Do you have a large user base working remotely from unmanaged devices? Do you need to provide remote access for external contractors and vendors? Or perhaps you need to provide a secure, curated desktop available from any device regardless of location? Azure Virtual Desktop, or AVD, can provide a managed Windows desktop environment to ensure your users have access to the corporate applications and data they need in a secure manner.
So, how exactly does AVD help in these situations? First, let’s discuss what AVD is and what it does.
What is Azure Virtual Desktop (AVD)?
AVD is Microsoft’s desktop virtualisation solution available within Microsoft Azure. The solution provides virtual desktop infrastructure functionality including pooled desktops, personal desktops and published applications. Session hosts are deployable across any Azure region, and accessible via a wide variety of endpoints, meaning the solution is close to your end users and simple to use.
AVD Subscription and Licensing
Before you can get started with AVD, you will require an Azure tenant with an active subscription. We recommend deploying AVD into a dedicated subscription. This approach simplifies the administration of AVD and contains the solution into a single billing construct allowing for accurate cost management.
You will also need the necessary licensing in place for each user consuming the service. The typical Microsoft 365 E3/E5, A3/A5, F3 and Business Premium licenses (plus several more) include the Windows OS and service entitlements for AVD — compute, storage and networking costs also need to be factored in.
Microsoft provide documentation regarding licensing at the following link, so ensure you confirm your licensing prior to deploying AVD: Licensing Azure Virtual Desktop | Microsoft Learn
Desktop Virtualisation On-Demand
For organisations that don’t require constant access to virtual desktops, Azure Virtual Desktop can be deployed on-demand. Consider an organisation that only needs a virtual desktop solution for occasional remote access or for business continuity, AVD session hosts only need to be deployed or turned on as required. This can make AVD a cost-effective solution for virtual desktop infrastructure.
Session Hosts and Scaling
Next items of interest are the session hosts your end-users will connect to when consuming AVD. Session hosts can be deployed into any Azure region allowing you to situate virtual machines close to your users. Deployment is not limited to a single Azure region, meaning sessions hosts can be deployed across the globe to provide the best user experience for a dispersed user base.
Pooled Host Pools
Pooled session hosts provide a pool of virtual machines which are shared amongst the user base. These session hosts typically deliver a curated experience with standardised settings, configurations and applications common across each user persona using the host pool. Users are assigned to a session host at log-on and may not use the same session host in subsequent sessions. As such, it is important to consider the management of user profiles and user data.
FSLogix Profile Containers can be deployed to support the roaming of user profiles ensuring profile configurations are available across each session host. OneDrive, configured with Known Folder Move, can also assist with persisting the user environment across session hosts.
Personal Host Pools
Personal host pools provide a dedicated session host for individual users and are most useful for scenarios where performance or data separation are required. A session host in a personal pool may be customised and modified to suit the individual user’s specific preferences and is not shared between multiple users.
Remote Applications
Individual applications can be presented to end users as published applications (RemoteApps). In this scenario, the user is presented with the published application only and not a full Windows desktop. This reduces the compute resources required to deliver an application and therefore the overall costs associated with the solution.
This approach can assist in reducing the overall number of session hosts required within the host pool, thereby reducing the costs required to deliver the solution.
Auto-scaling
A key piece in optimising the efficiency of your AVD deployment is the use of Autoscale. Autoscale scaling plans allow the host pool to scale the number of available session hosts up or down according to usage, user demand or predefined schedules.
This is critical in managing cost, since session hosts powered on will incur a greater cost than those which are powered off or deallocated. The exact scaling configuration required may include some finetuning as usage patterns stabilise. However, it is important not to overlook Autoscale to ensure AVD costs remain controlled.
Applications
As with any virtual desktop infrastructure (VDI) deployment, the available applications and overall user experience are important considerations to consider ensuring the overall implementation is successful.
Applications installed onto multi-session, pooled and session hosts need to be generalised to ensure they function when executed by multiple users at once. Typical Windows applications will support installation in a multi-session scenario. However, you may need to consult your application’s documentation or vendor for support for more complex applications.
Insentra’s approach to applications is to keep them lean and simple wherever possible. Removing desktop shortcuts and unnecessary components to ensure your session hosts deploy quickly, while also removing any unnecessary bloat from the application.
Applications deployed to personal host pools do not require the same level of customisation as personal session hosts provide a single user session and should be considered akin to a Windows PC.
User Experiences
How you configure the user experience will depend on how you plan manage your session hosts. Active Directory joined session hosts can be configured using a range of Group Policies. Consider enabling loop-back processing to ensure any user-based policies intended for physical Windows PCs are not applied.
Entra joined session hosts can be Intune enrolled and therefore subject to Intune’s array of configuration profiles and policies. Thorough testing and validation is required for Intune enrolled session hosts. While Intune includes many policies intended for Windows multi-session operating systems, some of these settings might not function as intended.
Ensure you properly validate any configuration against UAT session hosts before assigning configuration to production. Keeping multi-session hosts joined to Active Directory typically provides a better result.
User Access
The last piece of the puzzle is user access. With host pools configured and session hosts deployed, how do our users access AVD?
Users can access AVD using either the Microsoft Remote Desktop client or a browser. The Microsoft Remote Desktop application is available for Windows, macOS, iOS, Android and Linux devices. It provides a rich and consistent user experience across different platforms. The browser option allows users to access AVD from any device that has an HTML5-compatible web browser, such as Chrome, Edge or Safari, without installing any additional software.
The browser option also supports audio and video redirection, clipboard, printing and file transfer features. Users sign in to AVD using their Entra ID credentials and select the desktop or application they want to use from a web portal.
Bonus Tips
Consider how your AVD session hosts fit into your overall security architecture. AVD session hosts are a Windows endpoint, used by end-users, to access corporate applications and data. If Conditional Access policies restricting access to Microsoft 365 are configured to “require device compliance” or “Entra hybrid join”, your AVD session hosts will need to either enrolment into Microsoft Intune or Entra hybrid join enabled. Restricted access to Microsoft 365 may be an unwelcome surprise should this be overlooked.
Spend some time considering how AVD will fit into your environment and plan how any existing security or management solutions may need to be adjusted to support AVD.
Like any other service running on Microsoft Azure, Azure Virtual Desktop is an Azure service. To make the most out of AVD, you should manage it like other Azure services. To be successful in public cloud, organisations must consider cost management and leverage automation to ensure a consistent and manageable service.
If you want to know any further information around adopting Azure Virtual Desktop and how Insentra can help, our Managed AVD services may be exactly what you are looking for. Contact us to learn how working with Insentra can help improve your VDI.