Sep 10 2021 07:21 AM
I have a customer who is deploying Azure Virtual Desktops. They are also looking to move an application to run on Azure VMs. This application would use AAD authentication so there would be no need to have an S2S VPN. What I am trying to figure out is how the users of the virtual desktops would get access to the application running on Azure VMs. Is that something that can be done via remote apps so that I don't have to expose the application to the internet? Do I have to setup something like Azure Firewall to put the application behind to then allow the users to securely access the application?
Sep 10 2021 08:55 AM
Sep 16 2021 09:52 AM
Sep 16 2021 10:51 AM
Hi @David-Haver,
This should be absolutely possible. With AVD you fully control the networking setup and configure what VNet is used for session hosts. AVD session hosts are regular Azure VMs, so depending on some additional requirements you might have with regards to isolating your AVD environment and those business apps you plan to host on Azure VMs, you could either:
In both scenarios, you can use Network Security Groups to control what traffic from AVD hosts is permitted to your application VMs. There is no need to publish your app to the Internet (attach a public IP address to the VM), network traffic between session hosts and the app servers can stay private.
Oct 06 2021 07:51 AM - edited Oct 06 2021 07:53 AM
you can use remote application groups and then define how the user/devices that are allowed to access the remote application group either via Azure AD conditional policies and Microsoft Intune. also if you are using Hub and spoke architecture control the access via Azure firewall in total you need to use Azure AD conditional access , Microsoft Intune and NSG and Azure firewall to explore the available options