Azure Virtual Desktop planning - a little guide (please don't underestimate planning)!
Dear Azure Virtual Desktop friends, Again and again I encounter Azure Virtual Desktop infrastructures that were obviously poorly planned. Not only is performance poor, but security has been neglected and scalability is simply not possible. With such infrastructures, it is then simply impossible to get everything up and running again with a few adjustments. For this reason, I have tried to create a possible planning guide in this article. Let's start with the following points: Define objectives and requirements: -> Determine the purpose of the Azure Virtual Desktop infrastructure -> Identify the applications and resources required for end-users -> Establish performance, availability, and security goals -> Assess network connectivity and bandwidth requirements https://learn.microsoft.com/en-us/azure/architecture/example-scenario/wvd/windows-virtual-desktop https://learn.microsoft.com/en-us/training/modules/azure-virtual-desktop-architecture/3-azure-virtual-desktop-components https://azure.microsoft.com/en-us/products/virtual-desktop/assessment/ https://learn.microsoft.com/en-us/azure/architecture/example-scenario/wvd/windows-virtual-desktop Assess existing infrastructure: -> Evaluate current on-premises infrastructure and applications -> Identify any potential compatibility issues or bottlenecks -> Determine if any applications or services need to be migrated to Azure https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/scenarios/wvd/migrate-assess https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/scenarios/wvd/migrate-deploy https://learn.microsoft.com/en-us/azure/virtual-desktop/proxy-server-support https://learn.microsoft.com/en-us/azure/virtual-desktop/data-locations Choose a deployment model: -> Decide between a pooled or personal host pool -> Determine the appropriate operating system (e.g., Windows 10 or Windows Server) -> Select the necessary virtual machine sizes and configurations https://learn.microsoft.com/en-us/training/modules/azure-virtual-desktop-architecture/4-personal-pooled-desktops https://learn.microsoft.com/en-us/training/modules/design-azure-virtual-desktop-architecture/4-recommend-operate-system-azure-virtual-desktop-implementation https://learn.microsoft.com/en-us/azure/virtual-desktop/host-pool-load-balancing https://learn.microsoft.com/en-us/windows-server/remote/remote-desktop-services/virtual-machine-recs https://learn.microsoft.com/en-us/training/modules/azure-virtual-desktop-architecture/6-azure-limitations-for-azure-virtual-desktop Design network connectivity: -> Configure virtual networks and subnets within Azure -> Set up VPN or ExpressRoute for hybrid connectivity (if required) -> Implement network security groups and firewall rules to restrict traffic -> Plan for load balancing and traffic management https://learn.microsoft.com/en-us/azure/virtual-desktop/network-connectivity https://learn.microsoft.com/en-us/windows-server/remote/remote-desktop-services/network-guidance https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/scenarios/wvd/eslz-network-topology-and-connectivity https://learn.microsoft.com/en-us/azure/firewall/protect-azure-virtual-desktop https://learn.microsoft.com/en-us/azure/virtual-desktop/rdp-bandwidth Plan for user profiles and data storage: -> Choose between FSLogix, Azure Files, or other profile management solutions -> Determine storage requirements and configure file shares -> Implement data backup and recovery strategies https://learn.microsoft.com/en-us/fslogix/how-to-install-fslogix https://learn.microsoft.com/en-us/fslogix/tutorial-configure-profile-containers https://learn.microsoft.com/en-us/fslogix/tutorial-configure-odfc-containers https://learn.microsoft.com/en-us/azure/virtual-desktop/store-fslogix-profile https://learn.microsoft.com/en-us/azure/virtual-desktop/fslogix-containers-azure-files https://learn.microsoft.com/en-us/azure/storage/files/storage-files-identity-auth-active-directory-enable https://learn.microsoft.com/en-us/azure/storage/files/storage-files-identity-ad-ds-update-password Design application delivery: -> Decide on the application delivery method (e.g., RemoteApp, MSIx App Attach) -> Package and test applications for compatibility -> Set up application groups and assign them to appropriate users or user groups -> Implement application lifecycle management and updates https://learn.microsoft.com/en-us/azure/virtual-desktop/remote-app-streaming/overview https://learn.microsoft.com/en-us/training/paths/m365-wvd/ https://learn.microsoft.com/en-us/azure/virtual-desktop/remote-app-streaming/custom-apps https://learn.microsoft.com/en-us/azure/virtual-desktop/install-office-on-wvd-master-image https://learn.microsoft.com/en-us/azure/virtual-desktop/teams-on-avd https://learn.microsoft.com/en-us/azure/virtual-desktop/language-packs https://learn.microsoft.com/en-us/windows/msix/overview https://learn.microsoft.com/en-us/azure/virtual-desktop/what-is-app-attach https://learn.microsoft.com/en-us/windows/msix/packaging-tool/create-app-package Plan for identity and access management: -> Integrate Azure Active Directory (AD) for user authentication and authorization -> Configure Multi-Factor Authentication (MFA) for added security -> Set up role-based access control (RBAC) to manage user permissions https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/scenarios/wvd/eslz-identity-and-access-management https://learn.microsoft.com/en-us/azure/active-directory-domain-services/compare-identity-solutions https://learn.microsoft.com/en-us/azure/architecture/example-scenario/wvd/azure-virtual-desktop-azure-active-directory-join Estimate costs and optimize resources: -> Calculate the expected infrastructure costs based on VM sizes, storage, and network usage -> Evaluate licensing requirements for Azure Virtual Desktop and other services -> Implement cost management and optimization strategies, such as auto-scaling and reserved instances https://learn.microsoft.com/en-us/azure/virtual-desktop/prerequisites https://learn.microsoft.com/en-us/azure/virtual-desktop/remote-app-streaming/total-costs https://azure.microsoft.com/en-us/pricing/details/virtual-desktop/ https://azure.microsoft.com/de-de/pricing/reserved-vm-instances/ https://learn.microsoft.com/en-us/azure/virtual-machines/windows/hybrid-use-benefit-licensing Develop a monitoring and management strategy: -> Monitor the performance and health of the Azure Virtual Desktop environment using Azure Monitor and Log Analytics -> Set up alerts and notifications for critical events or performance issues -> Implement a patch management strategy to ensure OS and application updates https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/scenarios/wvd/eslz-management-and-monitoring https://learn.microsoft.com/en-us/training/paths/monitor-maintain-azure-virtual-desktop-infrastructure/ https://learn.microsoft.com/en-us/azure/virtual-desktop/insights https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/scenarios/wvd/manage https://learn.microsoft.com/en-us/azure/virtual-desktop/security-guide https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/scenarios/wvd/eslz-security-governance-and-compliance https://learn.microsoft.com/en-us/azure/virtual-desktop/diagnostics-log-analytics https://github.com/tomwechsler/Azure_Virtual_Desktop/blob/main/Scripte/WVD_Log_Analytics_KQL.ps1 Plan for disaster recovery and business continuity: -> Design a backup and recovery strategy for user profiles, applications, and data -> Implement redundancy and failover solutions for critical components -> Test disaster recovery procedures and update them as needed https://learn.microsoft.com/en-us/azure/virtual-desktop/disaster-recovery https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/scenarios/wvd/eslz-business-continuity-and-disaster-recovery https://learn.microsoft.com/en-us/azure/virtual-desktop/disaster-recovery-concepts https://learn.microsoft.com/en-us/azure/architecture/example-scenario/wvd/azure-virtual-desktop-multi-region-bcdr Once you have successfully worked through the planning, it is time to prepare the implmentation. Again, take enough time to work through the various items. This way, you are well on your way to successfully deploying an Azure Virtual Desktop infrastructure. Prepare for implementation: -> Create a detailed project plan with timelines and milestones -> Assign roles and responsibilities to team members -> Develop a testing and validation plan to ensure the infrastructure meets objectives and requirements https://learn.microsoft.com/en-us/azure/virtual-desktop/getting-started-feature https://azure.microsoft.com/en-us/resources/get-step-by-step-guidance-to-quickly-deploy-azure-virtual-desktop/ Execute deployment and migration: -> Deploy the Azure Virtual Desktop infrastructure according to the project plan -> Migrate user profiles, applications, and data as needed -> Test connectivity, performance, and functionality to ensure a successful migration https://azure.microsoft.com/en-us/resources/get-step-by-step-guidance-to-quickly-deploy-azure-virtual-desktop/ https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/scenarios/wvd/eslz-platform-automation-and-devops Conduct user training and support: -> Develop training materials and resources to familiarize end-users with the new environment -> Conduct training sessions for end-users and provide ongoing support -> Establish a helpdesk or support process to address user issues and concerns https://learn.microsoft.com/en-us/azure/virtual-desktop/users/ https://azure.microsoft.com/en-us/support https://learn.microsoft.com/en-us/training/modules/m365-wvd-intro/ Monitor, manage, and optimize the environment: -> Continuously monitor the Azure Virtual Desktop infrastructure for performance, availability, and security -> Address any issues or concerns that arise during daily operations -> Periodically review and optimize resources, costs, and configurations to improve the overall user experience https://learn.microsoft.com/en-us/azure/virtual-desktop/disaster-recovery-concepts https://learn.microsoft.com/en-us/azure/virtual-desktop/security-guide https://learn.microsoft.com/en-us/security/benchmark/azure/baselines/azure-virtual-desktop-security-baseline It is absolutely clear to me that this is not an exhaustive list. However, I hope that this information will help you as a basis/start to successfully build an Azure Virtual Desktop infrastructure. Thank you for taking the time to read this article. Best regards, Tom Wechsler P.S. All scripts (#PowerShell, Azure CLI, #Terraform, #ARM) that I use can be found on github! https://github.com/tomwechslerAnnouncing FSLogix release changes and Windows multi-session updates in Azure Marketplace
Starting on August 8th, 2023 (patch Tuesday), Windows multi-session images will come with the latest version of FSLogix already installed. This means that you can skip the hassle of installing or updating FSLogix on your virtual machines and enjoy its amazing features right away.
AVD remote desktop client Bug
Remote desktop client when connected to AVD workspace, breaks desktop application drop down list and pushes it in upper right corner of the screen. Only reproducible in Remote desktop client, everything works as expected in web client. Remote desktop client: 1.2.4240.0 (x64) Bug Screen Shot. Expected behavior.Azure Virtual Desktop in the "cloud only" variant and what to look for after initial deployment!
Dear Azure Virtual Desktop friends, Imagine the following Szeanrio. You have decided to build Azure Virtual Desktop in the cloud only variant. With all the pros and cons. You have decided to set up a first test environment. Of course, all necessary licenses are also available! The provisioning of resources in Azure is done. For the DAG (Desktop Application Group), you have added a group from Azure Active Directory. There are two persons in this group. You start the Remote Desktop Client and log in as a user who exists in this group (as seen before). Double click on SessionDesktop and you will get an error message. Sorry, this is in German! The login attempt has failed! Why does the connection not work? The group has been added to the DAG what is still missing? What is missing now are the infrastructure permissions. What is not quite obvious, but unfortunately often forgotten. But one after the other. 1. If the host you are using to connect is not Azure AD Joined in the same tenant, the Advanced RDP settings must be extended. With the following value: targetisaadjoined:i:1 Next, other permissions need to be set up. I like to use the resources group for this. You can of course also set this up on the subscription. The following permissions are required: Desktop Virtualization Application Group Reader and Virtual Machine User Login Now back to the Remote Desktop Client and voila, the connection to the session host is now working. I hope this information helps you and you can successfully build an Azure Virtual Desktop "cloud only" infrastructure. The example here is of course not a finished setup, there are still apps, profiles, etc. missing. But it should help you get started. Thank you for taking the time to read the article. Best regards, Tom Wechsler P.S. All scripts (#PowerShell, Azure CLI, #Terraform, #ARM) that I use can be found on github! https://github.com/tomwechslerAzure Virtual Desktop and Azure AD Join with Enroll VM in Intune - possible pitfall!
Dear Azure Virtual Desktop friends, If you want to set up Azure Virtual Desktop infrastructure in Azure and you have chosen Azure AD Join and with Enroll VM with Intune, you may get the following error message: -------------------- [{"code":"VMExtensionProvisioningError","message":"VM has reported a failure when processing extension 'AADLoginForWindows'. Error message: \"AAD Join failed with status code: -2145648509. AzureSecureVMJoinOperation: DeviceEnroller::AzureSecureVMEnroll failed 0x801c0083.\"\r\n\r\nMore information on troubleshooting is available at https://aka.ms/vmextensionwindowstroubleshoot "}]} -------------------- This could possibly be because you have reached the limit for adding devices to Intune. You can find this information in the Intune Admincenter and increase the value. Either edit the default settings or set up a new Restriction policy. I realize it's not super, great, extra news, but I ran into these limitations during a deployment and the hints weren't necessarily obvious. Thank you for taking the time to read the article. Best regards, Tom Wechsler P.S. All scripts (#PowerShell, Azure CLI, #Terraform, #ARM) that I use can be found on github! https://github.com/tomwechslerAnnouncing FSLogix 2201 hotfix 1 (2.9.8171.14983) has been released!
FSLogix Release Notes - FSLogix | Microsoft Docs Summary This update for FSLogix 2201 includes fixes to Cloud Cache and container redirection processes. No new features are included with this update. Changes IMPORTANT This is a **hotfix** for FSLogix 2201 (2.9.8111.53415). If you are using Cloud Cache or have experienced intermittent system crashes as a result of FSLogix, it is recommended to install this update. Resolved an issue with Cloud Cache where disk read / write blocking could potentially create a deadlock to the disk and cause the Virtual Machine to become unresponsive. Resolved an issue that would cause a Virtual Machine to crash while removing profile redirections during the sign out process. File Information Download the following package: Download FSLogix 2201 hotfix 1 (2.9.8171.14983)How to fix error in AVD with VMs not being added to host pool or AD
Problem Several users have commented and posted on different networks about the error that appears when adding virtual machines to their host pool, the error is when the VMs want to join to the AD. The first thing we need to know is that if we add or create a new hostpool (as in my case), the deployment will tell us Azure that everything is correct, that is, as if the machines have joined the AD. Here I show the deployment with everything correct. Now if we check the status of our hostpool machines, we will see that it tells us the total number of VMs and the option of which one we can connect to and which one we cannot. In my case we see that we can supposedly connect to one and not to the other. When testing the connection, it fails on both machines. This is normal since if we check the health status of both we see the following. Basically it tells us that there is a problem joining the domain with the VM. Solution Below I show the solution that has worked for me, from different tenants, different subscriptions that had the same problem. We are going to go to our subscription and in it, in the setting section, we are going to click on Resource provider as shown in the following image. Next we look for the provider "Microsoft.DesktopVirtualization" We select it and then click on "unregister" Now what we are going to do is re-register, that is, we click on "register" Confirm that register is correct again. Now we deploy AVD again and add the VMs we need to our Hostpool, and in this case I have chosen Enter ID to do the Join *you can select your preferens) Validate de new deployment As we see here, the deployment has also indicated that it was correct, so we are going to confirm it. Here we can see that we already have the machines ready for the session. I hope this helps you solve the problems you are having with VMs and hostpools.
