subscription credits to host virtual machine resources. If you don't have access to a subscription, you can sign up for a free account with a valid phone number and credit card for identity verification.

You'll also need access to your Azure Active Directory and a user account with Global Administrator access to Office 365, as well as owner role on the Azure subscription. Additionally, you'll need domain admin access to your on-prem AD, or you can create a new domain controller in Azure.

Here are the specific requirements to keep in mind:

To set up Windows Virtual Desktop, you'll need to fund the project with enough Azure subscription credits to host the virtual machine resources. You can sign up for a free account if you don't have access to a subscription, but you'll need a valid phone number and credit card for identity verification.

You'll also need access to your Azure Active Directory. This is a crucial step, so make sure you have the necessary credentials.

To manage the setup process, you'll need a user account with Global Administrator access to Office 365 and owner role on the Azure subscription. This will give you the necessary permissions to complete the setup.

You'll need to download and install the Windows Virtual Desktop cmdlets for Windows PowerShell on a Windows 10 machine. This will allow you to perform the actual work involved in setting up Windows Virtual Desktop.

You'll also need domain admin access to your on-prem AD, or you can make a new domain controller in Azure. If you're not sure which option to choose, you can refer to the guide on making your own DC in Azure.

Here are the specific requirements in a concise list:

To set up a secure network, you'll need to create a virtual network gateway. This is done by clicking on "Create virtual network gateway" and filling out the necessary values for your environment. Fill out the required information carefully to ensure a smooth setup process.

For a virtual network, you'll need to click on the "Virtual network/subnet" option in blue text after saving your changes. This will allow you to configure your network settings.

Setting up a VPN connection is crucial for secure network transmission, especially when replicating AD traffic between on-prem DC's and an Azure-based DC.

To set up and configure Azure Virtual Desktop, you'll first need to create a Windows Virtual Desktop tenant using the Active Directory tenant ID and Subscription ID. This can be done by running a command in PowerShell, replacing "CompanyWVDtenant" with your desired tenant name. The command should be on one line and will look something like this:

You'll also need to create a virtual Domain Controller in Azure, which can be done by replicating your on-prem AD infrastructure to the cloud. This adds resiliency and flexibility to your architecture, and you can choose to load balance authentication traffic or direct it all to the cloud if your on-prem network is down.

To configure your DC and VMs, you'll need to decide on the Rdsh Name Prefix, Rdsh Number Of Instances, Rdsh VM Size, and other settings, which can be found in the Miscellaneous Configurations section.

Here's a list of the settings you'll need to consider:

To install remote desktop apps in Windows Virtual Desktop (WVD), start by downloading the Windows Virtual Desktop Agent from https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RWrmXv. This is the first step in setting up a successful remote desktop experience.

The Windows Virtual Desktop Agent Bootloader can be downloaded from https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RWrxrH, which is a crucial component for a smooth installation process.

For more detailed information on WVD, refer to the official documentation at https://docs.microsoft.com/en-us/azure/virtual-desktop/. This resource will provide you with a comprehensive understanding of WVD's features and capabilities.

WVD partners, including PolicyPak, can be found at https://docs.microsoft.com/en-us/azure/virtual-desktop/partners. This list highlights the companies that have collaborated with Microsoft to create a robust ecosystem for WVD.

To get started with Windows Virtual Desktop (WVD), you need to grant consent on behalf of your organization. This is the first step in the setup process.

You'll need to repeat a series of steps, choosing the Client App this time around. This process is relatively quick and easy.

To create your WVD tenant, you'll need to run a command using your Active Directory tenant ID, Subscription ID, RDSTenant name, AadTenantId string, and AzureSubscriptionId string. For example, you can use the following command, modifying the values to match your own:

Note: The entire command should be on one line. You can copy and paste the command above into NotePad and then edit accordingly.

Here's a list of the required values:

After issuing the command, you'll see a response indicating the creation of your WVD tenant.

To configure your WVD environment, you'll need to set various miscellaneous configurations. Here are some of the key settings:

To register the AVD resource provider, go to the Azure portal, select your subscription, and search for "Microsoft.DesktopVirtualization". Click on "Register" to complete the registration process.

To install PowerShell modules, you need to install the required modules for PowerShell. First, you need to install the required modules for PowerShell.

Remember, in part 2, you got prepared and downloaded the Windows Virtual Desktop cmdlets for Windows PowerShell. This step is crucial for setting up Windows Virtual Desktop.

The Windows Virtual Desktop cmdlets for Windows PowerShell will allow you to manage and configure Windows Virtual Desktop.

Before you can start using Azure Virtual Desktop, you need to prepare your WVD environment. This involves setting up a few initial steps, which can be overwhelming if you're new to it.

First, you need to create a virtual DC in Azure, which will serve as a Domain Controller. This is a crucial step, as it will allow you to replicate your AD infrastructure from your on-prem environment to the cloud.

To create a virtual DC, you'll need to create a new OU (Organizational Unit) in Azure Active Directory. This will help you manage your VMs and keep them organized.

Here's a list of the initial steps you need to take:

Once you've completed these steps, you'll be ready to move on to the next phase of setting up your WVD environment.

Before we dive into setting up our Windows Virtual Desktop (WVD) environment, we need to wrap up a few initial steps. These steps are crucial to ensure a smooth setup process.

First, we need to create a Domain Controller (DC) in Azure, which will serve as the central authority for our WVD environment. This DC will live in Azure, not in our on-prem datacenter.

To create the DC, we'll need to replicate our Active Directory (AD) from our on-prem environment to Azure. This will add resiliency and flexibility to our architecture.

We'll then create a virtual DC in Azure, which will be the foundation of our WVD environment.

Here are the key steps to take:

Next, we'll need to add the Windows Virtual Desktop VMs to our environment. There are at least three different ways to do this, so we'll explore each option in the next section.

Before we move forward, let's make sure we have the necessary information to proceed. We'll need to know the FQDN of the domain that our VMs will be joined to, as well as the username and password of an account with the necessary permissions to join machines to the domain.

We'll also need to specify the OU path where we want the newly created VMs to live, as well as the name of the virtual network and subnet that our VMs will be placed in.

Lastly, we'll need to choose the host pool name, default desktop users, and tenant admin information. This information will be used to configure our WVD environment and ensure that it's properly set up for our users.

Installing Your VPN is a crucial step in securing your WVD environment. You want to establish a secure connection between your on-prem network and your Azure environment.

Whether you're accessing your WVD machine from your on-prem network or a remote site, you need a secure, encrypted connection. This is especially important if you're replicating AD traffic between your on-prem DC's and the one in Azure.

Creating and configuring the VPN connection secures your network transmission. This is what we do in this part of our series on WVD.

You need to verify that each virtual machine got added to the correct host pools. To do this, run the commands below in your elevated PowerShell session. The result should show the correct host pool name, along with “Status: Available” and “UpdateState: Succeeded.”

If everything is correct, you can skip the rest of this section and move on to the next step. If a VM is missing from any host pool, you can use the process below to get the machine added to the correct host pool.

To generate a registration token for adding a VM to a host pool, run the command below in your elevated PowerShell session. The token is good for 72 hours and you need to copy it safely, as you will need it later.

The token text may look like it has a lot of empty spaces between the lines, but you need to remove all the spaces for it to work. You can use Notepad to copy the text and remove the spaces, or simply turn off word wrap to see the text on one line.

Once you have your token, use a remote desktop to connect to the VM and download the files from the two links below to the VM’s desktop. Then, install the boot loader and reboot the VM.

After a few minutes, check the status of the VM by running the command below in your elevated PowerShell session. If all went well, the result should show the VM available in the correct host pool.

In earlier versions of WVDAdmin, you had to provide the deployment script and the AVD agent binaries on a custom file share or blob storage. With WVDAdmin 1.6.40 or newer, this is no longer mandatory.

However, in some cases where virtual machines don't have access to the internet to download the AVD agent binaries, you can use a custom file share. You can also use Azure blob storage to store the script, making it read-only and using the URL as the rollout script-path.

Create a file share for the configuration script, which adds new session hosts to the domain and installs the AVD agent. Give everyone at least read permissions, and set the NTFS permissions to everyone and read. This is necessary during the first startup, when the VM extension tries to execute the script.

Here are the files you need to place in this share:

Make sure to rename the files to fit the list above, without version numbers. If you're using Windows Server 2019 as a file share, make sure that anonymous file share access is enabled.

Ephemeral disks are a great option for a high-performance storage solution, especially in a multi-user AVD environment where no data is stored permanently on the session hosts. They're essentially free, which is awesome!

There are no storage costs associated with ephemeral disks. This is because they exist on the hypervisor, which means you can enjoy very high data throughput.

You can find more information on ephemeral disks and their benefits in the blog post by @MichaWets, which is linked here: https://www.cloud-architect.be/2019/07/15/windows-virtual-desktop-running-on-ephemeral-os-disks/

However, it's worth noting that ephemeral disks do come with some limitations. You can't deallocate a VM with this disk type - you have to delete the VM and roll out a new one instead.

Here are some specific limitations to keep in mind:

It's also worth noting that if the Azure hypervisor fails, your session host will fail as well and can't be re-deployed automatically.

To set up a Windows tenant, you need to grant consent on behalf of your organization, which is a quick and easy process.

You'll need to use the Active Directory tenant ID and Subscription ID you saved earlier to create your Windows Virtual Desktop tenant.

To create the tenant, you'll issue a command in the Azure portal, using the RDSTenant name, AadTenantId string, and AzureSubscriptionId string. For example, you might use a command like the one shown in Example 2.

Here's a brief overview of the required information:

Once you've entered the required information, you can create your Windows Virtual Desktop tenant.

You can access Azure Virtual Desktop on your iPad using the Remote Desktop app from the Apple Store. This app offers a more convenient experience than accessing it through the Safari browser.

The Remote Desktop app also allows you to save your login credentials for easy access. By default, you can use a mouse as an input device, and adjust the screen resolution to your preferences.

Windows Virtual Desktop offers a range of benefits that make it an attractive option for companies undergoing digital transformation. Companies can access their expected desktop experience from any location, using either the WVD native client application or a Windows Virtual Desktop HTML5 web client.

One of the key advantages of WVD is its ability to virtualize both desktops and apps, allowing administrators to assign and connect users to them with ease. This feature is particularly useful for companies with diverse workloads.

WVD also allows for the virtualization of Office 365 ProPlus, delivering it to users in an optimized environment. This can help reduce the number of virtual machines in the environment and lower costs.

By pooling multi-session resources, companies can reduce the number of virtual machines and lower costs. This can also help reduce the impact of hardware product life cycles, leading to lower CAPEX costs.

WVD provides a unified and simplified management experience for administrators, making it easier to manage desktops and apps. This can help reduce administrative burdens and improve productivity.

Here are some of the key benefits of WVD:

To provide consent for Windows Virtual Desktop, you'll need to grant access to your organization. This involves a few simple steps.

First, you'll need to visit the Windows Virtual Desktop Consent Page at https://rdweb.wvd.microsoft.com/.

From there, select the "Consent Option" and set it to "Server App." Then, fill in your AAD Tenant GUID or name and hit submit.

You can find your AAD Tenant GUID or name by visiting this link: https://portal.azure.com/#blade/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/Properties.

If there's nothing at that link, it means you don't have an active subscription. In that case, sign up for a free one at https://azure.microsoft.com/en-us/free/.

The GUID is your Azure domain name, and the tenant ID is a long alphanumeric identifier that's easy to look up in your Azure portal.

Here's a quick reference guide to help you find your AAD Tenant GUID or name:

VDI can be a powerful way to deliver a normal Windows image to BYOD users, but it requires careful implementation to ensure an optimal, efficient, and secure user experience.

You'll need to pay attention to key points when setting and delivering your VDI image, such as ensuring the user experience is optimal, efficient, and secure.

Adding PolicyPak to your toolbox can grant you increased control over both the VDI image and the applications within it.

To create a Windows Virtual Desktop tenant, you need to run a command using the Active Directory tenant ID and Subscription ID you saved earlier. This command should be on one line and can be copied and pasted into NotePad for editing.

You'll need to replace "CompanyWVDtenant" with the correct name of your tenant. Once you issue the command, you'll see a confirmation message.

The command you'll run looks like this: RDSTenant name should be the name of the tenant you are creating, AadTenantId should match the tenant Id string from your Azure portal, and AzureSubscriptionId should match the Subscription Id string from your Azure portal.

Here's a brief rundown of the required information:

You'll also need to grant consent on behalf of your organization before proceeding with the setup.

To set up your Windows tenant, you need to create a virtual network gateway. This is a crucial step, and it's done by filling out the necessary values at the "Create virtual network gateway" screen.

You'll need to click on "Review + create" to proceed with the setup. This is an important step, so make sure to double-check your entries before moving forward.

Creating a virtual network gateway is a necessary step for setting up a secure connection to your WVD machine. This ensures that your network transmission is secure and encrypted.

You want to secure your network transmission, especially if you're replicating AD traffic between your on-prem DC's and the one you just created in Azure.

Now that you've set up your virtual network gateway, it's time to add resources to your environment. Once the deployment is successful, click on the "Go to resource" button if available, if not then select "All resources" from the left column in the portal.

You'll need to click on the network gateway name you created in the previous step. If you have many resources, it may help to use the filter to locate it quickly.

The process of adding resources is relatively straightforward, but it's essential to be patient and methodical to avoid any mistakes.

To run commands for your Windows Virtual Desktop (WVD) setup, you'll need to use an elevated PowerShell session.

You'll run commands in this session to publish applications, such as Chrome and Firefox, after replacing "CompanyWVDtenant" with your organization's correct tenant name.

Rinse and repeat for any additional applications you want to publish, following the same process as a guide.

If you're looking to automate tasks or explore other features, here are some areas to consider:

To streamline the installation of remote desktop apps in Windows Virtual Desktop (WVD), consider using the Windows Virtual Desktop Agent and Windows Virtual Desktop Agent Bootloader.

The Windows Virtual Desktop Agent can be downloaded from https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RWrmXv.

Having the correct tools can make a big difference in the efficiency of your WVD setup.

You can also refer to WVD's documentation at https://docs.microsoft.com/en-us/azure/virtual-desktop/ for more information on the installation process.

If you're looking for additional support, check out the WVD partners, including PolicyPak, which is one of the first dozen partners listed at https://docs.microsoft.com/en-us/azure/virtual-desktop/partners.

To set up a new outgoing account, create a new OU with user accounts that you want to sync to Azure AD.

This OU will be used to assign Windows Virtual Desktop resources later.

Create a sub-OU within the new OU to further organize your user accounts.

For example, you can create a sub-OU called "WVD Users" to hold the user accounts that will be assigned Windows Virtual Desktop resources.

Add user accounts to the new OU and its sub-OU.

Make sure the email addresses of the users match the UPN of your Azure AD Domain.

To set up resource permissions for Windows Virtual Desktop, you first need to grant consent on behalf of your organization.

The service principal needs permission to subscriptions or resource groups to manage your AVD resources, imaging template VM, and rollout session hosts.

Open the Azure portal and go to the resource groups you want to use or to the subscriptions, and click “Access control (IAM)”.

Select “Add” and then “Add role assignment”, choosing “owner” and searching for your service principal name.

You can skip this step if you assigned the service principal to the subscription or to the resource group containing your vnet.

The service principal must have permissions to your virtual network (vnet) to assign new VMs to the right subnet.

To do this, go to your vnet, click “Access control (IAM)”, select “Add”, and then “Add role assignment”, choosing “contributor” and searching for your service principal name.

Microsoft will then ask you to accept permissions needed by Windows Virtual Desktop, hit “Accept” when prompted to grant access.

To assign users and groups to app groups, the service principal needs the owner role on the resource groups you want to use for your AVD environment.

The owner role is needed to assign users to app groups, but for other resources, “contributor” is fine.

From version 1.3.0, WVDAdmin will support a multi-AAD-tenancy mode allowing to switch the Azure AD tenant very easily.

This feature enables you to easily switch between different Azure AD tenants, making it a convenient option for managing multiple tenants.

You can start using this feature by following this link, which will guide you through the process of switching between tenants.

In a split-tenant setup, the AVD tenant and resources (session hosts) are usually in the same Azure Active Directory (AAD) tenant.

However, it's also possible to use a second service principal for the session hosts in a separate Azure AD tenant.

You can use WVDAdmin with a second service principal for the session hosts in the resource tenant.

This is particularly useful if you have two Azure AD tenants.

Follow this link for more information.

Deploying Windows Virtual Desktop (WVD) in the US Government Cloud requires some specific configuration. You can enable WVDAdmin to work in the US Government Cloud via registry by setting the value to "US".

WVDAdmin is a tool that can be used to deploy AVD in the Azure Government Cloud. To use it, you'll need to enable the registry setting for the US Government Cloud environment.

To deploy WVD in the US Government Cloud, you'll need to use the Azure Government Cloud. This is where you'll find the necessary resources and infrastructure to set up your Windows Tenant.