(Azure) Virtual Desktop Optimization Tool now available
Optimizing images has always been an important component of preparing images as part of a traditional Remote Desktop Services (RDS) infrastructure or virtual desktop infrastructure (VDI). Optimizing session hosts, in particular, can increase user density and eventually lower costs. With the Virtual Desktop Optimization Tool, you can optimize your Windows 10, version 2004 multi- and single-session deployments in Windows Virtual Desktop. Note: The information in this post is community-driven; nothing has yet been officially launched by the Windows Virtual Desktop product team. Credit goes to Robert M. Smith and Tim Muessig from Microsoft, previously known as the VDIGuys, for creating this tool and make it available for free for the community. Windows 10 multi-session image name change As noted in recent announcements, Office 365 ProPlus is now Microsoft 365 apps for Enterprise. With this name change, we have updated the Windows Virtual Desktop image names in Azure Marketplace. As a result, when you are looking for an image in the Azure Marketplace image gallery, you should begin by selecting Windows 10 Enterprise multi-session, version 2004 + Microsoft 365 Apps – Gen1 as your baseline image. How the Virtual Desktop Optimization Tool works The (Windows) Virtual Desktop Optimization Tool disables services in the operating system that you most likely won’t need for your Windows Virtual Desktop session host. To make sure that your line-of-business (LOB) applications continue running as they should, there are some preliminary steps that should first performed. Note: There are settings default disabled when you run the scrip out of the box such as AppX Packages for the Windows Calculator. We strongly suggest analyzing the tool via the JSON files that include the default settings. This also gives you the opportunity to enable them before running the tool so they remain untouched. I'll explain more about this later on in the article. The full list of enhancements for native Windows services will be available soon. Bookmark Run and tune your Remote Desktop Services environment for the latest updates. Expected performance gains Windows Virtual Desktop value-added services provider and Microsoft partner LoginVSI performed early tests with the Virtual Desktop Optimization Too and gained over 100 users in their internal benchmarking lab environment with a Windows 10, version 2004 single session. We, therefore, assume that this gain will also be possible with Windows 10 Enterprise multi-session. VSImax asserts a maximum number of users that are able to log on to the virtual desktop hosts pool as part of the underlying infrastructure. That number is the "sweet spot" as going over that number will decrease performance for all users. (Thanks to LoginVSI for sharing these results with us.) Note: We recommend you use simulation tools to test your deployment using both stress tests and real-life usage simulations to ensure that your system is responsive and resilient enough to meet user needs Remember to vary the load size to avoid surprises. Desktops in the Cloud on Performance Optimizations for Windows Virtual Desktop with Robert and Tim (aka VDI Guys) We recently had the creators of the Virtual Desktop Optimization tool as guests on our Desktops in the Cloud video-podcast. Robert and Tim explained everything you should know, as well as best practices and lessons learned. A must watch in extension to this article. Watch it below. How to use the Virtual Desktop Optimization Tool The Virtual Desktop Optimization Tool makes it possible to disable uncommon services for virtual desktop environments, such as Windows Virtual Desktop. Note: We recommend that you run the script after the Sysprep (System Preparation) process, most likely as startup script w with a large set of virtual machines. This is due to the AppX Packages that conflict and most likely the sysprep will fail. Download all scripts from the Virtual-Desktop-Optimization-Tool GitHub repository. Select Clone or download, followed by Download ZIP. Unzip the folder to your Windows Virtual Desktop session host(s) to a specified folder (e.g. C:\Optimize or C:\Temp). Note: You could also run the scripts as part of your image management procedure e.g. Azure image Builder (AIB) or Azure DevOps. Important information before running the tool There are settings default disabled when you run the scrip out of the box such as AppX Packages for the Windows Calculator. We strongly suggest analyzing the tool via the JSON files that include the default settings. This also gives you the opportunity to enable them before running the tool so they remain untouched. You can find the JSON file in the Windows built number folder, under ConfigurationFiles - e.g. C:\Optimize\2004\ConfigurationFiles. You've to put the settings to Enabled - that you want to keep as default. Below is the example file for AppX Packages, there are JSON files for Services and scheduled tasks as well. Another option is to remove the while entry out of the JSON file. AppxPackages.json - Example Windows Calculator App { "AppxPackage": "Microsoft.WindowsCalculator", "VDIState": "Enabled", "URL": "https://www.microsoft.com/en-us/p/windows-calculator/9wzdncrfhvn5", "Description": "Microsoft Calculator app" }, Services.json - example Windows Update Service { "Name": "UsoSvc", "VDIState": "Enabled", "Description": "Update Orchestrator service, manages Windows Updates. If stopped, your devices will not be able to download and install the latest updates." }, Prepare to launch Windows PowerShell and select Run as Administrator. In PowerShell, change the directory to the folder to which you downloaded the scripts, e.g. C:\Optimize or your own specific folder. Run the following command: Set-ExecutionPolicy -ExecutionPolicy Bypass Run the Virtual Desktop Optimization Tool using the following command: .\Win10_VirtualDesktop_Optimize.ps1 -WindowsVersion 2004 -Verbose Note: When you use a different version of Windows 10, you must change the WindowsVersion parameter. Version 1803 and later are supported for Windows 10 Enterprise. Windows 10 multi-session support is only available with Windows 10, version 2004 and later. Select Yes when prompted to reboot the session hosts(s). Start your Windows Virtual Desktop session. As you can see in the Task Manager comparison below, the number of threads and handles has decreased noticeably after running the Virtual Desktop Optimization Tool. Do you have any problems with orphaned Start Menu shortcuts after running the tool? Have the user open Task Manager, then end the following two processes: ShellExperienceHost.exe StartMenuExperienceHost.exe Have them check the Start Menu and they should be gone. Happy optimizing! 🙂 Let us know your feedback on the tool in the comment section below. Prefer to watch and learn? There’s also a video on Azure Academy available later this week by Dean Cefola. You can find it here.Announcing new management, security, and monitoring capabilities in Windows Virtual Desktop
With the global pandemic, we are seeing increasing demand for technologies that enable remote work. We’ve seen significant growth in the use of Windows Virtual Desktop, as organizations use it to ensure that their employees have access to the desktops and tools they need to stay productive. To help customers continue to accelerate this move to secure remote work with Windows Virtual Desktop, we are announcing several new capabilities that make it even easier to deploy, secure, and scale your virtual desktop deployments. These new capabilities will be available in public preview by the end of the calendar year 2020. Before we dive into the new capabilities, we want to take a moment to share some of the experiences of our customers. Sebastian Meyer, the Global Service Owner for Modern Client Technologies at Beiersdorf Shared Services, shared his thoughts in moving to Windows Virtual Desktop to modernize his virtual desktop infrastructure. "What Microsoft has developed here is simply phenomenal! Windows Virtual Desktop serves so many use cases and is very close to the end user. We were able to achieve maximum success with the project." You can read the full story https://customers.microsoft.com/story/830713-beiersdorf-shared-services-sepago-azure-en Internally here at Microsoft, we are of course facing the same challenges as many of you. For example, getting a corporate laptop in the hands of new employees and interns takes time and impacts productivity. Windows Virtual Desktop is helping our new hires by providing a secure and productive remote work experience with access to the apps they need to get working immediately: “Windows Virtual Desktop allows you to create virtual desktops that work just like a physical Windows PC would,” says Mark Lawrence, a senior program manager on Microsoft’s digital security team. “That means the people who use one—new hires, interns, and so on—get access to the Windows Start menu, with Microsoft’s productivity applications, the Microsoft Edge browser, and everything else they would need to work at any location. No more waiting for a physical device delivery.” You can read the full story https://www.microsoft.com/itshowcase/blog/turning-to-windows-virtual-desktop-to-save-600-microsoft-internships-in-india/. Simplified Management With Windows Virtual Desktop, you can move from a simple proof-of-concept (PoC) to a fully operational environment faster than ever before. As you start to scale your deployment, here are some new capabilities that will help you manage and operate your deployment efficiently. Microsoft Endpoint Manager integration Microsoft Endpoint Manager allows you to manage policies and distribute applications across devices. You can now enroll Windows Virtual Desktop virtual machines that are https://docs.microsoft.com/en-us/azure/active-directory/devices/concept-azure-ad-join-hybrid (joined to your on-premises Active Directory and registered with your Azure Active Directory) with Microsoft Intune and manage them in the Microsoft Endpoint Manager admin center the same way as physical devices. This simplifies management, provides a centralized view across both physical devices and virtual desktops, and creates new areas of collaboration. The Microsoft Endpoint Manager integration is generally available for Windows 10 Enterprise desktops - you can learn more in the https://aka.ms/MEMWVDFAQ. The public preview for Windows 10 Enterprise multi-session will be available in the coming months and will initially support policies at the device level. MSIX app attach in Azure portal MSIX app attach is an application layering solution that allows you to dynamically attach an application (that is an MSIX package) to a user session. Separating out the application from the operating system makes it easier to create a golden virtual machine image, and you get more control with providing the right application for the right user. Previously, you had to use PowerShell scripts to enable MSIX app attach. We will be integrating the app attach capability in the Azure portal and Azure Resource Manager. This will eliminate the need for custom scripts and makes it possible to publish your packaged applications to application groups with a few clicks. Proactive Monitoring Proactively monitoring your deployment is important to ensure your deployment is always up and running and your employees have an optimal experience using virtual desktops. Azure Monitor workbook Azure Monitor workbook for Windows Virtual Desktop aims to provide you all the monitoring telemetry and visualizations you need to debug and troubleshoot issues. You can configure alerts to proactively identify issues before they impact your employees. You can look at connection and host level performance and also drill down to specific user session to see if there are any issues. You can also look at usage across host pools and make sure you are optimizing for cost and performance. Improved Security With Windows Virtual Desktop, you can use security capabilities such as Azure encryption, Azure Firewall, Azure Security Center, and Microsoft Defender to secure your entire VDI infrastructure and ensure that your corporate and customer data is protected and stored securely. We continue to add additional security capabilities: Screen capture protection One common attack vector with remote sessions is screen capture. To protect your sensitive information, we are adding the option to disable screen capture for your remote apps and desktop on all the supported Windows Virtual Desktop clients. Direct RDP to session host We are introducing a new capability that can be set at a host pool level and will take into account the type of network you are connecting from, and when possible, establish a direct peer-to-peer UDP connection to the session host rather than over the internal Windows Virtual Desktop gateways. By eliminating the intermediate hops and using a more efficient connection over a trusted network, you get a secure optimized experience with lesser connection latency and better performance. Thank you again for the amazing feedback that you have provided to us. You can track the progress of these upcoming public previews in our http://aka.ms/wvdroadmap. If you are attending Microsoft Ignite conference, you can learn more about these features and get your questions answered in https://myignite.microsoft.com/sessions/519f0c27-af4f-40d3-af38-1cd44a83bbd5 and you can always reach us anytime at the Windows Virtual Desktop Tech Community page. You can also register https://aka.ms/wvdlivewebinars to attend our upcoming webinars.
Login loop in Remote Desktop client
After setting a sign in frequency for conditional access users using the remote desktop client are having issues once their session times out. When the login screen pops up if they click their account it starts a loop of trying to login but it never allows them to input their credentials. It looks to quickly flash the password screen then goes back to screen showing "trying to log you in" and repeats. In logs I can see "Sign-in error code: 70044" and a Failure Reason of "The session has expired or is invalid due to sign-in frequency checks by conditional access." If the user instead of clicking their account instead chooses "Use another account" and then just types in their credentials it works fine.Building a Windows 10 Enterprise Multi Session Master Image with the Azure Image Builder DevOps Task
G'day WVD Community, Organization are evaluating how to build Master Images for WVD. One of the options available is through the AIB DevOps Task which provides a high level of automation, repeatability and integration with Azure, which is where the WVD Service lives! This post is to provide an introduction on how to get started with Building a Windows 10 Enterprise Multi Session Master Image with the Azure Image Builder DevOps Task. Note: As this guidance was in a Word document I have left the numbering intact. What will we do in this post? Introduction Pre-requisites Setup Azure Image Builder with PowerShell Create and Configure the Azure VM Image Builder DevOps Task Release Pipeline Use the newly build Image in WVD Spring Release! Troubleshooting AIB DevOps Release Pipeline Call out! A big thank you to all the people helping me with this document, Marvin, Stefan, Jason, Jim and last but not least Scott for helping me getting started! 1 - Introduction Windows 10 Enterprise multi-session (Win10ms), formerly known as Windows 10 Enterprise for Virtual Desktops (EVD), is a new Remote Desktop Session Host that allows multiple concurrent interactive sessions. Win10ms is available in the Azure Marketplace, used to build pooled Sessions Hosts in a Hostpool for Windows Virtual Desktops (WVD). These WVD pooled Session hosts are Virtual Machines in Azure and need to be created from a Win10ms Image. Within the Marketplace standard Win10ms images are available but most organizations require customized images including configuration settings and software such as FSLogix for profile management and Microsoft Teams optimized for WVD. Keeping these Session Hosts up to date can be a challenge as feature updates are not supported for Win10ms in Azure. Also considering multiple users potentially are connected to the same VM, installing updates could be disruptive as well. Depending on the capacity required organizations could potentially use a large amount of Session Hosts. Ensuring all these VM’s have an identical configuration and have a consistent end-user experience, updating these VM’s can be labor intensive and often is error prone activity. Automating the update of the Session Hosts in a controlled and repeatable process is a trivial requirement for a successful WVD deployment. This also prevents “configuration drift” between VM’s which can occur over time. Although System Center Endpoint Manager and Microsoft Deployment Toolkit (MDT) today are used in many organizations, these technologies are not fully optimized and integrated with Azure. In the case of SCCM, Win10ms Market Place Images would need to be copied locally and back to Azure resulting in additional and often manual activities. Additionally, the Win10ms Image for most organizations should require relatively less configuration and optimization as the Marketplace Win10ms image is already optimized for WVD from the Marketplace. From an application perspective, with the capability to support MSIX, App-Attach soon, these images should also not require having many applications installed. 1.1 Azure Image Builder To overcome these challenges Azure Image Builder (AIB) can be used. AIB is developed for Azure to assist with the automated creation of Managed Images in Azure. As WVD is a PaaS in Azure these services have full integration. Azure Image Builder can be used in different ways to build a Win10ms Master Image. AIB Portal (future release) AIB PowerShell (or Cli) AIB DevOps Task This post will provide guidance on using the AIB DevOps Task. 1.2 AIB DevOps Task For large organizations and enterprises, key criteria for an Image Build process includes version control, reporting, requirements management, project management, automated builds, lab management, testing and release management capabilities. Azure DevOps can be used to address these requirements by creating a WVD Win10ms Build Release Pipeline in Azure DevOps. This document provides guidance on how to setup and use WVD Win10ms Build Release Pipeline to achieve a repeatable and controlled process (DevOps) for automating Win10ms builds (AIB) and versioning and replicating those Images to the locations/Azure Regions where they are needed (Shared Image Gallery). Note: this post is using the guidance as provided by Daniel Sol on his GitHub location: https://github.com/danielsollondon/azvmimagebuilder/blob/master/solutions/1_Azure_DevOps/DocsReadme.md but uses it for a WVD scenario to create a Windows 10 ms Image. 2 - Pre-requisites These instructions assume the following pre-requisites are in place: You have Owner access to an Azure Subscription so you can create Resource Groups, VMs, Key Vaults, Images etc. In a real production environment these rights can be restricted to smaller scopes. AAD has been setup for the subscription above where you have Global Admin access, so you can create Service Principals and Managed Identities. In a real production environment these rights can be restricted by RBAC. Assumption: This post will provide guidance on how to setup a DevOps Pipeline for a Win10ms build. Note that this document is not intended to explain all the aspects of Azure, PowerShell, and DevOps. Some basic knowledge on these topics is assumed to be successful. 3 - Setup Azure Image Builder with PowerShell These are some of the basic Azure components that need to be in place before we can start building. The details of these tasks can be found in the links below. Create a Resource Group (RG) – this will be used to store AIB and SIG components. Enable and register Azure Image Builder Via PowerShell – commands here Via Azure CLI – commands here Note: It takes a couple of minutes to register the service. Create an Azure user-assigned Managed Identity Via PowerShell – commands here Via Azure CLI – commands here Note: Use the resource group created earlier. Grant permissions to the Azure user-assigned Managed Identity to the resource group Via PowerShell – commands here Via Azure CLI – commands here Note 1: For the PS commands, update the variable $aibRoleImageCreationPath if you need to download in a different path Note 2: For the PS commands, make sure you create a variable $subscriptionID that is your Azure Subscription ID. Create an Azure Shared Image Gallery (SIG) and an Image definition in the resource group created earlier. Azure CLI commands here. Create a storage account in the resource group created earlier that will be used to transfer the artifacts from ADO tasks to the image. Azure CLI commands here. 4 - Create and Configure the Azure VM Image Builder DevOps Task Release Pipeline 4.1 Create a DevOps Organization Go to https://dev.azure.com and follow the steps as described in Create an organization 4.2 Create a DevOps Project Go to https://dev.azure.com/<your organization name> and create a new project as described in Create a project in Azure DevOps Name your project in the “Project name” field (1) and click “Create” (2). 4.3 Create a DevOps Git Repository The WVD Image requires to be customized through a customization script and potentially additional software is required. A repository needs to be created to store the customization script and potentially other content. Additionally, the customization script requires to be maintained with version control etc. In Azure DevOps, Repos are used to manage your code and, in our example, the AIB Customization Powershell Script. You can connect your favorite development environment to Azure Repos to access your repos and manage the code. The code can be shared using: Command-line Visual Studio Code Visual Studio Xcode Eclipse IntelliJ Consideration 1: Type of Repository The Repository can be in any Azure DevOps supported repository. In our case we will use a standard Azure DevOps repository to host our PowerShell customization script used in the AID DevOps task but alternatively you could also use your GitHub repository. If a GitHub repository will be used the steps in this paragraph can be skipped. Consideration 1: Size of Repository needed. A Git Repo is not intended to store for example application Packages or other packages with large size (Artifacts in Azure DevOps are free up till 2Gb). An alternative solution to store large packages is in Azure File Share storage which should be made accessible during the build. AIB supports the usage of existing VNETs that can be used. Select “Repos” (1) and select “Initialize” (2). Create a Folder in the Repo by selecting the 3 dots in the right top corner (1). Select “+ New” (2) and click on “Folder” (3). Provide the name of the folder in the “New folder name” and use “WVD” (or any other name you prefer). Provide the name of the “New file name” field (make sure it has the .ps1 extension) and click on “Create”. In our example we use “Customization.ps1” for the New file name. Note: Sample script for WVD Windows 10 Enterprise multi session customization. Sample customization scripts can be found in my GitHub repository: https://github.com/RoelDU/WVDImaging. These customization script include the by Microsoft recommended customizations as documented here: Prepare and customize a master VHD image Azure How to prepare, customize and upload a Windows Virtual Desktop master image to Azure.docs.microsoft.com https://docs.microsoft.com/en-us/azure/virtual-desktop/set-up-customize-master-image and here Install Office on a master VHD image How to install and customize Office on a Windows Virtual Desktop master image to Azure.docs.microsoft.com and https://docs.microsoft.com/en-us/azure/virtual-desktop/install-office-on-wvd-master-image Add the customization content (PowerShell script) to customize the Windows 10 build. Once finished with the customization content (1) click on “Commit” (2). In the next screen leave the default values and click on “Commit” (1) again. 4.4 Create a DevOps Release Pipeline In Azure DevOps-specific terms, a pipeline is a sequence of steps on your code, in our example we can look at the code as the Custimization Powershell. A build is a pipeline that has no side-effects, it only takes in code and puts out compiled "artifacts". A release is a pipeline that has side-effects, it takes in artifacts and publishes or deploys them to environments. The latter is more aligned with an Image build workflow, where we are building a Managed Image to be released as a Managed Image, potentially in a Shared Image Gallery, to be deployed in Azure and used in our different environments (dev, test, prod). In your project, navigate to the “Pipelines” page. Then choose the action to create a new Release Pipeline by Selecting Releases (1) and click on “New Pipeline” (2). Under “Select a template” click on “Empty Job”. Provide a Name for the Stage name field, in our case we use “Win10ms Image Build”. There is no need to click a button to confirm. Click on the Add an artefact. The Artifact In the Add an artefact window, select Azure Repos Git (1). Select your Project name (2). Select the source (repository) (3) and select master as Default branch (4). Click “Add”. Once the Artifact has been created we have linked the repository with our customization script to our release Pipeline, which can now be referred to and used during our Image build process. To ensure the Artifact is updated with the most recent Repo Commit (version) we need to configure a Pull request trigger. Click the Trigger icon on the Artifact (1) and enable the “Pull request trigger” (2). Each time a new Release is created, the Artifact will pull the latest committed Repo content to be included in the Release Pipeline. Click the task in the Win10ms Image Build stage. We will now see the Agent Job which has not yet assigned any tasks. Click “+” to add a task and search for “Image Builder” (2). If the “Azure VM Image Builder DevOps Task (Preview)” is not already installed, click the Install (1) button. In our example below the Task is already installed. If the “Azure VM Image Builder DevOps Task (Preview)” task is already installed, click “Add” (1). 4.5 Configure Azure VM Image Builder DevOps task in Pipeline The Image Builder Task needs to be configured to your requirements. The Pipeline with the AIB task provides a way to create a repeatable process to create updated images in an automated way from a managed and versioned repository. The below example values will use the following: Source: Market place image Windows 10 Enterprise Multi Session 20H1 with Office 365 installed Customizer: A PowerShell script stored in the Repository (created earlier for the project) used by the Pipeline including all the customization we want to include in the Image. Distribute: In our example we will distribute the Image Select the “Azure VM Image Builder DevOps Task” checkbox. 4.5.1 Azure Subscription Select (1) the Azure subscription to use (2). After selecting the Azure Subscription click the dropdown button next to Authorize (1) and select “Advanced Options”. In the “Add an Azure Resource Manager sercive connection” select the Resource group you created earlier where AIB and the SIG is located. This will authorize the Pipeline to use the selected Resource Group. Note: Alternatively you can decide not to select a resource group where you allow this service connection to have access to all Resource Groups within the subscription. This might be useful when you like to re-use this connection for other purposes. 4.5.2 Resource Group and Location Select the “Resource Group” (1) that Azure Image Builder is going to use to store the Image artifacts and select the location for resources to be created in the “Location” field (2). 4.5.3 Managed Identity Provide the “Identity Resource Id” of the Managed Identity created earlier. The “Identity Resource Id” can be found under the property blade of the Managed Identity. 1.1.1 Image Type For the Image Type field select “Marketplace”. The “Base Image” field can be ignored as we will provide the details in the “If base image is not in the list (Optional)” field. To get the values required for the “If base image is not in the list (Optional)” field, use the Get-AzVMImage command. See reference table below: Publisher Name Offer SKU Description MicrosoftWindowsDesktop windows-10 20h1-evd Win10 Ent MS 2004 windows-10 20h1-ent Win10 Ent 2004 – Gen1 windows-10 19h2-evd Win10 Ent MS 1909 windows-10 19h2-ent Win10 Ent 1909 – Gen1 windows-10 19h1-evd Win10 Ent MS 1903 office-365 20h1-evd-o365pp Win10 Ent MS 2004 with O365 office-365 19h2-evd-o365pp Win10 Ent MS 1909 with O365 office-365 1903-evd-o365pp Win10 Ent MS 1903 with O365 MicrosoftWindowsServer WindowsServer 2019-datacenter Win Server 2019 datacenter In our example we will choose the Marketplace image with Office included. The format “publisher:offer:sku” can be extracted from the table above which is MicrosoftWindowsDesktop:office-365:20h1-evd-o365pp In the “If base image is not in the list (Optional)” field type: MicrosoftWindowsDesktop:office-365:20h1-evd-o365pp We will leave the field “Base Image Version (optional)” set to “latest” as we want the latest version. 4.5.5 Provisioner Under “Customize” we will select “PowerShell” for the “Provisioner” field as we are creating a Windows Image. 4.5.6 Run Windows Update as last customization If preferred, you can select “Run Windows Update as last customization” to ensure the Image includes all the latest updates. Note: This is the Windows Update configuration that is executed: "type": "WindowsUpdate", "searchCriteria": "IsInstalled=0", "filters": [ "exclude:$_.Title -like '*Preview*'", "include:$true" It will install important and recommended Windows Updates, that are not preview. 4.5.7 Build path Click on the three dots next to “Build path” (1). A window will popup with our Repository from where we select the path. Click on the folder “WVD” (2) which we have created earlier and click “OK” (3). Make sure to click on the folder and not the customization.ps1 script. 4.5.8 Inline customization script For the “Inline customization script” field enter a PowerShell inline commands separated by commas, and if you want to run a script in your build directory, you can use: & 'c:\buildArtifacts\WVD\Customization.ps1' Note: If your base image restricts PowerShell scripts from executing unless signed an alternative inline script command should be used instead. '& set-executionpolicy remotesigned -scope Process -Force; c:\BuildArtifacts\WVD\Customization.ps1' 4.5.8 Storage Account Select the storage account you created in the prereqs, if you do not see it in the list, Image Builder does not have permissions to it. Note: When the build starts, Image Builder will create a container called 'imagebuilder-vststask', this is where the build artifacts from the repo are stored. You need to manually delete the storage account or container after each build!!! 4.5.10 Distribute There are 3 distribute types supported: 4.5.10.1 Managed Image The ResourceID of the Managed Image needs to be provided in this format: /subscriptions/<subscriptionID>/resourceGroups/<rgName>/providers/Microsoft.Compute/images/<imageName> Locations 4.5.10.2 Azure Shared Image Gallery The ResourceID of the Image Definition needs to be provided in the following format: /subscriptions/<subscriptionID>/resourceGroups/<rgName>/providers/Microsoft.Compute/galleries/<galleryName>/images/<imageDefName> Note: The Image Definition for the Shared Image Gallery MUST already exist! Regions: list of regions, comma separated, e.g. westus2, eastus, centralus 4.5.10.3 VHD You cannot pass any values to this, Image Builder will emit the VHD to the temporary Image Builder resource group, ‘'IT__', in the 'vhds' container. When you start the release build, image builder will emit logs, and when it has finished, it will emit the VHD URL. In our example below we distribute to a Shared Image Gallery in a single location (westus2) . 4.5.10.3 VM Size You can override the VM size, from the default of Standard_D1_v2. You may do this to reduce total customization time, or because you want to create the images that depend on certain VM sizes, such as GPU / HPC etc. 4.5.11 Run the Pipeline Click on “Save” (1) and Click “OK” (2) in the Save window. Now you can click “Create Release” In the “Create a new release” windows click on “Create”. You can view the Release by clicking on “Release-1”. 4.5.12 Navigate through Release Pipelines Each time when you create a new Release Pipeline they are preserved under Releases” (1). By clicking on the Release Number or button under Stages (2) you can look at the details of each previously run Release. 5 Use the newly build Image in WVD Spring Release! After a successful Release Pipeline build you can use the Image when creating a new Hostpool. Click on “Browse all images and disks” (1), select “My Items” (2), select “Shared Images” (3) and select the Image we just created (4). 6 Troubleshooting AIB DevOps Release Pipeline Packer Log files Select the Agent job 1. Notice the “Template name” A new Resource Group is created corresponding with the highlighted number in the template. Open the Resource Group and open the Storage Account in the Resource Group to get the Blob Storage for the Packer Log files. Note: This Resource Group including the storage account will be deleted after the Image has been created. If you want to read the logs you will need to do it during the build and distribution of the Image. Sample output of Packer Log. Known Issues The (free) Agent job for the Release Pipeline has a limitation to only run for 60 minutes. After 60 minutes it will timeout and report it hasn’t heard from the agent. This is as expected, and the build will likely finish successful. As The Agent hasn’t finish it will not clean up the Resource Group created for the Release Pipeline which also includes the storage account with the Packer logs (see previous paragraph on Packer Log files). Please make sure to clean up this Resource Group manually! The End! I hope this was useful to get you going. If anything is missing please feel free to reach out. Roel
Windows Virtual Desktop shutdown for inactivity
We are using WVD with single provisioned host pools and single user images. This was by design. We can set auto shutdown for each desktop but we would really like to have the WVD autoshutdown after a period of inactivity and then be deallocated. Is there a solution that can do this? or is Microsoft working on this?
Error Loading Extension and Definition in Azure Windows Virtual Desktop Deployment
I recently created a new Windows Azure trial account and have a problem deploying Windows Virtual Desktop. Each time I try to create a new host pool it will prompt me with the ErrorLoadingExtensionAndDefinition reason code. I have contacted Azure technical support and they suggested that I post this on the forum for assistance as this error has also impacted multiple customers. Here's the full error summary. Hope someone can help me find a workaround so that I can deploy Windows Virtual Desktop. { "shellProps": { "sessionId": "56c957f1339a4fd6af1852baf5372040", "extName": "Microsoft_Azure_WVD", "contentName": "HostpoolBlade" }, "error": { "message": "Error displaying your content", "summaryItems": [ { "label": "Error reason", "value": "ErrorLoadingExtensionAndDefinition" } ], "details": "message: Cannot read property 'id' of undefined\r\nstack: ###_RPC_Exception_###\nTypeError: Cannot read property 'id' of undefined\n at s.n (https://afd.hosting.portal.azure.net/wvd/Content/Dynamic/1SU8pbC3yA_O.js:2:577)\n at new s (https://afd.hosting.portal.azure.net/wvd/Content/Dynamic/_HZUxDO8R410.js:9:813)\n at y (https://portal.azure.com/Content/Dynamic/_XNBddeW-0ED.js:7:3477)\n at https://portal.azure.com/Content/Dynamic/_XNBddeW-0ED.js:7:3651\n at t._dispatch (https://portal.azure.com/Content/Dynamic/_XNBddeW-0ED.js:7:5396)\n at t._get (https://portal.azure.com/Content/Dynamic/_XNBddeW-0ED.js:7:3216)\n at t.get (https://portal.azure.com/Content/Dynamic/_XNBddeW-0ED.js:7:1856)\n at new t (https://portal.azure.com/Content/Dynamic/_XNBddeW-0ED.js:68:5620)\n at https://portal.azure.com/Content/Dynamic/_XNBddeW-0ED.js:84:2425\n at o (https://portal.azure.com/Content/Dynamic/P8kXagqyUZue.js:4:72)\r\nFrom RPC: fx -> Microsoft_Azure_WVD (MsPortalFx.Internal.Constants.RpcMethods.tryEarlyGetViewModel)\r\n(Callstack capturing is not enabled. Use ?trace=diagnostics to enable it.)\r\n", "code": null }}Azure Monitor for Windows Virtual Desktop is generally available!
Today, we are thrilled to announce that Azure Monitor for Windows Virtual Desktop is now generally available! Building on top of Azure Monitor, Windows Virtual Desktop Insights provides IT administrators with a 360° view of their environment’s health. With Azure Monitor for Windows Virtual Desktop, you can find and troubleshoot problems in the deployment, view the status and health of host pools, diagnose user feedback and understand resource utilization. General availability comes with many improvements, including the following: Improved data collection and new guidance to help you optimize for cost Updated setup experience with easier UI, expanded support for VM set-up, automated Windows Event Log setup, and more Relocated Windows Virtual Desktop agent warnings and errors at the top of the Host Diagnostics page to help you prioritize issues with the highest impact Accessibility enhancements Workbook versioning: GA release is Version 1.0.0 For our existing users- if you used Azure Monitor for Windows Virtual Desktop in public preview, we have made some updates to our guidance and default configuration to help reduce your Azure Monitor Log Analytics cost in GA. If you haven’t already, you must take action to implement these revised recommendations. See our blog post for instructions. We are incredibly excited about this major milestone and are looking forward to continuing to provide updates and expand scenario support in our monitoring journey. As always, we welcome your comments and feedback below! Best, Logan Silliman Learn more about Azure Monitor for Windows Virtual Desktop: Get started with Using Azure Monitor for Windows Virtual Desktop Estimate and manage your Log Analytics storage costs with Estimate Azure Monitor costs Review terms and concepts in our glossary If you encounter a problem, check out our troubleshooting guide for helpAnnouncing public preview of RDP Shortpath transport for Windows Virtual Desktop
As we promised during the https://myignite.microsoft.com/sessions/5906f056-fd1b-4fa1-9ec3-1f3cc8ebeea6 conference, we are introducing a new capability that can take into account the type of network you are connecting from, and when possible, establish a direct peer-to-peer UDP transport rather than using the Windows Virtual Desktop gateways. For a starter, I would like to remind you that Windows Virtual Desktop uses Remote Desktop Protocol (RDP) to provide remote display and input capabilities over network connections. RDP has initially released 22 years ago with Windows NT 4.0 Terminal Server Edition and was continuously evolving with every Microsoft Windows and Windows Server release. From the beginning, RDP developed to be independent of its underlying transport stack, and today it supports multiple types of transport. It could be a Hyper-V bus transport for managing VMs using the https://docs.microsoft.com/virtualization/hyper-v-on-windows/user-guide/enhanced-session-mode or TCP-based transport in https://community.windows.com/stories/windows-quick-assist, or combined TCP/UDP transport for on-premises deployments. When we designed Windows Virtual Desktop, we built an entirely new transport called Reverse Connect. Reverse connect transport is used both for establishing the remote session and for carrying RDP traffic. Unlike the on-premises RDS deployments, reverse connect transport doesn't use an inbound TCP listener to receive incoming RDP connections. Instead, it is using outbound connectivity to the Windows Virtual Desktop infrastructure over the HTTPS connection. This gives a secure and simple way to implement connectivity for your remote desktops. For the details about reverse connect, see a https://docs.microsoft.com/azure/virtual-desktop/network-connectivity in Windows Virtual Desktop http://aka.ms/wvddocs. While reverse connect gives a secure and reliable way of communicating with desktop, it is based on TCP protocol, and its performance is heavily dependent on the network latency. It also inherits other drawbacks from TCP, such as slow start, congestion control, and others. Introducing RDP Shortpath RDP Shortpath is a family of UDP-based transports that extend Windows Virtual Desktop connectivity options. Key benefits of Shortpath are: RDP Shortpath transport is based on top of a highly efficient https://www.microsoft.com/research/publication/urcp-universal-rate-control-protocol-for-real-time-communication-applications/. URCP enhances UDP with active monitoring of the network conditions and provides fair and full link utilization. URCP operates at low delay and loss levels as needed by Remote Desktop. URCP achieves the best performance by dynamically learning network parameters and providing protocol with a rate control mechanism. RDP Shortpath establishes the direct connectivity between Remote Desktop client and Session Host. Direct connectivity reduces the dependency on the Windows Virtual Desktop gateways, improves the connection's reliability, and increases the bandwidth available for each user session. The removal of additional relay reduces the round-trip time, which improves user experience with latency-sensitive applications and input methods. RDP Shortpath brings support for configuring Quality of Service (QoS) priority for RDP connections through a Differentiated Services Code Point (DSCP) marks RDP Shortpath transport allows limiting outbound network traffic by specifying a throttle rate for each session. Sounds good? Then try it yourself by https://docs.microsoft.com/azure/virtual-desktop/shortpath Feedback We'd like to hear from you about your experiences with this public preview! For questions, requests, comments, and other feedback about RDP Shortpath, please https://aka.ms/RDPShortpathFeedback. Don't hesitate to post feature suggestions on: https://aka.ms/wvdfbk Next steps Learn more in the brand-new networking section of Windows Virtual Desktop documentation : https://docs.microsoft.com/azure/virtual-desktop/network-connectivity https://docs.microsoft.com/azure/virtual-desktop/shortpath https://docs.microsoft.com/azure/virtual-desktop/rdp-quality-of-service-qos https://docs.microsoft.com/en-us/azure/virtual-desktop/rdp-bandwidthWindows Virtual Desktop Announcements at Microsoft Ignite
We hope you are all enjoying the https://myignite.microsoft.com/home conference. Here are some announcements on Windows Virtual Desktop that you will be hearing during the event. Azure Monitor for Windows Virtual Desktop - Provides a centralized view with all the monitoring telemetry and visualizations you need to debug and troubleshoot issues. We have received amazing feedback during the public preview and have made several updates to this capability including: A designated report page for your Azure Alerts A prioritized view of Windows Virtual Desktop agent errors and warnings in Host Diagnostics Consistent coloring and default health thresholds Export to Excel option across all relevant reports Accuracy and user experience improvements Thank you for the support during the public preview. We expect to make Azure Monitor for Windows Virtual Desktop generally available in next few weeks, with additional updates in store. Learn more about https://docs.microsoft.com/en-us/azure/virtual-desktop/azure-monitor In case you had missed, here’re some recent announcements we made leading up to Microsoft Ignite. EU metadata storage now in public preview - We have a public preview of the Europe (EU) geography as a storage option for service metadata in Windows Virtual Desktop. Customers can choose between West or North Europe when they create their service objects. The service objects and metadata for the host pools will be stored in the Azure geography associated with each region. To learn more, read our blog post announcing the public preview Windows Virtual Desktop Specialty certification - We announced a new Windows Virtual Desktop Specialty Certification for professionals planning, delivering, and managing virtual desktop experiences and remote apps on Azure. The related Exam AZ-140: Configuring and operating Windows Virtual Desktop on Microsoft Azure will be available soon in beta version. Smartcard authentication – You can now use smartcard authentication (available in public preview) with the Windows client from outside the corporate network without requiring line-of-sight to the Domain Controller. Learn more about https://docs.microsoft.com/azure/virtual-desktop/authentication. You can keep track of these and other news about Windows Virtual Desktop in our https://docs.microsoft.com/en-us/azure/virtual-desktop/whats-new.Azure Monitor for Windows Virtual Desktop public preview
Today, we are excited to announce public preview of Azure Monitor for Windows Virtual Desktop! Full observability is key to ensure your employees do not have any interruptions or performance issues with their virtual desktops. Azure Monitor for Windows Virtual Desktop provides a centralized view for with the monitoring telemetry and visualizations IT professionals need to debug and troubleshoot issues. With Azure Monitor for Windows Virtual Desktop, you can: View a summary of host pool status and health Find and troubleshoot problems in the deployment including top errors, connectivity issues, host diagnostics, performance issues, client information, and more Diagnose user feedback by looking at data per user Understand utilization of resources to make decisions on scaling and cost management To get started with setup instructions, relevant terminology and concepts, and troubleshooting see our How-to guide. While the feature today surfaces many top customer-requested data points, we are looking forward to continuing to improve our tools to meet your monitoring needs – please let us know your feedback by replying to this post!
