Table of Contents

Preface

Section 1: Introduction

Chapter 1: Introduction to Azure Virtual Desktop

Desktop virtualization

Azure Virtual Desktop – what is it?

Providing the best user experience

Enhanced security

Simplify management

Managing Azure Virtual Desktop performance

Multi-session Windows 10/11

What licenses do I need?

How does Azure Virtual Desktop work?

What's managed by Microsoft and what you manage

What Microsoft manages

What does the customer manage?

Summary

Section 2: Planning an Azure Virtual Desktop Architecture

Chapter 2: Designing the Azure Virtual Desktop Architecture

Assessing existing physical and Virtual Desktop environments

Assessing Azure Virtual Desktop deployments

User personas

Application groups

Assessing the network capacity and speed requirements for Azure Virtual Desktop

Applications

Display resolutions

Azure Virtual Desktop experience estimator

Remote Desktop Protocol bandwidth requirements

Estimating bandwidth utilization

Estimating the bandwidth that's used by remote graphics

Dynamic bandwidth allocation

Limit network bandwidth use with throttle rate limiting

Reverse connect transport

Session host communication channel

Client connection sequence

Connection security

Identifying an operating system for an Azure Virtual Desktop implementation

Supported Azure OS images

What is Windows 10 multi-session?

Customizing the Windows 10 multi-session image for your organization

Planning and configuring name resolution for Active Directory and Azure Active Directory Domain Services

Planning a host pools architecture

App groups

End users

Registering the DesktopVirtualization resource provider

Registering the provider using Azure PowerShell (optional)

Resource groups, subscriptions, and management groups limits

Configuring the location for the Azure Virtual Desktop metadata

Calculating and recommending a configuration for capacity and performance requirements

Multi-session recommendations

Recommendations on sizing VMs

General recommendations for VMs

Testing workloads

Summary

Questions

Answers

Further reading

Chapter 3: Designing for User Identities and Profiles

Selecting a licensing model for your Azure Virtual Desktop deployment

Applying the Azure Virtual Desktop licensing to VMs

Azure Files tiers

Planning for user profiles

User profiles

Challenges with previous user profile technologies

An introduction to FSLogix Profile Containers

Azure Files integration with Active Directory Domain Services

Planning for user identities

Planning for Azure Virtual Desktop client deployment

Installing the Windows Desktop client

Subscribing to a workspace

Access client logs

Connecting to Azure Virtual Desktop using the Web Client

Setting up email discovery to subscribe to the Azure Virtual Desktop feed

Summarizing the prerequisites for Azure Virtual Desktop

Summary

Questions

Answers

Chapter 4: Implementing and Managing Networking for Azure Virtual Desktop

Implementing Azure Virtual Network connectivity

Azure Virtual Network

Azure VNets

Communication between Azure resources

Communication with on-premises networks

Filtering and routing Azure network traffic

Understanding what virtual network integration is for Azure services

Managing connectivity to the internet and on-premises networks

Types of VPN available to you

Implementing and managing network security

Azure network security overview

Understanding AVD network connectivity

Managing AVD session hosts by using Azure Bastion

What is Azure Bastion?

Setting up Azure Bastion

Connecting to a VM using Azure Bastion

Monitoring and troubleshooting network connectivity

Using Azure Monitor to diagnose network issues

Confirming all required URLs are not blocked

Summary

Questions

Answers

Chapter 5: Implementing and Managing Storage for Azure Virtual Desktop

Configuring storage for FSLogix components

FSLogix Profile container storage options

The different Azure Files tiers

Best practices for Azure Files with AVD

Configure storage accounts

Step 1 – create a new storage account

Step 2 – configure the basics

Step 3 – configure advanced settings

Step 4 – configure networking

Step 5 – configure data protection

Configuring file shares

Configuring disks

Ephemeral OS disks

Creating a VHD image

Creating a VM

Creating a local image

Dynamic disks versus fixed disks

Summary

Questions

Answers

Further reading

Section 3: Implementing an Azure Virtual Desktop Infrastructure

Chapter 6: Creating Host Pools and Session Hosts

Creating a host pool by using the Azure portal

Host pool creation

Workspace information

Automating the creation of AVD hosts and host pools

Setting up PowerShell for AVD

Creating an AVD host pool with PowerShell

Summary

Questions

Answers

Chapter 7: Configure Azure Virtual Desktop Host Pools

Windows Server session host licensing

Configuring host pool settings

Customizing RDP properties

Using PowerShell to customize RDP properties

Methods for configuring Azure Virtual Desktop load balancing

Using PowerShell to configure load balancing methods

Assigning users to host pools

Assigning users to host pools via PowerShell

Configuring automatic assignment

Configuring direct assignment using PowerShell

Applying OS and application updates on an Azure Virtual Desktop host

Configuring a validation pool

Applying security and compliance settings to session hosts

Summary

Questions

Answers

Chapter 8: Azure AD Join for Azure Virtual Desktop

Prerequisites

Deploying an Azure AD-joined host pool

Enabling user access

Connect to Azure AD-joined session hosts using the Remote Desktop client

Configuring local admin access

Summary

Questions

Answers

Chapter 9: Creating and Managing Session Host Images

Creating a gold image

Creating a VM

Connecting to the VM

Modifying a Session Host image

Disabling automatic updates

Installing language packs in Azure Virtual Desktop

Optimizing an image

Capturing an image template

Creating and using an Azure Compute Gallery (ACG)

Creating your first Azure Compute Gallery

Capturing an image in an Azure Compute Gallery

Creating an image definition from the Shared Image Gallery

Creating an image version

Troubleshooting OS issues related to Azure Virtual Desktop

VMs are not joined to the domain

Azure Desktop Agent and Virtual Desktop Bootloader are not installed

Azure Virtual Desktop Agent is not registering with the Azure Virtual Desktop service

Basic performance troubleshooting in Azure Virtual Desktop

Networking troubleshooting

Summary

Questions

Answers

Section 4: Managing Access and Security

Chapter 10: Managing Access

Introduction to Azure RBAC

Planning and implementing Azure roles and RBAC for AVD

The delegated access model

Assigning RBAC roles to IT admins

The PowerShell way to assign role assignments

Creating a custom role using the Azure portal

Managing local roles, groups, and rights assignments on AVD session hosts

Configuring user restrictions by using Azure Active Directory Domain Service group policies

Summary

Questions

Answers

Chapter 11: Managing Security

Introduction to MFA

How does Azure MFA work?

Security defaults

Conditional Access

Planning and implementing MFA

Creating a conditional access policy for MFA

Managing security by using Microsoft Defender for Cloud

Securing AVD using Microsoft Defender for Cloud

Using Microsoft Defender for Cloud and AVD

Enabling enhanced security for AVD

Configuring Microsoft Defender Antivirus for session hosts

What is the difference between Microsoft Defender Antivirus and Microsoft Defender for Endpoint?

Getting the latest updates

Setting the scheduled task to run the PowerShell script

Manually downloading and unpacking

Configuring quick scans

Suppressing notifications

Enabling headless UI mode

Summary

Questions

Answers

Section 5: Managing User Environments and Apps

Chapter 12: Implementing and Managing FSLogix

Installing and configuring FSLogix

License requirements for FSLogix profile containers

FSLogix key capabilities

FSLogix installation and configuration

Configuring antivirus exclusions

Configuring exclusions using PowerShell

Configuring profile containers

Configuring Cloud Cache

Configuring Cloud Cache

Microsoft Teams exclusions

FSLogix profile container best practices

Summary

Questions

Answers

Chapter 13: Configuring User Experience Settings

Configuring Universal Print

Prerequisites for Universal Print

Universal Print administrator roles

Setting up Universal Print

Registering printers using the Universal Print connector

Assigning permissions and sharing printers

Adding a Universal Print printer to a Windows device

Configuring user settings using Microsoft Endpoint Manager

Start Virtual Machine on Connect

Configuring with the Azure portal

Enabling screen capture protection for Azure Virtual Desktop

Troubleshooting FSLogix profiles

Troubleshooting Azure Virtual Desktop clients

Testing connectivity

Resetting the Remote Desktop Client

Remote Desktop Client is showing no resources

Summary

Further reading

Questions

Answers

Chapter 14: MSIX App Attach

Configuring dynamic application delivery by using MSIX app attach

What is MSIX?

What does it look like inside MSIX?

What is MSIX app attach?

MSIX app attach terminology

An overview on how MSIX app attach works

Prerequisites

Creating an MSIX package

Packaging a simple application in an MSIX container

Creating an MSIX image

Configuring Azure Files for MSIX app attach

Importing the code-signed certificate

Uploading MSIX images to Azure Files

Configuring MSIX app attach

Publishing an MSIX app to a RemoteApp

Troubleshooting

Published MSIX app attach applications not showing in the Start menu

Summary

Further reading

Questions

Answers

Chapter 15: Configuring Apps on a Session Host

Application Masking

Rule types available

Deploying an application as a RemoteApp

Implementing and managing OneDrive for Business for a multi-session environment

Implementing and managing Microsoft Teams AV redirection

Implementing and managing multimedia redirection

Managing internet access for Azure Virtual Desktop sessions

Summary

Questions

Answers

Section 6: Monitoring and Maintaining an Azure Virtual Desktop Infrastructure

Chapter 16: Planning and Implementing Business Continuity and Disaster Recovery

Designing a backup strategy for Azure Virtual Desktop

Planning and implementing a disaster recovery plan for Azure Virtual Desktop

Virtual network

Virtual machines

Managing user identities

Configuring user and app data

Disaster recovery considerations for MSIX app attach

Application dependencies

Configuring backup and restore for FSLogix user profiles, personal virtual desktop infrastructures (VDIs), and golden images

Virtual machine backup and restore

Zone-redundant storage

Azure file backup and restore

Replicating virtual machine images between regions

Summary

Questions

Answers

Chapter 17: Automate Azure Virtual Desktop Management Tasks

Creating an automation account for Azure Virtual Desktop

Automating the management of host pools, session hosts, and user sessions using PowerShell

Implementing autoscaling for host pools

Autoscale – scaling plans

Summary

Questions

Answers

Chapter 18: Monitoring and Managing Performance and Health

Configuring Azure Monitor for AVD

Creating a Log Analytics workspace

Configuring the monitoring of AVD

Configuring performance counters

Configuring events

Using AVD Insights

Setting up alerts using alert rules

Introduction to Kusto

Connecting Log Analytics to Kusto Explorer

Creating queries for AVD using Kusto Explorer

Using Azure Advisor for AVD

Summary

Questions

Answers

Chapter 19: Azure Virtual Desktop's Getting Started Feature

How the Getting started feature works

Prerequisites

Using the Getting started feature with Azure AD DS and AD DS

Using the Getting started feature without an identity provider

Post-deployment cleanup

Troubleshooting the Getting started feature

Summary

Questions

Answers

Appendix: Microsoft Resources and Microsoft Learn

Azure Virtual Desktop Community shout-outs!

Cool vendors

Other resources written by Ryan Mangan

Summary

Final Assessment

Questions

Answers

Other Books You May Enjoy