Dynamic RDP Properties Based on User's Location and Device Type
Hello! I am working with a client that currently uses Citrix SmartPolicies to update the RDP property of the remote machines based on if a user is connecting from a personal machine (not a client provided machine) and if the user is connecting from outside of the network (personal and client provided machine). So if, for example, they connect from a personal machine, the user cannot map printers, local drives, or have copy/paste functionality. I write this to ask if there's a possible way to do this in Azure Virtual Desktop. We've looked at Liquidware's ProfileUnity solution which can update these RDP properties based on AVD Session host properties like WMI classes, registry values, and environment variables. However, the only real discernable value we could find at the moment is $env:CLIENTNAME. We are looking for a secondary value to base filter on as the CLIENTNAME could be hacked pretty easily. Looking to see if anyone has had success in this type of scenario for a highly regulated company and what was your solution? If you used a third-party service, what was that service? Thanks!MFA on RDP (with AD, RDG, NPS)
Hi, everyone. In the company where I work we have an AD domain and RDP servers (MP) that some employees access from outside via RDG. We have already installed ADFS and NPS but I am still not clear which products and which license levels are necessary to enable 2FA on RDP via RDG. Does anyone have a clearer idea than me? ThanksConditional Access per HostPool or RDP properties conditional on clients
Good day all, I am struggling with the RDP properties of our different host pools. Corporate policy states that nothing should be able to be redirected from the local device. Which is fine and for the Full Desktop publishing we have configured this so on the host pool in RDP properties. However, now we have a separate host pool for a remote app. This remote I would only like to be able to connect to from the desktop host pool (nested) and not from the local device. As this is a Remote App the users need to interact with this application with the clipboard. So I want to know if there is a method, and if not, request a feature to make this possible. With kind regards,
Applications not launching with latest AVD update
Hello there fellow users - first time poster. I also have an open ticket with Microsoft with this particular issue. I feel like this is something obvious I'm missing here though and any ideas would certainly be appreciated. My org utilizes AVD for connecting to a AVD pool of terminal servers for end users. Within that pool are application groups and clients assigned to the groups, although application groups by and large have the same clients. Here's our typical workspace: The issue we are currently having, is that with the last 2 or 3 recent versions of Remote Desktop, and only on SOME computers, is that the applications will not launch properly. The application will begin to launch for a second or so, and then stop and disappear. This is the last thing an affected user sees before the launch box disappears (AVD will remain open): As a work around, we've had affected users/workstations remove the latest version and install version 1.2.2688.0 where this behavior does NOT occur. There are no relevant windows event logs from what I can tell. All affected users are using Windows 10. Here are my AVD RDP Properties in Azure: Thank you!Announcing public preview of RDP Shortpath transport for Windows Virtual Desktop
As we promised during the https://myignite.microsoft.com/sessions/5906f056-fd1b-4fa1-9ec3-1f3cc8ebeea6 conference, we are introducing a new capability that can take into account the type of network you are connecting from, and when possible, establish a direct peer-to-peer UDP transport rather than using the Windows Virtual Desktop gateways. For a starter, I would like to remind you that Windows Virtual Desktop uses Remote Desktop Protocol (RDP) to provide remote display and input capabilities over network connections. RDP has initially released 22 years ago with Windows NT 4.0 Terminal Server Edition and was continuously evolving with every Microsoft Windows and Windows Server release. From the beginning, RDP developed to be independent of its underlying transport stack, and today it supports multiple types of transport. It could be a Hyper-V bus transport for managing VMs using the https://docs.microsoft.com/virtualization/hyper-v-on-windows/user-guide/enhanced-session-mode or TCP-based transport in https://community.windows.com/stories/windows-quick-assist, or combined TCP/UDP transport for on-premises deployments. When we designed Windows Virtual Desktop, we built an entirely new transport called Reverse Connect. Reverse connect transport is used both for establishing the remote session and for carrying RDP traffic. Unlike the on-premises RDS deployments, reverse connect transport doesn't use an inbound TCP listener to receive incoming RDP connections. Instead, it is using outbound connectivity to the Windows Virtual Desktop infrastructure over the HTTPS connection. This gives a secure and simple way to implement connectivity for your remote desktops. For the details about reverse connect, see a https://docs.microsoft.com/azure/virtual-desktop/network-connectivity in Windows Virtual Desktop http://aka.ms/wvddocs. While reverse connect gives a secure and reliable way of communicating with desktop, it is based on TCP protocol, and its performance is heavily dependent on the network latency. It also inherits other drawbacks from TCP, such as slow start, congestion control, and others. Introducing RDP Shortpath RDP Shortpath is a family of UDP-based transports that extend Windows Virtual Desktop connectivity options. Key benefits of Shortpath are: RDP Shortpath transport is based on top of a highly efficient https://www.microsoft.com/research/publication/urcp-universal-rate-control-protocol-for-real-time-communication-applications/. URCP enhances UDP with active monitoring of the network conditions and provides fair and full link utilization. URCP operates at low delay and loss levels as needed by Remote Desktop. URCP achieves the best performance by dynamically learning network parameters and providing protocol with a rate control mechanism. RDP Shortpath establishes the direct connectivity between Remote Desktop client and Session Host. Direct connectivity reduces the dependency on the Windows Virtual Desktop gateways, improves the connection's reliability, and increases the bandwidth available for each user session. The removal of additional relay reduces the round-trip time, which improves user experience with latency-sensitive applications and input methods. RDP Shortpath brings support for configuring Quality of Service (QoS) priority for RDP connections through a Differentiated Services Code Point (DSCP) marks RDP Shortpath transport allows limiting outbound network traffic by specifying a throttle rate for each session. Sounds good? Then try it yourself by https://docs.microsoft.com/azure/virtual-desktop/shortpath Feedback We'd like to hear from you about your experiences with this public preview! For questions, requests, comments, and other feedback about RDP Shortpath, please https://aka.ms/RDPShortpathFeedback. Don't hesitate to post feature suggestions on: https://aka.ms/wvdfbk Next steps Learn more in the brand-new networking section of Windows Virtual Desktop documentation : https://docs.microsoft.com/azure/virtual-desktop/network-connectivity https://docs.microsoft.com/azure/virtual-desktop/shortpath https://docs.microsoft.com/azure/virtual-desktop/rdp-quality-of-service-qos https://docs.microsoft.com/en-us/azure/virtual-desktop/rdp-bandwidth
Remote Dekstop Connection using Azure MFA
Hello Everyone, I am facing a little problem now. We are thinking to implement MFA to login in to our servers on-prem from internal network. Obviously we can use some third party tools such us DUO or AD Professional Plus. However from what I can see there is a possibility to use RD Gateway with NPS that will have MFA plugin on it. I just need to understand something correctly - am I right saying that I can handle all RDP traffic to all the servers through RD Gateway that will be redirecting authentication through NPS to Azure MFA or it is no go? Regards, Wojciech
RDP over VPN to Azure VM - what have I missed
Hi, I've set up a Virtual Machine in Azure; it has an app which links to an Azure SQL Database. When I log into aka.ms/wvdarmweb with the user acct which has access to the app, all works fine. Now I'm trying to setup RDP over VPN, and have followed the Microsoft tutorial documents. Virtual Network Gateway is setup, Admin authority went thru ok, download of Azure VPN was fine, and connection has been established from a client machine to Azure over the VPN. Tick tick tick tick, great stuff. I download and start the RDP for the VM, the computer name defaults to "10.0.0.7". I click Connect and get "Remote Desktop can't connect to the remote computer for one of these reasons:" and three possible reasons display. Well, for reason 2 and 3, the remote computer is on and available on the network (otherwise I wouldn't be able to login in via the portal, I guess). So it must be the first reason "Remote access to the server is not enabled." Any suggestions as to what I might have missed? VM Inbound rules on the NIC include AllowRD (3389), AllowPSRemoting (5986), AllowVnetInBound (any). Several users have access to the VM, as demonstrated by access to it via the portal. Thanks
Azure Virtual Machine Inaccessible
We have an azure virtual machine that was running Qlik Sense (web facing application). The server suddenly became inaccessible through the webpage. It is also inaccessible through RDP. It is not a security group configuration as the correct ports are open. The health of the VM is listed as healthy/running and all resource usage looks normal. Restarting the server didn't help. We can't access the machine at all to diagnose this issue. Any ideas as to what might be causing this would be greatly appreciated. Thanks -Kenny
