Witnessing the rapid development of the Windows Virtual Desktop solution, Microsoft has released the public preview of Windows Virtual Desktop 2020 which is based on the Azure Resource Manager model. In simple words, you can deploy and manage the WVD from the Azure Portal.
2019 fall release of WVD, which is in GA, most of the configurations are performed through PowerShell. There is a series of cmdlets for management tasks after deploying. Also, you need to configure a Web app if you really want the GUI, which comes in many limitations. ARM release of WVD, you can enable from Azure portal from few clicks and most of the configurations can perform through the Azure portal. However, it is still in public preview. If you are deploying the V1 which is in general release, refer to the following posts.
01 – Working remotely and efficiently with Microsoft technologies
02 - Windows Virtual Desktop | Configuring Prerequisites and WVD Tenant Creation
03 - Windows Virtual Desktop | Create Host Pool and Access through Web, Client App and Mobile Devices
04 - Windows Virtual Desktop | Configure FSLogix User Profiles using Azure Files and AD Authentication.
05 - Windows Virtual Desktop | Manage App groups and Publish Applications
What is New
Integrated into Azure portal dashboard
Azure portal integration helps to easily deploy WVD from simple few steps. VM image creation, Create host pools are effortless. In V1 this has to be performed through cmdlets
Management tasks through the Azure portal
Management tasks such as Application or desktop group creation, Application publishing, Assigning users can be performed through the portal. Also, custom RDP settings such as disk, audio, clipboard redirection can be enabled or disabled from the console.
User Session management
You can view the active user sessions, connected hosts from the Azure console. You can directly manage these sessions. Send messages, forcefully disconnect and logoff can be performed.
Use of Azure AD Groups
Azure groups are not supported in the previous release, with the ARM release, Azure groups, and AD synced groups are supported. You can add groups in application assignments, desktop assignments.
Role-based access control
Native Azure role-based control can be used with the Windows virtual desktop solution.
Advanced monitoring with Log analytics
WVD can now leverage Azure monitoring capabilities. Azure Log Analytics can be used to actively gather monitoring data on each WVD object. You can use the Log Analytics workspace and integrated power bi dashboards to monitor the solution.
Integrated to AZ PowerShell module
WVD management and configurations now integrated into the AZ module. To install just run: Install-Module Az.desktop virtualization, and then run Get-Command-Module Az.DesktopVirtualization to get a list of available commands.
Geographical support for Service Metadata
In the previous version, service metadata location only supported in the US, but now you can select the other regions, however, as of today it's still supported only the US regions but other regions will be added to the list shortly.
Azure Active Directory
WVD uses Azure Active Directory authentication. AAD Free version is supported with Multi-factor authentication, however, if you want more granular control with Conditional Access you need to have Azure AD Premium.
Azure AD Connect
Your on-premise active directory users should be synced to Azure Active directory through AAD Connect.
Azure Subscription with Global Admin rights
Azure Site to Site VPN with your on-premise environment – This is Only required if you want to connect to the on-premise environment to access the applications
Azure AD Domain Services or Windows Active Directory
Active directory domain join is required for the host pool VM’s, my previous blog I used to connect an on-premises AD, so this post, I’m using Azure AD Domain Services
Network requirements (here)
High Level Architecture
Above Windows Virtual Desktop architecture is designed to work with Azure AD Domain services hybrid environment. With domain services, you do not need to open your on-premises active directory to Azure. However, you need to have an IPsec VPN tunnel to access on-premises applications by WVD Pool. This architecture, we can categorize as more secure because it has less connectivity to the on-premises datacenter, but you may lose the Single Sign-on capabilities to the on-premises applications.
Deploying Azure AD Domain Services
Azure AD Domain Services provide domain services to the workloads in Azure and other cloud infrastructures. You can use it for Domain joining, deploy group policies, LDAP, authentication using Kerberos or NTLM, and managing users and groups. It’s integrated into the Azure tenant and as a managed service, you don’t need to be worried about management duties such as patching or taking backups, and its always highly available. When deploying make sure to create a separate subnet for domain services. Please refer to the following posts for implementing and configuring domain services.
What is Azure AD Domain Services
Azure AD Domain Services | Implementing and Configuring
After configuring Domain Services and updating DNS, if you are using different VNET for WVDPool, update the DNS of that VNET to use the ADDS DNS records.
Implementing Windows Virtual Desktop ARM
- Before configuring WVD, you need to register the Microsoft.DesktopVirtualization resource provider with the subscription. Select the subscription and double click to open.
- Select resource providers, Type Desktop.Virtualization and click Register
- Next, Type Windows virtual desktop on all services to access the WVD blade
- To create a Host pool, click Create a host pool button and follow the wizard as follows. Select the, VM sizing, pool type, virtual network
- In the Administrator account, provide an Azure AD Domain services Administrator account with the UPN, at this point you should already add the AADS DNS to the VNET.
- In the workspace blade, create a new workspace and register the host pool to it.
- Click Review + Create to create the WVD workspace with Host pool
Connect to the Desktop Host Pool
After successfully completing the creation of the host pool. A default desktop application group will be created. This can be accessed from the Application Groups tab.
You can open the DAG and assign users to it by clicking assignments
After assigning users, they can access the WVD from We browser or Windows desktop client
Connecting through Web client (browser)
Open a web browser and browse the following URL, Microsoft Edge, IE, Chrome, Safari, and Firefox are supported browsers. This URL is different from no ARM model.