On the 21/03/2019, Microsoft released Windows Virtual Desktop (aka WVD) as a public preview.
If you haven’t heard about it so far, you can think about Windows Virtual Desktop as a SaaS (Software as a Service) for Remote Desktop Services (RDS) on Azure. All the infrastructure elements like RD Gateway, Connection Brokers and RD Licensing are all provided as a service in Azure.
Windows Virtual Desktop also introduces Windows 10 multi-session, which, for the first time, allows multiple users to log into the same Windows 10 machine simultaneously using RDP.
In this post, we’ll walk through the steps required to establish Windows Virtual Desktop on your Azure tenant.
Prerequisites
Before we begin, please pay attention to the following requirements:
- Azure AD in sync with Active Directory Domain Services (ADDS) through Azure AD Connect or Azure AD DS.
- An Azure subscription within the Azure tenant.
- A virtual network that either contains or is connected to the Active Directory Domain Services and configured to use the Domain Controllers IPs as its DNS servers. This is required because your Session Host VMs must be join-to-domain. Pay attention that Azure AD-joined is not supported.
- For the full list of requirements, please see official docs.
Deploying Windows Virtual Desktop
The deployment of Windows Virtual Desktop consist of the following high-level steps:
- Create a Windows Virtual Desktop tenant.
- Create a host pool and session host VMs.
- Test connection and manage Windows Virtual Desktop users.
We will cover each of these steps in details, following with screenshots and examples.
(1) Create a Windows Virtual Desktop tenant
In this step, we will perform the following tasks:
- Allow Windows Virtual Desktop service to access Azure AD.
- Assign the “TenantCreator” role to a user account (required to create the WVD tenant).
- Create the Windows Virtual Desktop tenant itself.
Allow Windows Virtual Desktop service to access Azure AD
- go to https://rdweb.wvd.microsoft.com.
- Select ‘Server App‘ under consent option, provide your Azure AD tenant GUID and click Submit. (to find your Azure AD GUID, go to Azure Portal, select Azure Active Directory -> Properties, and look for Directory ID).
![screen-shot-2019-04-12-at-21.33.05.png]()
- Repeat the same process while selecting ‘Client App’ under the consent option.
Assign the “TenantCreator” role to a user account
In order to assign the “TenantCreator” role to the user we are using for creating the WVD tenant, we’ll use PowerShell.
The following script is asking the user for credentials, and assign the provided user with the “TenantCreator” role:
Create the Windows Virtual Desktop tenant
The creation of the Windows Virtual Desktop tenant is done by using PowerShell.
The following script creates the WVD tenant with the relevant parameters:
To make things easy, you can use the following PowerShell script to assign the ‘TenantCreator’ role and to create the WVD tenant. The script will ask you for your credentials, relevant subscription Id and the name you would like to give to your WVD tenant.
(2) Create a host pool and session host VMs
In this section, we will deploy a new host pool and one (or more) session host VMs in the WVD tenant we just created.
Unlike the previous steps, we will use the Azure Portal this time.
In order to start, click on Create a resource on the left sidebar, search for Windows Virtual Desktop – Provision a host pool, and click Create.
A wizard will take you through the required steps. We will cover each of them in depth:
Step 1 – Basic
Hostpool Name – Choose a preferred name for the new hostpool.
Desktop type (Pooled/Personal) – For most of the cases, we will choose Pooled desktop type. Personal will be selected only if you would like a dedicated VM/session host for each user.
Default Desktop Users – These are the users who will get permission to access the hostpool.
You can select multiple users separated by comma (e.g. Omer@contoso.com,Itamar@contoso.com)
Subscription – Select the subscription where the new hostpool will be created.
Resource group – Create a new resource group or use an empty resource group you’ve created for this purpose.
Location – Select the preferred location for your hostpool. Pay attention that during the Public Preview, Windows Virtual Desktop service will be available only in ‘West US 2’.
Step 2 – Configure number of VMs based on profile usage
Usage Profile– Let you choose the nubmer of users per vCPU. You can use custom to select the number of VMs.
Virtual machine size – Select the VM type and size you would like to use for your session host servers.
Virtual machine name prefix – Select a prefix for your session host VMs. This can be WVD, Hostpool01 or any other prefix that associate the VM with your Windows Virtual Desktop deployment. Pay attention that a ‘_’ (underscore) character is automatically added to your selected prefix (e.g If you choose ‘Hostpool01’ as your prefix, the VM name will be ‘Hostpool01-0’, ‘Hostpool01-1’ and so on).
Step 3 – Configure the VMs for Azure
Image source – Select the image for your session host VMs. In this example, we choose the Gallery option, which let you select an image from the Azure Gallery.
Image OS version – When selecting the Gallery option as the image source, you can choose between Windows Server 2016 and the new Windows 10 Enterprise multi-session.
Disk Type – Choose between HDD and SSD.
AD domain join UPN – Provide a user account UPN (e.g. admin@contoso.com) that has the join to domain permission. Usually, a Domain Admin account will be used.
Pay attention that a local user account with the same name will be created on each virtual machine.
Admin Password – Provide the password corresponding to the AD domain-join account you entered. Pay attention that this password will be used by the local user account, and therefore required to have at least 12 characters.
Specify domain or OU – Select ‘Yes’ if you would like to join the virtual machines to a specific domain or organization unit (OU). When selecting ‘No’, the virtual machines will be joined to the same domain as the suffix of the ‘AD domain join UPN’, and will be created under the ‘Computers’ container in Active Directory.
Virtual network – Select or create a vnet (virtual network) that will connect your VMs with Active Directory and Domain Controller/s. If the selected vnet could not contact the domain, the VMs will not be able to join the domain and the whole deployment process will fail. Make sure that the selected vnet is configured with the IPs of the internal DNS servers and that it has connectivity to them.
Subnets – Select or create the subnet to host the new session host VMs.
Step 4 – Authenticate to Windows Virtual Desktop
Windows Virtual Desktop tenant group – You should keep the default value and use the ‘Default Tenant Group’ unless told otherwise.
Windows Virtual Desktop tenant name – This should be the tenant name you chose when you created the tenant. In our example, this is the ‘$RDSTenantName’ variable.
UPN – Enter credentials of Azure AD account who has ‘RDS Owner’ or ‘RDS Contributor’ permissions.
Step 5 – Summary
Review your configuration. Pay special attention to the following:
AD domain join UPN – Account with insufficient permissions or wrong username/password will make the deployment fail.
Virtual network – Make sure the selected VNET has connectivity to your Active Directory Domain Services by configuring the relevant DNS servers and creating peering if needed.
Windows Virtual Desktop tenant name – double check that this name is the name you used when you created the tenant. You can use the command ‘Get-RdsTenant’ to get the tenants information and names.
Step 6 – Buy
Here you’ll find the terms of use and links to Azure pricing calculator to help you estimate the costs for your Windows Virtual Desktop deployment.
Click Create when ready to start the deployment process.
(3) Test connection and manage Windows Virtual Desktop users
After the deployment has completed successfully, you can start using and testing it by performing the following tasks:
- Open your browser and go to http://aka.ms/wvdweb (alias to the full URL: https://rdweb.wvd.microsoft.com/webclient/index.html).
- Authenticate using the credentials of a user in the ‘Default desktop users’ you provided in step 1:
![WVD_Hostpool01b]()
- Select the Session Desktop and provide your credentials again if asking.
![wvd_testdesktopsession01b.png]()
- Enjoy your full desktop session with Windows Virtual Desktop!
![WVD_TestDesktopSession02]()
If you would add more users to your Windows Virtual Desktop deployment, you can use the following PowerShell script.
The script lets you select the relevant tenant and hostpool (in case you have more than one), display the current RDS users within this hostpool (for the default ‘Desktop Application Group’) and give you the ability to add additional RDS users if required.