Microsoft’s Azure Virtual Desktop: All You Need to Know
A Virtual Desktop Infrastructure (VDI) lets organizations make operating systems and applications available to remote users from a centralized location. Workers can access corporate apps and interact with virtual desktops on a variety of devices. VDIs have become increasingly popular and important as more companies move toward a remote-first business culture.
Microsoft’s Azure cloud provides customers with a desktop as a service (DaaS) option. Azure Virtual Desktop (AVD) formerly Windows Virtual Desktop (WVD) is a new solution that runs on a redesigned Windows 10 or Windows 11 platform and supports multi-session access. Let’s take a look at how this remote access solution and the ways it can help meet multiple business objectives.
What is WVD?
Azure Virtual Desktop or, as it was known earlier, Window Virtual Desktop is a cloud-centric VDI solution available on Microsoft’s Azure cloud computing platform. The Azure desktop as a service offering provides an enterprise with either a multi-user Windows 10/ Windows 11 or single-user Windows 7 experience and combines them with the functionality of Office 365 ProPlus. Azure WVD furnishes organizations with a complete virtual desktop infrastructure without the complications of running a gateway server or additional management components.
Multi-session desktops can be run, minimizing resource utilization on virtual machines and driving down costs. The Windows 10 or Windows 11 Enterprise multi-session edition delivers an authentic Windows experience to remote users. The virtual desktops provisioned in WVD can be persistent so users can save settings and personal data to facilitate enhanced productivity.
You may hear the question being asked “What is Azure virtual desktop?” It is simply that the Azure VDI offering has been rebranded from WVD to AVD to emphasize its integration with the Microsoft cloud. We will use these three-letter acronyms (TLAs) interchangeably in this article.
Azure VDI Setup and Registration
Setup and registration of the VDI Azure cloud solution require a level of expertise and familiarity with the underlying Azure environment. Following is an overview of the process.
How to set up Azure Virtual Desktop
- Sign in to the Microsoft Azure Portal with an account that has permission to create a resource group and resources with the power to write to the Azure Active Directory.
- The next step is to verify that all prerequisites are met and functioning properly.
Click on Azure Virtual Desktop in the top bar to launch the management environment.
Click the Create a host pool button.
- Fill in the Basics form which includes information about the WVD resource group, host pool names and type, location, and the max session limit.
Start filling in the Virtual Machines form by selecting Yes to Add virtual machines. This form has multiple sections in which all parameters used to construct the AVD are defined. An administrator with some degree of familiarity with Azure should be assigned to this task.
When all settings and parameters have been defined, click on Review + Create to verify your configuration.
Click Create and the AVD will be created in approximately 10 minutes.
- Click Users in the sidebar to assign users to the host pool.
- Search for an Azure-AD synced user to add to the environment.
- Click on the user and navigate to Individual assignments.
- Click +Add, select a group for the user, and click on Add.
This procedure requires extensive information that is used to fill in the necessary forms to implement an AVD. The payoff is access to a fully functional Windows environment from any device in any location.
The Benefits of Deploying Windows Virtual Desktop
VDI on Azure presents modern businesses with multiple advantages to help them navigate the demands of a dynamic and evolving workplace. Following are some of the benefits a business can enjoy when implementing a WVD environment.
- • Remote work is facilitated by giving employees access to familiar tools and apps from any location.
- • WVD simplifies how companies control and provide secure access to data and applications for contractors and full-time employees on a remotely accessible virtual desktop.
- • Virtual machines can be provisioned when needed rather than spending capital resources on physical Windows computers.
- • Greater compatibility and reduced latency are provided for customers working with Office 365.
- • Multiple virtual desktops can be assigned to different groups so a user has access to the application they need when engaged in a virtual session. This allows a tailored approach to provisioning virtual machines that address the specific needs of diverse user groups.
- • Decreased virtualization costs can accompany the move to AVD from alternative solutions.
Common WVD Usage Scenarios
WVD was developed by Microsoft to address the evolving needs of its cloud customers. Following are some common WVD usage scenarios that are closely associated with the benefits afforded by this virtualization solution.
- • Companies can promote a more flexible and versatile workforce through the use of AVDs deployed on various device types. Employees can use mobile devices when out of the office and achieve the same functionality as if they were physically in front of their Windows machine. WVD offers an excellent solution to the current emphasis on facilitating remote work.
- • Operations and access to applications can be standardized and centrally managed with employees being provided with a WVD loaded with corporate resources.
- • WVD enables companies to address unique workloads and instances where specialized apps need to be made available to select user groups.
- • Security is enhanced in a WVD environment, making it an appropriate choice for businesses operating in regulated industries that need to demonstrate compliance with industry or governmental standards.
Azure VDI pricing
Two components need to be considered when calculating the costs of a VDI Azure cloud solution.
User access rights
- • License entitlement is based on current eligible licenses for Windows, Microsoft 365, or RDS client access licenses (CALs).
- • Monthly, per-user access pricing is available, providing access to AVDs for external users.
Azure infrastructure costs
An Azure account is required to deploy and manage the virtualization environment. Infrastructure components that contribute to the Azure VDI cost structure include:
- • Virtual machines;
- • Operating system storage;
- • Data disks for personal desktop storage;
- • Storage for user profiles;
- • Networking.
Microsoft offers a pricing calculator intended to help potential customers estimate the cost of implementing a WVD environment.
Azure Windows Virtual Desktop Components
Implementing a Microsoft Azure VDI environment requires the efficient management of multiple components. The responsibility for managing these components is shared between Microsoft and the customer.
Microsoft manages the following parts of the Azure VDI architecture.
- • Web access – This service enables WVD users to access virtual desktops and remote apps through a compatible web browser from any location using any device.
- • Gateway – The gateway service provides connectivity to AVD apps and desktops from any Internet-connected device capable of running the virtual desktop client.
- • Connection Broker – This component manages user connections and performs functions such as load balancing and reconnecting dropped sessions.
- • Diagnostics – Remote Desktop Diagnostics tracks every administrator action in the AVD deployment, conducts analytics on them, and scores each activity as a success or failure. This event log can be reviewed to pinpoint failing components.
- • Extensibility components – Microsoft manages extensibility components such as REST APIs that allow customers to use third-party tools.
Customers are responsible for managing the following components.
- • Azure Virtual Network – This component lets Azure resources like VMs communicate privately with each other and with the Internet and can be used to extend an on-premises network into the cloud.
- • Azure Active Directory (AD) – Azure Active Directory is used by WVD for identity and access management with security features like multi-factor authentication (MFA) and conditional access.
- • Azure Active Directory Domain Services (AD DS) – Customers need to join all AVD VMs to an AD DS that is in sync with Azure Active Directory.
- • Azure Virtual Desktop Session hosts – Host pools are controlled by the customer and can run any of these operating systems:
- – Windows 7 Enterprise;
- – Windows 10 Enterprise;
- – Windows 10 Enterprise Multi-session;
- – Windows Server 2012 R2 and above;
- – Custom Windows system images.
- • Azure Virtual Desktop workspaces – Customers use this AVD component for the management of host pool resources.
Security Features of a VDI in Azure
Cloud security, including that of a VDI Azure solution, is a shared responsibility between the provider and the customer. The following list illustrates how these responsibilities are divided when implementing a WVD environment.
Microsoft’s responsibilities include:
- • Securing the virtualization control plane;
- • Ensuring the security of physical hosts, networks, and datacenter.
The customer’s responsibilities are:
- • Enforcing appropriate identity management safeguards;
- • Securing mobile and stationary user devices;
- • Providing security for the host OS, apps, and network controls;
- • Designing a secure deployment configuration.
From the customer’s perspective, multiple best practices are available that result in a more secure virtual desktop infrastructure. Following are some suggestions for providing enhanced security for an Azure VDI client and the overall environment.
- • Enable Microsoft Defender for Cloud to manage vulnerabilities, strengthen security, and comply with regulatory standards such as PCI and HIPAA.
- • Require multi-factor authentication for all users and admins accessing a virtual desktop.
- • Use conditional access to control who can use a virtual desktop and which device can be used to connect to the AVD.
- • Implement a maximum inactive time and enforce disconnection policies when users exceed them.
- • Set up screen locks for idle sessions to avoid unauthorized access to WVDs.
- • Collect audit logs and monitor all AVD usage.
The cloud-centric nature of AVD makes it a logical choice for companies moving to or with a substantial cloud presence. Microsoft is spending time and resources developing and optimizing this solution, AVD can fit best with companies business objectives and empowers their remote employees.