Testing using the Remote Desktop

In this article, I am going to explain how we can Setup Azure Windows Virtual Desktop.

Kindly note this setup has been tested, Please do reach out if any issues once followed and not working as expected. Let’s get started.

Windows Virtual Desktop prerequisites

Below are the basic Prerequisites to setup Azure Virtual Desktop

  1. An Azure subscription with Sufficient Credits
  2. Make sure your virtual network in Azure is configured in such a way that new VMs have your Domain Controller or Azure AD Domain Services (Azure AD DS) set as the DNS (otherwise the domain join step will likely fail).
  3. Download and install the Windows Virtual Desktop cmdlets for Windows PowerShell on a device.
  4. Make sure all Azure resources are in the same region.
  5. If you require seamless SSO (HTML5 client excluded), you will need AD FS or users will have to authenticate when gaining access to the VM. (Steps on how to enable this with AD FS will follow at a later stage.)
  6. Credentials requirements, Below are the Permissions for each component

Step 1:

  1. Grant Azure Active Directory permissions to the Windows Virtual Desktop service.
  2. Assign the TenantCreator application role to a user in your Azure Active Directory tenant.

Grant Azure Active Directory permissions to the Windows Virtual Desktop service.

  1. Open a browser and begin the admin consent flow to the Windows Virtual Desktop server app.
  2. Sign in to the Windows Virtual Desktop consent page with a global administrator account.
  3. Select Accept.
  4. Wait for one minute so Azure AD can record consent.
  1. Open a browser and begin the admin consent flow to the Windows Virtual Desktop client app.
  2. Sign into the Windows Virtual Desktop consent page as global administrator, as you did in step 2.
  3. Select Accept.

Assign the Tenant Creator application role

Assigning an Azure Active Directory user the TenantCreator application role allows that user to create a Windows Virtual Desktop tenant associated with the Azure Active Directory instance. You’ll need to use your global administrator account to assign the TenantCreator role.

To assign the TenantCreator application role:

  1. Go to the Azure portal to manage the TenantCreator application role. Search for and select Enterprise applications. If you’re working with multiple Azure Active Directory tenants, it’s a best practice to open a private browser session and copy and paste the URLs into the address bar.
  2. Within Enterprise applications, search for Windows Virtual Desktop. You’ll see the two applications that you provided consent for in the previous section. Of these two apps, select Windows Virtual Desktop.
  1. Select Users and groups. You might see that the administrator who granted consent to the application is already listed with the Default Access role assigned. This is not enough to create a Windows Virtual Desktop tenant. Continue following these instructions to add the TenantCreator role to a user.

Step 2:

Open PowerShell in the Elevated Mode and Run the commands to install PowerShell Module

Install-Module -Name Microsoft.RDInfra.RDPowerShell 
Import-Module -Name Microsoft.RDInfra.RDPowerShell 

Run the below commands one by one

$AadTenantId    = “AAD ID” 
$subscriptionId = “Subscription ID” 
$TenantName = “WVD01RK01” 
$HostPoolname = “WVDHostpool01” 

Change Host Pool Name, Tenant Name, AADTenantId, Azure Subscription Ids

Run the below command to connect to RD Broker services,

Add-RdsAccount -DeploymentUrl “https://rdbroker.wvd.microsoft.com

Run the below command to create a new tenant,

New-RdsTenant -Name $TenantName -AadTenantId $AadTenantId -AzureSubscriptionId $subscriptionId 

Run the below command to create a Hostpool

New-RdsHostPool -TenantName $tenantName -FriendlyName “WVD01RK01New” -name $HostPoolName -ValidationEnv $true 

Do run the below commands to add the user for the Virtual Desktop,

Add-RdsAppGroupUser -TenantName $TenantName -Hostpoolname $HostPoolName -AppGroupName “Desktop Application Group” -UserPrincipalName user01@southtunes.in 

Step 3:

Custom DNS Configuration to the VNet in which we are going to configure Azure Virtual Desktop,

Go to Resource Group à Click on Vnet

Configure the DNS Server, It is the server domain controller installed in the Vnet Subnet for the Domain Joining and authentication

Step 4:

Configuring Virtual Desktop

Login to Https://Portal.azure.com –> Resource Group à Click on Add

Search for Windows Virtual Desktop – Provision a host pool

Click on Create

Enter the Host Pool Name created using PowerShell

Select the number of Users and Virtual Desktop Name Prefix

Under Virtual Machine Settings

Enter the Image OS version you want to configure, AD Domain Join UPN(Assigned Privilege to Domain join the Machines), and Select the Vnet and Subnet to information. Carefully enter the details and ensure the domain controller and DNS are reachable from this subnet. Setup will fail if there are any issues in the domain controller reachability.

Enter the Virtual Desktop Tenant name created using PowerShell and Azure admin privileged account and password.

Note: Ensure MFA is not enabled for the account you’re using for the setup

This is fantastic! The setup has been completed without any issues or warnings. To validate, Login to the Domain controller and ensure the Virtual desktop has been domain joined and available in the Active Directory Users and computers

Testing and validation

Testing using the Web Client

To test the Virtual Desktop, open the Browser à Enter the Url https://rdweb.wvd.microsoft.com/webclient/index.html

Do login with the account assigned for the Virtual Desktop.

With the above screenshot, You’re able to successfully login to the Virtual Desktop without any issues.

Testing using the Remote Desktop

This can be validated using the Remote Desktop,

#Azure #AzureActiveDirectory

Author

Leave a comment

Your email address will not be published. Required fields are marked *