Windows Virtual Desktop (WVD) was finally released to public preview yesterday! For those of you that have been living under a rock (or spending time with your friends and families), WVD is Microsoft’s new Desktop-as-a-Service offering to provide Windows 10 virtual desktop infrastructure (VDI) in the Azure cloud for Windows 10 E3 / E5 subscribers. (and a few more SKUs too…)
Requirements for running Windows Virtual Desktop in Azure
Here are a few prerequisites that you’ll need already configured in your lab:
An Azure CSP Subscription from Infused Innovations (or any Azure Subscription will work too)
An empty resource group
I’d recommend creating it in the East US 2 or Central US data centers for the best performance as WVD compute clusters are only available in these regions during preview
An Azure Virtual Network that has access to your Active Directory (Boo-hiss! Azure AD Join only is not supported yet. Your instance needs to be domain joined or Hybrid Azure AD Joined.)
One of the following licenses:
Windows 10 E3 / E5
Windows 10 A3 / A5 (Education Licenses)
Microsoft 365 Business or F1 (WHAT?!)
Microsoft 365 E3 / E5
Licensing requirements appear to state that these are the only SKUs that will allow you to access WVD from a non-Windows 10 Professional device
Luckily, you’re running Microsoft 365 E3 with Identity Threat Protection in a Zero Trust environment, right? RIGHT?!
Deploy Windows Virtual Desktop in Azure
Now for the fun part!
Consent to using Windows Virtual Desktop
Go here https://rdweb.wvd.microsoft.com/ and consent for both your Server and Client App:
a. You’re doing this in a lab, so there’s no need to get approval from legal.
b. To lookup your AAD Tenant GUID, copy the Directory ID from this page: https://portal.azure.com/#blade/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/Properties
Configure Enterprise Application Administrators in Azure AD
Go to this pane in the Azure Portal
Search for Windows Virtual Desktop and select it
Select Users and Groups, then add everyone that you want to have access to WVD:
Create a Windows Virtual Desktop Tenant in PowerShell
Open PowerShell as an administrator
Run the following block of code:
The last line should look something like:
Create a Windows Virtual Desktop Host Pool in the Azure Portal
Create a new Azure resource at this link: https://portal.azure.com/#create/hub
Search for Windows Virtual Desktop - Provision a host pool and select Create:
*Choose a name for the host pool and keep a note of it, as we’ll need it later
NOTE: Windows Virtual Desktop is only available in East US 2 or the Central US during preview. Check a current list here:
3. Don’t get yelled at by your boss—choose a small B series VM for testing:
4. Everyone is so excited about Azure being the only cloud to offer a true multi-session Windows 10 Enterprise desktop, so let’s use that image:
NOTE: Make sure you choose a network that has access to your AD environment
5. Specify the Windows Virtual Desktop Tenant Name that you created via PowerShell above:
6. Buy it!
Add Users to your Windows Virtual Desktop Host Pool
Open PowerShell again and run the following command for every user you want to add. (Groups aren’t supported yet.)
You’re Done! (Maybe.)
Connect to you Windows Virtual Desktop Environment
Access your WVD environment here:
You should see a web page with the following icon that will load the RDS session in the browser:
Or install this client to access via the desktop:
Using the desktop app, I was able to run three 4K monitors without any lag connecting to the East US2 Azure data center from San Diego, CA. That’s incredible!
Troubleshooting a Windows Virtual Desktop Deployment in Azure
I screwed up the first three times I deployed this today. Pro tip: RTFM.
Microsoft’s official Windows Virtual Desktop guide is available here:
I also had to RDP into the WVD Host Pool and run everything in this guide before I was able to connect:
Closing Thoughts on Windows Virtual Desktop
Once I read the entire deployment guide, I was able to deploy WVD in under an hour. Granted, I haven’t configured any auto-scaling rules yet, that is an incredibly short amount of time for a small business to setup a VDI environment.
Some points to consider:
I deployed Azure Security Center on the WVD Host Pool VM to get telemetry to Windows Defender Advanced Threat Protection and Cloud App Security
This is HUGE if you’re on a Microsoft 365 Business license, which doesn’t include those two products.
WVD is still in preview, so I wouldn’t base your budget on this just yet.
WVD cannot be managed by Intune…yet.
I just spent six months figuring out how to migrate anything in Group Policy over to Intune, and now I need to go back to Group Policy for management.
Azure AD Join is not an option for WVD. The VM must be connected to Active Directory.
I created a Conditional Access Policy to force an MFA challenge on login, but it didn’t work. There are some footnotes in the documentation about this not being supported yet. Update: working - guide here.
Windows 7 will receive free Extended Security Updates until January 2023 for Windows Virtual Desktop instances.
If you’re testing WVD from outside of the United States, be aware that all WVD management is handled from the East US 2 data center during preview, so you will have data entering the US during preview.
It’s freaking AMAZING!
Overall, I am hugely impressed with the initial preview of Windows Virtual Desktop and I can’t wait to see what features Microsoft adds to the service over the next few months.
Interested in learning more? Contact us here.