How to deploy and manage Windows Virtual Desktop “Spring Release”

After a long wait the next version of Windows Virtual Desktop (WVD) is now in public preview. This next version is also known as “WVDv2” and “Spring Release” and there are a lot of changes since the first GA release back in 2019 of WVD. To begin, it is now fully integrated with the Microsoft Azure portal, meaning, there is now an official supported management UI, you can now assign applications to Azure AD Groups, there are Role-Based Access Control (RBAC) possibilities, Integration with Log Analytics Workspaces, and many more new features.

In today’s blog I want to focus on how the new Windows Virtual Desktop Management Console (UI) looks like, how you deploy Windows Virtual Desktop “Spring Release” with it, and how you manage your environment after deployment.

Requirements

Before we start I want to walk you through the requirements that are needed for Windows Virtual Desktop.

General

  • Azure Tenant
  • Azure Subscription
  • Azure Active Directory
  • Azure AD Connect or Azure AD DS
  • Admin account(s)
    • Global Admin
    • Subscription Contributor Rights
    • Join VM’s to (local) domain

Licensing

Client OS

  • Microsoft 365 E3/E5
  • Microsoft 365 A3/A5/Student Use Benefits
  • Microsoft 365 F1
  • Microsoft 365 Business
  • Windows 10 Enterprise E3/E5
  • Windows 10 Education A3/A5
  • Windows 10 VDA per user

Server OS

  • RDS CAL license with active Software Assurance (SA)

Network

  • Hub-Spoke network (recommended) – https://bit.ly/3aRs9mg
  • Enough free address
  • DNS is configured properly
  • Access to local DC’s or Azure AD DS

Network Ports for Session Hosts

For the session hosts, make sure that at least the following outbound TCP ports are allowed in the firewall:

Next to the required ports, consider to open the following optional ports:

Windows Virtual Desktop Console components

Since this new version of Windows Virtual Desktop there are some difference in components in relation to the previous version, let’s explain this a little more.

Workspace

The Windows Virtual Desktop Workspace replaces the old WVD “v1” tenant. You don’t have to create a tenant with this new version anymore. Creating a Workspace and link the Application Groups to it will show the published resources (Desktop or Applications) in the end user Windows Virtual Desktop client.

Application Groups

There are two types of Applications Groups, one for Desktop (DAG, Desktop Application Groups), and one for Applications itself. You can have multiple application groups from a single Hostpool, and now can publish a Desktop and Applications from the same Hostpool to the same user at the same time (that’s new with this release).

Hostpools

Just like with the previous version. A Hostpool is a collection of Session Hosts VM’s where the applications are installed on and where the user sessions will be hosted.

Deploy Windows Virtual Desktop

If all requirements are in place you can start with the Windows Virtual Desktop deployment itself. For the next step, login as Azure Global Administrator to the Microsoft Azure Portal.

 

In the Azure Portal search bar, search for Windows Virtual Desktop and open it.

 

Click Create a host pool. This will start a wizard were you can create all the components needed to deploy a desktop or applications.

Select your Subscription and a Resource group (or create a new one). Fill in a Host pool name (not visible for end users) and select the Location.

For the Host pool type, select Pooled (user will login to random available VM in the hostpool every time) or Personal (dedicated assigned VM for user). In case of a Pooled Hostpool type, fill in the Max session limit of users for each VM in the hostpool and select the Load balancing algorithm (Breadth-first where new user sessions will be distributed across all available Session Hosts, or Depth-first, where new user sessions will be distribute to a server till it’s maximum of session limit is reached)

Click Next: VM details

Set Add virtual machines to Yes. Select your Resource group (or create a new one). Select the Virtual Machine Region (does not have to be the same as the resource group of the Host Pool itself). Select the desired Virtual machine size and select the required amount of VM’s. Fill in a VM Name prefix (keep it as short as possible, max 10 characters because a “-x” (dash and a number) will be added to this name in Azure and your local domain).

Select if you want to Use Managed Disks or not, and configure your network settings.

Scroll down

If you want to Specify a domain or OU unit, select Yes and fill in your domain information. Fill in the Administrator account details of a account that has the rights to join machines to the (local) domain.

Click Next: Workspace

Set Register desktop app group to Yes. Create a new one and give it a name, by default, this name will also be visible for the end user.

Click Next: Tags

Optionally you can add Tags, but I will skip it for now.

Click Next: Review + create

Click Create

After a few minutes, Your deployment is complete

Walkthrough the WVD Management Console

Let’s do a walkthrough through the new Windows Virtual Desktop management console. First lets take a look at the Host pools

Navigate to Host pools > <host pool name> > Virtual machines

Here you can find the Virtual Machines that are member is this Hostpool. You can managed them here, and you can see which user sessions are active on the particular VM.

If you open the Application groups blade, you see which applications groups are assigned to this Host Pool, you can open an Application Group and assign it to Azure AD Users and/or Azure AD Groups.

When opening the Properties blade, you see settings for the Max session limit and the Load balancing algorithm like you configured during the creation wizard in the previous step. You see that these settings can be easily changed afterwards in this management web console.

When opening the RDP settings tab, you see all the settings related to the user session itself, like Desktop resolution and Redirection for example for local Disk drives, clipboards and Printers.

Next, lets navigate to the Application groups > <application group> and open the Assignments blade. Before end users will see the new resources we need to assign it to them. Therefor click the Add button.

Then select the Group or User you want to assign to this Application Group and click Select. From now on, the end users will see the published desktop and your Windows Virtual Desktop environment is up-and-running.

 

If you create an Application Group for publishing RemoteApps (so not Desktops), you can easy add them by opening the Applications tab and then click on the +Add button. You can add applications via a Start Menu option (like in the screenshot above), or via the File path option where you need to fill in the path to the executable and all the other information yourself. In case of Publishing the Office applications you can easily use the Start Menu option and you are able to add them in a few seconds.

Lets take a look and the Workspaces. Navigate to Workspaces > <workspace name> and open the Application groups. Here you can add or remove Application Groups for this Workspace.

Open the Properties blade. Here you can see the Friendly name. By Default the name that is shown in the Windows Virtual Desktop client is the name of the Workspace. However, when filling in the Friendly name, this will be the name that will be shown in de client.

Finally, lets take a look at the Users blade. When opening this blade you can search for a User. When doing this, you can see the information of this user, but also the current Sessions this user have active. You can directly see on which Host pool and which Session Host VM is hosting this active session. You have options to send the user a notification or to logoff or disconnect his/her active session.

Finally a screenshot of the Windows Virtual Desktop client to show you how it looks like after the configuration from this blog.

I hope this blog has given you a good overview of the new version of Windows Virtual Desktop. If you thought it was worth reading, sharing via socials is appreciated. Thank you and till next time!

36 comments

  • Is it possible to import my existing Windows Virtual Desktop setup into the new management portal?

    • No, it’s complete new infrastructure. You can setup a new Workspace and Hostpool with the Application Groups and using your current golden image if you have one. As you can see in this blog, this can be setup within an hour or less.

  • Hi Robin!
    Thank you for the post.

    Did you need to grant admin consent for the enterprise apps?

    The web client is running ok, but the Remote Desktop App Client on windows only works fine when i consent these apps despite it’s not a requirement on the new documentation.

    The error code is “CAA20004” – “AADSTS650052: The app needs access to a service (\"https://mrs-Prod.ame.gbl/mrs-RDInfra-prod\") that your organization has not subscribed to or enabled.”

    When i consent the server app and try again, the message error makes a reference to the client app.
    Additionally, i removed all resources from my old v1 environment like the app groups, session hosts and the tenant via powershell.

  • With this new update, how is auto scaling managed as the MS documetation mentions the current scripts do not work with resource manager wvd object’s

  • I successfully deploy WVD Spring within an AADDS solution. But O365 apps doesn’t SSO inside the WVD sessions. In classic deployement on-prem, we always used AD Connect to seamless SSO O365 in our Citrix servers. Since ADS synchronize automatically with AADDS, not sure to fully understand how to SSO O365 with WVD + AADDS context. I love the AADDS solution concept because it remove the need to manage 2 AD vm’s & 2 AD Connect vm’s. Now i’m going to evaluate FSLogix containers on Azure File Share and GPO settings in AADDS. Thanks for advice or experience sharing

    • Hi Etienne, it’s correct what you are saying. SSO will not work when using Azure AD Domain Services. It’s by design.. for SSO, you need to have Azure AD Connect up and running which is not supported with Azure AD DS.

      • Thank Robin, i don’t know if Microsoft will improve that in their roadmap, we’ll see. So for best user experience (sso o365), the best choice is to keep classic ADS on 2 vm + Azure Ad connect on 2 others extras vm’s, means 4 vm’s (and running 750 hours/month probably) instead of cheap ADDDS service, too bad 😉

          • Hi Robin,
            Am I right in thinking that now the image can be managed with SCCM there is no need for a golden image?

          • There are several ways of creating and managing a “base” image, for example Azure Image Builder, blob storage snapshots (see my older posts), managed images via the Azure Shared Image Gallery and other distribution tools like SCCM. That is totally up to you. Personally I’m not into SCCM and like the cloud native solutions like just mentioned, but again that totally up to you.

          • Hi Robin,

            We currently have an express route of 500mb and there maybe a requirement that all WVD client traffic goes through this, would you know what additional Azure infrastructure Is needed?

          • That is depending on the infra you have like the location of your domain controllers (local or in Azure) and the backend of your data and applications.

          • We currently have a DC at both locations (azure AD and Ad replicating) and also some legacy apps on premise that require DB access

  • Hi Robin,

    VM is being created and added to on-prem AD sucessfully but then gets hung up at this point in the deployment via Azure console – “Microsoft.Compute/virtualMachines/extensions” and eventually fails. The machine is then not part of the host pool, but i am able to remote to it and log in etc via standard on-prem MSTSC RDP.
    Any ideas why this step could be failing?

    • You can find more information in the logs of the last Session host VM. I had this once and it had to do with a failing download of the config package (proxy server issue)

  • For WVD deployment :-

    Is it mandatory to have DC (Domain Controller) or ADDS in Azure ?

    Can it work if have DC in on-premises only ?

    Please can you clarify as I am confused about it ?

    • A domain join is required at this moment, but the DCs don’t have to be running on-premises, they can also be running in Azure for example. As long as they are reachable for the Session Host VMs.

  • I might have missed a step but have followed everything and all deployed but when our users connect via the Windows App/Web login they see the old WVDs hostpool/workspace which is now longer running. How do I get them to see the new one as i have added all required users to the new workspace

      • Hi,

        Not sure if this one Is for you but it’s about FSLogix and multi connections across Multiple Hostpools and VM instances.

        Which mode have you used that has a more seamless user experience?

  • Hi Robin,

    Thank’s for all, you helped me a lot.

    I have a question, you can create multiple application group for RemoteApp but it’s possible for Desktop ?

  • Hi, Robin
    If I see your blog , it requires to setup Hub-Spoke network is recommended to setup WVD. I want to create WVD based on azure ad connect syncing from my on-prem active directory server. Does it also need to setup Azure gateway or Hub-Spoke network which you recommended so that get authority to join VM in the WVD host pool?

About Robin Hobo

I work as a Senior Solution Architect with focus on the Modern Workspace. I am specialized in Azure Virtual Desktop (AVD), Windows 365 and Microsoft EM+S (including Microsoft Endpoint Manager - Microsoft Intune).

For my full bio, check the About Me page.

By continuing to use the site, you agree to the use of cookies. more information

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.

Close