Delivery Hint
Set up Diagnostics Settings as soon as AVD things are created.
_________________________
Diagrams, Terms
Host Pool. A collection of Azure virtual machines (called Session Hosts). Two types: Personal, Pooled.
Personal Host Pool. Each Session Host is assigned to a single user, who is typically a local administrator.
Pooled Host Pool. Sessions are load balanced to any Session Host. Users are typically not local administrators.
Application (App) Group. A logical grouping of applications. Two types: RemoteApp, Desktop.
Remote App App Group. Individual apps. Only available on Pooled Host Pools.
Desktop App Group. A full desktop.
Workspace. A logical grouping of App Groups.
Each App Group must be allocated to users or groups, associated with a Workspace, and assigned to a Host Pool before users can see the published desktops and applications.
_________________________
Labs
Hints
The labs involve connecting to many different machines. It will really help you keep track of these if you change the desktop colours, especially on az140-dc-vm11.
It will help screen real estate if you move the taskbar on sea-dev to the left hand side of the screen.
Also, be very careful about using keyboard shortcuts, particularly Ctrl+F4 and Alt+F4!
Tracks
Active Directory Domain Services (AD DS)
- Prepare for deployment of AVD (01L01)
- Deploy host pools and session hosts with the Azure portal (02L01)
- Implement and manage storage for AVD (02L02)
- Deploy host pools and hosts with ARM templates (02L03)
- Deploy and manage host pools and hosts with PowerShell (02L04)
- Create and manage session host images (02L05)
- Configure Conditional Access policies for AVD (03L01)
- Implement and manage AVD profiles (04L01)
- Package AVD applications (04L02)
- Implement autoscaling in host pools (05L01)
Microsoft Entra Domain Services (FKA Azure AD DS)
- Prepare for deployment of AVD (01L01)
- Create and configure host pools and session hosts (02L01)
- Implement and manage storage for AVD (02L02)
- Implement and manage AVD profiles (04L01)
Lab - Deploy and manage host pools and hosts by using PowerShell (02L04)
TODO:
Create the subnet using PowerShell.
Lab - Implement and manage Azure Virtual Desktop profiles (AD DS) (04L01)
I'm confused as to the point of task 2. The lab instructs you to run Command prompt, a published app, and make a change that will be saved to your profile. It then instructs you to run a Session Desktop and see that the change to Command Prompt has been applied. This doesn't show to "roaming profile" nature of FSLogix.
It also doesn't work. The font and colour I chose for the Command prompt published app did not affect the Command prompt inside the Session Host. If you want the session hosts colours to change then you have to choose Defaults, not Properties, in the Command prompt.
In any case, what the lab should get you to do is the following.
- Run the Command Prompt and/or Desktop and then make some changes (including creating a file in your documents folder).
- Run the hostname command to determine what session host you are connected to.
- Sign out from the remote session.
- In the Azure Portal, disconnect the remote sessions from the session host.
- Stop the session host that you were connected to.
- Connect to the remote sessions again and note that the changes from step 1 have been applied.
Lab - Package Azure Virtual Desktop applications (AD DS) (04L02)
"Note: The last of these registry changes disables User Access Control. This is technically not required but simplifies the process illustrated in this lab."
Personal comment: I really wish that technical courses wouldn't do this. Sure, disablling things like UAC make things easier in the course, but you're not going to be doing that in the real world, and courses should be preparing you for the real world.
_________________________
Learning Paths, Modules
General Notes
Host
The learn.microsoft.com content is very out of date (Windows 7?!). The currently supported operating systems for session hosts are as follows (all 64 bit only).
- Windows 11 Multisession
- Windows 11 Enterprise
- Windows 10 Multisession
- Windows 10 Enterprise
- Windows Server 2022
- Windows Server 2019
- Windows Server 2016
Session hosts can be local AD joined, Entra ID joined, or Entra Domain Services joined. Regardless, the authentication and authorisation of AVD always uses Entra ID.
For more information on Entra ID joined session hosts see https://learn.microsoft.com/en-us/azure/virtual-desktop/azure-ad-joined-session-hosts (which has much more complete and correct information that the AZ-140 course content).
Client
TBC: Microsoft are no longer updating the Remote Desktop store app, and will remove it from the store at some point. Very soon, its ability to connect to Azure Virtual Desktop will be removed.
At the time of writing this blog entry, the labs still work using the Remote Desktop store app. I've run some of the lab using the Azure Virtual Desktop preview store app and the WIndows App store app with no problems.
Azure Virtual Desktop Preview store app.
What is Windows App? - Windows App | Microsoft Learn.
Architecture
Learning Path: Plan an Azure Virtual Desktop implementation
Azure Virtual Desktop Architecture
Azure Virtual Desktop control plane = Gateway, Connection Broker, License Server, Web Access, diagnostics, extensibility. AKA "the stuff that the cloud provider manages".
The customer manages the Azure virtual machines (including session hosts), the Entra ID tenant, AD DS, and of course their workplace network and servers.
Limits (suggested? hard?) - max users/vCPU, depending on workload type.
Light 6, Medium 4, Heavy 2, Power 1.
Design the Azure Virtual Desktop architecture
Reccomended bandwidth, depending on workload type.
Light 1.5 Mbps, Medium 3, Heavy 5, Power 15.
Reccomended bandwidth, depending on display resolution.
1024×768 1.5 Mbps, 1280×720 3, 1920×1080 5, 3840×2160 15.
Design for user identities and profiles
Learning Path: Implement an Azure Virtual Desktop infrastructure
Implement and manage networking for Azure Virtual Desktop
Note that AVD uses a reverse connection topology. The session hosts are not listening on tcp3389.
Bastion bypasses the AVP control plane and connects directly to the host.
Session hosts run in a VNet. This needs inbound and outbound access from the AVD control plane, your storage, your clients, and whatever resources the virtual sessions connect to. If you have set any subnets to be Private Subnets then they ned a NAT gateway.
Implement and manage storage for Azure Virtual Desktop
Create and configure host pools and session hosts for Azure Virtual Desktop
Set-RdsHostpool is not the correct cmdlet. It is for onprem RDS host pools. The correct cmdlet is Update-AzWvdHostPool.
https://learn.microsoft.com/en-us/azure/virtual-desktop/customize-rdp-properties?tabs=powershell#configure-custom-rdp-properties
Supported RDP properties with Azure Virtual Desktop
Create and manage session host images for Azure Virtual Desktop
Lab Hint: It's important to understand the difference between ALLUSERS=1 and ALLUSER=1. The ALLUSERS=1 parameter can be used in non-VDI and VDI environments, while the ALLUSER=1 parameter is used only in VDI environments to specify a per-machine installation.
https://learn.microsoft.com/en-us/microsoftteams/teams-for-vdi#deploy-the-teams-desktop-app-to-the-vm
Learning Path: Manage access and security for Azure Virtual Desktop
Manage access for Azure Virtual Desktop
Manage security for Azure Virtual Desktop
Learning Path: Manage user environments and apps for Azure Virtual Desktop
Implement and manage FSLogix
Microsoft bought FSLogix in 2018.
For the local groups, exclude wins over include.
So, why would you use FSLogix? Performance, support for OneDrive for Business, support for aditional folders outside the profile.
Besides, what are the alternatives? Local AD roaming user profiles suck. User Profile Disks are due to be removed from AVD soon. Enterprise State Roaming is a pain to set up and doesn't actually sync much.
https://learn.microsoft.com/en-us/fslogix/troubleshooting-error-codes
Configure user experience settings
Note that session timeout properties are set on the session hosts, not on the clients.
Universal Print is a licensed product.
Intune now supports both device-scoped and user-scoped configurations of multi-session Windows.
https://learn.microsoft.com/en-us/mem/intune/fundamentals/azure-virtual-desktop-multi-session
Install and configure apps on a session host
The technical content does not include the requirement for a validation environment.
https://learn.microsoft.com/en-us/azure/virtual-desktop/app-attach-setup?tabs=portal&pivots=app-attach#prerequisites
Add and manage app attach and MSIX app attach applications in Azure Virtual Desktop
Use Microsoft OneDrive with a RemoteApp in Azure Virtual Desktop (preview)
Learning Path: Monitor and maintain an Azure Virtual Desktop infrastructure
Plan for disaster recovery
Automate Azure Virtual Desktop management tasks
Monitor and manage performance and health