Select “Users and Groups,” then click on “Add User.”, Search for, then select the user you would like to grant permission to create Windows Virtual Tenants to and then click “Assign.”. Congratulations, you just connected to Azure via the Point-to-Site VPN. Once the deployment is successful, click on the “Go to resource” button if available, if not then select “All resources” from the left column in the portal and then click on the network gateway name you created in the previous step. We will guide you through the necessary procedures to ensure that users can authenticate successfully to utilize the new virtual desktops and resources. In that case, we first need to create a registration token to use for adding wvd-apps-0 to WVD-Host-Pool02. You can choose to load balance authentication traffic or direct it all to the cloud if your on-prem network is down. To avoid this, use a data disk with write caching disabled on the VM and use this drive to store the AD DS database, Logs, and SYSVOL folders. You need to use the Active Directory tenant ID (or Directory ID), and Subscription ID you saved earlier. • A Windows Server Active Directory in sync with Azure Active Directory. Copy the Subscription ID and save it somewhere safe, as you need it later. You can install any applications you like, which you want in the VMs. There are some other guides out there that explain how to set up WVD. So you may have a few things to do until the next leg of the journey. Why Again, those guides are useful. If you want to learn more about WVD, here are some quick wins. Tip: If you turn off word CANNOT wrap all the text should be on one line with no empty spaces and look like this below. You can also create a text file on the desktop if you wish to store the registration token until you are ready to use it. From the list of virtual networks, click on EUSVnet1, 4. Then select “IP configurations” and click on the name of the “IP Configuration shown on the right of the screen. I can confirm Azure AD connect sync status is healthy. I chose for one of Google’s public DNS servers. Windows Virtual Desktop (WVD) is not Hyper-V or a rehabilitated version Windows Virtual PC. I also blog about different Azure services. The RDSTenant name should be the name of the tenant you are creating, the AadTenantId string should match the tenant Id string from your Azure portal, and the AzureSubscriptionId string should match the Subscription Id string from your Azure portal. Windows Virtual Desktop Essentials | Intro and full tour: 2. This one by Christiaan Brinkhoff is a good start, but we think having another walkthrough might be useful if you get stuck. From an elevated PowerShell (or PowerShell ISE) session, run the two scripts below. Now click “Next” again (stick with the default of not exporting Private Key), select the “Base-64 encoded X.509 (.CER)” radio button, and click Next once more. In my demo setup, it is User Logoff Policy section, here we have 2 options. Then define Workspace name and Friendly name for the workspace. Cloud management isn’t always about pointing and clicking in GUI menus. Whichever one you choose, open it with an elevated prompt, and type the following cmdlets in the order shown. You can support the project with enough Azure subscription credits to host the virtual machine resources (TIP: If you don’t have access to a subscription, you can sign up for a free account here. Deliver a virtual desktop experience and remote apps to any device. At the “Security” screen, place a checkbox in the “Password” box and type in a password to secure the private key. I’d also like to thank Brad Rudisail for helping to edit and co-write this piece. Remember to give the file a descriptive name with “.CER” as the extension, then click “Next,” then “Finish” to export the certificate. In the next window, click on Yes under Register application groups option. Remember to give the file a descriptive name with “.PFX” as the extension and click “Next,” and then “Finish” to export the certificate. Once I logged in, I can see the application group. Watch the entire Windows Virtual Desktop Series! Assign users to Windows Virtual Desktop Applications group. This way session hosts in EUSRG1 can be added to Windows AD using the standard method. In the Azure Portal, select “Virtual Machines” from the left side of the screen, then click “Add.”. Think of our walkthrough as your one-source guide to everything you would need to get started deploying Windows Virtual Desktop in Azure. At the next screen, make sure that “HOST CACHING” is set to “None” for the data disk. WVD delivers a Windows experience that is multi-session yet personable and persistent. We recommend installing the PolicyPak Admin Console MSI on the Domain Controller, and installing the PolicyPak Client Side Extension (CSE) MSI on each of the four client VMs. Once you issue the command, you will see something like this: Note: Rinse and repeat for any additional applications you wish to publish using the above as a guide. The next step of the configure is to assign Active Directory users to the application group. This includes more than 400 articles already. While it delivers a Windows 7 experience, most organizations want Windows 10 since support. Once you log into the VM as an administrator, visit the two links below. Lastly, reboot the VM. It looks like this: Clicking the “Deploy to Azure” button takes you to here:, More info: There is just one thing. Optional: It’s an excellent time to repeat the process above for the “P2SRootCert” so that you also have a “PFX” version of the certificate that includes the private key. 4. But it requires careful implementation to ensure that the user experience is optimal, efficient and secure. 3. But if we try to add a VM running in EUSVnet1 virtual network to Windows AD in UKSVnet1 virtual network, it will fail. – Executive Overview For more info…. ), Domain To Join (FQDN of the domain that VMs are to be joined to), Existing Domain UPN (Username in the domain that can join machines to the domain in UPN format), Existing Domain Password (Password for the username above – should be at least 12 characters long), OU Path (Optional – specify the OU where you want the newly created VMs to live), Existing Vnet Name (The name of the virtual network you created earlier for the VMs), Existing Subnet Name (The name of the subnet the VMs will be placed in), Virtual Network Resource Group Name (The name of the resource group containing the virtual network), Existing Tenant Name (The name you gave your WVD tenant), Host pool name (this is host pool that you want your VMs to be assigned to since these are full desktops, we use “WVD-Host-Pool01.”, Default Desktop Users (Any user(s) that you wish to be able to access desktops in this host pool – UPN should match Azure domain UPN suffix), Tenant Admin UPN or Application Id (This needs to be an account in UPN format that has RDS Owner role assigned), Tenant Admin Password (Password for the Tenant Admin account – should be at least 12 characters long), Windows Virtual Desktop Agent Bootloader =. First step is to select the template. Microsoft will then ask you to accept permissions needed by Windows Virtual Desktop, hit “Accept” when prompted to grant access. Mindbender. Note: You can find your “AAD Tenant GUID or name” by visiting this link: If there is nothing at that link, then you don’t have an active subscription, sign up at, Your Azure Active Directory tenant ID (or Directory ID), Note: Though VMs can live in any Azure region, their data gets stored in East US 2 – see. First, you need to unpublish the application with the missing icon. Founder & CTO, Microsoft MVP in Group Policy, Enterprise Mobility, and MDM, PolicyPak and Microsoft VDI – Better Together to Manage Applications’ settings, PolicyPak and VMware Horizon View – Linked Clones with VMware Persona Management, PolicyPak extends Group Policy to Microsoft App-V, PolicyPak works alongside Quest Active Administrator, PolicyPak & Microsoft Windows Virtual Desktop, PolicyPak managing Microsoft applications, Part 2: WVD Initial Setup with Azure and Registration, Part 3: Prepping for Your WVD Environment with PowerShell, – Finding Your Azure Subscription ID and Active Directory Tenant ID, – Configuring PowerShell and Connecting to Azure, – Setting Up Windows Virtual Desktop Tenant, Part 4: Configuring Your Domain Controller and Virtual Machines, – Adding, Creating and Configuring Virtual Machines, – Resources, Certificates and Other Configurations, Part 6: Completing Your Windows Virtual Desktop Configuration, – Configuring and Connecting Your Domain Controller, » PRO TIP: Kill Local Admin Rights In WVD,, If you are like most networking professionals, your first instinct will be to ping the VM you created in the previous installment to test the connection. Next, choose a password that you can easily remember and contains at least 12 characters. You may want to draw out your IP configuration on paper to get a mental picture of how it is all connected. We are almost there, so keep plugging. Once validation is completed, click on Create to complete the host pool setup. I am just using this value for this example. You don’t have to choose East US-2 as your region.  Windows 10 Enterprise multi-session, version 1809 or later Then click on Review + Create After a comfortable 30-second wait as suggested, repeat the previous steps and set the “Consent Option” to “Client App,” then fill in your “AAD Tenant GUID or name” and hit submit. Once again, change “CompanyWVDtenant” to the correct tenant name for your organization. More info: If you have any further questions feel free to contact me on also follow me on twitter @rebeladm to get updates about new blog posts. In this step, we will perform the following tasks: Allow Windows Virtual Desktop … We are almost in the home stretch here, as this is the next to last installment in the series. Note that this CANNOT work. You should also have a Point-to-Site VPN already set up in Azure. Use the Azure Resource Manager template for provisioning a new host pool. 3. You will need a valid phone number and credit card as Microsoft uses these for identity verification. QUICK TIP: Some Application Icons May Not Show Up Correctly!! 1. Part 2 | Create a Tenant in Windows Virtual Desktop. Part 1: Before You Get Started More importantly, we hope you have learned something along the way. You are almost there! Occasionally, some application icons may not show up correctly. 7. Then install the “Active Directory Domain Services role” and reboot. – Disk Configuration One for the “Desktop Application Group” and a second one for the “Remote Application Group”. Then install the boot loader as well as taking all the defaults. 7. Create a full desktop virtualization environment in your Azure subscription without having to run any additional gateway servers. Note: All of the text within the red box is the token, you need to copy that text and save it somewhere safely (i.e., use Notepad) so we can use it later to link the VM (wvd-apps-0) to WVD-Host-Pool02. 2. (Using Azure Portal). Simpler Profile Management With FSLogix. Learn how you can make use of the Virtual Desktop feature in Windows … Change the encryption level if desired before clicking “Next.” Take special note of this password, as you need it every time you need to install this client certificate for a new user. Windows Virtual Desktop or “WVD” is a desktop and app virtualization service that resides in the cloud and is then accessed by users using a device of their choice. This process starts with the creation of a virtual network followed by some necessary configurations. 7. – Configuring and Connecting Your Domain Controller For this WVD demonstration, I have chosen the least expensive options. The result should look similar to below You need to create the Root and Client certificates for the Point-to-Site-configuration, as they get used for the encryption. The result for each command should look similar to below. – Setting Up Windows Virtual Desktop Tenant You should now see new icons present for any apps you published. At the “Create virtual network gateway” screen, fill out the values for your environment using the below as a guide, then click on “Review + create.”. If you’ve migrated your applications and data to the cloud, why not host the desktops there too. According to my setup, it is EUSRG1. I went ahead and click on it. Before we move forward, make sure the deployment is completed without errors. For “Public inbound ports,” choose “None.” There is a better way to connect to your VMs in Azure without opening up RDP over the internet that I review later. Provide employees the best virtualized experience with the only solution fully optimized for Windows … To avoid this, use a data disk with write caching disabled on the VM and use this drive to store the AD DS database, Logs, and SYSVOL folders. In Part 2, you created a WVD tenant.In Part 3, you created a service principal and a role assignment for the service principal.Now you will use the Azure Marketplace to provision a host pool. Windows Virtual Desktop step by step deployment in Spring 2020 release Where can I find the most clear and concise step by step instructions for setting up a WVD environment? For more info…. Once the changes save, click on the “Virtual network/subnet” in blue text. Once validation is completed, click on Create to complete the workspace setup. the same problem they couldn’t manage their applications, browsers and operating systems using the technology they Click + Create a resource button and search for Windows Virtual Desktop … Well, there was a lot to do to get to this point, but you have done it. For the load balancing algorithm, we have 2 options. In Windows Virtual Desktop service page, click on Application groups. The key is to select the region that offers the fastest response time for your area. Note the icon on the taskbar has the remote desktop client icon letting you know that it is a remote desktop application. The primary purpose of this article series is to guide you through the process of getting WVD up and running so you can kick the tires and see how this new product can benefit your environment. 4. – Network Configuration The site is older than 7 years and been updated regularly. So let’s get this party started and set out deploying WVD. PolicyPak and SECURING YOUR STANDARDS are registered trademarks of PolicyPak Software Inc. Other trademarks appearing on our website are owned by their respective owners. Users can access their expected desktop experience regardless of location. Yep! You need to use the Active Directory tenant ID (or Directory ID), … Policy. My colleague Jan Bakker and myself went straight to all available documentation, and build a test environment together. Your email address will not be published. • Host pool deployment is now fully integrated with the Azure Shared Image Gallery. Using the computer from which you exported the Point-to-Site Root certificate, reopen “Certificate Manager” by running “certmgr” in your PowerShell session. Windows 10 Enterprise licensing (though E3, E5, M365 E3/E5) or licensing for the OS you are looking to deploy (Win7 and Server also supported) The reason AD is required is because WVD machines must be domain or hybrid joined. At the “Connect your directories” screen, click the “Add Directory” button. FSLogix Profile Group Policy Settings -Best Practices September 17, 2020; Azure Windows VirtualDesktop (WVD) – Step by Step Implementation Guides July 26, 2020; Quick … For instance, let’s say that wvd-apps-0 is missing from WVD-Host-Pool02. – What is Windows Virtual Desktop? 2. It will open up a new form. If you have many resources, it may help to use the filter. 21 March 2019 the Windows Virtual Desktop preview went live. Part 6: Completing Your Windows Virtual Desktop Configuration In the properties window, click on Assignments. Windows 10 Multi-session. This is the maximum number of concurrent connections a session host can have. – Assigning Users and Administrators This procedure can cause issues for databases such as Active Directory, and lead to data corruption. Download the VPN client package and take note of where the zip gets saved as you need to extract and run the relevant VPN executable for your client OS later. Note: Do not forget that the pricing for your virtual machines is calculated based on the resources that you use. Once again, this is followed by a confirmation of your registration. Deploy Windows Virtual Desktop We’re now ready to deploy Windows Virtual Desktop (8) Click Windows Virtual Desktop (9) Click Create a Host Pool (10) Input details, see the example below. Next, click on “Create “at the bottom of the screen. Download directly at Microsoft from here: Accept the license agreement, then click continue. 3. Under Network and security section make sure to select relevant virtual network and subnet for session hosts. We have to do it in the virtual network level. Note: In my example below, the icon path I used changes as Chrome updates, so probably not the best choice for this icon. These initial steps are quick and easy. Part 4 | Create a Host Pool. Second, you need to republish the application using custom icon settings. Last but not least, click “Save.”. In this demo, I am using web client method. 8. At the “Custom Deployment” screen under the “Basics” section for “Resource group,” select the resource group you created under step #23 above. Click on Allow to proceed. Any time you see “CompanyWVDtenant” in a script, you need to change this value to the correct name of your tenant. Fortunately, securing Windows Virtual Desktop … The whitepaper shows you some of the key points to watch for in setting and delivering your VDI image to your users, and how adding PolicyPak to your toolbox grants you increased control over both the VDI image and the applications within it. The domain controller should also be configured with Azure AD Connect and have at least one user account synced to Azure AD. Although our account gets assigned to the “Desktop Application Group” and “Remote Application Group,” you only see one icon labeled “Session Desktop.” It is because we have not published any remote applications, so there is nothing to see on the “Remote Application Group” side. We documented every step expressly so you could get started and see what we did, and you can do it too. Now that you have your token, you should use a remote desktop to connect to the VM (wvd-apps-0) to WVD-Host-Pool02. 2. You can read more about it at, Virtual network address space: ( –, Default subnet: ( –, Gateway subnet: ( –, Find more info and the original PowerShell scripts at. EUSRG1 resource group is in Azure East US region and UKSRG1 resource group is in UK South Azure region. Before you do that, however, examine your … Once done, click next. We can’t simply modify network adapter settings of the VM and point DNS to the Windows AD server. – Adding, Creating and Configuring Virtual Machines See below for examples, and remember to change “CompanyWVDtenant” to the correct tenant name for your organization, (i.e., whatever you specified in #17 above), and change “[email protected]” to the correct user name UPN for the user as they show in your Azure portal. As a bonus we will also show how to install and configure FSLogix. Base, Customer 6. Under the Administrator account section, define Active Directory user account which has permissions to add virtual machines to the domain. Updated 12/20/2019 With the Windows Virtual Desktop now General Available (GA), we wanted to provide a quick overview of the steps required to get your environment up and running. Click on it. Then system prompt for permissions to access local resources. First, let’s get connected to the Domain Controller you created. This is where clients will connect to. In this demo, I am going to demonstrate how to publish Desktops using Windows virtual desktop service. More info: So you’ll need domain admin access to your on-prem AD, or, use this guide to make your own DC in Azure. Plus, you’re benefiting from the power, security, and scalability of Azure. You have now created a secure connection between you and your Azure environment. This Guide to Getting Started is perfect for those IT pros who are researching WVD, starting a trial with WVD or are onboarding WVD. 6. You can reset the password under the properties of the Virtual Machine in the Azure portal under the “Support + Troubleshooting” section, then the “Reset password” option. In the next post, I will explain how to publish applications using Windows Virtual Desktop service. If you double-click on the “Session Desktop” icon, you get a full Windows 10 desktop, which is either wvd-w10-0 or wvd-w10-1. These are the accounts assigned Windows Virtual Desktop resources later. First, is Microsoft’s training on it. Since our WVD will be running in Azure, we need to set up a Point-to-Site VPN to tunnel our traffic. Run On & Off scripts from GP or via Cloud. 3. When done, click “Save” to save your changes. Before we can publish any apps, we first need to see which apps are available and common to all machines in the “Remote Application Group.” To do this, run the following command in an elevated PowerShell (or PowerShell ISE) session. Then, expand “Current User > Personal > Certificates.” Now right-click on “PS2ChildCert” and choose “All Tasks” > “Export…”, then click “Next” to continue, this time make sure the option “Yes, export the private key” is selected, then click “Next.”. First, you need to install the required modules for PowerShell. Your email address will not be published. ... on Windows Server 2019 in virtual desktop scenarios is an obscure detail that's described in this Microsoft forum post from late … This saves money due to using less Azure infrastructure and provides the user with a familiar desktop experience. But this is our story, how we did it. The WVD solution that you just implemented provides users with multi-session Windows 10 virtualized experiences.