Blog Post

Azure Virtual Desktop Blog
8 MIN READ

New ways to optimize flexibility, improve security, and reduce costs with Azure Virtual Desktop

Kam_VedBrat's avatar
Kam_VedBrat
Icon for Microsoft rankMicrosoft
Oct 12, 2022

Find out more about the latest product announcements from Ignite 2022!

This week Microsoft is hosting Microsoft Ignite, with an on-demand session showcasing all the new innovation we’ve built into Azure Virtual Desktop. In this post we’ll highlight many of the latest features and updates the team has been working on to bring you enhanced security, more flexibility and control, and help you optimize costs. Microsoft Ignite is our chance to celebrate a product milestone! We announced general availability of Azure Virtual Desktop three years ago at Ignite 2019. Since then, we’ve seen unprecedented growth in the service, added significant innovation, and helped our customers around the globe, in almost every industry, meet the demand for hybrid work. There are quite a few features to discuss—some available now and some coming soon—so let’s dig in!

 

Enhanced security and reliability

One of the top reasons our customers choose Azure Virtual Desktop is for the advanced security and reliability benefits of Microsoft Azure. And now the service offers even more added capabilities to improve the security posture of your environment. With the public preview of new integrations with Azure Active Directory, you can use single sign-on and passwordless authentication, leveraging FIDO2 standards and Windows Hello for Business to securely streamline the authentication experience for today’s remote and hybrid workforce.

 

 

Another important capability is Azure Virtual Desktop’s profile roaming technology—FSLogix—which is a “must have” for customers who want to leverage more cost-effective pooled environments. Now in public preview, customers can use cloud storage to host FSLogix and modern Azure Active Directory authentication for their session hosts (more on that later). This means that you can now store your FSLogix profiles on an Azure Files store and access it through Azure Active Directory authentication with Azure Active Directory Kerberos for hybrid identities. We expect this feature will be generally available soon!

 

Public preview for confidential virtual machine options for Azure Virtual Desktop is coming soon—specifically for Windows 11 virtual machines—with Windows 10 support planned in the future. Confidential virtual machines ensure workloads running on a user’s virtual desktop are encrypted in memory, protected in use, and backed by hardware root of trust. These desktops are powered by the latest AMD Gen 3 EPYC™ processor with Secure Encrypted Virtualization and Secure Nested Paging technology—which supports hardware-based isolation between virtual machines, hypervisor, and host management code. And they use encryption keys generated by a dedicated secure processor inside the AMD CPU which cannot be read from software.

 

With the soon-to-be-released public preview of Azure Virtual Desktop’s integration with Azure Private Link, customers who require their information to remain on trusted private networks will have the option to use Private Link to enable access to their session hosts and workspaces over a private endpoint in their virtual network. Private Link means that customers can choose to have traffic between their virtual network and the Azure Virtual Desktop service travel over the Azure backbone network, keeping the connection secured and data off the public internet.

 

Two more features generally available now for customers are Availability Zones and RDP Shortpath for public networks. High availability of session hosts is critical for ensuring work can continue even when unexpected failures occur. Azure Availability Zones are physically separate locations within each Azure region that are tolerant to local failures. Azure Virtual Desktop customers are already taking advantage of these Availability Zones, but customers have been required to perform multiple deployments to each Availability Zone individually. Now, you have native Azure Virtual Desktop support within the Azure Admin Portal to select multiple Availability Zones. Customers can easily ensure that their session hosts are automatically distributed across their chosen Availability Zones in one quick selection during the deployment process. This saves time and gives you confidence that you can maintain business continuity with this resiliency solution for your Azure Virtual Desktop session hosts.

 

RDP Shortpath for public networks establishes a direct User Datagram Protocol (UDP) connection  between the client and session host using Simple Traversal Underneath NAT (STUN) and Interactive Connectivity Establishment (ICE) protocols. It is now enabled by default for customers, and outbound traffic will no longer be a TCP-based connection from the virtual machine to the Remote Desktop Protocol (RDP) client through the Azure Virtual Desktop Gateway. The outbound traffic now goes directly between the session host and client over the internet, decreasing latency and improving the employee experience.

 

 

More flexibility and control

We believe Azure Virtual Desktop’s flexible architecture is one of the main reasons customers love it so much. New updates to Azure Virtual Desktop for Azure Stack HCI now allow you to provision session hosts automatically using an Azure Resource Manager (ARM) template with Azure Marketplace integration. You’ll be able to monitor the performance and reliability of your on-premises session hosts with Azure Virtual Desktop Insights. And with the new improvements, you can expect even lower latency with RDP Shortpath when connected to nearby session hosts. There’s a seamless system between on-premises and the cloud, and you can use session hosts from both of those environments in the same deployment.

Speaking of Azure Virtual Desktop Insights, it is the native monitoring solution in the Azure Admin Portal that we introduced a little over a year ago. It empowers our customers with information about their host pools, sessions, configurations, connection time, and utilization, as well as diagnostics and reporting capabilities. Since launch, these insights have been viewable from a single host pool at a time. But now, customers can publicly preview multi-select for Azure Virtual Desktop Insights, for improved insights across multiple host pools at once.

 

To meet the global needs of our customers, we are constantly expanding our footprint of New Regional Databases and Azure Virtual Desktop gateways to help ensure lower latency and an improved experience wherever our customers are. We have a service presence in every Azure geography, and we’ve enabled customers to specify the geography where we store their service metadata. That’s great for organizations with regulatory or compliance storage requirements as well as those looking for improved latency. You can choose to locate your Azure Virtual Desktop objects within a particular geographical boundary and have the assurance that the data will remain within that location. And soon, the Azure Virtual Desktop metadata service will be generally available, for India, extending the service’s regional database capability even further to meet growing customer needs.

 

In addition, we are expanding Azure Virtual Desktop footprint in Azure Government Clouds. Azure Virtual Desktop received Department of Defense (DoD) Impact Level 6 (IL6) accreditation and is now available to all customers in Azure Government Secret. This integration allows Azure Government to enable agencies to host their secure and mission-critical workloads at scale and integrate seamlessly with Microsoft 365 and other Microsoft offerings.

 

We will also be updating the Azure Virtual Desktop Web Client User Interface for a more modernized experience. There will be a new resource view with an option between grid or list and the ability to switch to a dark mode theme. When this feature reaches public preview soon, you will be able to easily try out the new experience by toggling the switch to move between the new and current web client experience.

 

Another convenient feature is new Universal Print support for Azure Virtual Desktop Multi-session in Windows 11 22H2. You can configure and register printers in Azure Active Directory, assign printer access to the appropriate user groups, and publish printers to users. Employees are shown the printers closest to them and not the session host location. That way, they can quickly discover the nearest printer they have access to and print. And IT admins reduce costs by eliminating the need to maintain on-premises print servers and print drivers on employee’s devices. Now let’s take a look at how Azure Virtual Desktop features help organizations do more with less.

 

Optimize costs

By leveraging Windows 11 or Window 10 multi-session, you can run multiple, concurrent user sessions on a single virtual machine with high utilization. This substantially reduces the number of virtual machines needed, while still providing the same resources to your employees. There’s a significant cost savings advantage and you lower the cost of administration by limiting the number of VMs you have to manage.

 

Multi-session has also seen improvements in the ways you can control and manage your virtual machines with Microsoft Intune user configuration. Earlier this year we made Azure Virtual Desktop support for device configuration manageability for Windows 11 and 10 multisession generally available, making it easy to enroll virtual machines in Microsoft Intune, manage using the settings catalog, and take advantage of configurations in the Endpoint security blade, along with Microsoft 365 security features such as Conditional Access. We’re following that up with user profile configuration which is currently in public preview for Windows 11 . This enables you to configure user scope policies using the Settings catalog to assign to groups of users, configure user certificates, and configure PowerShell scripts in the user context.

 

Multi-session might be a good move for your organization, but which Windows Operating System version you select will also be important for delivering an improved end user experience and optimizing use of Azure resources. In a recent benchmark measurement commissioned by Microsoft and conducted by 3rd party, Login VSI, reports showed multiple performance advantages using Windows 11 on Azure Virtual Desktop, including reduced logon time, better CPU utilization and a significant reduction in end-user input delay (cutting it nearly in half from Windows 10).

 

Azure Virtual Desktop Windows 10 vs. Windows 11 Performance Analysis by Login VSI; May 2022

 

One new capability within Microsoft Cost Management is the ability to group costs by host pool and view them within Cost Analysis without any extra filtering. Tagging is a tool already available across Azure services that helps customers organize resources inside their Azure subscription. And customers can now use the new cm-resource-parent tag to automatically group related resources—such as virtual machines and their OS disks—to gain a clearer understanding of Azure Virtual Desktop resource use and related costs. This tag eliminates the need to filter corresponding costs in Microsoft Cost Management and does not impact billing.

 

Storage needs are always top of mind for customers since they’re a variable cost and critical to ensuring a great employee experience with roaming profiles and apps. A lot of storage needs to be reserved, which can result in FSLogix Profile and Office containers growing in size—even while at rest—and consuming unnecessary space which increases storages costs. With the public preview of Azure Virtual Desktop native support for automatic storage savings for FSLogix Disks . By default, the service will reclaim unused space from inside the FSLogix VHD(X) files at user logoff. Combined with the recent general availability release of Autoscale, we’re thrilled to enable significant savings for customers across storage and compute.

 

Stay tuned for more

Your feedback inspires us, and we are committed to translating it into new and valuable Azure Virtual Desktop capabilities to meet your needs. We’re excited to share all these developments at Microsoft Ignite, and we hope you’re as excited about the future of Azure Virtual Desktop as we are!

 

Watch the Ignite sessions, get started

Watch the on-demand OD10 Azure Virtual Desktop Ignite session:

View related on-demand session OD14:

Watch this video to learn how Campari Group used the advanced security capabilities of Azure Virtual Desktop. 

Get started with the Azure Virtual Desktop Landing Zone accelerator: aka.ms/AVDLandingZones

Learn more: https://aka.ms/AVDDocumentation; https://aka.ms/AVDEventsAndWebinars

Join the discussion and provide feedback: Azure Virtual Desktop - Microsoft Community Hub

 

 

Oct. 12, 2022 - This post was edited after publication to clarify timing for confidential virtual machine options and the metadata service for India. 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Updated Oct 14, 2022
Version 6.0
No CommentsBe the first to comment