(this article has been updated 12/20/2019)
With the Windows Virtual Desktop now General Available (GA), we wanted to provide a quick overview of the steps required to get your environment up and running.
Before I begin; however, I’d like to take a few moments to explain what Windows Virtual Desktop is and how it can help you deploy and scale Windows and Office on Azure in minutes, with built-in security and compliance.
Windows Virtual Desktop is a comprehensive desktop and app virtualization service that runs in the cloud. Here is a quick list of some of the key features and functionality:
Now let’s move on to the steps you need to take to get started.
To set up Windows Virtual Desktop, you will need a few resources and to complete a few initial setup steps:
Use Azure AD DS.
Great for test or isolated environments that do not need connectivity to on-premises resources.
Azure AD will be your leading source for identities.
AD DS will always be running, resulting in a fixed charge per month.
Spin up a DC in your Azure subscription.
Can sync with on-premises DCs if VPN or ExpressRoute is configured.
All familiar AD Group Policies can be used.
Virtual machines can be paused or stopped when needed to reduce costs.
Adds additional management of a VM and Active Directory in Azure.
Use VPN or ExpressRoute and make sure your on-premises DCs can be found in Azure.
No AD DS or Domain Controller required in Azure.
Latency could be increased adding delays during user authentication to VMs.
This assumes you have an on-premises environment, not suitable for cloud only tests.
In our test environment, we decided to spin up a new VM with Windows Server 2019 for our domain controller and install Azure AD Connect to sync identities to Azure AD.
Finally, you’ll also need to make sure you have the right credentials. Here’s an overview of the accounts being used throughout the deployment process:
Once the prerequisites have been met, you can move on to the initial setup of Windows Virtual Desktop. Once these steps have been completed, you will be ready to deploy your initial VMs:
Before you can create a Windows Virtual Desktop tenant, you must allow Windows Virtual Desktop services to access your Azure AD tenant. The way Windows Virtual Desktop is designed requires explicit Azure AD consent. The process is much like how Azure requires you to enable non-standard resource providers before being able to use them.
Once you have granted access to Azure AD, you will need to grant permissions for a user to create a Windows Virtual Desktop tenant as follows:
Your user should now have the role of “TenantCreator.”
Now that you have a user with the right permissions to create a Windows Virtual Desktop tenant, let’s go ahead and create it. During this step, you will need two IDs:
Once you have these two IDs, you can create the Windows Virtual Desktop tenant.
Note: Before proceeding, make sure you import the Windows Virtual Desktop cmdlets for Windows PowerShell as described in the prerequisites section above. If you haven’t completed this step yet, see these instructions.
Create a new PowerShell script, modifying the bold variables to reflect your tenant ID and subscription ID, and execute the following commands. When prompted, sign in using the admin account that was assigned to the TenantCreator role.
#Install PowerShell modules Install-Module -Name Microsoft.RDInfra.RDPowerShell Import-Module -Name Microsoft.RDInfra.RDPowerShell # Setting Deployment context $brokerurl = "https://rdbroker.wvd.microsoft.com" $aadTenantId = "<value from #1 above>" $azureSubscriptionId = "<value from #2 above>" Add-RdsAccount -DeploymentUrl $brokerurl
Next, use the following command to create the Windows Virtual Desktop tenant. Make sure to change the bold variable to a name of your choosing.
New-RdsTenant -Name Contoso -AadTenantId $aadTenantId -AzureSubscriptionId $azureSubscriptionId
For our example, these were the commands I used:
# Setting Deployment context $brokerurl = "https://rdbroker.wvd.microsoft.com" $aadTenantId = “f59f09fb-51fe-4e7f-a510-984671d28231” $azureSubscriptionId = “d4092f2e-5cd5-4d7d-ae58-9c328523828b” Add-RdsAccount -DeploymentUrl $brokerurl New-RdsTenant -Name CSPieter -AadTenantId $aadTenantId -AzureSubscriptionId $azureSubscriptionId
A host pool is a collection of VMs that offer a similar service, such as a full desktop experience. When users connect, they can access a virtual desktop session on any of the hosts in the pool.
To get started, visit the Microsoft Azure Portal, select Create a Resource and search for Windows Virtual Desktop. Select Windows Virtual Desktop – Provision a host pool.
Select Windows Virtual Desktop – Provision a host pool and click Create. Enter details as follows:
Next, you’ll enter the VM size details:
To configure the VMs for Azure, you will need to:
Here an example of what step 3 of the wizard could look like:
The main reasons a deployment fails is due to:
Once you have configured your VM settings, you will need to enter details about your Windows Virtual Desktop tenant and Azure AD tenant. Unless otherwise directed, leave the Windows Virtual Desktop tenant group name as “Default Tenant Group.” For the Windows Virtual Desktop tenant name, enter the name of the tenant you created earlier in this process.
Note: If you are unsure what your Windows Virtual Desktop tenant name is, use the PowerShell command “Get-RdsTenant” to obtain it.
Enter valid credentials for your Azure AD environment (UPN and password).
Check the summary windows to see your setup passed validation, then click OK.
Hit Create, sit back, and relax. Wait for the deployment to finish. The process takes roughly 20 minutes.
Once you have created your Windows Virtual Desktop host pool, you can download the client for Android or Windows, or use the HTML5 client. Here’s how to test with Windows or the HTML5 client.
Download the latest Windows Remote Desktop client and subscribe to the feed using the following URL: https://rdweb.wvd.microsoft.com. Once subscribed, you will find the virtualized apps and desktops in the Start menu. You’ll also notice that it’s possible to enable conditional access and/or MFA for users when subscribing to a feed.
Launch a browser InPrivate or incognito mode and visit http://aka.ms/wvdweb to access the HTML5 client. Authenticate using the login information to which you assigned a full desktop session.
If you are successful, you should be able to view the desktop:
Once you have completed your setup of Windows Virtual Desktop, you can assign other users to your host pool using the following PowerShell command, replacing <WVDTENANTNAME> with the name of your tenant, <HOSTPOOLNAME> with the name of your host pool, and leveraging the appropriate user principal name:
Add-RdsAppGroupUser <WVDTENANTNAME> <HOSTPOOLNAME> "Desktop Application Group" -UserPrincipalName USER@TENANT.onmicrosoft.com
In our environment, this is what the command looks like:
Add-RdsAppGroupUser CSPieter FullDesktop "Desktop Application Group" -UserPrincipalName firstname.lastname@example.org
You can also move on to more advanced tasks, such as:
To explore other scenarios and learn more about Windows Virtual Desktop, please see the Windows Virtual Desktop documentation on Docs and watch What is Windows Virtual Desktop? on Microsoft Mechanics. I also encourage you to join the Windows Virtual Desktop community on Tech Community to connect with the Windows Virtual Desktop team and your fellow public preview participants.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.