Improper AVD Host Decommissioning – A Practical Governance Framework

Hi everyone,

After working with multiple production Azure Virtual Desktop environments, I noticed a recurring issue that rarely gets documented properly:

Improper host decommissioning.

Scaling out AVD is easy.

Scaling down safely is where environments silently drift.

Common issues I’ve seen in the field:

Session hosts deleted before drain completion

Orphaned Entra ID device objects

Intune-managed device records left behind

Stale registration tokens

FSLogix containers remaining locked

Defender onboarding objects not cleaned

Host pool inconsistencies over time

The problem is not technical complexity.

It’s lifecycle governance.

So I built a structured approach to host decommissioning focused on:

Drain validation

Active session verification

Controlled removal from host pool

VM deletion sequencing

Identity cleanup validation

Registration token rotation

Logging and execution safety

I’ve published a practical framework here:

The framework is fully documented and includes validation logic and logging.

https://github.com/modernendpoint/AVD-Host-Decommission-Framework

The goal is simple:

Not just removing a VM —

but preserving platform integrity.

I’m curious:

How are you handling host lifecycle management in your AVD environments?

Fully automated?

Manual?

Integrated with scaling plans?

Identity cleanup included?

Would love to hear how others approach this.

Menahem Suissa

AVD | Intune | Identity-Driven Architecture