Microsoft Learn modules for Windows Virtual Desktop ARM-based now available!
Microsoft Learn modules for Windows Virtual Desktop ARM-based now available! Good Day WVD Community! I'm happy to share that the new Microsoft Learn modules for Windows Virtual Desktop ARM-based are now available! Created by the Microsoft field and Engineering teams. If you receive any feedback, please let me/us know. Modules: Introduction to Windows Virtual Desktop in Microsoft Azure Prepare for Windows Virtual Desktop in Microsoft Azure Deploy Windows Virtual Desktop in Microsoft Azure Optimize Windows Virtual Desktop in Microsoft Azure The content also includes some new technical drawings on WVD in general and with FSLogix and (future) app attach.Azure Virtual Desktop: The flexible cloud VDI platform for the hybrid workplace
When we launched Windows Virtual Desktop nearly two years ago, no one predicted a global pandemic would force millions of workers to leave the office and work from home. Organizations around the world migrated important apps and data to the cloud to gain business resilience and agility. And to support the newly remote workforce, many of you turned to Windows Virtual Desktop to give remote users a secure, easy to manage, productive personal computing experience with Windows 10 from the cloud. It has been humbling to work alongside you as you pivoted your operations to meet new challenges – from supporting frontline healthcare workers at NHS to engineers at Petrofac to educators and students. Going forward, organizations will need to support an evolving set of remote and hybrid work scenarios. To help our customers and partners meet these new hybrid work demands, we are expanding our vision to become a flexible cloud VDI platform for nearly any use case – accessible from virtually anywhere. A modern VDI platform needs to be secure, scalable, and easy to manage, while delivering a seamless, high-performance experience to end users. It should also empower organizations with the flexibility to customize and build solutions with its core technology. To support this broader vision and the changing needs of our customers, today we are announcing new capabilities, new pricing for app streaming, and changing the name of the Windows Virtual Desktop service to Azure Virtual Desktop. New platform capabilities for security and management We are continually adding new capabilities to the core Azure Virtual Desktop platform. Today we are also pleased to announce the public preview of new features that will help you onboard and better manage your Azure Virtual Desktop deployment. Enhanced support for Azure Active Directory (coming soon in public preview): Azure Active Directory is a critical service used by organizations around the world to manage user access to important apps and data and maintain strong security controls. We are pleased to announce that you’ll soon be able to join your Azure Virtual Desktop virtual machines directly to Azure Active Directory (AAD) and connect to the virtual machine from any device with basic credentials. You’ll also be able to automatically enroll the virtual machines with Microsoft Endpoint Manager. For certain scenarios, this will help eliminate the need for a domain controller, help reduce cost, and streamline your deployment. While this is a major milestone, it’s just the beginning of the journey towards full integration with Azure Active Directory. We will continue adding new capabilities such as support for single sign-on, additional credential types like FIDO2, and Azure Files for cloud users. Manage Windows 10 Enterprise multi-session VMs with Microsoft Endpoint Manager (available now in public preview) - Microsoft Endpoint Manager allows you to manage policies and distribute applications across devices. You can now enroll Windows 10 Enterprise multi-session Azure Virtual Desktop virtual machines in Microsoft Endpoint Manager and manage them in the Microsoft Endpoint Manager admin center the same way you manage shared physical devices. This simplifies management and provides a centralized view across both physical devices and virtual desktops. Read the Windows 10 Enterprise multi-session documentation to learn more. Deploy in minutes with new Quickstart experience (coming soon in public preview): We are pleased to offer a streamlined onboarding experience for Azure Virtual Desktop in the Azure portal. This new experience will validate requirements, kick off an automated deployment, and will also implement best practices. With only a few clicks, you can set up a full Azure Virtual Desktop environment in your Azure subscription. You will find this new experience under “Quickstart” in the Azure Virtual Desktop blade in the Azure portal. New pricing option for remote app streaming Many organizations are using Azure Virtual Desktop to stream apps to their own employees who are covered by existing license entitlements. But many organizations also want to use Azure Virtual Desktop to deliver applications “as-a-service” to customers and business partners as well. Today we are pleased to announce a monthly per-user access pricing option for organizations to use Azure Virtual Desktop to deliver apps from the cloud to external (non-employee) users. For example, this would enable software vendors to deliver their app as a SaaS solution that can be accessed by their customers. In addition to the monthly user price for Azure Virtual Desktop, organizations also pay for Azure infrastructure services based on usage. Here's what one ISV had to say about the new pricing option: “Sage is trusted by millions of customers worldwide to deliver innovative business solutions to manage finances, operations and people. Streaming applications with Azure Virtual Desktop makes it easy to streamline user access to our solutions on the Azure cloud for a great online customer experience.” James Westlake, Director of Product Management, Sage Try it during our promotional period The new per-user access pricing option will be effective on January 1, 2022. To help organizations get started now, we are pleased to offer a special promotion with no charge to access Azure Virtual Desktop for streaming first-party or third-party applications to external users. This promotion is effective from July 14, 2021 to December 31, 2021. Pricing for monthly user access rights effective on January 1, 2022 will be: $5.50 per user per month (Apps) $10 per user per month (Apps + Desktops) This promotion only applies to external user access rights. Organizations would continue to pay for the underlying Azure infrastructure. Organizations should continue to use existing Windows license entitlements, such as Microsoft 365 E3 or Windows E3 and higher, for app streaming to their employees. Visit our web page for more details. Expanding partner ecosystem As a cloud VDI platform, we work closely with our partners and empower them to build solutions that meet your needs. For example, Citrix and VMware provide desktop and app virtualization solutions that leverage the Azure Virtual Desktop platform capabilities, such as Windows 10 Enterprise multi-session, and allow you to maximize your existing investments and use the tools and solutions with which you are already familiar. We are also proud of our ecosystem of hundreds of partners who build custom solutions and provide technical consulting to help you deploy with confidence. Visit Azure Marketplace for more information on partner solutions, and Advanced Specialization page for certified deployment partners. Getting started My team and I look forward to partnering with you to take full advantage of our flexible VDI platform in the cloud and unlock new end user computing possibilities. We appreciate your ongoing support and welcome your feedback. Join us on our Tech Community to connect with my team and other customers and partners to share your feedback and suggestions. To learn more about these announcements, please sign up for our upcoming webinar.Announcements at Windows Virtual Desktop Master Class
Windows Virtual Desktop Master Class is a virtual event where Windows Virtual Desktop experts from Microsoft as well as members of our community come together to share tips and best practices for deploying and scaling virtual desktops and remote applications on Azure. We are making several exciting announcements at the event: Promotion for new customers through March 31, 2021 - New customers save 30% on Windows Virtual Desktop computing costs for D-series and Bs-series virtual machines for up to 90 days. You can learn more about the offer here. Skilling - We are announcing a new Windows Virtual Desktop Specialty certification for professionals planning, delivering, and managing virtual desktop experiences and remote apps on Azure. The related Exam AZ-140: Configuring and operating Windows Virtual Desktop on Microsoft Azure will be available soon in beta version. If you are looking for a certified partner to help with you deployment, you can continue to leverage the advanced specialization program which complements the Azure MSP program. Product announcements – The features that we had pre-announced at Microsoft Ignite in September are now in public preview: Azure Monitor for Windows Virtual Desktop -Provides a centralized view with all the monitoring telemetry and visualizations you need to debug and troubleshoot issues. Learn More MSIX app attach in the Azure portal - MSIX app attach is an application delivery solution that allows you to dynamically attach an application in MSIX format to a user session. Previously, you had to use PowerShell scripts, but now the MSIX app attach capability is available in public preview in the Azure portal and is integrated with Azure Resource Manager. Learn More. Screen capture protection – Disables screen capture for your remote apps and desktop on all the supported Windows Virtual Desktop clients RDP short path – Establishes a direct peer-to-peer UDP connection to the session host rather than over the internal Windows Virtual Desktop gateways taking into account the type of network from which you are connecting. This provides a secure experience with less connection latency and better performance. Learn More Microsoft Defender for Endpoint integration (Generally Available) – With this integration, you get the full investigation experience you have with Windows 10 machines, now for Windows Virtual Desktop VMs. If you are using Windows 10 Enterprise multi-session, Microsoft Defender for Endpoint will support up to 50 concurrent user connections – so you get the cost savings of Windows 10 Enterprise multi-session and the confidence of Microsoft Defender for Endpoint. Learn More For a deep dive into these announcements and to learn more about security, cost optimization, and other topics, tune into the Windows Virtual Desktop Master Class!Now available, Podcast Desktops in the Cloud - episode 1 with WVD group PM Manager Kam VedBrat
The Desktops in the Cloud - video podcast has been released! WE ARE LIVE! After months of preparation, we finally released our new technical-driven video podcast called: Desktops in the Cloud. Together with my good friend Dean Cefola (from Azure Academy) we are interviewing people from Microsoft engineering and as well the world-wide virtual desktop community. The main goal is to provide the community deep dive content and stories behind the scenes, on e.g. how Windows Virtual Desktop has been started, what are the stories behind the program managers, and what are the latest updates. Our first episode is a very special one. We had Kam VedBrat on the show who's responsible for leading the Windows Virtual Desktop Engineering team in Redmond. You can watch it here on-demand. We hope you like the concept and become a re-occurring follower of our show. If you are interested in participating in an episode, feel free to approach us via social media – or via our submissions form here. Please follow Desktops in the Cloud ►Website: https://www.desktopsinthecloud.com ►Twitter: https://twitter.com/DesktopsCloud ►LinkedIn: https://www.linkedin.com/company/desktops-in-the-cloud ►YouTube: https://www.youtube.com/channel/UCv0_Y1wcKvTnLOEmf-3S45Q/ ►Spotify: https://open.spotify.com/show/2Ii6zQOL4ShUYUg18Tn5g7Want to learn Windows Virtual Desktop? Here are some good resources for a good (kick)start in 2020!
As the year 2019 is almost finished, it’s the time of the year to take a step back and reflect on last year’s achievements—and begin planning your learning path for next year. Windows Virtual Desktop (WVD) is the new Azure kid on the block in the year 2019. Since it’s GA release on the 30th of September, the interest and popularity have been massive. Due to the popularity, I thought it’d be useful to share some of the free available learning content. Read Christiaan’s complete article here: https://christiaanbrinkhoff.com/2019/12/29/how-to-learn-everything-for-free-about-windows-virtual-desktop-in-the-new-year/Learn here how to Manage your Windows Virtual Desktop host pools with Azure Bastion
Learn here how to Manage your Windows Virtual Desktop host pools with Azure Bastion We all remember stepping stone, or also called jump management servers to manage and maintain your Remote Desktop, or infrastructure server environment internally (and externally) through a Remote Desktop Connection with the most common reason; it’s just easy? “From an security perspective this is the most worst you can do, because once hackers are in - you’ve got access to almost everything!” Azure Bastion is a relatively new Azure service that can simplify as well as improve remote connectivity - as a secure better alternative for stepping stone servers to your Windows Virtual Desktop - and infrastructure Virtual Machines on Microsoft Azure. Azure Bastion is completely web-based and works via SSL. In some simple configuration clicks - and most importantly without exposing any RDP (or SSH) ports to the outside internet - you can access your Windows Virtual Desktop Virtual Machines in Azure. What is Azure Bastion? Azure Bastion is a new Azure Platform service you could leverage to enable external access to your resources in Azure Infrastructure-as-a-Service (IaaS). The service is completely HTML5 based and works from every modern web browser. The service automatically streaming to your local device via an RDP/SSH session over SSL on port 443. This makes it easy and secure to go over corporate firewalls without any adjustments. Also, it doesn’t require you to expose any Public IP or Remote Desktop Services port on your Network Security Group (NSG) for the internet. Azure Bastion works over port 443, this is the only port you need to open from the outside to the inside over the Network Security Group (NSG). After that, the connection proceeds to the subnet in the Azure Virtual Network where the Bastion Service persists and connect via the NSG of the VMs you want to leverage internally over the Remote Desktop (3389) or SSH (22) ports. A secure way to access your Windows Virtual Desktop as well as infrastructure servers in your Azure Infrastructure-as-a-Service environment. See below how it works from an architecture perspective… Did you know? The service operation from inside your Azure ARM portal. Use this specific Preview - https://aka.ms/BastionHost - URL to get access to the service. There are two ways that you can create a Bastion host resource: Create a Bastion resource using the Azure portal. Create a Bastion resource in the Azure portal by using existing VM settings. The Bastion Service is currently available for the following Azure DC regions. West US East US West Europe South Central US Australia East Japan East Bastion can also be used for secure SSH connections to for example Linux resources in your Azure IaaS environment If you create a bastion host in the portal by using an existing VM, various settings will automatically default corresponding to your virtual machine and/or virtual network. You must use a separate subnet in your virtual network to which the new Bastion host resource will be deployed. You must create a subnet using the name-value AzureBastionSubnet. This value lets Azure know which subnet to deploy the Bastion resources to. The Bastion PM team is adding some new futures soon, such as Azure AD and MFA integration and recording mode directly from the service. See here how it works I’ve recorded a short video after writing and creating my Azure Bastion Service, and to give you a sneak preview on the end result of this blog article – I’ve uploaded a video to show you the easiness and value. Check it out in the video below. Other secure alternatives... One other alternative way to reduce exposure to a brute force attack to your Windows Virtual Desktop environment is to limit (and IP whitelist - filter) the amount of time that a port is open. This is something you could achieve with the also not so old service Just-in-time VM Access, it’s an Azure Security Center feature you can leverage. In a nutshell; Just-in-time (JIT) virtual machine (VM) access can be used to lock down inbound traffic to your Azure VMs, reducing exposure to attacks while providing easy access to connect to VMs when needed. Read more about it here: https://docs.microsoft.com/en-us/azure/security-center/security-center-just-in-time How to Activate the Bastion Service Pre-step: Create a separate Azure Subnet for Bastion This step is easier to do prior to the Azure Bastion instance on Azure. One technical network requirement is to have a separate subnet, specifically for Azure Bastion traffic. You could either create a separate Azure Virtual Network and setup vNet peerings between your networks or just create a separate subnet in your existing vNet in Azure. This is the example I’m going to use in this article. Note: To be most efficient with your network addresses at least a /27 or larger subnet (/27, /26, and so on). Open the Azure vNet you want to use. Add a new Subnet Create the AzureBastionSubnet without any Network Security Groups, route tables, or delegations. Continue to the next step where we deploy the Bastion instance. Deploy Azure Bastion from the Azure Marketplace Just because Azure Bastion is still in Preview mode – you have to use this Preview Azure Marketplace URL below to get access to the service. The expectation is that this service becomes GA soon. Click on the URL below. https://aka.ms/BastionHost Search for Bastion (preview) in the Azure Marketplace Click on create Enter the required information for the VM deployment in your Azure IaaS environment. Optional: Assign a Public IP for the external Access to your Bastion server. Note: Make sure to select the correct Azure vNet we created/modified earlier. Click on the review+ create button Click on the Create button to start the deployment ... After a couple of minutes, the deployment is finished. Access my Windows Virtual Desktop images The following steps are similar to when you normally set up a Remote Desktop Connection to a Virtual Machine in Azure, although then through an MSTSC RDP file connection – we now leverage the Azure Bastion capabilities over HTML5 (clientless). Open the Virtual Machine that you want to manage Click on the Connect button Choose for the new option - BASTION Enter the Domain / Local Administrator credentials to get access to the VM Click on Connect There we go – I’m connected to my Windows 10 Multi-User master image inside Microsoft Azure via my Azure Bastion HTML5 (agentless) service!Running session host virtual machines shutdown state in hostpool
Hi all, I want to share this quick fix regarding hostpool session hosts in 'shutdown" state even when Azure VMs are running and are accessible by administrators (via RDP or remote access software): 1. Uninstall all agent, boot loader, and stack components 2. Remove the session host from the host pool 3. Generate a new registration key for the VM 4. Reinstall the Azure Virtual Desktop Agent and boot loader https://learn.microsoft.com/en-us/azure/virtual-desktop/troubleshoot-agent#step-1-uninstall-all-agent-boot-loader-and-stack-component-programs
Digital event: Windows Virtual Desktop Master Class
Take a technical deep dive into how to deploy, scale, and optimize virtual desktops and apps on Microsoft Azure with Windows Virtual Desktop. Join this free digital event to watch demos, participate in hands-on labs, network with your peers, learn best practices from the product team, and ask your questions in the live chat. Register for this free digital event to: Get expert advice on how to quickly move your virtual desktops and apps to Azure. Master the security fundamentals of cloud-based virtual desktops. Take a deep dive into monitoring, automatically scaling, and managing apps and images in your virtual desktop environment. Learn best practices for running latency-sensitive workloads like GPUs, multimedia, and high-performance computing. Register now > Windows Virtual Desktop Master Class Thursday, January 28, 2021 9:00 AM–4:00 PM Pacific TimeNow available. Desktops in the Cloud Episode 3: What's new from Microsoft Ignite
Now available. Desktops in the Cloud Episode 3: What's new from Microsoft Ignite Hi WVD Community! Something to watch during the weekend. In this episode, (yes, it's number 3 already!) Dean and I invited Pieter Wigleven, one of the Program Manager leads from the Windows Virtual Desktop Engineering team to walk us through all the new announcements from Microsoft Ignite 2020 that happened last week. He showed us some great interactive demo's around MSIX app attach via the Azure Portal, Microsoft Endpoint Manager integration for Windows 10 Enterprise, Start VM on Connect, and way more. Did this make you curious? Let's watch episode number #3! 0:00 #1 Intro 3:00 #2 Region availability updates 05:21 #3 Microsoft Endpoint Manager demo 08:00 #4 Microsoft Defender ATP demo 14:00 #5 MSIX app attach via Azure Portal 17:00 #6 Windows Virtual Desktop Quickstart tool insights 19:53 #7 Azure Monitor workbooks 21:03 #8 VM start on Connect feature 22:03 #9 Closing Feel free to share it broader. Episode link: https://www.youtube.com/watch?v=EsgWHpA7Uz0&feature=youtu.be
Embedding remote desktop web client in IFrame
Hi, we are currently working on a custom solution for a customer that builds upon Virtual Desktop. We have built a "cloud hub" website where the user manages everything from their profile, storage, viewing costs and dashboards. The customer would like to embed the Azure Virtual Desktop web client inside this website (i.e. not opening a new browser window/tab). Is this possible today? I tried creating a simple test.html with only an iframe tag and the page (as shown below). See attached image for result: <iframe width="560" height="315" src="https://rdweb.wvd.microsoft.com/arm/webclient/index.html" frameborder="0" allowfullscreen></iframe>
