Forum Discussion

nvisa44's avatar
nvisa44
Copper Contributor
Jun 21, 2024

AVD Workspace design best practice

What is the  AVD workspace design best practice in terms of security in mind?

In my current design, I have three desktop host pools, which are completely isolated within the desktops, network and users. (One region only)

The question is, do I use one workspace or 3 workspaces? Any pros and cons

  • nvisa44's avatar
    nvisa44
    Copper Contributor
    I plan to have my own AVD workspace for each desktop group, assuming that each desktop group user doesn’t require access to another desktop group. Also, I assume that publishing in a single workspace will be less secure than having one workspace for each desktop pool. Yes, this comes with additional admin task.
    • Matthias-Braun's avatar
      Matthias-Braun
      Brass Contributor

      Hey nvisa44,

       

      I don't think I understood your approach correctly. Why shouldn't it be safer?

       

      The assignment of user authorisations takes place at the level of the Azure Virtual Desktop Application Group and not at AVD Workspace level.

       

      But I understand that from an organisational point of view, for example for connected organisations, it is better to build classic silos. So running multiple AVD workspaces.

       

      We also implement this in various customer projects, but as already indicated, not due to security aspects.

       

      If my answer has helped you, I would of course appreciate a Like 🙂

       

      Best regards,

      Matthias

Resources