Identifying AVD customers tenants with Azure lighthouse

Hi Anna_Georgieva,

You can indeed use Azure Lighthouse and Microsoft Graph to identify customer tenants with Azure Virtual Desktop (AVD) deployments. Below is a step-by-step guide to help you achieve this.

Step-by-Step Guide to Identify AVD Customers Using Azure Lighthouse and Microsoft Graph

1. Set Up Azure Lighthouse

Ensure that you have the appropriate permissions and roles set up in Azure Lighthouse to manage and query resources across customer tenants.

2. Grant Permissions for Microsoft Graph

You need to have the appropriate Microsoft Graph API permissions to query tenant information. Typically, you would need Directory.Read.All and Reports.Read.All permissions.

3. Use Azure Graph Explorer

Azure Graph Explorer is a useful tool to run queries against Microsoft Graph API. You can use it to identify tenants with AVD deployments.

4. Run Graph Queries

To identify customer tenants with AVD deployments, you can use the following steps:

1. Log in to Microsoft Graph Explorer:
• Go to Microsoft Graph Explorer.
2. List All Tenants:
• First, list all the tenants you manage via Azure Lighthouse.
• Use the following query:

GET https://graph.microsoft.com/v1.0/tenantRelationships/delegatedAdminCustomers

2.
• This will give you a list of tenants that are managed through Azure Lighthouse.
3. Query AVD Deployments:
• For each tenant, you need to query the resources to identify AVD deployments.
• You can use the subscriptions and providers endpoints to find AVD resources. Here is a sample query:

GET https://management.azure.com/subscriptions/{subscription-id}/providers/Microsoft.DesktopVirtualization/hostPools?api-version=2021-07-12

3.
• Replace {subscription-id} with the actual subscription ID of the customer tenant.

5. Automate the Process

To automate this process, you can write a script using PowerShell or Azure CLI. Here is an example using PowerShell:

# Authenticate to Azure
Connect-AzAccount

# Get list of delegated admin customers
$customers = Invoke-RestMethod -Method Get -Uri "https://graph.microsoft.com/v1.0/tenantRelationships/delegatedAdminCustomers" -Headers @{Authorization = "Bearer $($token)"}

# Loop through each customer tenant
foreach ($customer in $customers.value) {
$tenantId = $customer.customerId

# Authenticate to the customer's tenant
Select-AzSubscription -SubscriptionId $tenantId

# List AVD host pools in the tenant
$hostPools = Get-AzResource -ResourceType "Microsoft.DesktopVirtualization/hostPools"

if ($hostPools) {
Write-Output "Tenant ID: $tenantId has AVD deployments."
Write-Output $hostPools
} else {
Write-Output "Tenant ID: $tenantId does not have any AVD deployments."
}
}

Recommendations

• Permissions: Ensure you have the required permissions across all customer tenants to run these queries.
• Automation: Consider using Azure Automation or Logic Apps to automate the querying process periodically.
• Documentation: Refer to the Microsoft Graph API documentation and Azure Lighthouse documentation for detailed information on the endpoints and permissions.

Conclusion

By using Azure Lighthouse and Microsoft Graph, you can identify customer tenants with AVD deployments effectively. Automating this process can save time and provide regular insights into the usage of AVD across your managed tenants.

I hope this helps! If you have any further questions or need additional assistance, feel free to ask.