Step-by-Step Guide to Deploy Windows Virtual Desktop in Azure

Step-by-Step Guide to Deploy Windows Virtual Desktop in Azure

This tutorial will guide you how to setup a Windows Virtual Desktop environment with full desktop experience for your users. We will be using PowerShell and the Azure Portal to deploy the WVD solution since the full portal experience is not yet available. 

 

What is Windows Virtual Desktop?

Windows Virtual Desktop is a comprehensive desktop and app virtualization service running in the cloud. It’s the only virtual desktop infrastructure (VDI) that delivers simplified management, multi-session Windows 10, optimizations for Office 365 ProPlus, and support for Remote Desktop Services (RDS) environments. Deploy and scale your Windows desktops and apps on Azure in minutes, and get built-in security and compliance features.

Windows Virtual Desktop was released (Generally Available) world wide in the september 2019. 

 

How do i access and pay for Windows Virtual Desktop?

Access Windows 10 Enterprise and Windows 7 Enterprise at no additional cost if you have an eligible Windows 10 Enterprise or Microsoft 365 license. Access desktops powered by Windows Server Remote Desktop Services at no additional cost if you’re an eligible Microsoft Remote Desktop Services (RDS) Client Access License (CAL) customer. You pay only for the Azure compute, storage, and networking associated with the virtual machines you use in your environment. Take advantage of options such as one-year or three-year Azure Reserved Virtual Machine Instances, which can save you up to 72 percent versus pay-as-you-go pricing. Reserved Virtual Machine Instances are flexible and can easily be exchanged or returned.

 

Requirements for Windows Virtual Desktop

  • An Azure CSP Subscription preferably from Accigo AB (any other Azure Subscription will work too)

  • A new empty  Resource Group

  • An Azure Virtual Network which is connected to your Domain Controllers so that the session hosts can be joined to your domain or you need to provision Azure Active Directory Domain Services (Not same as Azure Active Directory)

  • Any of the following licenses
    • Microsoft 365 E3/E5
    • Microsoft 365 A3/A5/Student Use Benefits
    • Microsoft 365 F1
    • Microsoft 365 Business
    • Windows 10 Enterprise E3/E5
    • Windows 10 Education A3/A5
    • Windows 10 VDA per user
  • If you dont have any of the licenses needed we can help you procuring a suitable license
  • You need an Azure AD Global Administrator account

 

Overview

  1. Install Windows Virtual Desktop PowerShell module
  2. Consent to Deploy Windows Virtual Desktop
  3. Create WVD Tenant
  4. Provision a Windows Virtual Desktop Host Pool
  5. Add session hosts to the host pool
  6. Add users to the Host pools app group

 

1. Install Windows Virtual Desktop PowerShell module

If you are using Windows i suggest that using Windows PowerShell ISE application for all the PowerShell steps and don´t forget so save your progress.

Before we can deploy WVD we must install the Windows Virtual Desktop PowerShell module to be able to install, configure and manage WVD. Microsoft has not yet released the full portal experience to setup and manage WVD.

Supported PowerShell versions

  • Windows PowerShell 5.0 and 5.1

Download and installation of PowerShell module

To quickly download and install the Windows Virtual Desktop PowerShell module, launch PowerShell as an administrator and run the following command:

Install-Module -Name Microsoft.RDInfra.RDPowerShell

After installing the PowerShell module we need to import the module by running the following command: 

Import-Module -Name Microsoft.RDInfra.RDPowerShell

If you already have the module installed but its out of date and you need to update the module, then you can run the following command: 

Update-Module -Name Microsoft.RDInfra.RDPowerShell

 

2. Consent to Deploy Windows Virtual Desktop

We need to give Consent to Windows Virtual Desktop to access your Azure Active Directory. 

Grab your Azure AD Directory ID from the Azure Portal, the Directory ID can be found on this page: https://portal.azure.com/#blade/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/Properties

Go to https://rdweb.wvd.microsoft.com/ and give Consent to WVD to both the Server App and Client  by putting in your Directory ID and clicking Submit for both of them as Global Administrator. This will create two Enterprises Applications in your Active Directory and give Windows Virtual Desktop Consent to use them. 

The newly created apps can be found at: https://portal.azure.com/#blade/Microsoft_AAD_IAM/StartboardApplicationsMenuBlade/AllApps/menuId/

Enterprise Applications

 

Before moving on to next step you should add the user you intend to use for setting up the rest of the environment to the Windows Virtual Desktop Application in the Azure Active Directory. 

Go to the Windows Virtual Desktop application (not the Windows Virtual Desktop Client) in Enterprise Applications as shown above. 

On the blade “Users and groups” go to the Add user blade and add the user as Tenant Creator.

Add User

 

3. Create Windows Virtual Desktop Tenant

Now using PowerShell you will log in to the WVD Service and create your first tenant:

# Login using a TenantCreator
Add-RdsAccount -DeploymentUrl "https://rdbroker.wvd.microsoft.com"

 

Update the values for the variables in the PowerShell script, these will be used multiple times when setting up and configuring the WVD solution. 

$tenantname = "[My Awesome WVD Tenant]"
$tenantid = "[AAD Directory ID]"
$subscriptionid = "[My Azure Subscription ID]"

 

Create your first tenant by running this command:

New-RdsTenant -Name $tenantname -AadTenantId $tenantid -AzureSubscriptionId $subscriptionid 

 

4. Provision a Windows Virtual Desktop Host Pool

This step can be done using the Portal but in this tutorial we will be doing it using PowerShell.

Since we at Accigo is Microsoft Partner we are required to have MFA enabled for all users for security reasons but when setting up a Windows Virtual Desktop Host Pool the first RDS Owner needs to be a user without MFA activated or you need to create a Service Principal for this. We will be using a Service Principal in this tutorial. 

Install the AzureAD module and import it: 

Install-Module -Name "AzureAD"
Import-Module AzureAD

 

Create the Service Principal. You can change the DisplayName to something but i think “Windows Virtual Desktop Svc Principal” is suitable:

<#
  Create a service principal in Azure Active Directory
#>
$aadContext = Connect-AzureAD # Need to be Global Administrator
$svcPrincipal = New-AzureADApplication -AvailableToOtherTenants $true -DisplayName "Windows Virtual Desktop Svc Principal"
$svcPrincipalCreds = New-AzureADApplicationPasswordCredential -ObjectId $svcPrincipal.ObjectId

Add the Service Principal as RDS Owner to the WVD Tenant: 

# Add Service Pricipal to WVD Tenant as RDS Owner
New-RdsRoleAssignment -RoleDefinitionName "RDS Owner" -ApplicationId $svcPrincipal.AppId -TenantName $tenantname

From now we will be using the Service Principal while provisioning the WVD Host Pool

# Sign in with the service principal
$creds = New-Object System.Management.Automation.PSCredential($svcPrincipal.AppId, (ConvertTo-SecureString $svcPrincipalCreds.Value -AsPlainText -Force))
Add-RdsAccount -DeploymentUrl "https://rdbroker.wvd.microsoft.com" -Credential $creds -ServicePrincipal -AadTenantId $aadContext.TenantId.Guid

Provision the hostpool: 

  • $hostpoolname can be changed to a suitable name for your solution
$hostpoolname = "hostpool-1"
New-RdsHostPool -TenantName $tenantname -Name $hostpoolname

 

5. Add session hosts to the host pool

Deploy one of the images found on: https://docs.microsoft.com/en-us/azure/virtual-desktop/overview#supported-virtual-machine-os-images
How you deploy your VMs that will be joined in to the session host is your own chooise. 

When you have deployed a VM with a supported image you will need to jump back into PowerShell and Generate a Registration Information file with a token that will be used to join your server into the WVD solution.

The registration information token that we are creating will last for 24 hours, if you need longer time  to register your VM to the host pool i suggest you create a new key when you need it. 

$RegFile = "c:\temp\RegistrationFile.txt"
New-RdsRegistrationInfo -TenantName $tenantname -HostPoolName $hostpoolname -ExpirationHours 24 | Select-Object -ExpandProperty Token | Out-File -FilePath $RegFile

On the VM you intend to register to the Session Host pool, download the Windows Virtual Desktop Agent: https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RWrmXv
Start the install the Agent on the VM and copy the token from the RegistrationFile.txt and put it in to the textbox in the installation program. 

Registration Token

Next step is that you need to download the Windows Virtual Desktop Agent Bootloader and install that on the VM. 

Here is the Bootloader installation file: https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RWrxrH

After installing the bootloader you must reboot the VM.

 

6. Add users to the Host pools app group

When creating a Session Host Pool a default app group of the resource type Desktop will be created. 

  • Desktop is used to give the user a full desktop experience
  • RemoteApp is used to only share specific applications

A user can be added to one or multiple Desktop or RemoteApp groups but you cant combine them. 

To get a list of your app groups run this command: 

Get-RdsAppGroup -TenantName $tenantname -HostPoolName $hostpoolname

Grab the AppGroupName and use that to add your first user to the app group: 

  • Update the $AppGroupName if needed
  • Replace the UserPrincipalName with the user you want to add to the app group
$AppGroupName = "Desktop Application Group"
Add-RdsAppGroupUser -TenantName $tenantname -HostPoolName $hostpoolname -UserPrincipalName "firstname.lastname@contoso.com" -AppGroupName $AppGroupName

 

7. Connect to Windows Virtual Desktop

Windows Virtual Desktop has two user experiences.

 

Do you find our content useful? Like and Share our Posts!

Leave a Reply

Your email address will not be published. Required fields are marked *