Announcing new management, security, and monitoring capabilities in Windows Virtual Desktop

Microsoft

With the global pandemic, we are seeing increasing demand for technologies that enable remote work. We’ve seen significant growth in the use of Windows Virtual Desktop, as organizations use it to ensure that their employees have access to the desktops and tools they need to stay productive.

 

To help customers continue to accelerate this move to secure remote work with Windows Virtual Desktop, we are announcing several new capabilities that make it even easier to deploy, secure, and scale your virtual desktop deployments. These new capabilities will be available in public preview by the end of the calendar year 2020.

 

Before we dive into the new capabilities, we want to take a moment to share some of the experiences of our customers. Sebastian Meyer, the Global Service Owner for Modern Client Technologies at Beiersdorf Shared Services, shared his thoughts in moving to Windows Virtual Desktop to modernize his virtual desktop infrastructure.

 

"What Microsoft has developed here is simply phenomenal! Windows Virtual Desktop serves so many use cases and is very close to the end user. We were able to achieve maximum success with the project."

 

You can read the full story here.

 

Internally here at Microsoft, we are of course facing the same challenges as many of you. For example, getting a corporate laptop in the hands of new employees and interns takes time and impacts productivity. Windows Virtual Desktop is helping our new hires by providing a secure and productive remote work experience with access to the apps they need to get working immediately: 

 

“Windows Virtual Desktop allows you to create virtual desktops that work just like a physical Windows PC would,” says Mark Lawrence, a senior program manager on Microsoft’s digital security team. “That means the people who use one—new hires, interns, and so on—get access to the Windows Start menu, with Microsoft’s productivity applications, the Microsoft Edge browser, and everything else they would need to work at any location. No more waiting for a physical device delivery.”

 

You can read the full story here.

 

Simplified Management

With Windows Virtual Desktop, you can move from a simple proof-of-concept (PoC) to a fully operational environment faster than ever before. As you start to scale your deployment, here are some new capabilities that will help you manage and operate your deployment efficiently.

 

Microsoft Endpoint Manager integration

Microsoft Endpoint Manager allows you to manage policies and distribute applications across devices. You can now enroll Windows Virtual Desktop virtual machines that are hybrid Azure Active Directory domain-joined (joined to your on-premises Active Directory and registered with your Azure Active Directory) with Microsoft Intune and manage them in the Microsoft Endpoint Manager admin center the same way as physical devices. This simplifies management, provides a centralized view across both physical devices and virtual desktops, and creates new areas of collaboration. The Microsoft Endpoint Manager integration is generally available for Windows 10 Enterprise desktops - you can learn more in the public FAQ.  The public preview for Windows 10 Enterprise multi-session will be available in the coming months and will initially support policies at the device level.

 

Figure 1: All devices view in Microsoft Endpoint ManagerFigure 1: All devices view in Microsoft Endpoint Manager

MSIX app attach in Azure portal

MSIX app attach is an application layering solution that allows you to dynamically attach an application (that is an MSIX package) to a user session. Separating out the application from the operating system makes it easier to create a golden virtual machine image, and you get more control with providing the right application for the right user.

 

Previously, you had to use PowerShell scripts to enable MSIX app attach. We will be integrating the app attach capability in the Azure portal and Azure Resource Manager. This will eliminate the need for custom scripts and makes it possible to publish your packaged applications to application groups with a few clicks.

 

Figure 2: Adding an MSIX package from Azure portalFigure 2: Adding an MSIX package from Azure portal

Proactive Monitoring

Proactively monitoring your deployment is important to ensure your deployment is always up and running and your employees have an optimal experience using virtual desktops.

 

Azure Monitor workbook

Azure Monitor workbook for Windows Virtual Desktop aims to provide you all the monitoring telemetry and visualizations you need to debug and troubleshoot issues. You can configure alerts to proactively identify issues before they impact your employees. You can look at connection and host level performance and also drill down to specific user session to see if there are any issues. You can also look at usage across host pools and make sure you are optimizing for cost and performance.

 

Figure 3: Metrics for Windows Virtual Desktop in Azure Monitor workbookFigure 3: Metrics for Windows Virtual Desktop in Azure Monitor workbook

Improved Security

With Windows Virtual Desktop, you can use security capabilities such as Azure encryption, Azure Firewall, Azure Security Center, and Microsoft Defender to secure your entire VDI infrastructure and ensure that your corporate and customer data is protected and stored securely. We continue to add additional security capabilities:

 

Screen capture protection

One common attack vector with remote sessions is screen capture. To protect your sensitive information, we are adding the option to disable screen capture for your remote apps and desktop on all the supported Windows Virtual Desktop clients.

 

Direct RDP to session host

We are introducing a new capability that can be set at a host pool level and will take into account the type of network you are connecting from, and when possible, establish a direct peer-to-peer UDP connection to the session host rather than over the internal Windows Virtual Desktop gateways. By eliminating the intermediate hops and using a more efficient connection over a trusted network, you get a secure optimized experience with lesser connection latency and better performance.

 

Thank you again for the amazing feedback that you have provided to us. You can track the progress of these upcoming public previews in our roadmap page. If you are attending Microsoft Ignite conference, you can learn more about these features and get your questions answered in our sessions and you can always reach us anytime at the Windows Virtual Desktop Tech Community page. You can also register here to attend our upcoming webinars.

5 Replies
I'm curious if the Azure Monitor workbook is available anywhere, or if there is any way to get early access to it?

@Kam VedBrat 

Interested in finding out when the metadata locations for host pools will be available in UKSouth.

@MattGoud

 

2 of our Product Group Engineers have created Community posts on setting this up yourself so you could do this now. When this feature ships it will remove that need and provide prebuilt standardized workbooks that you can use.

 

If you want to try it out now on your own - follow these guides:

  • Set it up - 

https://techcommunity.microsoft.com/t5/windows-it-pro-blog/proactively-monitor-arm-based-windows-vir...

 

  • Use BI to process the data -

https://xenithit.blogspot.com/2020/05/visually-presenting-windows-virtual.html

 

 

@Kam VedBrat 

 

Is there or will there be a tool that allows me to track the productivity of my end users, such as the time they are connected to the WVD? since I would like to know how long my users are connected to the WVD per day.

Hello Kam, thanks for your post. May I know when will the MSIX app attach in Azure portal public run out?