Use Cases

• Existing VDI setup with MS RDS, Citrix, VMWare Horizon moving to PaaS to Offset Costs for licensing / infrastructure
• New VDI Setup
  
  • Centralized access for App
  • Low latency Bandwidth for App & DB to be close to each other
  • Apps that can't be used over a site to site VPN
  • High Availability
  • Disaster Recovery
  • Compliance
  • Workforce is fully remote

Considerations for Azure Virtual Desktop

• Networking / Bandwidth
• Regions Required
• Applications Compatible
  • Server OS vs Client OS
  • Dedicated vs Multi-Session Environment
• Microsoft Licensing (CALs VS M365 NCE Licenses)
• Application Licensing

Licensing for Azure Virtual Desktop

Azure Virtual Desktop Pricing | Microsoft Azure

Windows 10 / 11 Session Hosts

• Microsoft 365 E3/E5
• Microsoft 365 A3/A5/Student Use Benefits
• Microsoft 365 F3
• Microsoft 365 Business Premium**
• Windows 10 Enterprise E3/E5
• Windows 10 Education A3/A5
• Windows 10 VDA per user

Windows Server 2012 R2 - Windows Server 2022

• RDS CALs with Software Assurance

Deployment Types

Azure Virtual Desktop for the enterprise - Azure Architecture Center | Microsoft Learn

• Single-session / Personal Desktops
  • Each User has their own dedicated virtual desktop
  • More $$$ to Operate
• Multi-session / Pooled / Non-persistent
  • Users share session hosts
  • Less $$$ to Operate

User Personas

Session Host VM Instance Sizing

Session host virtual machine sizing guidelines for Azure Virtual Desktop and Remote Desktop Services | Microsoft Learn

RBAC Roles for AVD

Built-in Azure RBAC roles Azure Virtual Desktop | Microsoft Learn

• Desktop Virtualization
  • Contributor - Manage all aspects of deploy but no user access
  • Reader - View all aspects of deployments but no access to deploy
  • Role Type - Admin who manages deployment of additional hosts only or combined with another role
• Host Pools
  • Contributor - Manage all aspects of the host pools only
  • Reader - View all aspects of the host pools only
  • Role Type - Admin who manages the properties of the host pool
• Application Group
  • Contributor - Manage all aspects of the Application Groups (App Groups)
  • Reader - View all aspects of the Application Groups (App Groups)
• Workspaces
  • Contributor - Manage all aspects of the Workspaces
  • Reader - View all aspects of the Workspaces
• Session Host Operator - Admin role for messaging, managing user's sessions
• Session Host Contributor - Allows management of Session Host
  • Can't add session hosts but can manage all aspects of session hosts
• User Access Administrator - Required to Publish Applications because of user assignments to App Groups

Networking

Deploying a Workspace

Deploying an App Group

Deploying a Session Host

Building an Image (Golden Master)

Azure Compute Gallery

FSLogix for Non Persistent / Multi-Session

Storage Account / Azure File Shares

Best Practices

• Enable RDP Shortpath / Shortpath Public Networks (TURN / STUN)
• GPOs
  • Disable Redirections
    • Clipboard
    • Drives
    • Printers
  • Session Host Time outs for Active, Active Idle, Disconnects, Log Off

Logging / Log Analytics

• Azure Activity Log
• Azure Active Directory Logs
• Azure Active Directory Activity Logging
• Active Directory Logging / Azure AD DS Logging
• Session Hosts Logging
• Workspace Logging
• App Group Logging
• FSLogix Logs

Securing Azure Virtual Desktop

• Azure AD Multi-Factor Authentication overview - Microsoft Entra | Microsoft Learn
• Enforce Azure Active Directory Multi-Factor Authentication for Azure Virtual Desktop using Conditional Access - Azure | Microsoft Learn (Need Azure AD P1 / P2 licensing)