Azure Course Blueprints
Please refer to the updated document now in Azure Architecture Blog https://aka.ms/courseblueprint Overview The Course Blueprint is a comprehensive visual guide to the Azure ecosystem, integrating all the resources, tools, structures, and connections covered in the course into one inclusive diagram. It enables students to map out and understand the elements they've studied, providing a clear picture of their place within the larger Azure ecosystem. It serves as a 1:1 representation of all the topics officially covered in the instructor-led training. Links: Each icon in the blueprint has a hyperlink to the pertinent document in the learning path on Learn. Layers: You have the capability to filter layers to concentrate on segments of the course by modules. I.E.: Just day 1 of AZ-104, using filters in Visio and selecting modules 1-3 Enhanced Integration: The Visio Template+ for expert courses such as SC-100 and AZ-305 now features an additional layer that allows you to compare SC-100, AZ-500, and SC-300 within the same diagram. Similarly, you can compare any combination of AZ-305, AZ-204, AZ-700, and AZ-104 to identify differences and study gaps. Since SC-300 and AZ-500 are potential prerequisites for SC-100, and AZ-204 or AZ-104 for AZ-305, this comparison is particularly useful for understanding the extra knowledge or skills required to advance to the next level. Advantages for Students Defined Goals: The blueprint presents learners with a clear vision of what they are expected to master and achieve by the course’s end. Focused Learning: By spotlighting the course content and learning targets, it steers learners’ efforts towards essential areas, leading to more productive learning. Progress Tracking: The blueprint allows learners to track their advancement and assess their command of the course material. New Feature: A comprehensive list of topics for each slide deck is now available in a downloadable .xlsx file. Each entry includes a link to Learn and its dependencies. Download links Associate Level PDF Visio Released Updated Contents! AZ-104 Azure Administrator Associate Blueprint [PDF] Template 12/14/2023 10/28/2024 Contents AZ-204 Azure Developer Associate Blueprint [PDF] Template 11/05/2024 11/11/2024 Contents AZ-500 Azure Security Engineer Associate Blueprint [PDF] Template+ 01/09/2024 10/10/2024 Contents AZ-700 Azure Network Engineer Associate Blueprint [PDF] Template 01/25/2024 11/04/2024 Contents SC-300 Identity and Access Administrator Associate Blueprint [PDF] Template 10/10/2024 Contents Specialty PDF Visio Released Updated AZ-140 Azure Virtual Desktop Specialty Blueprint [PDF] Template 01/03/2024 02/05/2024 Expert level PDF Visio Released Updated AZ-305 Designing Microsoft Azure Infrastructure Solutions Blueprint [PDF] Template+ AZ-104 AZ-204 AZ-700 05/07/2024 12/09/2024 Contents SC-100 Microsoft Cybersecurity Architect Blueprint [PDF] Template+ AZ-500 SC-300 10/10/2024 Contents Skill based Credentialing PDF Visio Released Updated AZ-1002 Configure secure access to your workloads using Azure virtual networking Blueprint [PDF] Template 05/27/2024 Contents AZ-1003 Secure storage for Azure Files and Azure Blob Storage Blueprint [PDF] Template 02/07/2024 02/05/2024 Contents Benefits for Trainers: Trainers can follow this plan to design a tailored diagram for their course, filled with notes. They can construct this comprehensive diagram during class on a whiteboard and continuously add to it in each session. This evolving visual aid can be shared with students to enhance their grasp of the subject matter. Introduction to Course Blueprint for Trainers [10 minutes + comments] Real life demo AZ-104 Advanced Networking section [3 minutes] Visio stencils Azure icons - Azure Architecture Center | Microsoft Learn Subscribe if you want to get notified of any update like new releases or updates. My email ilan.nyska@microsoft.com LinkedIn https://www.linkedin.com/in/ilan-nyska/ Celebrating 30,000 Downloads! Please consider sharing your anonymous feedback <-- [~ 40 seconds to complete]Update to Microsoft Desktop Virtualization API v. 2023-09-05 by August 2, 2024 to avoid any impact
[Recommended actions updated on July 29, 2024] WARNING! Be mindful when using secrets in deployment templates and follow Azure best practices when managing secrets. Our examples in this discussion post are to be used for educational purposes only. Older Microsoft Desktop Virtualization API version(s) utilized for your Azure Virtual Desktop host pool resource will no longer support ‘get’ actions for registration token retrieval as of August 2nd, 2024. The affected API versions are as follows: 2019-01-23-preview 2019-09-24-preview 2019-12-10-preview 2020-09-21-preview 2020-11-02-preview 2020-11-10-preview 2021-01-14-preview On August 2nd, 2024, these affected API versions will no longer support the retrieval of the registration token. Users on older versions will not be able to use the 'get' action to retrieve the token. However, with the newer versions, there are two ways for customers to retrieve registration tokens moving forward: [Recommended] Using list* resource functions: Microsoft.DesktopVirtualization/hostpools resources now expose a listRegistrationTokens() function. This works if you already have valid registration tokens on your host pool and you want to retrieve them from an existing host pool. Using a 'post' action to securely retrieve the token AZ CLI: az desktopvirtualization hostpool retrieve-registration-token - az desktopvirtualization hostpool | Microsoft Learn REST: Host Pools - Retrieve Registration Token - REST API (Azure Desktop Virtualization) | Microsoft Learn AZ PowerShell: Get-AzWvdHostPoolRegistrationToken (Az.DesktopVirtualization) | Microsoft Learn Action Required Review any workflows you may have that rely on readers retrieving access tokens and update them to extract the registration tokens for a host pool in a new way. Ensure you are using up to date versions of the Microsoft Desktop Virtualization API. To take action, here are examples of how to extract the registration tokens for a host pool and update to the 2023-09-05 API version using Bicep and ARM templates. WARNING! Be mindful when using secrets in deployment templates and follow Azure best practices when managing secrets. Our examples in this discussion post are to be used for educational purposes only. [Recommended] Take action using list* resource functions This solution works if you already have valid registration tokens on your host pool and you want to retrieve them from an existing host pool. If you are using Bicep templates in your deployment: @sys.description('AVD Host Pool resource ID. (Default: )') param hostPoolResourceId string var varHostpoolSubId = split(hostPoolResourceId, '/')[2] var varHostpoolRgName = split(hostPoolResourceId, '/')[4] var varHostPoolName = split(hostPoolResourceId, '/')[8] // GET hostpool resource hostPoolGet 'Microsoft.DesktopVirtualization/hostPools@2023-09-05' existing = { name: varHostPoolName scope: resourceGroup('${varHostpoolSubId}', '${varHostpoolRgName}') } @sys.description('The registration token of the host pool. This is not secure! Only for educational/testing purposes. Please follow security practices @ https://learn.microsoft.com/en-us/azure/azure-resource-manager/bicep/scenarios-secrets ') output registrationToken array = hostPoolGet.listRegistrationTokens() If you are using ARM templates in your deployment: { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "1.0.0.0", "metadata": { "_generator": { "name": "bicep", "version": "0.28.1.47646", "templateHash": "2750874554099795062" } }, "parameters": { "hostPoolResourceId": { "type": "string", "metadata": { "description": "AVD Host Pool resource ID. (Default: )" } } }, "variables": { "varHostpoolSubId": "[split(parameters('hostPoolResourceId'), '/')[2]]", "varHostpoolRgName": "[split(parameters('hostPoolResourceId'), '/')[4]]", "varHostPoolName": "[split(parameters('hostPoolResourceId'), '/')[8]]" }, "resources": [], "outputs": { "registrationToken": { "type": "array", "metadata": { "description": "The registration token of the host pool. This is not secure! Only for educational/ testing purposes. Please follow security practices @ https://learn.microsoft.com/en-us/azure/azure-resource-manager/bicep/scenarios-secrets " }, "value": "[listRegistrationTokens(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', format('{0}', variables('varHostpoolSubId')), format('{0}', variables('varHostpoolRgName'))), 'Microsoft.DesktopVirtualization/hostPools', variables('varHostPoolName')), '2023-09-05')]" } } } Other ways to take action One alternative is to always (re)create your host pool, which in turn will re-generate registration tokens that can then be retrieved using the PUT operation. If you are using Bicep templates in your deployment... Use the retrieveToken.bicep module to retrieve the registration token from a host pool by using a PUT operation: @sys.description('Optional. Host Pool token validity length. Usage: \'PT8H\' - valid for 8 hours; \'P5D\' - valid for 5 days; \'P1Y\' - valid for 1 year. When not provided, the token will be valid for 8 hours.') param tokenValidityLength string = 'PT8H' @sys.description('Generated. Do not provide a value! This date value is used to generate a registration token.') param baseTime string = utcNow('u') param vLocation string param vHostPoolName string param vHostPoolType string param vPreferredAppGroupType string param vMaxSessionLimit int param vLoadBalancerType string resource hostPool 'Microsoft.DesktopVirtualization/hostPools@2023-09-05' = { name: vHostPoolName location: vLocation properties: { hostPoolType: vHostPoolType preferredAppGroupType: vPreferredAppGroupType maxSessionLimit: vMaxSessionLimit loadBalancerType: vLoadBalancerType registrationInfo: { expirationTime: dateTimeAdd(baseTime, tokenValidityLength) registrationTokenOperation: 'Update' } } } @sys.description('The registration token of the host pool.') output registrationToken string = reference(hostPool.id).registrationInfo.token Here's an example of using the retrieveToken.bicep module to extract the registration token: @sys.description('AVD Host Pool resource ID. (Default: )') param hostPoolResourceId string var varHostpoolSubId = split(hostPoolResourceId, '/')[2] var varHostpoolRgName = split(hostPoolResourceId, '/')[4] var varHostPoolName = split(hostPoolResourceId, '/')[8] // Call on the hostpool resource hostPoolGet 'Microsoft.DesktopVirtualization/hostPools@2023-09-05' existing = { name: varHostPoolName scope: resourceGroup('${varHostpoolSubId}', '${varHostpoolRgName}') } module hostPool 'retrieveToken.bicep' = { name: varHostPoolName scope: resourceGroup('${varHostpoolSubId}', '${varHostpoolRgName}') params: { vHostPoolName: varHostPoolName vMaxSessionLimit: hostPoolGet.properties.maxSessionLimit vPreferredAppGroupType: hostPoolGet.properties.preferredAppGroupType vHostPoolType: hostPoolGet.properties.hostPoolType vLoadBalancerType: hostPoolGet.properties.loadBalancerType vLocation: hostPoolGet.location } } @sys.description('The registration token of the host pool.') output registrationToken string = hostPool.outputs.registrationToken If you are using ARM templates in your deployment: { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "1.0.0.0", "metadata": { "_generator": { "name": "bicep", "version": "0.28.1.47646", "templateHash": "15215789985349638425" } }, "parameters": { "hostPoolName": { "type": "string" }, "location": { "type": "string" }, "baseTime": { "type": "string", "defaultValue": "[utcNow('u')]" } }, "variables": { "expirationTime": "[dateTimeAdd(parameters('baseTime'), 'PT1H1M')]" }, "resources": [ { "type": "Microsoft.DesktopVirtualization/hostPools", "apiVersion": "2023-09-05", "name": "[parameters('hostPoolName')]", "location": "[parameters('location')]", "properties": { "maxSessionLimit": 2, "hostPoolType": "Personal", "loadBalancerType": "Persistent", "preferredAppGroupType": "Desktop", "registrationInfo": { "expirationTime": "[variables('expirationTime')]", "registrationTokenOperation": "Update" } } } ], "outputs": { "token": { "type": "string", "value": "[reference(resourceId('Microsoft.DesktopVirtualization/hostPools', parameters('hostPoolName'))).registrationInfo.token]" } } } WARNING! Be mindful when using secrets in deployment templates and follow Azure best practices when managing secrets. Our examples in this discussion post are to be used for educational purposes only. Additional Support If you have any questions, comments, or concerns about this, please feel free to post a comment.
Identifying AVD customers tenants with Azure lighthouse
Hello, We have onboarded customer through Azure lighthouse and I wonder if there is a way to identify customer's tenants with Azure virtual desktop deployments. Is it possible to run a graph query in Azure graph explorer and get a list of customers in bulk, who use AVD? Suggestions and recommendations are welcomed and thank you in advance! Regards, AnnaConditional Access per HostPool or RDP properties conditional on clients
Good day all, I am struggling with the RDP properties of our different host pools. Corporate policy states that nothing should be able to be redirected from the local device. Which is fine and for the Full Desktop publishing we have configured this so on the host pool in RDP properties. However, now we have a separate host pool for a remote app. This remote I would only like to be able to connect to from the desktop host pool (nested) and not from the local device. As this is a Remote App the users need to interact with this application with the clipboard. So I want to know if there is a method, and if not, request a feature to make this possible. With kind regards,
Process to use customise URL
I am looking for a procedure to be able to use URL redirection from a personalized address (remote.domainName.com) to the base address used by Azure Virtual Desktop Client web Bureau à distance (microsoft.com) If anyone can provide a process using FunctionApp or Azure Front Door you're welcome 🙂
Authentication issue when trying to sign into Azure Virtual Desktop VM.
I am having an issue when trying to sign in to a VM I have created on Azure using AVD. It prompts for my Microsoft Password which I enter. It will then start connecting and then prompt for my password. It seems to repeat this and will continue doing this. I have turned MFA and it is still doing this. I have assigned a different User to the VM and it works fine. This has happened to 2 different accounts and I cant seem to find anything on how to resolve the issue. I have attached a video of what it is doing. Could someone please help or suggest something to fix this. bandicam 2023-10-09 09-05-26-198.mp4SharePoint sync access from Windows Explorer in Published App
Hi, We have published apps and full desktop available to our users within the host pool. When the user sets up sync from SharePoint it is accessible from within Great Plains on the full desktop but the user cannot access it when accessing the Great Plains as a published app. Is there anything that can be done to make the user experience the same across the board? ThanksAzure Virtual Desktop deployment error: resource write operation failed to complete successfully
I have tried to deploy Azure Virtual Desktop several times and it has failed every time, with the same error message: "write operation failed to complete successfully, because it reached terminal provisioning state 'Failed'." Details: "The resource write operation failed to complete successfully, because it reached terminal provisioning state 'Failed'. (Code: ResourceDeploymentFailure, Target: /subscriptions/b38d7f27-415a-4877-a594-ff5e4877c8d3/resourceGroups/AVD-Resource-Group-Prefix-deployment/providers/Microsoft.Resources/deployments/easy-button-inputvalidation-job-linked-template)" I've tried using my work/Microsoft 365 Account, and using two different personal accounts, I thought the issue could be billing related, but even when there is $200 in available credit in a new/trial account, it still happens. I've seen suggested elsewhere that this may be due to Azure Policy restrictions, but there are none, at least no non-default policies, and if the default policies restrict creation of Azure Virtual Desktop environments, that should be changed, and at minimum, users/admins should be informed if that is what is preventing them from being deployed, and be given the option to change them. The bottom line is that this is absurd that Azure Virtual Desktop fails by default for multiple accounts, and it needs to be fixed, even if my personal deployment issue can be resolved by jumping through hoops. Please, let me know what hoops I need to jump through to get this to work for now.
