When Windows Virtual Desktop was released as a public preview the world went wild. Rumors were soon flying concerning what it could do and how it would work. The unwashed masses of IT professionals felt the excitement of anticipation in their bones.
Well, perhaps not. But the fact is, Windows Virtual Desktop is something completely new and innovative where Microsoft is concerned, so organizations that are Windows-centric shops rightly began to take notice and begin exploring the new capabilities that could come from deploying Windows desktops and apps in the Microsoft Azure cloud.
Microsoft recently updated its introductory info about Windows Virtual Desktop and it’s worth taking a look at if you aren’t yet familiar with Microsoft’s new Windows-as-a-service offering. As for myself, however, I prefer to learn about things like this from experts working in the field instead of from Microsoft’s marvelous marketing engine. That’s why I recently asked fellow IT professional Gerry Hampson to fill us in on how we can get started working with Windows Virtual Desktop. Gerry is a senior consultant for Ergo Group based in Dublin, Ireland, and is a specialist in Microsoft consultancy and implementations, particularly in the area of enterprise client management. He has co-authored several books on System Center Configuration Manager, most recently the latest in the ConfigMgr Unleashed series. Gerry was first awarded Microsoft MVP in 2015 and is a regular speaker at Microsoft Management Summit (MMS). Gerry has a blog called Gerry Hampson Device Management, and you can also find him on Twitter @GerryHampson. Let’s pay attention now as Gerry fills us in on how to set up Windows Virtual Desktop and configure fxlogic containers for profile management.
Microsoft announced general availability of Windows Virtual Desktop in September. I think it’s great. What’s not to like? We can now deploy a Remote Desktop solution in Azure without having to worry about the underlying infrastructure. Services like gateway, brokering, licensing, and diagnostics are provided as a service in Azure
Windows Virtual Desktop allows you to deploy and scale virtualized Windows desktops and apps on Azure. It can be deployed in minutes and offers simplified management, multisession Windows 10 and optimizations for Office 365 ProPlus. We can deploy VMs with Windows 10 or Windows Server 2016. We can also use our own custom Windows 7 images. As a bonus, this includes free extended support for Windows 7 (extended security updates for three years). That’s a no-brainer.
Windows 10 Enterprise multisession is a new Remote Desktop Session Host that allows multiple concurrent interactive sessions, which previously only Windows Server could do. This is only available with Windows Virtual Desktop.
Windows Virtual Desktop is domain-based but leverages Azure AD as an identity provider, so you can use additional security controls like multifactor authentication (MFA) or conditional access. With Active Directory Federation Services (ADFS) you can have single-sign on (SSO), so the user won’t be prompted for credentials when connecting to the VM.
Also, you can manage the pool VMs using tools like ConfigMgr or Intune. ConfigMgr 1910 includes multisession support in client settings.
What are the use cases? In my company, we have implemented the solution for contractors. It saves us having to provide laptops to access corporate resources. It can also be used for remote working, desktop DR, regulatory restricted environments and to assist with application compatibility when upgrading from Windows 7.
There are some requirements before you can get started.
Before you start, you can assess if the experience would be good in your region. Microsoft provides an Experience Estimator allowing you to estimate the connection round-trip time from your current location, through the WVD service, to each of the Azure regions in which you’ll deploy VMs.
When all the prerequisites are in place, you can deploy WVD.
The first thing you need to do is to allow Windows Virtual Desktop services to access the Azure AD tenant:
Then you create the WVD tenant. This is done with a few simple PowerShell cmdlets:
Add-RdsAccount -DeploymentUrl https://rdbroker.wvd.microsoft.com New-RdsTenant -Name <TenantName> -AadTenantId <DirectoryID> -AzureSubscriptionId <SubscriptionID>
Then you can create a host pool:
Then you can configure the fslogix container, which will get into in the next section.
Remember roaming profiles? I’ve always hated them. They grow in size and get out of control. When a user logs in the entire profile is copied from a central location to the desktop. This can take ages and provides a very poor user experience.
fslogix containers are designed to provide “similar” functionality in remote computing environments, such as WVD. The profile is stored in an fslogix container. When a user logs into a VM in the host pool, the container is dynamically attached as a VHD or VHDX file — essentially a hard disk. The user profile is immediately available and appears exactly like a native user profile. No data is copied so the performance and user experience are first class (which is why fslogix has been the industry leader in this space for quite some time).
Microsoft has purchased fslogix so this technology is now available in WVD, for free. fslogix is not licensed independently (and doesn’t actually require a license key to install). It is included with many Microsoft licensing bundles (for example, Microsoft 365 E3/E5).
The next decision that has to be made is where to host the fslogix containers. You have some choices:
Download this ZIP file and install the fslogix software on all the VMs in the host pool. I only had three VMs so I did this manually. However, you could use a management tool like SCCM to automate the installation.
You configure fslogix in the registry. This configuration tells fslogix where to save the user profile and can be exported to the other VMs.
Type: Multi-String Value
So now that you’ve created the host pools, how can the users access the virtual desktops? You have some options:
MSIX is a Windows app package format. It provides a modern packaging experience for all kinds of Windows applications. Existing applications can also be converted into MSIX packages using the MSIX packaging tool.
MSIX app attach (as the name suggests) is where the application (stored in MSIX format on a central location) is attached to the operating system. After attaching, applications look and feel as locally installed to the user as well as the operating system. When combining fslogix profile containers and MSIX app attach, the operating system stays completely clean. Data, profiles, and applications are fully separated.
The primary focus for this blog post has been on the desktop experience but it is worth mentioning the RemoteApp capabilities as well. RemoteApp allows us to deliver a streaming application experience to a remote client while providing users the experience of a locally installed application.
Some of the benefits include:
I hope this walkthrough has been helpful for you to learn about and get started with Windows Virtual Desktop.
Until next time!
Featured image: Shutterstock
RAID is a technique to virtualize independent disks into arrays for improved performance. Should you…
COVID-19 has changed everything, but once it disappears, we will not go back to how…
An Exchange server with a hybrid connection to Microsoft 365 is usually pretty seamless —…
Chatots are primarily thought of as consumer-facing solutions. They bring life to customer interactions by…
The newly uncovered Hakbit ransomware campaign spread via spear-phishing emails may indicate a shift in…
Credential stuffing is yet another weapon being used by cybercriminals. Here’s what credential stuffing is…