As you have probably already heard or read is that Windows Virtual Desktop (WVD) is now available in Public Preview. Windows Virtual Desktop is a desktop and application virtualization service running in Microsoft Azure. The backend is completely managed by Microsoft itself. You can create host pools to publish full desktops or to publish your LOB applications. A big advantage is that Windows 10 multi user edition is available with WVD. As a result, it is no longer necessary to give each user their own VDI in case your LOB application only runs on a Windows 10 OS and not on a Windows Server OS.
In this blog I want to show you step-by-step how I configured Windows Virtual Desktop in my test environment. Remember that Windows Virtual Desktop is still in Public Preview by the time I wrote this blog. Some steps can only be performed using PowerShell commands at this moment. Once Windows Virtual Desktop is out of Preview, I expect that there will be a nice WVD console available in the Microsoft Azure Portal.
It is possible to upload an own customized image with all your LOB applications and tools like FSLogix for your host pools, but I skip this step for this blog and will use a standard Gallery Image with Microsoft Office 365 ProPlus installed on it to show you how easy and quick you can enroll your own WVD environment.
Requirements
Before you can start with the deployment of Windows Virtual Desktop, make sure you have the following;
- An Azure subscription
- Virtual Network configured within your Azure Tenant
- Make sure that new VM’s can access the DC’s (or as an alternative, make sure you have Azure AD Domain Services up and running)
- Make sure all resources are in the same region
- You have one of the following licenses; Microsoft 365 (E3/A3, E5/A5, F1 and Business) or Windows 10 (Enterprise E3/E5 – Education A3/A5 or VDA per user)
My Environment
In my test environment I have an on-premises domain controller with ADSync configured to my Micosoft Azure tenant. On-premises I have created an user account which I will use to join machines to the domain (wvd@robinhobo.com). In my Microsoft Azure tenant I have assigned the Global Administrator role to this user and made him Owner of my Azure subscription.
I also have installed a new clean Windows 10 machine without any app installed on it. I will use this machine to test the configuration results at the end of this blog.
In this blog
In this blog I will cover the following steps;
- Give Consent to your Azure AD tenant
- Assign the TenantCreator application role the an Azure AD user
- Create a Windows Virtual Desktop tenant
- Create a Windows Virtual Desktop Host Pool for a Full Desktop
- Create a Windows Virtual Desktop Host Pool to publish Applications
- Create an Application group and assign applications and users to it
- Install the Remote Desktop Client app and test the results
1. Give Consent to your Azure AD tenant
The very first step is to allow the Windows Virtual Desktop services to access your Azure tenant. For this step we need the Azure Tenant ID. For the next steps login to the Microsoft Azure Portal.
Browse to Azure Active Directory > Properties and copy the Directory ID
Open a new browser tab and browse to the Windows Virtual Desktop Consent Page.
Make sure you select Server App as Consent Option. Past your Azure Tenant ID next to AAD Tenant GUID or Name and hit the Submit button.
Sign in with a Microsoft Azure Global Administrator account. As mentioned before I have created a separate admin account to setup Windows Virtual Desktop. Later in the process, this account is also needed to create the Windows Virtual Desktop tenant, hostpool and to assign applications to groups via PowerShell.
Click Accept
We need to repeat this step one more time. So open a new browser tab and navigate to the Windows Virtual Desktop Consent Page.
This time, make sure you select Client App as Consent Option. Past your Azure Tenant ID next to AAD Tenant GUID or Name and hit the Submit button.
Login again with the same Global Administrator account.
Click Accept
Close the browser tab.
2. Assign the TenantCreator application roll the an Azure AD user
During the first step, two new Enterprise Applications are created in your Microsoft Azure tenant. We need to grant the Azure AD account extra permissions to one of these applications before we can continue with the next step.
Within the Microsoft Azure portal, navigate to: Azure Active Directory > Enterprise Applications and open the Windows Virtual Desktop application.
Open the Users and groups page and click the + Add user button
Search for the user account (in my case the wvd@robinhobo.com account again). Click Select and Assign. As you can see the TenantCreator role is automatically assigned.
3. Create a Windows Virtual Desktop tenant
Now we can create a Windows Virtual Desktop tenant. In this tenant we are going to create Hostpools in later steps. For the following steps we need the Azure Tenant ID and the Azure Subscription ID. I have copied these ID’s to a Notepad for later use. To get your Azure and Subscription ID’s take the following steps;
Within the Microsoft Azure tenant, navigate to; Azure Active Directory > Properties and copy the Directory ID (Azure tenant ID).
Within the Microsoft Azure tenant, navigate to; Subscriptions and copy the Subscription ID
Start the Windows PowerShell ISE application with Administrator rights and run the following command;
Install-Module -Name Microsoft.RDInfra.RDPowerShell
The NuGet provider is required to continue, if not already installed on the machine you got prompted to do so, if this is the case, click Yes to install.
Click Yes to All
Run the following command;
Import-Module -Name Microsoft.RDInfra.RDPowerShell
Select the Microsoft.RDInfra.RDPowerShell module. Find the Add-RdsAccount commando and fill in the following information;
DeploymentUrl : https://rdbroker.wvd.microsoft.com
You can also run the following PowerShell command directly;
Add-RdsAccount -DeploymentUrl https://rdbroker.wvd.microsoft.com
Login with the account with the TenantCreator role (in my case the wvd@robinhobo.com account).
Your now logged in with the account and ready to create the Windows Virtual Desktop tenant.
To create the RDS tenant, go to the New-RdsTenant command and fill in the AadTenantId (Azure Tenant ID) and the AzureSubscriptionId (Your Azure Subscription ID). Give the RDS Tenant a name. In my case I will call it RobinHoboCom. NOTE: This name will be visible for end users and is also needed when creating Host pools and Application groups.
Click Run
You can also run the following command directly;
New-RdsTenant -Name <NEW RDS TENANT NAME> -AadTenantId <Your Azure Tenant ID> -AzureSubscriptionId <Your Azure Subscription ID>
The Windows Virtual Desktop Tenant is now created.
4. Create a Windows Virtual Desktop Host Pool for a Full Desktop
During this step I will show you how to create a Windows Virtual Desktop Host Pool to publish a Full Desktop.
For the next steps we need to go back to the Microsoft Azure Portal.
Click + Create a resource button and search for Windows Virtual Desktop – Provision a host pool. Click on it to open.
Click Create
Fill in the following information;
Hostpool name : In my case it will be Desktop (this will also be the name of the published desktop for the end user!)
Desktop type : Pooled or Personal (In my case it will be Pooled (random host from the pool)
Default desktop users : Users that must have access to this desktop. NOTE: Once a user is assigned to the desktop from a host pool, no separate applications from the same host pool can be assigned to that user!
Subscription : Your Azure subscription
Resource group : I will create a new Resource group with the name “WVD”
Location : Your location NOTE: your network resources must be in the same region
Click OK
Select the Usage Profile type, the total number of users and the Virtual machine size. For this demo I will select Medium user Profile and 5 users in total.
For the Virtual machine name prefix I fill in DSK.
Configure the following;
Image source : In this case I will go for a Gallery image. You can also use your own image with the LOB apps you need
Image OS version : For this demo I select Windows 10 Enterprise multi-session with Microsoft Office 365 ProPlus
Disk Type : select the disk type you want for your hosts
AD domain join UPN : Fill in the account you can use for the Active Directory Domain Join. NOTE: Use the UPN of the local domain if that domain is different that your public domain
Admin Password : Fill in the password of the user
Specify domain or OU : If needed you can do it here
Virtual network : Select the correct VNET
Subnets : Select the correct Subnets NOTE: Remember the Domain Controllers needs to be accessible from this subnet!
Click OK
Configure the following;
Windows Virtual Desktop tenant group name : Default Tenant Group (leave as is)
Windows Virtual Desktop tenant name : The name of the tenant we have created in step 3 of this blog, in my case RobinHoboCom
Windows Virtual Desktop tenant RDS Owner : UPN or Service principal (in my case UPN)
UPN : Enter the UPN of the user account you created the tenant with
Password : Enter the password of the account
Click OK
Click OK
Select I give Microsoft permissions to use and share my contact information so that Microsoft or the Provider can contact me regarding this product and related products and click Create
After a few minutes (mostly between 7 and 20 minutes) the deployment is finished and the host pool is up and running.
If an user is assigned to the default desktop group of this host pool, he/she now have the possibility to logon to this full published desktop (I will show you this in the final step of this blog).
If you want to add a user to the default desktop group, you can do this by running the following PowerShell script;
Add-RdsAppGroupUser -TenantName <Tenant Name> -HostPoolName <Host Pool Name> -AppGroupName “Desktop Application Group” -UserPrincipalName <user@domain.com>
5. Create a Windows Virtual Desktop Host Pool to publish Applications
The steps for creating a Host pool to publish applications is exactly the same as for a host pool for only a desktop. So I’m not going to add the same screenshots again. The only different settings with the Full Desktop host pool are the following;
Hostpool name : Apps
Default desktop users : Do not enter users you want to assign applications from this host pool to.
Virtual machine name prefix : APPS
For the rest, same Windows Virtual Desktop tenant name and same image with Office 365 ProPlus installed on it.
6. Create an Application group and assign applications and users to it
Now that the Host pool for applications is up and running we can start creating an Application Group for it and add applications to it.
At this moment (during writing this blog WVD is still in preview) this can only be done via PowerShell commands. Therefore we need to go back to PowerShell ISE.
Assuming you still logged in (otherwise import the RDInfra module first and run the Add-RdsAccount command as described in step 3 of this blog), search for the New-RdsAppGroup command and fill in the following;
HostPoolName : The name of the hostpool created in step 5. In my case Apps
Name : A name for this application group. In this case I will name it OfficeApps
TenantName : The name of your tenant created in step 3. In my case this is RobinHoboCom
ResrouceType : RemoteApp
Click Run
You can also run the following command (with correct information) directly;
New-RdsAppGroup -HostPoolName <host pool name> -Name <name for the new app group> -TenantName <name of your WVD tenant> -ResourceType "RemoteApp"
The output of the command should be like in the screenshot above.
To get a list of all applications available within the disk image of the host pool, search for the Get-RdsStartMenuApp command and fill in the following information;
AppGroupName : The name of the group just created. In my case OfficeApps
HostPoolName : The name of your Host pool. In my case Apps
TenantName : The name of your tenant created in step 3 of this blog. In my case RobinHoboCom
Click Run
Alternatively you can run the following command directly (with the correct information);
Get-RdsStartMenuApp -AppGroupName <application group name> -HostPoolName <your hostpool name> -TenantName <your WVD tenant name>
This command gives the output as you can see above. For adding applications to the Application Group we need the application AppAlias and FriendlyName if you want to publish all the Microsoft Office 365 the following list will help you to quickly publish them all;
Microsoft Access
AppAlias : access
FriendlyName : Access
Microsoft Excel
AppAlias : excel
FriendlyName : Excel
Microsoft OneNote 2016
AppAlias : onenote2016
FriendlyName : OneNote 2016
Microsoft Outlook
AppAlias : outlook
FriendlyName : Outlook
Microsoft PowerPoint
AppAlias : powerpoint
FriendlyName : PowerPoint
Microsoft Project
AppAlias : project
FriendlyName : Project
Microsoft Publisher
AppAlias : publisher
FriendlyName : Publisher
Microsoft Visio
AppAlias : visio
FriendlyName : Visio
Microsoft Word
AppAlias : word
FriendlyName : Word
To add a application to the application group, search for the New-RdsRemoteApp command and fill in the following information on the RA2 tab;
AppGroupName : The just created application group, in my case OfficeApps
HostPoolName: The name of the host pool. In my case Apps
Name : The application FriendlyName
TenantName : Your WVD Tenant name. In my case RobinHoboCom
AppAlias : The application AppAlias
Click Run and repeat this for every app you would like to add to this Application Group.
You can also run the following PowerShell command directly with the correct information filled in;
New-RdsRemoteApp -AppGroupName <name of the application group> -HostPoolName <the host pool name> -Name <friendly name of app> -TenantName <your WVD tenant name> -AppAlias <application AppAlias>
In case of adding Microsoft Excel the output looks like this.
The final step is to assign users to this group. Search for the Add-RdsAppGroupUser commando and fill in the following information;
AppGroupName : Name of the application group. In this case OfficeApps
HostPoolName : Name of the host pool. In my case Apps
TenantName : Your WVD tenant name. In my case RobinHoboCom
UserPrincipalName : The UPN of the user you want to add
Click Run or run the following command directly with the correct information;
Add-RdsAppGroupUser -AppGroupName <name of the application goup> -HostPoolName <name of the host pool> -TenantName <your WVD tenant name> -UserPrincipalName <user@domain.com>
7. Install the Remote Desktop Client app and test the results
It’s now time to install the Remote Desktop Client app and test the results. Alternatively you can also use the Remote Desktop web portal.
Remote Desktop Client : http://aka.ms/wvd/clients/windows
Remote Desktop Web client : https://rdweb.wvd.microsoft.com/webclient/index.html
In the following steps I will install the Remote Desktop Client app and test if everything works as it should.
Start the installation and click Next
Select I accept the terms in the License Agreement (if you do) and click Install
Select Launch Remote Desktop when setup exits and click Finish
Click Subscribe
Login with your (test) account.
As you can see all the applications and the Desktop are visible. I will start the Desktop first.
As you can see, I can successfully login to the desktop. I’m running the Windows 10 Enterprise for Virtual Desktops edition.
Also Microsoft Word is starting up successfully.
The Icon on the taskbar is the only visible different between the local installed applications.
Published Applications and Desktops can also be integrated in the Windows 10 Startmenu.
[…] the step-by-step blog about How to deploy Windows Virtual Desktop (Preview) and publish a Full Desktop and the Microsoft Office … it is time for the video of it. In my first vlog I show you step-by-step how to deploy Windows […]
Where are the “steps” on what’s needed for the Domain? UPN, OU, Password? Where is this supposed to be? This is a cloud solution so I am assuming it doesn’t require an on-prem AD Domain Controller? Or does it? Please share the steps as this one piece of information is a hardstop for a Virtual Desktop being deployable. I.e. it breaks and will not deploy of this is not configured properly.
It is not a requirement, you can also use the Azure AD Services, but for this blog I used an on-prem domain controller.
The deployment of the host pool keeps failing on domain join step.
Domain join seems to be a required setting.
I’m trying to use our local domain (domain.local) and a specific OU (OU=WVD Machines,OU=Clients,OU=HSC,DC=domain,DC=local. The account I’ve entered is a domain admin [name]@domain.local.
I cannot find any details on the error message, the raw error only reads that an exception was thrown.
Hi Robbert, can you try to create a Windows 10 VM manually in Azure within the same Network and Subnet and try to join this VM to the domain as well? This to see what happens?
The problem was that I had selected the wrong virtual network and subnet.
Everything is now working except that I added my colleagues to the Tenantowner role of the Windows Virtual Desktop Enterprise application in AAD, but they are still not able to add users to the appgroups using PS. They get an error “user is not authorized to query the management service” even though they have to correct role.
Can you try to make him owner via PowerShell like discribed in the first steps of this blog? : https://www.robinhobo.com/how-to-fix-server-app-is-not-consented-so-please-consent-server-app-error-when-logging-in-to-the-windows-virtual-desktop-wvd-management-tool/
Hi
Thanks for the guide, we’ve followed the steps, but when clicking the session host desktop after signing in, it says “Oops, we couldn’t connect to “USSPA-RDSH”. We couldn’t connect to the gateway because of an error. If this keeps happening, ask your admin or tech support for help.”
Any ideas please?
This was fixed by assigning/starting an Azure P2 license to the tenant.
Hi Jamie, can be multiple things. Are the session hosts up and running? Can you connect though RDP outbound, no network firewall blocking issues? For example.
Hi Robin
This was fixed by assigning/starting an Azure P2 license to the tenant.
Hello Robin,
I set up my own WVD deployment and I have everyting working great except one thing. I am trying to publish a non microsoft app to my feed (Putty). I can see it on my feed but wehn I try to launch it I get a prompt saying the application is not approved? I looked in enterprise application under my Azure ade tennant but I cant seam to find anywhere to approve the app. Have you had any luck in deploying non microsoft apps?
Hi Anthony, yes I have, see one of my latest blogs https://www.robinhobo.com/how-to-create-a-custom-windows-10-multi-user-image-with-lob-applications-for-windows-virtual-desktop-preview-wvd-hostpool-deployments/ Please follow the steps in that blog and let me know if you need any help.
Hi Robin,
I’ve made a mistake in the virtual machine name prefix and want to correct this. Can I change this prefix in the existing hostpool or do I have to remove the current hostpool and create a new one?
As far as I know do you need to recreate the sessionhosts.
I pined the remoteapp on the start menu of my windows machine but when you click on it, a remote desktop session login is briefly displayed. I would not like the user to see this screen everytime remoteapp is launched, I would like to hide and let the user just launch the app. Any ideas?
There is a checkbox to save the password. After checking this checkbox there will no longer be asked for a password.
Hello Robin,
great contribution, helped me a lot. Thanks a lot!
I’m aiming for a cloud-only environment. No local domain controller, no synchronization, nothing. Only Azure AD. So I’m even more surprised that I need Azure AD Domain Services to set up WVD. Or do you know a way to do without them?
Yes, you can also use Azure AD DS. At this moment Azure AD DS and a (on-premises) Active Directory are the only option.