Home

Windows Virtual Desktop Cons

%3CLINGO-SUB%20id%3D%22lingo-sub-560708%22%20slang%3D%22en-US%22%3EWindows%20Virtual%20Desktop%20Cons%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-560708%22%20slang%3D%22en-US%22%3E%3CP%3EHello%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20think%20the%20potential%20is%20incredibly%20high%20for%20this%20Windows%20Virtual%20Desktop%20(WVD)%20solution%2C%20and%20I'm%20looking%20forward%20to%20improvements%20and%20new%20features%20as%20they%20are%20released.%20There%20doesn't%20appear%20to%20be%20a%20UserVoice%20forum%20set%20up%20for%20reporting%20issues%20to%20Microsoft.%20I%20wanted%20to%20summarize%20some%20of%20the%20issues%20I've%20found%2C%20or%20read%20about%20that%20would%20make%20production%20implementation%20difficult%20on%20the%20short%20term.%3C%2FP%3E%3CP%3E%3CBR%20%2F%3ECons%3CBR%20%2F%3E-%20In%20multi-windows%20VD%20environments%2C%20if%20a%20user%20is%20disconnected%20they%20aren't%20necessarily%20reconnected%20to%20original%20VD%20(RD%20session%20broker).%3C%2FP%3E%3CP%3E%3CBR%20%2F%3E-%20With%20new%20Microsoft%20Remote%20Desktop%20program%2C%20Azure%20MFA%20is%20only%20required%20when%20first%20subscribing%20to%20a%20feed.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E-%20Azure%20MFA%20can%20be%20bypassed%20with%20Microsoft%20Remote%20Desktop%20Preview%20app%20(v%2010.1.1098.0).%20(Subscribe%20to%20feed%20%3CA%20href%3D%22https%3A%2F%2Frdweb.wvd.microsoft.com%2Fapi%2Ffeeddiscovery%2Fwebfeeddiscovery.aspx%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Frdweb.wvd.microsoft.com%2Fapi%2Ffeeddiscovery%2Fwebfeeddiscovery.aspx%3C%2FA%3E).%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E-%20No%20apparent%20way%20to%20host%20WVD%20VMs%20so%20they%20are%20only%20accessible%20from%20a%20corporate%20network.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E-%20Can't%20control%20resolution%20or%20monitor%20spanning%20in%20new%20Microsoft%20Remote%20Desktop%20client%20(v%201.2.138.18873).%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E-%20Printer%20redirection%20through%20web%20client%20doesn't%20work%20as%20well%20as%20through%20the%20Remote%20Desktop%20client.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E-%20Initial%20connection%20to%20WVDs%20frequently%20fails%20or%20is%20slow%20to%20connect.%20(Noticed%20during%20afternoon%20business%20hours%2C%20US%20Eastern%20time%20zone).%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20hope%20this%20feedback%20gets%20to%20resources%20at%20Microsoft%20that%20can%20address%20them.%20At%20this%20point%2C%20remote%20desktop%20services%20on%20Windows%20Server%20still%20offers%20the%20most%20flexibility%20in%20deployments.%20Thank%20you!%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-564188%22%20slang%3D%22en-US%22%3ERe%3A%20Windows%20Virtual%20Desktop%20Cons%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-564188%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F340541%22%20target%3D%22_blank%22%3E%405alarm603%3C%2FA%3E%3A%20Thank%20you%20for%20your%20detailed%20feedback.%20We%20will%20be%20reviewing%20it%20within%20the%20team.%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EFor%20any%20future%20features%20suggestion%20we%20are%20working%20on%20getting%20UserVoice%20being%20available%20shortly.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-692802%22%20slang%3D%22en-US%22%3ERe%3A%20Windows%20Virtual%20Desktop%20Cons%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-692802%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F340541%22%20target%3D%22_blank%22%3E%405alarm603%3C%2FA%3Eand%20Microsoft%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWe%20are%20testing%20with%20WVD%20since%20today%20and%20are%20really%20looking%20forward%20to%20using%20this.%20It%20would%20reduce%20or%20on-premises%20hardware%20requirements%20while%20at%20the%20same%20time%20simplifying%20the%20whole%20RDP%20gateway%20concept.%20That%20being%20said%2C%20I%20would%20also%20love%20to%20give%20some%20feedback%20and%20I%20was%20looking%20for%20a%20uservoice%20as%20well.%20It%20would%20be%20great%20if%20the%20team%20could%20create%20a%20uservoice.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ESome%20observations%20I%20made%20after%20testing%20with%20it%20just%20a%20short%20while%3A%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E1)%20When%20doing%20the%20role%20assignment%20(%3CFONT%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fvirtual-desktop%2Fcreate-service-principal-role-powershell%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fvirtual-desktop%2Fcreate-service-principal-role-powershell%3C%2FA%3E%3C%2FFONT%3E)%20we%20ran%20into%20an%20error%20if%20part%20of%20the%20deployment%20was%20done%20by%20a%20different%20admin%20user.%26nbsp%3B%20In%20the%20end%20we%20solved%20this%20by%20removing%20the%20RdsTenant%20created%20by%20the%20other%20user%20and%20creating%20it%20again%20by%20the%20user%20that%20would%20do%20the%20role%20assignment.%26nbsp%3B%20That%20seems%20to%20be%20weird%20as%20we%20would%20expect%20these%20tenants%20to%20be%20AzureAD-wide.%20The%20user%20performing%20the%20operation%20should%20not%20affect%20the%20RdsTenant%20creation%20(as%20long%20as%20he%2Fshe%20has%20the%20necessary%20rights).%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E2)%20The%20word%20'tenant'%20can%20be%20confusing%20in%20the%20documentation%20(AzureAD%2FOffice%20365%20tenant%20vs%20RDS).%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E3)%20The%20new%20Remote%20Desktop%20client%20does%20not%20seem%20to%20support%20Single%20Sign-on%20in%20Windows%2010%20when%20subscribing%20to%20the%20feed.%20In%20my%20case%20I%20had%20to%20enter%20my%20UPN%2C%20choose%20Work%2FSchool%20or%20Personal%20account%20and%20enter%20the%20password%20although%20I%20have%20SSO%20for%20everything%20else%20active%20(Windows%2010%201903%2C%20Azure%20AD%20registered%20and%20domain%20joined%20device).%26nbsp%3B%20SSO%20would%20be%20so%20much%20more%20elegant.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E4)%20When%20connecting%20to%20the%20WVD%20with%20a%20client%20with%20Windows%20Hello%20enabled%20in%20Key%20Trust%20mode%2C%20the%20system%20does%20not%20allow%20me%20to%20log%20in.%26nbsp%3B%20RDP%20should%20either%20do%20SSO%20(preferred)%20or%20support%20Windows%20Hello%20(key%20trust%20without%20ADFS).%20This%20problem%20is%20not%20specific%20to%20WVD%20as%20it%20is%20also%20present%20when%20you%20connect%20to%20a%20classic%20on-prem%20RDP%20deployment.%20However%2C%20with%20the%20new%20client%20I%20kind%20of%20hoped%20that%20support%20for%20Windows%20Hello%20would%20be%20included.%20It%20was%20a%20bit%20of%20disappointment%20it%20was%20(not%20yet)%20supported.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EBut%2C%20as%20indicated%20above%2C%20WVD%20seems%20to%20be%20very%20promising%20and%20we%20keep%20testing%20it%20in%20the%20hope%20to%20roll%20it%20out%20soon.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E
5alarm603
Regular Visitor

Hello,

 

I think the potential is incredibly high for this Windows Virtual Desktop (WVD) solution, and I'm looking forward to improvements and new features as they are released. There doesn't appear to be a UserVoice forum set up for reporting issues to Microsoft. I wanted to summarize some of the issues I've found, or read about that would make production implementation difficult on the short term.


Cons
- In multi-windows VD environments, if a user is disconnected they aren't necessarily reconnected to original VD (RD session broker).


- With new Microsoft Remote Desktop program, Azure MFA is only required when first subscribing to a feed.

 

- Azure MFA can be bypassed with Microsoft Remote Desktop Preview app (v 10.1.1098.0). (Subscribe to feed https://rdweb.wvd.microsoft.com/api/feeddiscovery/webfeeddiscovery.aspx).

 

- No apparent way to host WVD VMs so they are only accessible from a corporate network.

 

- Can't control resolution or monitor spanning in new Microsoft Remote Desktop client (v 1.2.138.18873).

 

- Printer redirection through web client doesn't work as well as through the Remote Desktop client.

 

- Initial connection to WVDs frequently fails or is slow to connect. (Noticed during afternoon business hours, US Eastern time zone).

 

I hope this feedback gets to resources at Microsoft that can address them. At this point, remote desktop services on Windows Server still offers the most flexibility in deployments. Thank you!

2 Replies

@5alarm603: Thank you for your detailed feedback. We will be reviewing it within the team. 

 

For any future features suggestion we are working on getting UserVoice being available shortly.

@5alarm603and Microsoft

 

We are testing with WVD since today and are really looking forward to using this. It would reduce or on-premises hardware requirements while at the same time simplifying the whole RDP gateway concept. That being said, I would also love to give some feedback and I was looking for a uservoice as well. It would be great if the team could create a uservoice.

 

Some observations I made after testing with it just a short while:

 

1) When doing the role assignment (https://docs.microsoft.com/en-us/azure/virtual-desktop/create-service-principal-role-powershell) we ran into an error if part of the deployment was done by a different admin user.  In the end we solved this by removing the RdsTenant created by the other user and creating it again by the user that would do the role assignment.  That seems to be weird as we would expect these tenants to be AzureAD-wide. The user performing the operation should not affect the RdsTenant creation (as long as he/she has the necessary rights).

 

2) The word 'tenant' can be confusing in the documentation (AzureAD/Office 365 tenant vs RDS).

 

3) The new Remote Desktop client does not seem to support Single Sign-on in Windows 10 when subscribing to the feed. In my case I had to enter my UPN, choose Work/School or Personal account and enter the password although I have SSO for everything else active (Windows 10 1903, Azure AD registered and domain joined device).  SSO would be so much more elegant.

 

4) When connecting to the WVD with a client with Windows Hello enabled in Key Trust mode, the system does not allow me to log in.  RDP should either do SSO (preferred) or support Windows Hello (key trust without ADFS). This problem is not specific to WVD as it is also present when you connect to a classic on-prem RDP deployment. However, with the new client I kind of hoped that support for Windows Hello would be included. It was a bit of disappointment it was (not yet) supported.

 

But, as indicated above, WVD seems to be very promising and we keep testing it in the hope to roll it out soon.

 

 

Related Conversations
Extentions Synchronization
ChirmyRam in Discussions on
3 Replies
Tabs and Dark Mode
cjc2112 in Discussions on
35 Replies
flashing a white screen while open new tab
Deleted in Discussions on
14 Replies
Security Community Webinars
Valon_Kolica in Security, Privacy & Compliance on
9 Replies