Mouse pointer disappearing over Word/Excel/Outlook in AVD
Hi We are seeing a strange issue on a bunch of session hosts where user over certain apps cannot see the mouse pointer in their full screen AVD sessions. Session hosts are running Windows 10 22H2 up to date (well to February B week release); user client up to date, I am not aware we had user ever report this prior to completely rebuilding a new host pool last autumn for the AppReadiness crashing issues. From what we can tell this only seem to happen with Microsoft Excel, Word and the Outlook compose window, the mouse pointer basically becomes transparent as you can't see it so it makes it hard to select text or cells accurately. Clients are mostly a mix of HP and Lenovo PCs micro PCs running Windows 10 22H2 and Windows 11 23H2 Enterprise on Intel 8th to 12th Gen CPUs and AMD Ryzen Pro CPUs with integrated graphics. Does anyone else see this or any ideas what might be causing it?AVD SSO with Internal Certificates?
I am helping another team set up AVD SSO and I noticed that its using a self-signed certificate. I've been searching around for information on using an internal CA for the certificate since it is trusted and also available to use. Does any one have any documentation or information I can be pointed to regarding using the internal CA for the certificates instead of the self-signed ones? Just to note, we do not want to use ADFS at all on this setup. I did see some articles about setting up SSO with ADFS and that wouldnt apply to me. thanks in advance! Chris
Language & Keyboard Settings Windows 11 Multi-User AVD Sessionhost
Hey guys we are starting to configure an AVD environment for a customer in 3 different language regions in switzerland (Swiss German, Swiss French & Swiss Italian). Is there a way we can show the user at the first login something like a OOBE screen, where they can choose the language as well as the keyboard layout by themselves? Many thanks for your feedback. Best regards MarcHow to update to DesktopVirtualization API v. 2024-04-08-preview or API v. 2024-04-03?
Hello everyone, The information from my side is also not clear. I understand that if ARM templates, Terraform, Bicep, or something similar are not used, it is not necessary, and Microsoft performs that operation transparently. The message is universal, meaning that all customers who have deployed AVD receive it, but they do not know who uses and specifies the API version. For example, when creating an AVD through the Azure portal, you do not specify the API version at any time. If we go to the Resource Provider and look for Microsoft.DesktopVirtualization, we see that the default API cannot be changed and is in version "2privatepreview." Interestingly and crazily enough, even with this default API, if you deploy an AVD, the system chooses an older version. So, if anyone has a clear response from Microsoft or has resolved this, it would be great if they could share it. Regards. At least until Microsoft indicates otherwise, I have conducted several tests in different environments and the result is the same and as follows: I deploy the Hostpool and here we see the Json file of the hostpool, as you can see the API version is 2019-12-10-preview. Now I am going to look inside the parameters used in the deployment and WOW, there we can see that the API used to deploy AVD is the latest one, 24-04-08-preview, which is the one Microsoft indicates to use. The 2019-04-01 is the schema version (another different one). To finish confirming this, we go to Resource Provider and as we see, if we go inside the resource type and select hostpool, we see that the default version that CANNOT be changed is 2022-01-12-preview. But among the eligible versions is the one that has been used for our hostpool deployment, that is, 2024-04-08-preview.How to fix error in AVD with VMs not being added to host pool or AD
Problem Several users have commented and posted on different networks about the error that appears when adding virtual machines to their host pool, the error is when the VMs want to join to the AD. The first thing we need to know is that if we add or create a new hostpool (as in my case), the deployment will tell us Azure that everything is correct, that is, as if the machines have joined the AD. Here I show the deployment with everything correct. Now if we check the status of our hostpool machines, we will see that it tells us the total number of VMs and the option of which one we can connect to and which one we cannot. In my case we see that we can supposedly connect to one and not to the other. When testing the connection, it fails on both machines. This is normal since if we check the health status of both we see the following. Basically it tells us that there is a problem joining the domain with the VM. Solution Below I show the solution that has worked for me, from different tenants, different subscriptions that had the same problem. We are going to go to our subscription and in it, in the setting section, we are going to click on Resource provider as shown in the following image. Next we look for the provider "Microsoft.DesktopVirtualization" We select it and then click on "unregister" Now what we are going to do is re-register, that is, we click on "register" Confirm that register is correct again. Now we deploy AVD again and add the VMs we need to our Hostpool, and in this case I have chosen Enter ID to do the Join *you can select your preferens) Validate de new deployment As we see here, the deployment has also indicated that it was correct, so we are going to confirm it. Here we can see that we already have the machines ready for the session. I hope this helps you solve the problems you are having with VMs and hostpools.
Missing Entra ID Enterprise Applications for AVD
Hello All, We are starting on our AVD adventure and currently I'm struggling with the preparations for a CA policy. In the documentation, it is shown that several Enterprise Applications should be present: Enforce Microsoft Entra multifactor authentication for Azure Virtual Desktop using Conditional Access - Azure | Microsoft Learn These 3 are nowhere to be found: Azure Virtual Desktop, Microsoft Remote Desktop, Windows Cloud Login Do you have to create these manually? I found an AVD quickstart guide (Azure Virtual Desktop: Simple Step-by-Step Walkthrough - PolicyPak) which mentions the following site to create Enterprise Applications: https://rdweb.wvd.microsoft.com/ This is expected? Where can I find these applications? I've deployed my first hostpool and when trying to login with my Entra ID account, then I get the following in the sign-in logs: The app is trying to access a service '{appId}'({appName}) that your organization '{organization}' lacks a service principal for. Contact your IT Admin to review the configuration of your service subscriptions or consent to the application in order to create the required service principal. This is however pointing to yet another Application: Windows Virtual Desktop Client Can anyone shed some light on this for me? Thanks!Guidance on using Azure Virtual Desktop
We are looking for a VDI solution and choose AVD. I have gone through MS Documentation but things are quite confusing and complicated. We have a team of 10 developers who are mainly into Biztalk and another set of 10 developers who are salesforce and other development works. They use Visual Studio, VS Code, Biztalk Server, and various other applications and services for their regular work. Initially we thought of option to create Azure VM (20 VMs one for each developer, Windows 2019 Server Image for Biztalk devs and Windows 11 for other devs)use a Generalize VM and spin up the images using the capture of the previous generalized VM image. But there was a point raised why can't we use Azure Virtual Desktop ? As I learned there are 2 types of host pools: Pooled (Multi sessions) Personal (Direct assignment of Host VM to each individual Developer) This AVD Host pools/ VMs should be able to work with external SQL Servers. All the 20 VMs in AVD should be able to access, how can this be possible , what should be the connection string for granting access to external SQL Servers ? As I understand, if I opt for Pooled AVD Hostpools, all the above 10 developers can utilize the multi sessions (whatever number of VMs we choose, ex., 5 VMs, sessions will be distributed !) they will be assigned to developers as per load balancing. Similarly if I choose personal (10 Windows Server 2019 & another 10 Windows 11) I need to create 20 VMs and assign the 20 VMs individually to each of 20 developers in the team. is my understanding correct? Should I create 2 different workspaces and 2 application groups ? Also I learned if I use FSLogix along with Azure Virtual Desktop (AVD) I can manage users using profile management , will this actually help developers who uses the VS Code, Biztalk Server and other Azure services for their work daily ? Also based on all the facts above , please help me understand which suits the requirement well, please advice, if I choose Azure Virtual Desktop over Azure VMs or vice-versa, what are the benefits or disadvantages of AVD. Is it cost effective if I use pooled or personal AVD Host pool VMs or Azure VMs , which one suits better for us, please advice. Experts please help me with all this confusion ? Kind RegardsUpdate to Microsoft Desktop Virtualization API v. 2023-09-05 by August 2, 2024 to avoid any impact
[Recommended actions updated on July 29, 2024] WARNING! Be mindful when using secrets in deployment templates and follow Azure best practices when managing secrets. Our examples in this discussion post are to be used for educational purposes only. Older Microsoft Desktop Virtualization API version(s) utilized for your Azure Virtual Desktop host pool resource will no longer support ‘get’ actions for registration token retrieval as of August 2nd, 2024. The affected API versions are as follows: 2019-01-23-preview 2019-09-24-preview 2019-12-10-preview 2020-09-21-preview 2020-11-02-preview 2020-11-10-preview 2021-01-14-preview On August 2nd, 2024, these affected API versions will no longer support the retrieval of the registration token. Users on older versions will not be able to use the 'get' action to retrieve the token. However, with the newer versions, there are two ways for customers to retrieve registration tokens moving forward: [Recommended] Using list* resource functions: Microsoft.DesktopVirtualization/hostpools resources now expose a listRegistrationTokens() function. This works if you already have valid registration tokens on your host pool and you want to retrieve them from an existing host pool. Using a 'post' action to securely retrieve the token AZ CLI: az desktopvirtualization hostpool retrieve-registration-token - az desktopvirtualization hostpool | Microsoft Learn REST: Host Pools - Retrieve Registration Token - REST API (Azure Desktop Virtualization) | Microsoft Learn AZ PowerShell: Get-AzWvdHostPoolRegistrationToken (Az.DesktopVirtualization) | Microsoft Learn Action Required Review any workflows you may have that rely on readers retrieving access tokens and update them to extract the registration tokens for a host pool in a new way. Ensure you are using up to date versions of the Microsoft Desktop Virtualization API. To take action, here are examples of how to extract the registration tokens for a host pool and update to the 2023-09-05 API version using Bicep and ARM templates. WARNING! Be mindful when using secrets in deployment templates and follow Azure best practices when managing secrets. Our examples in this discussion post are to be used for educational purposes only. [Recommended] Take action using list* resource functions This solution works if you already have valid registration tokens on your host pool and you want to retrieve them from an existing host pool. If you are using Bicep templates in your deployment: @sys.description('AVD Host Pool resource ID. (Default: )') param hostPoolResourceId string var varHostpoolSubId = split(hostPoolResourceId, '/')[2] var varHostpoolRgName = split(hostPoolResourceId, '/')[4] var varHostPoolName = split(hostPoolResourceId, '/')[8] // GET hostpool resource hostPoolGet 'Microsoft.DesktopVirtualization/hostPools@2023-09-05' existing = { name: varHostPoolName scope: resourceGroup('${varHostpoolSubId}', '${varHostpoolRgName}') } @sys.description('The registration token of the host pool. This is not secure! Only for educational/testing purposes. Please follow security practices @ https://learn.microsoft.com/en-us/azure/azure-resource-manager/bicep/scenarios-secrets ') output registrationToken array = hostPoolGet.listRegistrationTokens() If you are using ARM templates in your deployment: { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "1.0.0.0", "metadata": { "_generator": { "name": "bicep", "version": "0.28.1.47646", "templateHash": "2750874554099795062" } }, "parameters": { "hostPoolResourceId": { "type": "string", "metadata": { "description": "AVD Host Pool resource ID. (Default: )" } } }, "variables": { "varHostpoolSubId": "[split(parameters('hostPoolResourceId'), '/')[2]]", "varHostpoolRgName": "[split(parameters('hostPoolResourceId'), '/')[4]]", "varHostPoolName": "[split(parameters('hostPoolResourceId'), '/')[8]]" }, "resources": [], "outputs": { "registrationToken": { "type": "array", "metadata": { "description": "The registration token of the host pool. This is not secure! Only for educational/ testing purposes. Please follow security practices @ https://learn.microsoft.com/en-us/azure/azure-resource-manager/bicep/scenarios-secrets " }, "value": "[listRegistrationTokens(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', format('{0}', variables('varHostpoolSubId')), format('{0}', variables('varHostpoolRgName'))), 'Microsoft.DesktopVirtualization/hostPools', variables('varHostPoolName')), '2023-09-05')]" } } } Other ways to take action One alternative is to always (re)create your host pool, which in turn will re-generate registration tokens that can then be retrieved using the PUT operation. If you are using Bicep templates in your deployment... Use the retrieveToken.bicep module to retrieve the registration token from a host pool by using a PUT operation: @sys.description('Optional. Host Pool token validity length. Usage: \'PT8H\' - valid for 8 hours; \'P5D\' - valid for 5 days; \'P1Y\' - valid for 1 year. When not provided, the token will be valid for 8 hours.') param tokenValidityLength string = 'PT8H' @sys.description('Generated. Do not provide a value! This date value is used to generate a registration token.') param baseTime string = utcNow('u') param vLocation string param vHostPoolName string param vHostPoolType string param vPreferredAppGroupType string param vMaxSessionLimit int param vLoadBalancerType string resource hostPool 'Microsoft.DesktopVirtualization/hostPools@2023-09-05' = { name: vHostPoolName location: vLocation properties: { hostPoolType: vHostPoolType preferredAppGroupType: vPreferredAppGroupType maxSessionLimit: vMaxSessionLimit loadBalancerType: vLoadBalancerType registrationInfo: { expirationTime: dateTimeAdd(baseTime, tokenValidityLength) registrationTokenOperation: 'Update' } } } @sys.description('The registration token of the host pool.') output registrationToken string = reference(hostPool.id).registrationInfo.token Here's an example of using the retrieveToken.bicep module to extract the registration token: @sys.description('AVD Host Pool resource ID. (Default: )') param hostPoolResourceId string var varHostpoolSubId = split(hostPoolResourceId, '/')[2] var varHostpoolRgName = split(hostPoolResourceId, '/')[4] var varHostPoolName = split(hostPoolResourceId, '/')[8] // Call on the hostpool resource hostPoolGet 'Microsoft.DesktopVirtualization/hostPools@2023-09-05' existing = { name: varHostPoolName scope: resourceGroup('${varHostpoolSubId}', '${varHostpoolRgName}') } module hostPool 'retrieveToken.bicep' = { name: varHostPoolName scope: resourceGroup('${varHostpoolSubId}', '${varHostpoolRgName}') params: { vHostPoolName: varHostPoolName vMaxSessionLimit: hostPoolGet.properties.maxSessionLimit vPreferredAppGroupType: hostPoolGet.properties.preferredAppGroupType vHostPoolType: hostPoolGet.properties.hostPoolType vLoadBalancerType: hostPoolGet.properties.loadBalancerType vLocation: hostPoolGet.location } } @sys.description('The registration token of the host pool.') output registrationToken string = hostPool.outputs.registrationToken If you are using ARM templates in your deployment: { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "1.0.0.0", "metadata": { "_generator": { "name": "bicep", "version": "0.28.1.47646", "templateHash": "15215789985349638425" } }, "parameters": { "hostPoolName": { "type": "string" }, "location": { "type": "string" }, "baseTime": { "type": "string", "defaultValue": "[utcNow('u')]" } }, "variables": { "expirationTime": "[dateTimeAdd(parameters('baseTime'), 'PT1H1M')]" }, "resources": [ { "type": "Microsoft.DesktopVirtualization/hostPools", "apiVersion": "2023-09-05", "name": "[parameters('hostPoolName')]", "location": "[parameters('location')]", "properties": { "maxSessionLimit": 2, "hostPoolType": "Personal", "loadBalancerType": "Persistent", "preferredAppGroupType": "Desktop", "registrationInfo": { "expirationTime": "[variables('expirationTime')]", "registrationTokenOperation": "Update" } } } ], "outputs": { "token": { "type": "string", "value": "[reference(resourceId('Microsoft.DesktopVirtualization/hostPools', parameters('hostPoolName'))).registrationInfo.token]" } } } WARNING! Be mindful when using secrets in deployment templates and follow Azure best practices when managing secrets. Our examples in this discussion post are to be used for educational purposes only. Additional Support If you have any questions, comments, or concerns about this, please feel free to post a comment.
