AVDUpdate
54 TopicsInsider Preview: Single sign-on and passwordless authentication for Azure Virtual Desktop
Today we’re announcing the Insider preview for enabling an Azure AD-based single sign-on experience and support for passwordless authentication, using Windows Hello and security devices (like FIDO2 keys). With this preview, you can now: Enable a single sign-on experience to Azure AD-joined and Hybrid Azure AD-joined session hosts Use passwordless authentication to sign in to the host using Azure AD Use passwordless authentication inside the session Use third-party Identity Providers (IdP) that integrate with Azure AD to sign in to the host Getting started This new functionality is currently available in Insider builds of Windows 11 22H2, available in the Azure Gallery when deploying new session hosts in a host pool. Want a quick overview of the new functionality? Watch this intro video on Azure Academy! To get started with single sign-on, follow the instructions to Configure single sign-on which will guide you in enabling the new authentication protocol. To start using Windows Hello and FIDO2 keys inside the session, follow the instructions for In-session passwordless authentication to use the new WebAuthn redirection functionality. Learn more about the supported authentication methods supported by Azure Virtual Desktop, including single sign-on on our Identities and authentication page. Stay tuned for news about the upcoming public preview which will add support for Windows 10 and current Windows 11 hosts.29KViews11likes23CommentsAzure Virtual Desktop: The flexible cloud VDI platform for the hybrid workplace
When we launched Windows Virtual Desktop nearly two years ago, no one predicted a global pandemic would force millions of workers to leave the office and work from home. Organizations around the world migrated important apps and data to the cloud to gain business resilience and agility. And to support the newly remote workforce, many of you turned to Windows Virtual Desktop to give remote users a secure, easy to manage, productive personal computing experience with Windows 10 from the cloud. It has been humbling to work alongside you as you pivoted your operations to meet new challenges – from supporting frontline healthcare workers at NHS to engineers at Petrofac to educators and students. Going forward, organizations will need to support an evolving set of remote and hybrid work scenarios. To help our customers and partners meet these new hybrid work demands, we are expanding our vision to become a flexible cloud VDI platform for nearly any use case – accessible from virtually anywhere. A modern VDI platform needs to be secure, scalable, and easy to manage, while delivering a seamless, high-performance experience to end users. It should also empower organizations with the flexibility to customize and build solutions with its core technology. To support this broader vision and the changing needs of our customers, today we are announcing new capabilities, new pricing for app streaming, and changing the name of the Windows Virtual Desktop service to Azure Virtual Desktop. New platform capabilities for security and management We are continually adding new capabilities to the core Azure Virtual Desktop platform. Today we are also pleased to announce the public preview of new features that will help you onboard and better manage your Azure Virtual Desktop deployment. Enhanced support for Azure Active Directory (coming soon in public preview): Azure Active Directory is a critical service used by organizations around the world to manage user access to important apps and data and maintain strong security controls. We are pleased to announce that you’ll soon be able to join your Azure Virtual Desktop virtual machines directly to Azure Active Directory (AAD) and connect to the virtual machine from any device with basic credentials. You’ll also be able to automatically enroll the virtual machines with Microsoft Endpoint Manager. For certain scenarios, this will help eliminate the need for a domain controller, help reduce cost, and streamline your deployment. While this is a major milestone, it’s just the beginning of the journey towards full integration with Azure Active Directory. We will continue adding new capabilities such as support for single sign-on, additional credential types like FIDO2, and Azure Files for cloud users. Manage Windows 10 Enterprise multi-session VMs with Microsoft Endpoint Manager (available now in public preview) - Microsoft Endpoint Manager allows you to manage policies and distribute applications across devices. You can now enroll Windows 10 Enterprise multi-session Azure Virtual Desktop virtual machines in Microsoft Endpoint Manager and manage them in the Microsoft Endpoint Manager admin center the same way you manage shared physical devices. This simplifies management and provides a centralized view across both physical devices and virtual desktops. Read the Windows 10 Enterprise multi-session documentation to learn more. Deploy in minutes with new Quickstart experience (coming soon in public preview): We are pleased to offer a streamlined onboarding experience for Azure Virtual Desktop in the Azure portal. This new experience will validate requirements, kick off an automated deployment, and will also implement best practices. With only a few clicks, you can set up a full Azure Virtual Desktop environment in your Azure subscription. You will find this new experience under “Quickstart” in the Azure Virtual Desktop blade in the Azure portal. New pricing option for remote app streaming Many organizations are using Azure Virtual Desktop to stream apps to their own employees who are covered by existing license entitlements. But many organizations also want to use Azure Virtual Desktop to deliver applications “as-a-service” to customers and business partners as well. Today we are pleased to announce a monthly per-user access pricing option for organizations to use Azure Virtual Desktop to deliver apps from the cloud to external (non-employee) users. For example, this would enable software vendors to deliver their app as a SaaS solution that can be accessed by their customers. In addition to the monthly user price for Azure Virtual Desktop, organizations also pay for Azure infrastructure services based on usage. Here's what one ISV had to say about the new pricing option: “Sage is trusted by millions of customers worldwide to deliver innovative business solutions to manage finances, operations and people. Streaming applications with Azure Virtual Desktop makes it easy to streamline user access to our solutions on the Azure cloud for a great online customer experience.” James Westlake, Director of Product Management, Sage Try it during our promotional period The new per-user access pricing option will be effective on January 1, 2022. To help organizations get started now, we are pleased to offer a special promotion with no charge to access Azure Virtual Desktop for streaming first-party or third-party applications to external users. This promotion is effective from July 14, 2021 to December 31, 2021. Pricing for monthly user access rights effective on January 1, 2022 will be: $5.50 per user per month (Apps) $10 per user per month (Apps + Desktops) This promotion only applies to external user access rights. Organizations would continue to pay for the underlying Azure infrastructure. Organizations should continue to use existing Windows license entitlements, such as Microsoft 365 E3 or Windows E3 and higher, for app streaming to their employees. Visit our web page for more details. Expanding partner ecosystem As a cloud VDI platform, we work closely with our partners and empower them to build solutions that meet your needs. For example, Citrix and VMware provide desktop and app virtualization solutions that leverage the Azure Virtual Desktop platform capabilities, such as Windows 10 Enterprise multi-session, and allow you to maximize your existing investments and use the tools and solutions with which you are already familiar. We are also proud of our ecosystem of hundreds of partners who build custom solutions and provide technical consulting to help you deploy with confidence. Visit Azure Marketplace for more information on partner solutions, and Advanced Specialization page for certified deployment partners. Getting started My team and I look forward to partnering with you to take full advantage of our flexible VDI platform in the cloud and unlock new end user computing possibilities. We appreciate your ongoing support and welcome your feedback. Join us on our Tech Community to connect with my team and other customers and partners to share your feedback and suggestions. To learn more about these announcements, please sign up for our upcoming webinar.6.4KViews6likes10CommentsRDP Shortpath for managed networks is generally available!
Another day, another release! Today I'm thrilled to announce that RDP Shortpath for managed networks is now generally available. This feature enables the client and session host to establish a direct and secure connection using a high-performant and reliable UDP-based transport. Key benefits of Shortpath for managed networks are: Reliability - RDP Shortpath transport uses highly efficient Universal Rate Control Protocol (URCP). URCP dynamically learns about network parameters and uses RDP-specific congestion control. URCP adds an enhanced error correction and flow control that is designed for networks that are known to experience sporadic and temporary losses, such as wireless networks or wide area networks with dynamic routing. Performance- URCP operates at low delay and loss levels as needed by Remote Desktop. URCP achieves the best performance by dynamically learning network parameters and providing protocol with a rate control mechanism. RDP Shortpath establishes the direct connectivity between Remote Desktop client and Session Host. Direct connectivity reduces the dependency on the gateways, improves the connection's reliability, and increases the bandwidth available for each user session. The removal of additional relay reduces the round-trip time, which improves user experience with latency-sensitive applications and input methods. RDP Shortpath brings support for configuring Quality of Service (QoS) priority for RDP connections through a Differentiated Services Code Point (DSCP) marks RDP Shortpath transport allows limiting outbound network traffic by specifying a throttle rate for each session. This release is part in a series of RDP transport improvements. Stay tuned for more previews and releases coming soon! Next steps Learn more in the networking section of Azure Virtual Desktop documentation : Understanding Azure Virtual Desktop network connectivity Azure Virtual Desktop RDP Shortpath for managed networks Implement Quality of Service (QoS) for Azure Virtual Desktop11KViews5likes4CommentsWhat is new in Azure Virtual Desktop for November 2022
Here's what changed in November 2022: RDP Shortpath for public networks now generally available Remote Desktop Protocol (RDP) Shortpath for public networks is now generally available. RDP Shortpath improves the transport reliability of Azure Virtual Desktop connections by establishing a direct User Datagram Protocol (UDP) data flow between the Remote Desktop client and session hosts. This feature will be enabled by default for all customers. For more information, see our blog post. Azure Virtual Desktop Insights at Scale in public preview The ability to review performance and diagnostic information across multiple host pools in one view with Azure Virtual Desktop Insights at Scale is now in public preview. For more information, see our blog post or Use Azure Virtual Desktop Insights to monitor your deployment. Intune user configuration for Windows 11 Enterprise multi-session VMs now generally available Microsoft Intune user scope configuration for Azure Virtual Desktop multi-session Virtual Machines (VMs) on Windows 11 is now generally available. With this feature, you’ll be able to: Configure user scope policies using the Settings catalog and assign them to groups of users. Configure user certificates and assign them to users. Configure PowerShell scripts to install in the user context and assign them to users. For more information, see Azure Virtual Desktop multi-session with Intune or our blog post. Azure Active Directory Join VMs with FSLogix profiles on Azure Files now generally available FSLogix profiles with Azure Active Directory (AD)-joined Windows 10, 11, and Windows Server 2022 VMs for hybrid users in Azure Virtual Desktop are now generally available. These FSLogix profiles let you seamlessly access file shares from Azure AD-joined VMs and use them to store your FSLogix profile containers. For more information, see our blog post. Private Link for Azure Virtual Desktop now in public preview Private endpoints from Azure Private Link for Azure Virtual Desktop are now in public preview. Private Link can enable traffic between session hosts, clients, and the Azure Virtual Desktop service to flow through a private endpoint within your virtual network instead of the public internet. For more information, see our blog post, read our overview at Use Azure Private Link with Azure Virtual Desktop (preview), or get started at Set up Private Link for Azure Virtual Desktop (preview).3.5KViews3likes0CommentsWhat is new in Windows Virtual Desktop for September 2021
Here's what changed in September 2021. Azure portal updates You can now use Azure Resource Manager templates for any update you want to apply to your session hosts after deployment. You can access this feature by selecting the Virtual machines tab while creating a host pool. You can also now set host pool, app group, and workspace diagnostic settings while creating host pools instead of afterwards. Configuring these settings during the host pool creation process also automatically sets up reporting data for Azure Virtual Desktop Insights. Azure Active Directory domain join Azure Active Directory domain join is now generally available. This service lets you join your session hosts to Azure Active Directory. Domain join also lets you autoenroll into Intune as part of Microsoft Endpoint Manager. You can access this feature in the Azure public cloud, but not the Government cloud or Azure China. For more information, see our blog post. Azure China Azure Virtual Desktop is now generally available in the Azure China cloud. For more information, see our blog post. Automatic migration module tool With the automatic migration tool, you can move your organization from Azure Virtual Desktop (classic) to Azure Virtual Desktop with just a few PowerShell commands. This feature is currently in public preview, and you can find out more at Automatic migration. Azure Virtual Desktop Agent update Version 1.0.3373.2600: This update was released September 2021 and has the following changes: General agent improvements. Fixes issues with restarting the agent on Windows 7 VMs. Fixes an issue with fields in the WVDAgentHealthStatus table not showing up correctly. Azure Virtual Desktop Client update Version 1.2.2459: This update was released in September 2021 and has the following changes: mproved client logging, diagnostics, and error classification to help admins troubleshoot connection and feed issues. Fixed an issue that caused the client to prompt for credentials a second time after closing a credential prompt window while subscribing. Updates to Teams for Azure Virtual Desktop, including the following: Fixed an issue in that made the video screen turn black and crash during calls in the Chrome browser. Reduced E2E latency and some performance issues by optimizing the GPU render path in the Windows Desktop client. To enable th new render path, add the registry key HKEY_CURRENT_USER \SOFTWARE\Microsoft\Terminal Server Client\IsSwapChainRenderingEnabled and set its value to 00000001. To disable the new render path and revert to the original path, either set the key's value to 00000000 or delete the key.2.7KViews3likes1CommentPUBLIC PREVIEW: Announcing public preview of Azure AD joined VMs
We are excited to announce the public preview of Azure AD joined VMs support for Azure Virtual Desktop. This feature allows customers to easily deploy Azure AD joined session hosts from the Azure portal and access them from all clients. VMs can also be automatically enrolled in Intune for ease of management. Support for storing FSLogix profiles on Azure files will be available in a future update. Getting started: The documentation to deploy Azure AD joined session hosts will guide you through the key steps needed to enable this functionality.Solved24KViews3likes68CommentsPublic Preview: Faster reauthentication
We're excited to announce the public preview of faster reauthentication for Azure Virtual Desktop when single sign-on is enabled. This feature allows you to use the "Every time" sign-in frequency option in Conditional Access policies that target the Microsoft Remote Desktop and Windows Cloud Login Entra ID apps. This can help you provide a more secure environment, especially for BYOD and unmanaged devices. Getting started: The documentation to Enforce Microsoft Entra multifactor authentication will guide you through the key steps needed to enable this functionality.613Views2likes0CommentsWhat is new in Azure Virtual Desktop for April 2022
Here's what changed in April 2022: Intune device configuration for Windows multisession now generally available Deploying Intune device configuration policies from Microsoft Endpoint Manager admin center to Windows multisession VMs on Azure Virtual Desktop is now generally available. Learn more at Using Azure Virtual Desktop multi-session with Intune and our blog post. Scheduled Agent Updates public preview Scheduled Agent Updates is a new feature in public preview that lets IT admins specify the time and day the Azure Virtual Desktop agent, side-by-side stack, and Geneva Monitoring agent will update. For more information, see our blog post. RDP Shortpath for public networks now in public preview A new feature for RDP Shortpath is now in public preview. With this feature, RDP Shortpath can provide a direct UDP-based network transport for user sessions over public networks. Learn more at Azure Virtual Desktop RDP Shortpath for public networks (preview) and our blog post. The Azure Virtual Desktop web client has a new URL Starting April 18, 2022, the Azure Virtual Desktop and Azure Virtual Desktop (classic) web clients will redirect to a new URL. For more information, see our blog post.2.4KViews2likes0CommentsAzure Virtual Desktop service limits are now included in the Azure service limits documentation
After listening to customer feedback, we have listed the Azure Virtual Desktop service limits in the Azure service limits documentation. Many customers have asked us for a simple way to view the limits of Azure Virtual Desktop. We have listened and now include service limits in the existing documentation along with similar limits for other Azure services. This information is often essential when architecting an Azure Virtual Desktop solution. Customers are already using the Azure service limits documentation when architecting and deploying other Azure services. This is an essential document that many customers make frequent use of. If you haven't already used this document then we highly recommend you make use of it here. The Azure Virtual Desktop product team has added the current limits of the Azure Virtual Desktop service into the documentation. The direct link is available here. For reference, the current Azure Virtual Desktop object limitations are: Azure Virtual Desktop Object Parent Container Object Service Limit Workspace Azure Active Directory Tenant 1300 HostPool Workspace 400 Application group Azure Active Directory Tenant 500 1 RemoteApp Application group 500 Role Assignment Any Azure Virtual Desktop Object 200 Session Host HostPool 10,000 1 If you require over 500 Application groups then please raise a support ticket via the Azure portal. We will keep these details up to date to reflect any changes made to the service as it grows over time. One such change was actually made recently. My colleague Vidya Nagarajan announced that we have increased the Application Groups per Azure Active Directory tenant from 200 up to 500. This will make it easier if you are managing large and complex deployments. As always, we encourage your feedback. Please feel free to submit that here6.6KViews2likes0CommentsWhat is new in Azure Virtual Desktop for January 2022
Here's what changed in January 2022: FSLogix version 2201 public preview FSLogix version 2201 is now in public preview. For more information, see our blog post or the FSLogix release notes. Migration tool now generally available The PowerShell commands that migrate metadata from Azure Virtual Desktop (classic) to Azure Virtual Desktop are now generally available. To learn more about migrating your existing deployment, see Migrate automatically from Azure Virtual Desktop (classic) or our blog post. Increased application group limit We've increased number of Azure Virtual Desktop application groups you can have on each Azure Active Directory (Azure AD) tenant from 200 to 500. For more information, see our blog post. Updates to required URLs We've updated the required URL list for Azure Virtual Desktop to accommodate Azure Virtual Desktop agent traffic. For more information, see our blog post.2.1KViews2likes0Comments