Azure Virtual Desktop (AVD) | Scaling plans and Autoscaling
Just notice that I have a new tab under my AVD Portal for Scaling Plan. Before I just explore it, I checked Microsoft DOCs to understand the new feature and see how I can enable it, but I didn't find any relevant info even when I google it I end up with the same result... did I stop here.. Absolutely not, created a temp host pool and followed the wizard to enable and configure the new feature and here is my test result AVD Scaling plans Autoscaling is a demanded feature and has been waiting for so long, we used to automatically scale host sessions using PowerShell scripts and Azure Automation, but it was long and complicated procedures involving a lot of components, Now with AVD Scaling plans you can define ramp-up hours, peak hours, ramp-down hours, and off-peak hours for weekdays and specify autoscaling triggers. but you can only add one schedule per day and a Scaling plan must include an associated schedule for at least one day of the week. Requirements Create a Custom RBAC role Assign the custom role to Windows Virtual Desktop App Create a Custom RBAC role Open a subscription or resource group Click on Access control (IAM) Click on Add Custom role Click on JSON Tab Click on Edit Tab Past the following JSON template { "properties": { "roleName": "Autoscale", "description": "Friendly description.", "assignableScopes": [ "/subscriptions/<SubscriptionID>" ], "permissions": [ { "actions": [ "Microsoft.Insights/eventtypes/values/read", "Microsoft.Compute/virtualMachines/deallocate/action", "Microsoft.Compute/virtualMachines/restart/action", "Microsoft.Compute/virtualMachines/powerOff/action", "Microsoft.Compute/virtualMachines/start/action", "Microsoft.Compute/virtualMachines/read", "Microsoft.DesktopVirtualization/hostpools/read", "Microsoft.DesktopVirtualization/hostpools/write", "Microsoft.DesktopVirtualization/hostpools/sessionhosts/read", "Microsoft.DesktopVirtualization/hostpools/sessionhosts/write", "Microsoft.DesktopVirtualization/hostpools/sessionhosts/usersessions/delete", "Microsoft.DesktopVirtualization/hostpools/sessionhosts/usersessions/read", "Microsoft.DesktopVirtualization/hostpools/sessionhosts/usersessions/sendMessage/action", "Microsoft.DesktopVirtualization/hostpools/sessionhosts/usersessions/read" ], "notActions": [], "dataActions": [], "notDataActions": [] } ] } } Change <SubscriptionID> with your SubscriptionID Save the template Click Review + Create. Last, Click Create. Assign the custom role to Windows Virtual Desktop App: Open a subscription or resource group Click on Access control (IAM) Select Add role assignments. Select the role you just created (AutoScale) Next, Click on Select members In the search bar, enter and select Windows Virtual Desktop, as shown in the following screenshot. Last, Click Review + Assign. Create a scaling plan As usual, we have to select Subscription, Resource Group, Name, and Location for the new resource. Time Zone is important as the whole Autoscaling activity will be triggered and executed to Start/Stop host sessions based on the time zone you select here. Next, you have to add a new Schedule and specify the Repeats on Start time: you have to Enter a start time for the scaling plan, the specified time will be also the end time for off-peak hours. Load-balancing algorithm: as you are going to use Autoscaling so the Depth-first load balancing option would be more relevant to your needs as its distributing the new user sessions to the available session host with the highest number of connections but has not reached its maximum session limit threshold which leads to minimizing the number of powered host sessions. Minimum percentage of session hosts: Specify the minimum percentage of session hosts to start for ramp-up and peak hours, the percentage is based on the total number of session hosts in your host pool, so if the host pool includes 10 VMs and the percentage is 20% as in the above image, autoscale will ensure a minimum of 2 session host is available to take user connections. Capacity threshold (%): This percentage evaluates whether to turn on/off VMs during the ramp-up and peak hours. So if your total host pool capacity is 100 sessions, and you specify a 60% Capacity threshold, once you exceed it, then autoscale will turn on additional session hosts. As you can see the below step is almost the same as the previous one, so just to clarify the difference: Peak hours and Ramp-up: Usually, every application has its own peak hours where concurrent users tend to increase slowly before the start of peak time. same for AVD users start getting in slowing to the host sessions and at a specific time most of the users will start hitting the services (this is the peak hour) Start time: Enter a start time for the scaling plan to reduce the number of virtual machines prior to the off-peak or non-business hours. This is also the end time for peak hours. Load-balancing algorithm: as you are going to use Autoscaling so the Depth-first load balancing option would be more relevant to your needs as its distributing the new user sessions to the available session host with the highest number of connections but has not reached its maximum session limit threshold which leads to minimizing the number of powered host sessions. Minimum percentage of session hosts: Specify the minimum percentage of session hosts to start for ramp-down and off-peak hours, the percentage is based on the total number of session hosts in your host pool, so if the host pool includes 10 VMs and the percentage is 10% as in the below image, autoscale will ensure a minimum of 1 session host is available to take user connections. Capacity threshold (%): This percentage evaluates whether to turn on/off VMs during the ramp-down and off-peak hours. So if your total host pool capacity is 100 sessions, and you specify a 90% Capacity threshold, once you exceed it, then autoscale will turn on additional session hosts. Delay time before logging out users and shutting down VMs (min): This option will set the session host VMs to drain mode, notify any currently signed-in users to save their work, and wait the configured amount of time before forcing the users to log off. Once all user sessions on the session host VM have been logged off, Autoscale will shut down the VM. Notification message: As shown in the above image you can set your message to be pushed for your end-users to log off. Start time (24-hour system): This is the start time for off-peak or non-business hours. This is also the end time for ramp-down. Then Create.. In the next step, we have to assign the host pool that we will apply this schedule on, scaling plan can be assigned to any number of host pools. Review and Create.. --- Testing And Validation After a few minutes of creating the scaling plan.. Jump to the running AVD virtual machine and check the activity log, you should get an activity stating that the VM was started and this event initiated by WindowsVirtal Desktop App.
Azure Virtual Desktop deployment error: resource write operation failed to complete successfully
I have tried to deploy Azure Virtual Desktop several times and it has failed every time, with the same error message: "write operation failed to complete successfully, because it reached terminal provisioning state 'Failed'." Details: "The resource write operation failed to complete successfully, because it reached terminal provisioning state 'Failed'. (Code: ResourceDeploymentFailure, Target: /subscriptions/b38d7f27-415a-4877-a594-ff5e4877c8d3/resourceGroups/AVD-Resource-Group-Prefix-deployment/providers/Microsoft.Resources/deployments/easy-button-inputvalidation-job-linked-template)" I've tried using my work/Microsoft 365 Account, and using two different personal accounts, I thought the issue could be billing related, but even when there is $200 in available credit in a new/trial account, it still happens. I've seen suggested elsewhere that this may be due to Azure Policy restrictions, but there are none, at least no non-default policies, and if the default policies restrict creation of Azure Virtual Desktop environments, that should be changed, and at minimum, users/admins should be informed if that is what is preventing them from being deployed, and be given the option to change them. The bottom line is that this is absurd that Azure Virtual Desktop fails by default for multiple accounts, and it needs to be fixed, even if my personal deployment issue can be resolved by jumping through hoops. Please, let me know what hoops I need to jump through to get this to work for now.
How to calculate concurrent users count in Azure Virtual Desktop
Hi, We are using AVD and used Log Analytics to monitor the sessions host and complete AVD environment. Recently we had a requirement to see the Concurrent users count for the respective workspace. I don't see such option available out of the box, Can you guys help me how to get the same. Thank you in Advance!Azure Virtual Desktop Consent Page for new web client
I think there is a concern with the new Web Client URLs. I thought to discuss this point here to give more clarity. Update: The new web client URL works fine with all the browsers and gives the same experience as the previous web client URLs. I can't reproduce the below explained different experiences anymore. I think the issue was already there in the first screenshot below. It seems I used the wrong URL or it got redirected to the wrong web client URL. It seems there is consent required for new client URLs only if you access them from the Microsoft Edge browser where you logged in to your personal profile. This is also applicable to all the other browsers if your work account doesn't appropriate license. I have tested with Firefox and other browsers and the new web client URL just works just fine if the user account is assigned with the correct licenses and of course, the user is already logged with the current AVD web client URLs. The following was the previous experience with web client URL when I tried to log in from Microsoft Edge Personal profile login and for the work profiles where you don't have the appropriate license to access AVD. The change in the end-user experience with the new URL is going to create some confusion within the AVD community. Overall consent message is going to create a lot of confusion for the end-users and IT admins because this was not the experience previously used AVD web client URLs. If you don't have appropriate permissions on Azure AD, then this is going to create some delays in the transition process to new AVD URLs. ===== Select consent option Select "Server App" to give the consent to the back-end web app to a specific tenant Select "Client App" to give the consent to the front end client app to a specific tenant Please note that if you choose to consent to "Client App" only, then the user will need to consent at every sign-in. Also, allow 30 seconds delay between consenting "Server" and "Client" apps so that the changes are propagated in Azure. Consent Option: AAD Tenant GUID or Name: There are some specific Windows Keyboard shortcuts for Virtual Desktops. The keyboard shortcuts for virtual desktops (AVD) are a bit different from the normal keyboard shortcuts. You can use either SCCM (latest 2203) or Intune to manage AVD VMs (including multi-session). I would prefer the modern management with Intune and if your physical devices are Azure AD joined then AVD VMs should also be Azure AD Joined instead of Hybrid Azure AD. Managing AVDs with SCCM is useful if you already have an SCCM infra in place and you know how to read SCCM Logs 🙂 You can move AVDs slowly into Co-Management or Cloud Attach in a phased approach later.
Azure Virtual Desktop Specialty certification is here!
2019 was declared the year of VDI, 2020 was the year of Cloud and I think that 2021 will be the year of Azure Virtual Desktop, bringing VDI and the Cloud together…and the long wait is over! The Azure Virtual Desktop Specialty certification is now generally available. So lets take a few minutes to chat about WVD and why the Exam AZ-140: Configuring and Operating Microsoft Azure Virtual Desktop is something you should be interested in! What is Azure Virtual Desktop? Azure Virtual Desktop is Microsoft Azure’s VDI PaaS solution that enables you to provide remote applications and/or full desktops in the cloud. One of the strongest points of WVD is Windows 10 Multi-session which combines the functionality of a traditional windows remote desktop server with the windows client experience, giving you the best of both worlds. This combined with the FSLogix User Profile software is an amazing solution that will allow your users to work from home or remote locations securely without needing all the traditional heavy infrastructure. Why should you bother taking the Exam AZ-140? Like with all certifications it is a measure of your ability to complete a task, demonstrate your knowledge, improve your resume, get your next dream job, make more money, feel accomplished and empowered and of course bragging rights! What does the exam cover? The Exam AZ-140 will test all your Azure skills across five (5) key areas. Planning your Azure Virtual Desktop Architecture Implementing your Azure Virtual Desktop Infrastructure Manage Access and Security Manage User Environment and Apps Monitor and maintain your Azure Virtual Desktop Infrastructure. Who should be ready to take the exam? Those looking to get this certification should have a general expertise across The Azure Virtual Desktop stack along with Azure administration and architecture expertise including but not limited to: Azure Active Directory, Active Directory Domains, Group policy, Identity Security, Networking, DNS, Network Security, Endpoint Protection, Azure Virtual Machines, Mobile Device Management, Printing, Azure Monitor, FSLogix User Profiles Azure Storage solutions, client-side security, Automation Disaster Recovery, and VM Imaging. Now this may seem like a lot…and it is, but we’ve got you covered! The Azure Academy: Your training begins with my https://www.youtube.com/AzureAcademy/, where I have a https://www.youtube.com/watch?v=DZNc1DQxEEA&list=PL-V4YVm6AmwW1DBM25pwWYd1Lxs84ILZT This series was developed to match the requirements and is broken down into two (2) sections. The first eleven (11) Learning videos and twelve through twenty (12-20) Implementation videos. This way you can zero in on the specific areas you need to understand and practice building so you are ready for anything the exam can through at you! What The Hack: But the fun doesn’t stop there. My team, FastTrack for Azure, has led an effort across Microsoft’s WVD experts including Cloud Solution Architects, Global Black Belts, Customer Engineers and Consultants to put together materials to help you prep for the exam which can be found on the public GitHub repo https://github.com/microsoft/WhatTheHack/tree/master/037-WindowsVirtualDesktop A Hack is a challenge-based approach to learning. This format is intended to be led by a coach who will help guide the students as they progress through the challenges. This can be done on your own or with a small group to think through things as you would in designing a real-world solution. In this Hack you will find twelve (12) challenges which align with the video series to help you through each section to dive a little deeper into the scenarios and build the solutions, giving you the skills, you need to take the exam with confidence. This gives you the flexibility to use the videos as your coach or work with a WVD expert to coach you and your team through the process. What’s Next? “I can only show you the door, you are the one who must walk through it.” - Morpheus We have created the resources; Microsoft created the certification…it’s up to you now! Start down your learning path or if you are ready schedule your exam. If you need help drop a comment here or on one of my videos and we will all do our best to answer your questions. Also drop me a comment when you pass your exam, I love to hear your success stories and suggestions. Thanks for taking a few minutes out of your day to read this blog post…and good luck and all the success in the world to you in the year of Azure Virtual Desktop #HappyLearning Dean Cefola FastTrack for Azure Principal Engineer Azure Academy creatorAzure Virtual Desktop planning - a little guide (please don't underestimate planning)!
Dear Azure Virtual Desktop friends, Again and again I encounter Azure Virtual Desktop infrastructures that were obviously poorly planned. Not only is performance poor, but security has been neglected and scalability is simply not possible. With such infrastructures, it is then simply impossible to get everything up and running again with a few adjustments. For this reason, I have tried to create a possible planning guide in this article. Let's start with the following points: Define objectives and requirements: -> Determine the purpose of the Azure Virtual Desktop infrastructure -> Identify the applications and resources required for end-users -> Establish performance, availability, and security goals -> Assess network connectivity and bandwidth requirements https://learn.microsoft.com/en-us/azure/architecture/example-scenario/wvd/windows-virtual-desktop https://learn.microsoft.com/en-us/training/modules/azure-virtual-desktop-architecture/3-azure-virtual-desktop-components https://azure.microsoft.com/en-us/products/virtual-desktop/assessment/ https://learn.microsoft.com/en-us/azure/architecture/example-scenario/wvd/windows-virtual-desktop Assess existing infrastructure: -> Evaluate current on-premises infrastructure and applications -> Identify any potential compatibility issues or bottlenecks -> Determine if any applications or services need to be migrated to Azure https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/scenarios/wvd/migrate-assess https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/scenarios/wvd/migrate-deploy https://learn.microsoft.com/en-us/azure/virtual-desktop/proxy-server-support https://learn.microsoft.com/en-us/azure/virtual-desktop/data-locations Choose a deployment model: -> Decide between a pooled or personal host pool -> Determine the appropriate operating system (e.g., Windows 10 or Windows Server) -> Select the necessary virtual machine sizes and configurations https://learn.microsoft.com/en-us/training/modules/azure-virtual-desktop-architecture/4-personal-pooled-desktops https://learn.microsoft.com/en-us/training/modules/design-azure-virtual-desktop-architecture/4-recommend-operate-system-azure-virtual-desktop-implementation https://learn.microsoft.com/en-us/azure/virtual-desktop/host-pool-load-balancing https://learn.microsoft.com/en-us/windows-server/remote/remote-desktop-services/virtual-machine-recs https://learn.microsoft.com/en-us/training/modules/azure-virtual-desktop-architecture/6-azure-limitations-for-azure-virtual-desktop Design network connectivity: -> Configure virtual networks and subnets within Azure -> Set up VPN or ExpressRoute for hybrid connectivity (if required) -> Implement network security groups and firewall rules to restrict traffic -> Plan for load balancing and traffic management https://learn.microsoft.com/en-us/azure/virtual-desktop/network-connectivity https://learn.microsoft.com/en-us/windows-server/remote/remote-desktop-services/network-guidance https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/scenarios/wvd/eslz-network-topology-and-connectivity https://learn.microsoft.com/en-us/azure/firewall/protect-azure-virtual-desktop https://learn.microsoft.com/en-us/azure/virtual-desktop/rdp-bandwidth Plan for user profiles and data storage: -> Choose between FSLogix, Azure Files, or other profile management solutions -> Determine storage requirements and configure file shares -> Implement data backup and recovery strategies https://learn.microsoft.com/en-us/fslogix/how-to-install-fslogix https://learn.microsoft.com/en-us/fslogix/tutorial-configure-profile-containers https://learn.microsoft.com/en-us/fslogix/tutorial-configure-odfc-containers https://learn.microsoft.com/en-us/azure/virtual-desktop/store-fslogix-profile https://learn.microsoft.com/en-us/azure/virtual-desktop/fslogix-containers-azure-files https://learn.microsoft.com/en-us/azure/storage/files/storage-files-identity-auth-active-directory-enable https://learn.microsoft.com/en-us/azure/storage/files/storage-files-identity-ad-ds-update-password Design application delivery: -> Decide on the application delivery method (e.g., RemoteApp, MSIx App Attach) -> Package and test applications for compatibility -> Set up application groups and assign them to appropriate users or user groups -> Implement application lifecycle management and updates https://learn.microsoft.com/en-us/azure/virtual-desktop/remote-app-streaming/overview https://learn.microsoft.com/en-us/training/paths/m365-wvd/ https://learn.microsoft.com/en-us/azure/virtual-desktop/remote-app-streaming/custom-apps https://learn.microsoft.com/en-us/azure/virtual-desktop/install-office-on-wvd-master-image https://learn.microsoft.com/en-us/azure/virtual-desktop/teams-on-avd https://learn.microsoft.com/en-us/azure/virtual-desktop/language-packs https://learn.microsoft.com/en-us/windows/msix/overview https://learn.microsoft.com/en-us/azure/virtual-desktop/what-is-app-attach https://learn.microsoft.com/en-us/windows/msix/packaging-tool/create-app-package Plan for identity and access management: -> Integrate Azure Active Directory (AD) for user authentication and authorization -> Configure Multi-Factor Authentication (MFA) for added security -> Set up role-based access control (RBAC) to manage user permissions https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/scenarios/wvd/eslz-identity-and-access-management https://learn.microsoft.com/en-us/azure/active-directory-domain-services/compare-identity-solutions https://learn.microsoft.com/en-us/azure/architecture/example-scenario/wvd/azure-virtual-desktop-azure-active-directory-join Estimate costs and optimize resources: -> Calculate the expected infrastructure costs based on VM sizes, storage, and network usage -> Evaluate licensing requirements for Azure Virtual Desktop and other services -> Implement cost management and optimization strategies, such as auto-scaling and reserved instances https://learn.microsoft.com/en-us/azure/virtual-desktop/prerequisites https://learn.microsoft.com/en-us/azure/virtual-desktop/remote-app-streaming/total-costs https://azure.microsoft.com/en-us/pricing/details/virtual-desktop/ https://azure.microsoft.com/de-de/pricing/reserved-vm-instances/ https://learn.microsoft.com/en-us/azure/virtual-machines/windows/hybrid-use-benefit-licensing Develop a monitoring and management strategy: -> Monitor the performance and health of the Azure Virtual Desktop environment using Azure Monitor and Log Analytics -> Set up alerts and notifications for critical events or performance issues -> Implement a patch management strategy to ensure OS and application updates https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/scenarios/wvd/eslz-management-and-monitoring https://learn.microsoft.com/en-us/training/paths/monitor-maintain-azure-virtual-desktop-infrastructure/ https://learn.microsoft.com/en-us/azure/virtual-desktop/insights https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/scenarios/wvd/manage https://learn.microsoft.com/en-us/azure/virtual-desktop/security-guide https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/scenarios/wvd/eslz-security-governance-and-compliance https://learn.microsoft.com/en-us/azure/virtual-desktop/diagnostics-log-analytics https://github.com/tomwechsler/Azure_Virtual_Desktop/blob/main/Scripte/WVD_Log_Analytics_KQL.ps1 Plan for disaster recovery and business continuity: -> Design a backup and recovery strategy for user profiles, applications, and data -> Implement redundancy and failover solutions for critical components -> Test disaster recovery procedures and update them as needed https://learn.microsoft.com/en-us/azure/virtual-desktop/disaster-recovery https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/scenarios/wvd/eslz-business-continuity-and-disaster-recovery https://learn.microsoft.com/en-us/azure/virtual-desktop/disaster-recovery-concepts https://learn.microsoft.com/en-us/azure/architecture/example-scenario/wvd/azure-virtual-desktop-multi-region-bcdr Once you have successfully worked through the planning, it is time to prepare the implmentation. Again, take enough time to work through the various items. This way, you are well on your way to successfully deploying an Azure Virtual Desktop infrastructure. Prepare for implementation: -> Create a detailed project plan with timelines and milestones -> Assign roles and responsibilities to team members -> Develop a testing and validation plan to ensure the infrastructure meets objectives and requirements https://learn.microsoft.com/en-us/azure/virtual-desktop/getting-started-feature https://azure.microsoft.com/en-us/resources/get-step-by-step-guidance-to-quickly-deploy-azure-virtual-desktop/ Execute deployment and migration: -> Deploy the Azure Virtual Desktop infrastructure according to the project plan -> Migrate user profiles, applications, and data as needed -> Test connectivity, performance, and functionality to ensure a successful migration https://azure.microsoft.com/en-us/resources/get-step-by-step-guidance-to-quickly-deploy-azure-virtual-desktop/ https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/scenarios/wvd/eslz-platform-automation-and-devops Conduct user training and support: -> Develop training materials and resources to familiarize end-users with the new environment -> Conduct training sessions for end-users and provide ongoing support -> Establish a helpdesk or support process to address user issues and concerns https://learn.microsoft.com/en-us/azure/virtual-desktop/users/ https://azure.microsoft.com/en-us/support https://learn.microsoft.com/en-us/training/modules/m365-wvd-intro/ Monitor, manage, and optimize the environment: -> Continuously monitor the Azure Virtual Desktop infrastructure for performance, availability, and security -> Address any issues or concerns that arise during daily operations -> Periodically review and optimize resources, costs, and configurations to improve the overall user experience https://learn.microsoft.com/en-us/azure/virtual-desktop/disaster-recovery-concepts https://learn.microsoft.com/en-us/azure/virtual-desktop/security-guide https://learn.microsoft.com/en-us/security/benchmark/azure/baselines/azure-virtual-desktop-security-baseline It is absolutely clear to me that this is not an exhaustive list. However, I hope that this information will help you as a basis/start to successfully build an Azure Virtual Desktop infrastructure. Thank you for taking the time to read this article. Best regards, Tom Wechsler P.S. All scripts (#PowerShell, Azure CLI, #Terraform, #ARM) that I use can be found on github! https://github.com/tomwechslerAzure Virtual Desktop and Azure AD Join with Enroll VM in Intune - possible pitfall!
Dear Azure Virtual Desktop friends, If you want to set up Azure Virtual Desktop infrastructure in Azure and you have chosen Azure AD Join and with Enroll VM with Intune, you may get the following error message: -------------------- [{"code":"VMExtensionProvisioningError","message":"VM has reported a failure when processing extension 'AADLoginForWindows'. Error message: \"AAD Join failed with status code: -2145648509. AzureSecureVMJoinOperation: DeviceEnroller::AzureSecureVMEnroll failed 0x801c0083.\"\r\n\r\nMore information on troubleshooting is available at https://aka.ms/vmextensionwindowstroubleshoot "}]} -------------------- This could possibly be because you have reached the limit for adding devices to Intune. You can find this information in the Intune Admincenter and increase the value. Either edit the default settings or set up a new Restriction policy. I realize it's not super, great, extra news, but I ran into these limitations during a deployment and the hints weren't necessarily obvious. Thank you for taking the time to read the article. Best regards, Tom Wechsler P.S. All scripts (#PowerShell, Azure CLI, #Terraform, #ARM) that I use can be found on github! https://github.com/tomwechsler
AAD joined AVD - SessionHost is not joined to a domain
So, ive been testing the ability to using AAD to 'domain join' AVD Hosts. Its not working for me. I get "Status - Unavailable" shown against the host. When I view the JSON I see - "healthCheckName": "DomainJoinedCheck", "healthCheckResult": "HealthCheckFailed", "additionalFailureDetails": { "message": "SessionHost unhealthy: SessionHost is not joined to a domain", "errorCode": -2147467259, During the deployment of the Host Pool the option is selected to join to AAD and also to enrol into Intune too. Ive gone through the deployment guide https://docs.microsoft.com/en-gb/azure/virtual-desktop/deploy-azure-ad-joined-vm , and also reviewed other guides from the community and cant see im missing anything in the step. Do you need AADDS for this to work? This is the key, and the big hype is that it will deploy to AAD, but some guides stating AZURE Virtual Desktop (so the new branding and I would assume the new features) mention AADDS too?!?!?!? Thank you PhilUpdate to Microsoft Desktop Virtualization API v. 2023-09-05 by August 2, 2024 to avoid any impact
[Recommended actions updated on July 29, 2024] WARNING! Be mindful when using secrets in deployment templates and follow Azure best practices when managing secrets. Our examples in this discussion post are to be used for educational purposes only. Older Microsoft Desktop Virtualization API version(s) utilized for your Azure Virtual Desktop host pool resource will no longer support ‘get’ actions for registration token retrieval as of August 2nd, 2024. The affected API versions are as follows: 2019-01-23-preview 2019-09-24-preview 2019-12-10-preview 2020-09-21-preview 2020-11-02-preview 2020-11-10-preview 2021-01-14-preview On August 2nd, 2024, these affected API versions will no longer support the retrieval of the registration token. Users on older versions will not be able to use the 'get' action to retrieve the token. However, with the newer versions, there are two ways for customers to retrieve registration tokens moving forward: [Recommended] Using list* resource functions: Microsoft.DesktopVirtualization/hostpools resources now expose a listRegistrationTokens() function. This works if you already have valid registration tokens on your host pool and you want to retrieve them from an existing host pool. Using a 'post' action to securely retrieve the token AZ CLI: az desktopvirtualization hostpool retrieve-registration-token - az desktopvirtualization hostpool | Microsoft Learn REST: Host Pools - Retrieve Registration Token - REST API (Azure Desktop Virtualization) | Microsoft Learn AZ PowerShell: Get-AzWvdHostPoolRegistrationToken (Az.DesktopVirtualization) | Microsoft Learn Action Required Review any workflows you may have that rely on readers retrieving access tokens and update them to extract the registration tokens for a host pool in a new way. Ensure you are using up to date versions of the Microsoft Desktop Virtualization API. To take action, here are examples of how to extract the registration tokens for a host pool and update to the 2023-09-05 API version using Bicep and ARM templates. WARNING! Be mindful when using secrets in deployment templates and follow Azure best practices when managing secrets. Our examples in this discussion post are to be used for educational purposes only. [Recommended] Take action using list* resource functions This solution works if you already have valid registration tokens on your host pool and you want to retrieve them from an existing host pool. If you are using Bicep templates in your deployment: @sys.description('AVD Host Pool resource ID. (Default: )') param hostPoolResourceId string var varHostpoolSubId = split(hostPoolResourceId, '/')[2] var varHostpoolRgName = split(hostPoolResourceId, '/')[4] var varHostPoolName = split(hostPoolResourceId, '/')[8] // GET hostpool resource hostPoolGet 'Microsoft.DesktopVirtualization/hostPools@2023-09-05' existing = { name: varHostPoolName scope: resourceGroup('${varHostpoolSubId}', '${varHostpoolRgName}') } @sys.description('The registration token of the host pool. This is not secure! Only for educational/testing purposes. Please follow security practices @ https://learn.microsoft.com/en-us/azure/azure-resource-manager/bicep/scenarios-secrets ') output registrationToken array = hostPoolGet.listRegistrationTokens() If you are using ARM templates in your deployment: { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "1.0.0.0", "metadata": { "_generator": { "name": "bicep", "version": "0.28.1.47646", "templateHash": "2750874554099795062" } }, "parameters": { "hostPoolResourceId": { "type": "string", "metadata": { "description": "AVD Host Pool resource ID. (Default: )" } } }, "variables": { "varHostpoolSubId": "[split(parameters('hostPoolResourceId'), '/')[2]]", "varHostpoolRgName": "[split(parameters('hostPoolResourceId'), '/')[4]]", "varHostPoolName": "[split(parameters('hostPoolResourceId'), '/')[8]]" }, "resources": [], "outputs": { "registrationToken": { "type": "array", "metadata": { "description": "The registration token of the host pool. This is not secure! Only for educational/ testing purposes. Please follow security practices @ https://learn.microsoft.com/en-us/azure/azure-resource-manager/bicep/scenarios-secrets " }, "value": "[listRegistrationTokens(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', format('{0}', variables('varHostpoolSubId')), format('{0}', variables('varHostpoolRgName'))), 'Microsoft.DesktopVirtualization/hostPools', variables('varHostPoolName')), '2023-09-05')]" } } } Other ways to take action One alternative is to always (re)create your host pool, which in turn will re-generate registration tokens that can then be retrieved using the PUT operation. If you are using Bicep templates in your deployment... Use the retrieveToken.bicep module to retrieve the registration token from a host pool by using a PUT operation: @sys.description('Optional. Host Pool token validity length. Usage: \'PT8H\' - valid for 8 hours; \'P5D\' - valid for 5 days; \'P1Y\' - valid for 1 year. When not provided, the token will be valid for 8 hours.') param tokenValidityLength string = 'PT8H' @sys.description('Generated. Do not provide a value! This date value is used to generate a registration token.') param baseTime string = utcNow('u') param vLocation string param vHostPoolName string param vHostPoolType string param vPreferredAppGroupType string param vMaxSessionLimit int param vLoadBalancerType string resource hostPool 'Microsoft.DesktopVirtualization/hostPools@2023-09-05' = { name: vHostPoolName location: vLocation properties: { hostPoolType: vHostPoolType preferredAppGroupType: vPreferredAppGroupType maxSessionLimit: vMaxSessionLimit loadBalancerType: vLoadBalancerType registrationInfo: { expirationTime: dateTimeAdd(baseTime, tokenValidityLength) registrationTokenOperation: 'Update' } } } @sys.description('The registration token of the host pool.') output registrationToken string = reference(hostPool.id).registrationInfo.token Here's an example of using the retrieveToken.bicep module to extract the registration token: @sys.description('AVD Host Pool resource ID. (Default: )') param hostPoolResourceId string var varHostpoolSubId = split(hostPoolResourceId, '/')[2] var varHostpoolRgName = split(hostPoolResourceId, '/')[4] var varHostPoolName = split(hostPoolResourceId, '/')[8] // Call on the hostpool resource hostPoolGet 'Microsoft.DesktopVirtualization/hostPools@2023-09-05' existing = { name: varHostPoolName scope: resourceGroup('${varHostpoolSubId}', '${varHostpoolRgName}') } module hostPool 'retrieveToken.bicep' = { name: varHostPoolName scope: resourceGroup('${varHostpoolSubId}', '${varHostpoolRgName}') params: { vHostPoolName: varHostPoolName vMaxSessionLimit: hostPoolGet.properties.maxSessionLimit vPreferredAppGroupType: hostPoolGet.properties.preferredAppGroupType vHostPoolType: hostPoolGet.properties.hostPoolType vLoadBalancerType: hostPoolGet.properties.loadBalancerType vLocation: hostPoolGet.location } } @sys.description('The registration token of the host pool.') output registrationToken string = hostPool.outputs.registrationToken If you are using ARM templates in your deployment: { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "1.0.0.0", "metadata": { "_generator": { "name": "bicep", "version": "0.28.1.47646", "templateHash": "15215789985349638425" } }, "parameters": { "hostPoolName": { "type": "string" }, "location": { "type": "string" }, "baseTime": { "type": "string", "defaultValue": "[utcNow('u')]" } }, "variables": { "expirationTime": "[dateTimeAdd(parameters('baseTime'), 'PT1H1M')]" }, "resources": [ { "type": "Microsoft.DesktopVirtualization/hostPools", "apiVersion": "2023-09-05", "name": "[parameters('hostPoolName')]", "location": "[parameters('location')]", "properties": { "maxSessionLimit": 2, "hostPoolType": "Personal", "loadBalancerType": "Persistent", "preferredAppGroupType": "Desktop", "registrationInfo": { "expirationTime": "[variables('expirationTime')]", "registrationTokenOperation": "Update" } } } ], "outputs": { "token": { "type": "string", "value": "[reference(resourceId('Microsoft.DesktopVirtualization/hostPools', parameters('hostPoolName'))).registrationInfo.token]" } } } WARNING! Be mindful when using secrets in deployment templates and follow Azure best practices when managing secrets. Our examples in this discussion post are to be used for educational purposes only. Additional Support If you have any questions, comments, or concerns about this, please feel free to post a comment.Azure Virtual Desktop: The flexible cloud VDI platform for the hybrid workplace
When we launched Windows Virtual Desktop nearly two years ago, no one predicted a global pandemic would force millions of workers to leave the office and work from home. Organizations around the world migrated important apps and data to the cloud to gain business resilience and agility. And to support the newly remote workforce, many of you turned to Windows Virtual Desktop to give remote users a secure, easy to manage, productive personal computing experience with Windows 10 from the cloud. It has been humbling to work alongside you as you pivoted your operations to meet new challenges – from supporting frontline healthcare workers at NHS to engineers at Petrofac to educators and students. Going forward, organizations will need to support an evolving set of remote and hybrid work scenarios. To help our customers and partners meet these new hybrid work demands, we are expanding our vision to become a flexible cloud VDI platform for nearly any use case – accessible from virtually anywhere. A modern VDI platform needs to be secure, scalable, and easy to manage, while delivering a seamless, high-performance experience to end users. It should also empower organizations with the flexibility to customize and build solutions with its core technology. To support this broader vision and the changing needs of our customers, today we are announcing new capabilities, new pricing for app streaming, and changing the name of the Windows Virtual Desktop service to Azure Virtual Desktop. New platform capabilities for security and management We are continually adding new capabilities to the core Azure Virtual Desktop platform. Today we are also pleased to announce the public preview of new features that will help you onboard and better manage your Azure Virtual Desktop deployment. Enhanced support for Azure Active Directory (coming soon in public preview): Azure Active Directory is a critical service used by organizations around the world to manage user access to important apps and data and maintain strong security controls. We are pleased to announce that you’ll soon be able to join your Azure Virtual Desktop virtual machines directly to Azure Active Directory (AAD) and connect to the virtual machine from any device with basic credentials. You’ll also be able to automatically enroll the virtual machines with Microsoft Endpoint Manager. For certain scenarios, this will help eliminate the need for a domain controller, help reduce cost, and streamline your deployment. While this is a major milestone, it’s just the beginning of the journey towards full integration with Azure Active Directory. We will continue adding new capabilities such as support for single sign-on, additional credential types like FIDO2, and Azure Files for cloud users. Manage Windows 10 Enterprise multi-session VMs with Microsoft Endpoint Manager (available now in public preview) - Microsoft Endpoint Manager allows you to manage policies and distribute applications across devices. You can now enroll Windows 10 Enterprise multi-session Azure Virtual Desktop virtual machines in Microsoft Endpoint Manager and manage them in the Microsoft Endpoint Manager admin center the same way you manage shared physical devices. This simplifies management and provides a centralized view across both physical devices and virtual desktops. Read the Windows 10 Enterprise multi-session documentation to learn more. Deploy in minutes with new Quickstart experience (coming soon in public preview): We are pleased to offer a streamlined onboarding experience for Azure Virtual Desktop in the Azure portal. This new experience will validate requirements, kick off an automated deployment, and will also implement best practices. With only a few clicks, you can set up a full Azure Virtual Desktop environment in your Azure subscription. You will find this new experience under “Quickstart” in the Azure Virtual Desktop blade in the Azure portal. New pricing option for remote app streaming Many organizations are using Azure Virtual Desktop to stream apps to their own employees who are covered by existing license entitlements. But many organizations also want to use Azure Virtual Desktop to deliver applications “as-a-service” to customers and business partners as well. Today we are pleased to announce a monthly per-user access pricing option for organizations to use Azure Virtual Desktop to deliver apps from the cloud to external (non-employee) users. For example, this would enable software vendors to deliver their app as a SaaS solution that can be accessed by their customers. In addition to the monthly user price for Azure Virtual Desktop, organizations also pay for Azure infrastructure services based on usage. Here's what one ISV had to say about the new pricing option: “Sage is trusted by millions of customers worldwide to deliver innovative business solutions to manage finances, operations and people. Streaming applications with Azure Virtual Desktop makes it easy to streamline user access to our solutions on the Azure cloud for a great online customer experience.” James Westlake, Director of Product Management, Sage Try it during our promotional period The new per-user access pricing option will be effective on January 1, 2022. To help organizations get started now, we are pleased to offer a special promotion with no charge to access Azure Virtual Desktop for streaming first-party or third-party applications to external users. This promotion is effective from July 14, 2021 to December 31, 2021. Pricing for monthly user access rights effective on January 1, 2022 will be: $5.50 per user per month (Apps) $10 per user per month (Apps + Desktops) This promotion only applies to external user access rights. Organizations would continue to pay for the underlying Azure infrastructure. Organizations should continue to use existing Windows license entitlements, such as Microsoft 365 E3 or Windows E3 and higher, for app streaming to their employees. Visit our web page for more details. Expanding partner ecosystem As a cloud VDI platform, we work closely with our partners and empower them to build solutions that meet your needs. For example, Citrix and VMware provide desktop and app virtualization solutions that leverage the Azure Virtual Desktop platform capabilities, such as Windows 10 Enterprise multi-session, and allow you to maximize your existing investments and use the tools and solutions with which you are already familiar. We are also proud of our ecosystem of hundreds of partners who build custom solutions and provide technical consulting to help you deploy with confidence. Visit Azure Marketplace for more information on partner solutions, and Advanced Specialization page for certified deployment partners. Getting started My team and I look forward to partnering with you to take full advantage of our flexible VDI platform in the cloud and unlock new end user computing possibilities. We appreciate your ongoing support and welcome your feedback. Join us on our Tech Community to connect with my team and other customers and partners to share your feedback and suggestions. To learn more about these announcements, please sign up for our upcoming webinar.
