Microsoft Technical Takeoff: Windows + Intune
Welcome to the third installment of the Microsoft Technical Takeoff for Windows and Microsoft Intune! This free, virtual skilling event offers prescriptive, technical deep dives and panel-based discussions to help you feel prepared and confident in deploying and managing devices, apps, and experiences from client to cloud! Experts from the Windows, Windows 365, Intune, Azure Virtual Desktop, and security teams answer your questions live during the sessions and throughout the week. This event is all about getting you the information and skills you need to be successful! Monday, March 3, 2025 - now on demand! Let's talk Windows and Intune: 2025 edition Enhance and supercharge IT management with Copilot in Intune The hottest way to update Windows 11 and Windows Server 2025 The path ahead: The roadmap for Windows in the cloud Achieving update harmony through unified update management Intune 'fast lane' - Let's talk about all things latency Untangling this thing called AI in a Windows ecosystem Understanding security and management on Windows 365 Link Unlocking productivity on the frontline with Windows 365 From admin to standard user with Endpoint Privilege Management Tuesday, March 4, 2025 - now on demand! Managing macOS updates in Intune Windows Autopatch: Your playbook for advanced update management Unified security: Intune + Microsoft Defender for Endpoint AMA: Microsoft Application Management for Windows Effective prompt engineering for IT pros Utilize, configure, and manage Cloud PKI like a pro Skill up! Cloud PC management and reporting Get to know Windows security and resiliency in the cloud Windows 11 kiosks: Cloud management for the win Wednesday, March 5, 2025 - now on demand! Enabling accessible Windows 11 experiences: an IT pro's guide Never trust, always verify: Tips for Zero Trust with Intune Data protection with hardware-based security and Windows 11 Best practices for Windows Autopilot and device preparation Intune data platform and Advanced Analytics Enhancing resiliency with Windows 365 How to protect your administrator users on the device Delivering like-local Windows experiences from the cloud Deploying Microsoft Connected Cache for Enterprise at scale Secure corporate data and privacy with Win32 app isolation Thursday, March 6, 2025 - now on demand! Azure Virtual Desktop app management Azure Virtual Desktop hostpool management at scale Device management for the frontline: Intune to the rescue The latest and greatest in the world of Windows LAPS AMA: Cloud native with Microsoft Intune Secure helpdesk support using Intune Remote Help Enterprise Application Management with Microsoft Graph Windows cloud migration and deployment best practices Windows 10 EOS: Myths, misconceptions, and FAQs The full agenda Here is a day-by-day look at the 2025 session grid, which was available for download.Azure Virtual Desktop: The flexible cloud VDI platform for the hybrid workplace
When we launched Windows Virtual Desktop nearly two years ago, no one predicted a global pandemic would force millions of workers to leave the office and work from home. Organizations around the world migrated important apps and data to the cloud to gain business resilience and agility. And to support the newly remote workforce, many of you turned to Windows Virtual Desktop to give remote users a secure, easy to manage, productive personal computing experience with Windows 10 from the cloud. It has been humbling to work alongside you as you pivoted your operations to meet new challenges – from supporting frontline https://customers.microsoft.com/en-us/story/843297-ashford-and-st-peters-hospitals-nhs-health-provider-windows-virtual-desktop at NHS to https://customers.microsoft.com/en-us/story/837970-petrofac-energy-windows-virtual-desktop at Petrofac to https://customers.microsoft.com/en-us/story/840994-university-of-nottingham-higher-education-azure-teams. Going forward, organizations will need to support an https://www.microsoft.com/en-us/resilience/hybrid-work-solutions?rtc=1 scenarios. To help our customers and partners meet these new hybrid work demands, we are expanding our vision to become a flexible cloud VDI platform for nearly any use case – accessible from virtually anywhere. A modern VDI platform needs to be secure, scalable, and easy to manage, while delivering a seamless, high-performance experience to end users. It should also empower organizations with the flexibility to customize and build solutions with its core technology. To support this broader vision and the changing needs of our customers, today we are announcing new capabilities, new pricing for app streaming, and changing the name of the Windows Virtual Desktop service to Azure Virtual Desktop. New platform capabilities for security and management We are continually https://docs.microsoft.com/azure/virtual-desktop/whats-new to the core Azure Virtual Desktop platform. Today we are also pleased to announce the public preview of new features that will help you onboard and better manage your Azure Virtual Desktop deployment. Enhanced support for Azure Active Directory (coming soon in public preview): Azure Active Directory is a critical service used by organizations around the world to manage user access to important apps and data and maintain strong security controls. We are pleased to announce that you’ll soon be able to join your Azure Virtual Desktop virtual machines directly to Azure Active Directory (AAD) and connect to the virtual machine from any device with basic credentials. You’ll also be able to automatically enroll the virtual machines with Microsoft Endpoint Manager. For certain scenarios, this will help eliminate the need for a domain controller, help reduce cost, and streamline your deployment. While this is a major milestone, it’s just the beginning of the journey towards full integration with Azure Active Directory. We will continue adding new capabilities such as support for single sign-on, additional credential types like FIDO2, and Azure Files for cloud users. Manage Windows 10 Enterprise multi-session VMs with Microsoft Endpoint Manager (available now in public preview) - Microsoft Endpoint Manager allows you to manage policies and distribute applications across devices. You can now enroll Windows 10 Enterprise multi-session Azure Virtual Desktop virtual machines in Microsoft Endpoint Manager and manage them in the Microsoft Endpoint Manager admin center the same way you manage shared physical devices. This simplifies management and provides a centralized view across both physical devices and virtual desktops. Read the https://docs.microsoft.com/mem/intune/fundamentals/windows-virtual-desktop-multi-session to learn more. Deploy in minutes with new Quickstart experience (coming soon in public preview): We are pleased to offer a streamlined onboarding experience for Azure Virtual Desktop in the Azure portal. This new experience will validate requirements, kick off an automated deployment, and will also implement best practices. With only a few clicks, you can set up a full Azure Virtual Desktop environment in your Azure subscription. You will find this new experience under “Quickstart” in the Azure Virtual Desktop blade in the Azure portal. New pricing option for remote app streaming Many organizations are using Azure Virtual Desktop to stream apps to their own employees who are covered by https://azure.microsoft.com/en-us/pricing/details/virtual-desktop/. But many organizations also want to use Azure Virtual Desktop to deliver applications “as-a-service” to customers and business partners as well. Today we are pleased to announce a monthly per-user access pricing option for organizations to use Azure Virtual Desktop to deliver apps from the cloud to external (non-employee) users. For example, this would enable software vendors to deliver their app as a SaaS solution that can be accessed by their customers. In addition to the monthly user price for Azure Virtual Desktop, organizations also pay for Azure infrastructure services based on usage. Here's what one ISV had to say about the new pricing option: “Sage is trusted by millions of customers worldwide to deliver innovative business solutions to manage finances, operations and people. Streaming applications with Azure Virtual Desktop makes it easy to streamline user access to our solutions on the Azure cloud for a great online customer experience.” James Westlake, Director of Product Management, Sage Try it during our promotional period The new per-user access pricing option will be effective on January 1, 2022. To help organizations get started now, we are pleased to offer a special promotion with no charge to access Azure Virtual Desktop for streaming first-party or third-party applications to external users. This promotion is effective from July 14, 2021 to December 31, 2021. Pricing for monthly user access rights effective on January 1, 2022 will be: $5.50 per user per month (Apps) $10 per user per month (Apps + Desktops) This promotion only applies to external user access rights. Organizations would continue to pay for the underlying Azure infrastructure. Organizations should continue to use existing Windows license entitlements, such as Microsoft 365 E3 or Windows E3 and higher, for app streaming to their employees. https://aka.ms/wvd for more details. Expanding partner ecosystem As a cloud VDI platform, we work closely with our partners and empower them to build solutions that meet your needs. For example, Citrix and VMware provide desktop and app virtualization solutions that leverage the Azure Virtual Desktop platform capabilities, such as Windows 10 Enterprise multi-session, and allow you to maximize your existing investments and use the tools and solutions with which you are already familiar. We are also proud of our ecosystem of hundreds of partners who build custom solutions and provide technical consulting to help you deploy with confidence. Visit https://azuremarketplace.microsoft.com/en-us/marketplace/apps?search=Windows%20virtual%20desktop&page=1 for more information on partner solutions, and https://www.microsoft.com/azure/partners/advspec?filters=windows-virtual-desktop-advspec for certified deployment partners. Getting started My team and I look forward to partnering with you to take full advantage of our flexible VDI platform in the cloud and unlock new end user computing possibilities. We appreciate your ongoing support and welcome your feedback. Join us on our http://aka.ms/wvdtechcommunity to connect with my team and other customers and partners to share your feedback and suggestions. To learn more about these announcements, please sign up for our https://aka.ms/AVDwebinar.Azure Virtual Desktop planning - a little guide (please don't underestimate planning)!
Dear Azure Virtual Desktop friends, Again and again I encounter Azure Virtual Desktop infrastructures that were obviously poorly planned. Not only is performance poor, but security has been neglected and scalability is simply not possible. With such infrastructures, it is then simply impossible to get everything up and running again with a few adjustments. For this reason, I have tried to create a possible planning guide in this article. Let's start with the following points: Define objectives and requirements: -> Determine the purpose of the Azure Virtual Desktop infrastructure -> Identify the applications and resources required for end-users -> Establish performance, availability, and security goals -> Assess network connectivity and bandwidth requirements https://learn.microsoft.com/en-us/azure/architecture/example-scenario/wvd/windows-virtual-desktop https://learn.microsoft.com/en-us/training/modules/azure-virtual-desktop-architecture/3-azure-virtual-desktop-components https://azure.microsoft.com/en-us/products/virtual-desktop/assessment/ https://learn.microsoft.com/en-us/azure/architecture/example-scenario/wvd/windows-virtual-desktop Assess existing infrastructure: -> Evaluate current on-premises infrastructure and applications -> Identify any potential compatibility issues or bottlenecks -> Determine if any applications or services need to be migrated to Azure https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/scenarios/wvd/migrate-assess https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/scenarios/wvd/migrate-deploy https://learn.microsoft.com/en-us/azure/virtual-desktop/proxy-server-support https://learn.microsoft.com/en-us/azure/virtual-desktop/data-locations Choose a deployment model: -> Decide between a pooled or personal host pool -> Determine the appropriate operating system (e.g., Windows 10 or Windows Server) -> Select the necessary virtual machine sizes and configurations https://learn.microsoft.com/en-us/training/modules/azure-virtual-desktop-architecture/4-personal-pooled-desktops https://learn.microsoft.com/en-us/training/modules/design-azure-virtual-desktop-architecture/4-recommend-operate-system-azure-virtual-desktop-implementation https://learn.microsoft.com/en-us/azure/virtual-desktop/host-pool-load-balancing https://learn.microsoft.com/en-us/windows-server/remote/remote-desktop-services/virtual-machine-recs https://learn.microsoft.com/en-us/training/modules/azure-virtual-desktop-architecture/6-azure-limitations-for-azure-virtual-desktop Design network connectivity: -> Configure virtual networks and subnets within Azure -> Set up VPN or ExpressRoute for hybrid connectivity (if required) -> Implement network security groups and firewall rules to restrict traffic -> Plan for load balancing and traffic management https://learn.microsoft.com/en-us/azure/virtual-desktop/network-connectivity https://learn.microsoft.com/en-us/windows-server/remote/remote-desktop-services/network-guidance https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/scenarios/wvd/eslz-network-topology-and-connectivity https://learn.microsoft.com/en-us/azure/firewall/protect-azure-virtual-desktop https://learn.microsoft.com/en-us/azure/virtual-desktop/rdp-bandwidth Plan for user profiles and data storage: -> Choose between FSLogix, Azure Files, or other profile management solutions -> Determine storage requirements and configure file shares -> Implement data backup and recovery strategies https://learn.microsoft.com/en-us/fslogix/how-to-install-fslogix https://learn.microsoft.com/en-us/fslogix/tutorial-configure-profile-containers https://learn.microsoft.com/en-us/fslogix/tutorial-configure-odfc-containers https://learn.microsoft.com/en-us/azure/virtual-desktop/store-fslogix-profile https://learn.microsoft.com/en-us/azure/virtual-desktop/fslogix-containers-azure-files https://learn.microsoft.com/en-us/azure/storage/files/storage-files-identity-auth-active-directory-enable https://learn.microsoft.com/en-us/azure/storage/files/storage-files-identity-ad-ds-update-password Design application delivery: -> Decide on the application delivery method (e.g., RemoteApp, MSIx App Attach) -> Package and test applications for compatibility -> Set up application groups and assign them to appropriate users or user groups -> Implement application lifecycle management and updates https://learn.microsoft.com/en-us/azure/virtual-desktop/remote-app-streaming/overview https://learn.microsoft.com/en-us/training/paths/m365-wvd/ https://learn.microsoft.com/en-us/azure/virtual-desktop/remote-app-streaming/custom-apps https://learn.microsoft.com/en-us/azure/virtual-desktop/install-office-on-wvd-master-image https://learn.microsoft.com/en-us/azure/virtual-desktop/teams-on-avd https://learn.microsoft.com/en-us/azure/virtual-desktop/language-packs https://learn.microsoft.com/en-us/windows/msix/overview https://learn.microsoft.com/en-us/azure/virtual-desktop/what-is-app-attach https://learn.microsoft.com/en-us/windows/msix/packaging-tool/create-app-package Plan for identity and access management: -> Integrate Azure Active Directory (AD) for user authentication and authorization -> Configure Multi-Factor Authentication (MFA) for added security -> Set up role-based access control (RBAC) to manage user permissions https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/scenarios/wvd/eslz-identity-and-access-management https://learn.microsoft.com/en-us/azure/active-directory-domain-services/compare-identity-solutions https://learn.microsoft.com/en-us/azure/architecture/example-scenario/wvd/azure-virtual-desktop-azure-active-directory-join Estimate costs and optimize resources: -> Calculate the expected infrastructure costs based on VM sizes, storage, and network usage -> Evaluate licensing requirements for Azure Virtual Desktop and other services -> Implement cost management and optimization strategies, such as auto-scaling and reserved instances https://learn.microsoft.com/en-us/azure/virtual-desktop/prerequisites https://learn.microsoft.com/en-us/azure/virtual-desktop/remote-app-streaming/total-costs https://azure.microsoft.com/en-us/pricing/details/virtual-desktop/ https://azure.microsoft.com/de-de/pricing/reserved-vm-instances/ https://learn.microsoft.com/en-us/azure/virtual-machines/windows/hybrid-use-benefit-licensing Develop a monitoring and management strategy: -> Monitor the performance and health of the Azure Virtual Desktop environment using Azure Monitor and Log Analytics -> Set up alerts and notifications for critical events or performance issues -> Implement a patch management strategy to ensure OS and application updates https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/scenarios/wvd/eslz-management-and-monitoring https://learn.microsoft.com/en-us/training/paths/monitor-maintain-azure-virtual-desktop-infrastructure/ https://learn.microsoft.com/en-us/azure/virtual-desktop/insights https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/scenarios/wvd/manage https://learn.microsoft.com/en-us/azure/virtual-desktop/security-guide https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/scenarios/wvd/eslz-security-governance-and-compliance https://learn.microsoft.com/en-us/azure/virtual-desktop/diagnostics-log-analytics https://github.com/tomwechsler/Azure_Virtual_Desktop/blob/main/Scripte/WVD_Log_Analytics_KQL.ps1 Plan for disaster recovery and business continuity: -> Design a backup and recovery strategy for user profiles, applications, and data -> Implement redundancy and failover solutions for critical components -> Test disaster recovery procedures and update them as needed https://learn.microsoft.com/en-us/azure/virtual-desktop/disaster-recovery https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/scenarios/wvd/eslz-business-continuity-and-disaster-recovery https://learn.microsoft.com/en-us/azure/virtual-desktop/disaster-recovery-concepts https://learn.microsoft.com/en-us/azure/architecture/example-scenario/wvd/azure-virtual-desktop-multi-region-bcdr Once you have successfully worked through the planning, it is time to prepare the implmentation. Again, take enough time to work through the various items. This way, you are well on your way to successfully deploying an Azure Virtual Desktop infrastructure. Prepare for implementation: -> Create a detailed project plan with timelines and milestones -> Assign roles and responsibilities to team members -> Develop a testing and validation plan to ensure the infrastructure meets objectives and requirements https://learn.microsoft.com/en-us/azure/virtual-desktop/getting-started-feature https://azure.microsoft.com/en-us/resources/get-step-by-step-guidance-to-quickly-deploy-azure-virtual-desktop/ Execute deployment and migration: -> Deploy the Azure Virtual Desktop infrastructure according to the project plan -> Migrate user profiles, applications, and data as needed -> Test connectivity, performance, and functionality to ensure a successful migration https://azure.microsoft.com/en-us/resources/get-step-by-step-guidance-to-quickly-deploy-azure-virtual-desktop/ https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/scenarios/wvd/eslz-platform-automation-and-devops Conduct user training and support: -> Develop training materials and resources to familiarize end-users with the new environment -> Conduct training sessions for end-users and provide ongoing support -> Establish a helpdesk or support process to address user issues and concerns https://learn.microsoft.com/en-us/azure/virtual-desktop/users/ https://azure.microsoft.com/en-us/support https://learn.microsoft.com/en-us/training/modules/m365-wvd-intro/ Monitor, manage, and optimize the environment: -> Continuously monitor the Azure Virtual Desktop infrastructure for performance, availability, and security -> Address any issues or concerns that arise during daily operations -> Periodically review and optimize resources, costs, and configurations to improve the overall user experience https://learn.microsoft.com/en-us/azure/virtual-desktop/disaster-recovery-concepts https://learn.microsoft.com/en-us/azure/virtual-desktop/security-guide https://learn.microsoft.com/en-us/security/benchmark/azure/baselines/azure-virtual-desktop-security-baseline It is absolutely clear to me that this is not an exhaustive list. However, I hope that this information will help you as a basis/start to successfully build an Azure Virtual Desktop infrastructure. Thank you for taking the time to read this article. Best regards, Tom Wechsler P.S. All scripts (#PowerShell, Azure CLI, #Terraform, #ARM) that I use can be found on github! https://github.com/tomwechslerAzure Virtual Desktop (AVD) | Scaling plans and Autoscaling
Just notice that I have a new tab under my AVD Portal for Scaling Plan. Before I just explore it, I checked Microsoft DOCs to understand the new feature and see how I can enable it, but I didn't find any relevant info even when I google it I end up with the same result... did I stop here.. Absolutely not, created a temp host pool and followed the wizard to enable and configure the new feature and here is my test result AVD Scaling plans Autoscaling is a demanded feature and has been waiting for so long, we used to automatically scale host sessions using PowerShell scripts and Azure Automation, but it was long and complicated procedures involving a lot of components, Now with AVD Scaling plans you can define ramp-up hours, peak hours, ramp-down hours, and off-peak hours for weekdays and specify autoscaling triggers. but you can only add one schedule per day and a Scaling plan must include an associated schedule for at least one day of the week. Requirements Create a Custom RBAC role Assign the custom role to Windows Virtual Desktop App Create a Custom RBAC role Open a subscription or resource group Click on Access control (IAM) Click on Add Custom role Click on JSON Tab Click on Edit Tab Past the following JSON template { "properties": { "roleName": "Autoscale", "description": "Friendly description.", "assignableScopes": [ "/subscriptions/<SubscriptionID>" ], "permissions": [ { "actions": [ "Microsoft.Insights/eventtypes/values/read", "Microsoft.Compute/virtualMachines/deallocate/action", "Microsoft.Compute/virtualMachines/restart/action", "Microsoft.Compute/virtualMachines/powerOff/action", "Microsoft.Compute/virtualMachines/start/action", "Microsoft.Compute/virtualMachines/read", "Microsoft.DesktopVirtualization/hostpools/read", "Microsoft.DesktopVirtualization/hostpools/write", "Microsoft.DesktopVirtualization/hostpools/sessionhosts/read", "Microsoft.DesktopVirtualization/hostpools/sessionhosts/write", "Microsoft.DesktopVirtualization/hostpools/sessionhosts/usersessions/delete", "Microsoft.DesktopVirtualization/hostpools/sessionhosts/usersessions/read", "Microsoft.DesktopVirtualization/hostpools/sessionhosts/usersessions/sendMessage/action", "Microsoft.DesktopVirtualization/hostpools/sessionhosts/usersessions/read" ], "notActions": [], "dataActions": [], "notDataActions": [] } ] } } Change <SubscriptionID> with your SubscriptionID Save the template Click Review + Create. Last, Click Create. Assign the custom role to Windows Virtual Desktop App: Open a subscription or resource group Click on Access control (IAM) Select Add role assignments. Select the role you just created (AutoScale) Next, Click on Select members In the search bar, enter and select Windows Virtual Desktop, as shown in the following screenshot. Last, Click Review + Assign. Create a scaling plan As usual, we have to select Subscription, Resource Group, Name, and Location for the new resource. Time Zone is important as the whole Autoscaling activity will be triggered and executed to Start/Stop host sessions based on the time zone you select here. Next, you have to add a new Schedule and specify the Repeats on Start time: you have to Enter a start time for the scaling plan, the specified time will be also the end time for off-peak hours. Load-balancing algorithm: as you are going to use Autoscaling so the Depth-first load balancing option would be more relevant to your needs as its distributing the new user sessions to the available session host with the highest number of connections but has not reached its maximum session limit threshold which leads to minimizing the number of powered host sessions. Minimum percentage of session hosts: Specify the minimum percentage of session hosts to start for ramp-up and peak hours, the percentage is based on the total number of session hosts in your host pool, so if the host pool includes 10 VMs and the percentage is 20% as in the above image, autoscale will ensure a minimum of 2 session host is available to take user connections. Capacity threshold (%): This percentage evaluates whether to turn on/off VMs during the ramp-up and peak hours. So if your total host pool capacity is 100 sessions, and you specify a 60% Capacity threshold, once you exceed it, then autoscale will turn on additional session hosts. As you can see the below step is almost the same as the previous one, so just to clarify the difference: Peak hours and Ramp-up: Usually, every application has its own peak hours where concurrent users tend to increase slowly before the start of peak time. same for AVD users start getting in slowing to the host sessions and at a specific time most of the users will start hitting the services (this is the peak hour) Start time: Enter a start time for the scaling plan to reduce the number of virtual machines prior to the off-peak or non-business hours. This is also the end time for peak hours. Load-balancing algorithm: as you are going to use Autoscaling so the Depth-first load balancing option would be more relevant to your needs as its distributing the new user sessions to the available session host with the highest number of connections but has not reached its maximum session limit threshold which leads to minimizing the number of powered host sessions. Minimum percentage of session hosts: Specify the minimum percentage of session hosts to start for ramp-down and off-peak hours, the percentage is based on the total number of session hosts in your host pool, so if the host pool includes 10 VMs and the percentage is 10% as in the below image, autoscale will ensure a minimum of 1 session host is available to take user connections. Capacity threshold (%): This percentage evaluates whether to turn on/off VMs during the ramp-down and off-peak hours. So if your total host pool capacity is 100 sessions, and you specify a 90% Capacity threshold, once you exceed it, then autoscale will turn on additional session hosts. Delay time before logging out users and shutting down VMs (min): This option will set the session host VMs to drain mode, notify any currently signed-in users to save their work, and wait the configured amount of time before forcing the users to log off. Once all user sessions on the session host VM have been logged off, Autoscale will shut down the VM. Notification message: As shown in the above image you can set your message to be pushed for your end-users to log off. Start time (24-hour system): This is the start time for off-peak or non-business hours. This is also the end time for ramp-down. Then Create.. In the next step, we have to assign the host pool that we will apply this schedule on, scaling plan can be assigned to any number of host pools. Review and Create.. --- Testing And Validation After a few minutes of creating the scaling plan.. Jump to the running AVD virtual machine and check the activity log, you should get an activity stating that the VM was started and this event initiated by WindowsVirtal Desktop App.Azure Virtual Desktop in the "cloud only" variant and what to look for after initial deployment!
Dear Azure Virtual Desktop friends, Imagine the following Szeanrio. You have decided to build Azure Virtual Desktop in the cloud only variant. With all the pros and cons. You have decided to set up a first test environment. Of course, all necessary licenses are also available! The provisioning of resources in Azure is done. For the DAG (Desktop Application Group), you have added a group from Azure Active Directory. There are two persons in this group. You start the Remote Desktop Client and log in as a user who exists in this group (as seen before). Double click on SessionDesktop and you will get an error message. Sorry, this is in German! The login attempt has failed! Why does the connection not work? The group has been added to the DAG what is still missing? What is missing now are the infrastructure permissions. What is not quite obvious, but unfortunately often forgotten. But one after the other. 1. If the host you are using to connect is not Azure AD Joined in the same tenant, the Advanced RDP settings must be extended. With the following value: targetisaadjoined:i:1 Next, other permissions need to be set up. I like to use the resources group for this. You can of course also set this up on the subscription. The following permissions are required: Desktop Virtualization Application Group Reader and Virtual Machine User Login Now back to the Remote Desktop Client and voila, the connection to the session host is now working. I hope this information helps you and you can successfully build an Azure Virtual Desktop "cloud only" infrastructure. The example here is of course not a finished setup, there are still apps, profiles, etc. missing. But it should help you get started. Thank you for taking the time to read the article. Best regards, Tom Wechsler P.S. All scripts (#PowerShell, Azure CLI, #Terraform, #ARM) that I use can be found on github! https://github.com/tomwechslerAzure Virtual Desktop and Azure AD Join with Enroll VM in Intune - possible pitfall!
Dear Azure Virtual Desktop friends, If you want to set up Azure Virtual Desktop infrastructure in Azure and you have chosen Azure AD Join and with Enroll VM with Intune, you may get the following error message: -------------------- [{"code":"VMExtensionProvisioningError","message":"VM has reported a failure when processing extension 'AADLoginForWindows'. Error message: \"AAD Join failed with status code: -2145648509. AzureSecureVMJoinOperation: DeviceEnroller::AzureSecureVMEnroll failed 0x801c0083.\"\r\n\r\nMore information on troubleshooting is available at https://aka.ms/vmextensionwindowstroubleshoot "}]} -------------------- This could possibly be because you have reached the limit for adding devices to Intune. You can find this information in the Intune Admincenter and increase the value. Either edit the default settings or set up a new Restriction policy. I realize it's not super, great, extra news, but I ran into these limitations during a deployment and the hints weren't necessarily obvious. Thank you for taking the time to read the article. Best regards, Tom Wechsler P.S. All scripts (#PowerShell, Azure CLI, #Terraform, #ARM) that I use can be found on github! https://github.com/tomwechsler
Digital event: Azure Virtual Desktop Master Class on January 25
Join us for the upcoming Azure Virtual Desktop digital event Learn best practices for delivering secure remote work experiences with Azure Virtual Desktop. Hear the latest product updates and virtual desktop infrastructure (VDI) optimization tips from Microsoft experts, partners, and community leaders. Join us at this free digital event to: Explore technical deep dives covering the newest Azure Virtual Desktop features. Learn how to deploy, optimize, and manage Azure Virtual Desktop at scale. Get tips for optimizing the costs of your Azure Virtual Desktop environment. Find out how to apply Azure security practices for desktop virtualization. Discover strategies for migrating your Remote Desktop Services, Citrix, and VMware VDI from on-premises to Azure. Delivered in partnership with Intel. https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Finfo.microsoft.com%2Fww-azure-virtual-desktop-master-class.html%3Focid%3DAID3043608_QSG_564862&data=04%7C01%7Cv-sszymanski%40microsoft.com%7C6edec46981d249898c5d08d9b9b885d8%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637745024452696708%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=B5h77JWkrCE17IxU3Z8vJ2XQexuZ639dgAhhEB63c%2BE%3D&reserved=0 Azure Virtual Desktop Master Class Tuesday, January 25, 2022 9:00 AM–12:00 PM Pacific Time
