In this article, I am going to explain how we can Setup Azure Windows Virtual Desktop.
Kindly note this setup has been tested, Please do reach if any issues once followed and not working as expected.
Let’s get started.
Windows Virtual Desktop prerequisites
Below are the basic Prerequisites to setup Azure Virtual Desktop
- An Azure subscription with Sufficient Credits
- Make sure your virtual network in Azure is configured in such a way that new VMs have your Domain Controller or Azure AD Domain Services (Azure AD DS) set as the DNS (otherwise the domain join step will likely fail).
- Download and install the Windows Virtual Desktop cmdlets for Windows PowerShell on a device.
- Make sure all Azure resources are in the same region.
- If you require seamless SSO (HTML5 client excluded), you will need AD FS or users will have to authenticate when gaining access to the VM. (Steps on how to enable this with AD FS will follow at a later stage.)
- Credentials requirements, Below are the Permissions for each component
- Grant Azure Active Directory permissions to the Windows Virtual Desktop service.
- Assign the TenantCreator application role to a user in your Azure Active Directory tenant.
Grant Azure Active Directory permissions to the Windows Virtual Desktop service.
- Open a browser and begin the admin consent flow to the Windows Virtual Desktop server app.
- Sign in to the Windows Virtual Desktop consent page with a global administrator account.
- Select Accept.
- Wait for one minute so Azure AD can record consent.
- Open a browser and begin the admin consent flow to the Windows Virtual Desktop client app.
- Sign into the Windows Virtual Desktop consent page as global administrator, as you did in step 2.
- Select Accept.
Assign the Tenant Creator application role
Assigning an Azure Active Directory user the TenantCreator application role allows that user to create a Windows Virtual Desktop tenant associated with the Azure Active Directory instance. You’ll need to use your global administrator account to assign the TenantCreator role.
To assign the TenantCreator application role:
- Go to the Azure portal to manage the TenantCreator application role. Search for and select Enterprise applications. If you’re working with multiple Azure Active Directory tenants, it’s a best practice to open a private browser session and copy and paste the URLs into the address bar.
- Within Enterprise applications, search for Windows Virtual Desktop. You’ll see the two applications that you provided consent for in the previous section. Of these two apps, select Windows Virtual Desktop.
- Select Users and groups. You might see that the administrator who granted consent to the application is already listed with the Default Access role assigned. This is not enough to create a Windows Virtual Desktop tenant. Continue following these instructions to add the TenantCreator role to a user.
Open PowerShell in the Elevated Mode and Run the commands to install PowerShell Module
Install-Module -Name Microsoft.RDInfra.RDPowerShell
Import-Module -Name Microsoft.RDInfra.RDPowerShell
Run the below commands one by one
$AadTenantId = “AAD ID”
$subscriptionId = “Subscription ID”
$TenantName = “WVD01RK01”
$HostPoolname = “WVDHostpool01”
Change Host Pool Name, Tenant Name, AADTenantId, Azure Subscription Ids
Run the below command to connect to RD Broker services,
Add-RdsAccount -DeploymentUrl “https://rdbroker.wvd.microsoft.com“
Run the below command to create new tenant,
New-RdsTenant -Name $TenantName -AadTenantId $AadTenantId -AzureSubscriptionId $subscriptionId
Run the below command to create Hostpool
New-RdsHostPool -TenantName $tenantName -FriendlyName “WVD01RK01New” -name $HostPoolName -ValidationEnv $true
Do run the below commands to add the user for the Virtual Desktop,
Add-RdsAppGroupUser -TenantName $TenantName -Hostpoolname $HostPoolName -AppGroupName “Desktop Application Group” -UserPrincipalName email@example.com
Custom DNS Configuration to the VNet in which we are going to configure Azure Virtual Desktop,
Go to Resource Group à Click on Vnet
Configure the DNS Server, It is the server domain controller installed in the Vnet Subnet for the Domain Joining and authentication
Configuring Virtual Desktop
Login to Https://Portal.azure.com –> Resource Group à Click on Add
Search for Windows Virtual Desktop – Provision a host pool
Click on Create
Enter the Host Pool Name created using PowerShell
Select the number of Users and Virtual Desktop Name Prefix
Under Virtual machine Settings
Enter Image OS version you want to configure, AD Domain Join UPN(Assigned Privilege to Domain join the Machines), Select the Vnet and Subnet to information. Carefully enter the details and ensure the domain controller and DNS reachable from this subnet. Setup will fail if there are any issues in the domain controller reachability.
Enter the Virtual Desktop Tenant name created using PowerShell and Azure admin privileged account and password.
Note: Ensure MFA is not enabled for the account you’re using for the setup
This is fantastic! The setup has been completed without any issues or warnings. To validate, Login to the Domain controller and ensure the Virtual desktop has been domain joined and available in the Active Directory Users and computers
Testing and validation
Testing using the Web Client
To test the Virtual Desktop, open the Browser à Enter the Url https://rdweb.wvd.microsoft.com/webclient/index.html
Do login with the account assigned for the Virtual Desktop.
With an above screenshot, You’re able to successfully login to the Virtual Desktop without any issues.
Testing using the Remote Desktop
This can be validated using the Remote Desktop,