Azure Virtual Desktop Essentials
Intro and Full Tour
This is Microsoft’s cloud VDI solution with centralized security, management, and scalability built-in. It’s an efficient and flexible approach to desktop virtualization without compromising control.
Azure Virtual Desktop works across your devices and apps, with full-featured experiences for Windows, Mac, iOS and Android. The web client also allows you to access your remote desktops and apps from almost any modern browser.
We’ll take you on a tour of the essentials for Azure Virtual Desktop, including what it is, how it works and your options for configuring the service as an administrator to meet your organization’s needs.
99.9% or higher availability.
Use Availability Sets and Availability Zones in Azure Virtual Desktop for increased resiliency — Start here.
Multiple users on a single VM.
Multi-session capabilities work for Windows 11 and Windows 10, exclusive to Azure Virtual Desktop. Click to watch.
Implement granular controls to enforce security baselines.
Zero Trust and intelligent controls available in Azure Virtual Desktop. Watch here.
Watch our video here.
00:00 — What is Azure Virtual Desktop?
01:35 — Admin options to configure the service
03:48 — Steps to provision Azure Virtual Desktop
05:09 — Data access options for files and profile containers
05:36 — Zero trust controls for security
06:31 — Utilization and scaling options
07:11 — Where you can find out more about Azure Virtual Desktop
Azure Virtual Desktop documentation to get started https://aka.ms/AVDDocumentation
Unfamiliar with Microsoft Mechanics?
As Microsoft’s official video series for IT, you can watch and share valuable content and demos of current and upcoming tech from the people who build it at Microsoft.
- Subscribe to our YouTube: https://www.youtube.com/c/MicrosoftMechanicsSeries
- Talk with other IT Pros, join us on the Microsoft Tech Community: https://techcommunity.microsoft.com/t5/microsoft-mechanics-blog/bg-p/MicrosoftMechanicsBlog
- Watch or listen from anywhere, subscribe to our podcast: https://microsoftmechanics.libsyn.com/website
- To get the newest tech for IT in your inbox, subscribe to our newsletter: https://www.getrevue.co/profile/msftmechanics
Keep getting this insider knowledge, join us on social:
- Follow us on Twitter: https://twitter.com/MSFTMechanics
- Share knowledge on LinkedIn: https://www.linkedin.com/company/microsoft-mechanics/
- Enjoy us on Instagram: https://www.instagram.com/msftmechanics/
- Loosen up with us on TikTok: https://www.tiktok.com/@msftmechanics
Matt McSpirit (00:02):
Welcome to Azure Virtual Desktop Essentials. If your organization’s looking for a more efficient and flexible approach to desktop virtualization, without compromising control, in the next few minutes, I’ll walk you through Azure Virtual Desktop, Microsoft’s Cloud VDI solution with centralized security, management, and scalability built-in. By design, it works across your devices and apps with full featured experiences for Windows, Mac, iOS, and Android. Also, the web client allows you to access your remote desktops and apps from almost any modern browser, keeping your user productive from anywhere.
So let’s dig into the top things Azure Virtual Desktop brings you. First and foremost, it helps remove much of the expense and complexity of building and managing your own desktop infrastructure, and you only pay for what you use. It comprises the roles that you would’ve previously had to manage yourself, such as your gateway, broker, diagnostics, load balancing, and more, but as a scalable managed service on Azure. And you can provision the compute and configure user experiences to meet your needs. Because it runs on Azure, you benefit from Azure’s expansive global footprint, and its mission critical infrastructure can be configured for increased resiliency. For example, for any single instance VM, Microsoft guarantees up to 99.9% availability. Then for mission critical VMs, you can use Availability Sets that will fail over to a redundant VM running on a nearby server host, resulting in a guaranteed 99.95% SLA. Or you can use Availability Zones to host redundant BMS across physically separate locations in the same region that comprise one or more data centers to guarantee 99.99% availability. You still maintain full control over service configuration and management with lots of options for deploying services, implementing identity and file storage.
Azure Virtual Desktop really is flexible and configurable to your needs. You can choose from hundreds of VM size and performance options, and vary the density of users on your VMs based on the workload. And you can configure remote app experiences as you need to, allowing users to access app windows individually without exposing the entire desktop. There are other unique benefits too, such as being able to distribute users across your VMs for greater efficiency, something only previously offered with Windows Server. You can have multiple users simultaneously logged in to a single VM with multi-session capabilities, exclusive to Azure Virtual Desktop. And this works with both Windows 11 and Windows 10. Also, because you’re running on a Windows Client OS compared to Windows Server, you’ve got more flexibility to run a broader set of apps for your users.
Speaking of which, let’s talk more about the user experience and how Azure Virtual Desktop can be configured to protect your users as they work. For users, there are no compromises between their virtual desktop experience and a physical PC. On Windows, remote apps can be fully integrated into the start menu and you can pin them to the task bar. It’s also easy to multitask, and if your policy permits it, copy and paste between app Windows, as you’re seeing here with Windows 11. And as mentioned, Azure Virtual Desktop can be accessed from virtually any device, platform or modern browser.
And even though Azure Virtual Desktop can be set up using using shared VMs, whereas a user, you might access a different VM each time you log in, you shouldn’t feel it, because with FSLogix profile containers configured, it will connect VMs to your personal profile and app data with each log on. It just works like your local PC. For example, when you open Outlook, you’ll see your inbox and calendar right away without having to wait for the mailbox to populate. This makes the experience of working with stateful apps, as you move between shared VMs, pain-free. You can also use device peripherals like webcams or other attached USB devices, and Universal Print allows you to use network connected printers. And of course, by configuring optional information protection policies, you can ensure that data never goes to the local device used to access your virtual desktops.
In fact, Azure Virtual Desktop offers unparalleled configuration and management options to let you maintain full control. From the Azure Portal, your experience starts with deploying a collection of virtual machines, or host pools, that your users will have access to. Here, you’ve got the option of assigning personal VMs to individual users or pooled VMs that are shared with multiple users. Again, you control the size performance level as well as the OS image used for each VM. You also control whether users can access full desktops or individual applications. And to ensure that your VMs meet your desired user experience, Azure Virtual Desktop provides real-time views of service insights, and it’s fully integrated with Azure Monitor. You can get full diagnostics for your host pools and workspaces to ensure it meets the bar for performance and connectivity. And by monitoring VM utilization, you can make informed scaling decisions.
That said, how you configure and integrate your identity services is the key to how users will securely access their virtual desktops. Azure Active Directory unlocks a secure consistent sign-on experience. You can require multifactor authentication along with conditional access to streamline experiences. Then, by using Azure AD Join for your host pools, you can run all identity and access management services in the cloud without the need for hybrid connectivity to your local directory service. And importantly, unlike a less secure open remote desktop protocol port, which waits and listens for connections, Azure Virtual Desktop uses reverse connect transport for outbound connectivity over an encrypted connection during a user session.
Of course, once authenticated, there are a few options for accessing data and files. For pooled or shared VMs, user profile data can be containerized in a separate virtual disc, which will attach in real-time to any session, on any VM, right as you login. If you’re using OneDrive, your on-demand files are always available and will launch right away. And if you’re using on-prem file shares now Azure File Sync lets you replicate them in Azure Files so that your virtual desktops up can access them seamlessly.
There are also broader Zero Trust and intelligent controls available to you too. So to protect against rootkit and bootkit based attacks for Windows 11, Trusted Launch with virtual TPMs enable secure boot protections to make sure that nothing has been modified before launching the VM. Azure Virtual Desktop also has several platform-specific encryption options, which will work with your key management service such as Azure Key Vault. And you have the option to use Azure Confidential VMs, where all data and memory is encrypted with a hardware root of trust, requiring attestation to protect data and code in use. As a domain joined or Azure AD joined machine, as you’d expect, you can implement granular controls using group policy to enforce security baselines in the VM itself. And by using Microsoft Defender for Cloud, the built-in intelligence continually assesses the security of your virtual machines. These and other protections can ensure that your VMs meet even the most stringent security requirements.
To truly take advantage of paying for what you use, there are also lots you can do to optimize the costs and utilization. In fact, this is another area of tremendous flexibility. Importantly, you can proactively balance performance and utilization costs by using the exclusive multi-session experience to assign multiple users to a single VM and combining it with load balancing controls with options for depth first to load each VM up individually until it’s close to capacity, then provision another host for additional users, or breadth first, which evenly spreads users across multiple available VMs. They’re also built in scaling plans. These allow you to scale out the number of VMs in a host pool during peak usage time, and scale them back in, for example, during off business hours or weekends.
That was a quick overview of Azure Virtual Desktop, Microsoft’s Cloud VDI solution. There’s more to come in our series with hands-on guidance on the steps and your options to deploy and manage the service at scale. And there are useful resources at aka.ms/AVDDocumentation. Of course, keep visiting Microsoft Mechanics for more, subscribe if you haven’t already, and thanks for watching.