Setting up Azure Virtual Desktop and Accessing Virtual Machines from Host pool

In this article, we are going to configure Azure virtual desktop host pool and machines, but before we jump into that, let us first see what azure virtual desktop is and what are prerequisite to configure it.

What is Azure Virtual Desktop:

Azure Virtual Desktop is a desktop and app virtualization service that runs on the cloud.

Key Features:

1. ??Access Windows 10 and Windows 11 desktop and applications from virtually anywhere (Desktop clients like windows, Mac iOS, Android, HTML5)
2. ?Leverage the seamless Microsoft Teams and Microsoft Office experience
3. There are no additional license costs—Azure Virtual Desktop can be used with your existing eligible Microsoft 365 or Windows per-user license.
4. Deploy and scale quickly within the Azure portal

Prerequisite for Accessing and Deploying Azure Virtual Desktop:

?Infrastructure:

• An?Azure Active Directory.
• ?An Azure subscription parented to the same Azure AD tenant, that contains a virtual network that either contains or is connected to the Windows Server Active Directory or Azure AD DS instance.

One of following configuration for Identity and VM Domain Join

1. A Windows Server Active Directory in sync with Azure Active Directory. You can configure this using Azure AD Connect (for hybrid organizations) or Azure AD Domain Services (for hybrid or cloud organizations).
2. A Windows Server AD in sync with Azure Active Directory. User is sourced from Windows Server AD and the Azure Virtual Desktop VM is joined to the Windows Server AD domain.
3. A Windows Server AD in sync with Azure Active Directory. User is sourced from Windows Server AD and the Azure Virtual Desktop VM is joined to Azure AD Domain Services domain.
4. An Azure AD Domain Services domain. User is sourced from Azure Active Directory, and the Azure Virtual Desktop VM is joined to Azure AD Domain Services domain.

License Required:

?

Deployment of Azure Virtual Desktop on Azure with Hybrid Identity:

?I am assuming that connectivity between Azure and On-premises has been set up as well Identities between Azure AD and Active Directory domain services are synced using Azure AD connect.

What does Azure AD Connect and Connect Health? | Microsoft Docs

For this lab I have configured Active Directory in Azure VM using the following article:

Install Active Directory Domain Services on an Azure virtual machine | Microsoft Docs

Setting up Host Pool

We are going to create a host pool to easily manage assignments, application groups, and settings for your entire organization.

In Azure portal Type AVD or Azure Virtual Desktop:

Click on Create a host pool>>

Fill the following required fields,

Resource group: a desktop-demo-rg

HostPoolName: GraphicsTeamPool

Location: East US or location where you want to host Azure AVD

Validation Environment (Select yes or no): The validation host pool allows you to test service changes before they are deployed to production.

Host Pool Type:

Choose personal if you want to assign machines dedicated to individual users.

Choose Pooled(shared): Most users configure AVD in this setting since Session hosts (Machines) are shared with multiple users.

Azure Virtual Desktop pooled host pool makes use of FSLogix (profile management, Office containers, App masking, Java Version) for users to access their personalized profile personalization and data in the session host.

Load Balancing Algorithm: Breadth-First for best performance and depth-first for cost-saving scenarios

Breadth-first load balancing distributes new user sessions across all available session hosts in the host pool. Depth-first load balancing distributes new user sessions to an available session host with the highest number of connections but has not reached its maximum session limit threshold.

?Max Session Limit: you can choose the maximum number of sessions allowed from 0 to 999999 based on the capacity of VM and deployment configuration in a breadth-first pool.

?Click Next: Virtual Machine

This section is the most important in the AVD configuration

You can choose to add a virtual machine later, but it is always recommended to add a machine while creating a host pool.

?

Resource groups: Select resource group where you want to machine to be created(avd-demo-rg)

Name Prefix: Prefix for VM’s inside a pool,

Virtual Machine Location: Location for hosting VM (as well Azure Virtual network which has a line of sight to On-premises Active Directory though VPN gateway or peering)

Availability Options: You can deploy VM’s to availability sets or availability zones for redundancy and higher availability

Image Type: Gallery (if you want to choose Microsoft provided images of windows 10 or window server 2019)

or from Storage blob (if you want to use your own image): use cases for windows 2007 or want to manage your own images (FSLogix configuration required for multiuser personalized container support)

Image: You can choose from multiple images based on your requirements

Virtual Machine Size:

Choose VM size based on your session host and workload requirements

Number of VM’s: Configure the numbers of VM’s required in a pool

OS Disk Type: You can choose from available disk types of Premium SSD, Standard SSD, or Standard HDD

Virtual Network: Choose virtual network available in the region which has connectivity or Line of sight to active directory or Azure active directory domain services.

Subnet: Choose subnet to host your VM’s

NSG: choose from None, Basic or Advanced (if you want a dedicated nsg for pool)

?Domain to Join:

Select which Directory to Join: You can choose from the following options

Azure AD: choose this If you have Azure Active Directory domain services (AADS) configured inside your network

Active Directory: Choose this if you have Active directory on-premises which is synced with Azure Active Directory using Azure AD connect (Should have a line of sight to on-premises active directory).

Since users must be discoverable through Azure Active Directory (Azure AD) to access the Azure Virtual Desktop, user identities that exist only in Active Directory Domain Services (AD DS) are not supported. This includes standalone Active Directory deployments with Active Directory Federation Services (AD FS)

AD Domain Join UPN: Username of user with domain controller rights

Password: Password of domain join UPN

Specify Domain/Unit: You can specify domain or OU if you don’t specify this option, VM’s in pool joined domain specified in UPN ?

Click next>workspace: create workspace: create desktop app group in new/existing workspace: In the workspace, you can assign permissions to users to access desktop apps groups

?

In the Next tabs (Advanced and Tags): enable diagnostics and add tags based on your requirements.

?Click review and create:

It will take approximately 15-20 minutes to provision an AVM pool and machines.

After successful deployment, you should see machines and application groups inside the pool

?You can see all session host inside a pool under the host pool

Navigate to Application groups/Assignments and assign user access to desktop assignment group created earlier

?Also, make sure that users have a “Virtual machine user login” RBAC role on resource group or VM’s

?Assign the required M365 license to the user if it is not already done for users accessing the machines in the host pool.

?Accessing VM’s using web browser:

Browse the following URL in the browser with the user’s credentials

https://rdweb.wvd.microsoft.com/arm/webclient

After clicking on app-group you should be prompted for credentials since a single sign-on is not yet supported.

?Inside a VM:

Active session inside a pool

Accessing VM’s using Desktop Client:

You can also access VM’s from the pool by installing a remote client in your machine

?

Connect to Azure Virtual Desktop Windows 10 or 7 - Azure | Microsoft Docs

?Install client in your machine and connect to your workspace by subscribing to the following.

https://rdweb.wvd.microsoft.com/api/arm/feeddiscovery

After a successful subscription, you should see your workspace and application group in the client app from where you can connect to your machine.'

Best practice for Azure Virtual Desktop

?