User Profile
Stefan Georgiev
Former Employee
Joined 8 years ago
User Widgets
Recent Discussions
Getting started wizard in Azure Virtual Desktop
This document provides an overview of how to leverage the getting started wizard in AVD (Azure Virtual Desktop). If you would like to reach out to the product team please use our form https://aka.ms/avdgsquestions. 1. Explaining the getting started wizard The getting started flow is aimed at addressing the following challenges with deploying AVD environments: Remove complex multi-step process (e.g., FSLogix profiles setup, Azure Files Storage account creation, domain join, etc.) Create session hosts and configure AVD (host pool, workspaces, desktop groups, validation user) Validate user input Validate environment (DNS, firewall/NSG configuration requirements for AVD, permission on Azure AD and subscriptions) Getting started has two main branches Existing setup – This branch is tailored for Azure tenants and subscriptions that already have AD DS or Azure AD DS configured Empty subscription – This branch is tailored for subscriptions that do not have AD DS or Azure AD DS, but may have other Azure resources (e.g. Azure Databricks, Azure Kubernetes). Once an AVD deployment has been completed existing AVD management tools can be used for management. 2. Requirements and limitations To use the getting started flow following requirements must be met: Active Azure subscription Azure AD tenant An account with Global Admin permissions on Azure AD (MSA and guest accounts are not supported see section 8.2) An account with Owner permissions on the subscription If getting started wizard is being used in an environment with an existing identity provider there is an additional requirement for Active Directory domain admin credentials Azure AD Connect is syncing the USERS container from AD DS to Azure AD The getting started flow has the following limitations: Access to getting started is only via the below URL https://portal.azure.com/?trace=diagnostics&Mmicrosoft_azure_wvd=true&feature.easybutton=trueµsoft_azure_marketplace_ItemHideKey=Microsoft_Azure_WVD_Hidden#blade/Microsoft_Azure_WVD/WvdManagerMenuBlade/overview AD Domain join UPN cannot include reserved words as documented here https://docs.microsoft.com/en-us/azure/azure-resource-manager/templates/error-reserved-resource-name Accounts used with getting started cannot have MFA. If getting started is used an Existing setup with AD DS as an identity provider, the domain controller VM must not have DSC extensions of type Microsoft.Powershell.DSC. 3. Feedback For bugs and questions, please file them via our form https://aka.ms/avdgsquestions. 4. Getting start wizard validation and deployment overview This section explains the phases through which the getting started wizard. Validates that there is an active subscription. Validates user has Global Admin permissions on Azure AD Validates user has Owner permissions on the Azure subscription If needed registers AVD resource provider on the subscription General input validation for required fields, empty space, reserved words If an empty subscription confirms no Azure AD DS is deployed and deploys it Creates Azure AD service principal Creates AAD DC Administrators group Checks if the selected domain administrator account can be created, creates it, and adds it to AAD DC Administrators group Creates VNET and NSG Validates if URLs required for AVD are reachable If existing setup Validates VNET and DNS can resolve the domain name If selected creates validation user Grant Desktop Virtualization User role Creates the AVD user group Grant the group Storage File Data SMB contributor If selected creates a storage account for FSLogix profiles AVD resources Host pool User-defined number of session host Validates the input for the ARM template (pre-flight check) Validates the individual resources against their corresponding resource provider (in-flight check) Note: the last two options are always performed when ARM templates are deployed. 4.1. Getting started in the Azure portal Getting started is currently available under its code name “Quickstart”. 5. Existing setup walkthrough This section walks the user through the getting started wizard on a subscription that contains either Azure AD DS or AD DS configured. 5.1. Getting started wizard for existing setup Open the preview URL https://portal.azure.com/?trace=diagnostics&Mmicrosoft_azure_wvd=true&feature.easybutton=trueµsoft_azure_marketplace_ItemHideKey=Microsoft_Azure_WVD_Hidden#blade/Microsoft_Azure_WVD/WvdManagerMenuBlade/quickstart Note: this URL is subject to change and eventually will be remove and only https://portal.azure.com will be needed. If requested sign to Azure and open Azure Virtual Desktop management, then select the Quickstart blade This will open the landing page for the wizard. Click Create. In the Basic blade select Subscription - allows you to select a subscription in which the wizards is going to deploy. How is your subscription configured – select Existing setup Location – resource location Azure admin UPN – the full user principal name (UPN) for an account that has admin permissions on Azure AD and owner permission on the subscription AD Domain join UPN – the full user principal name (UPN) for an account that has permissions and will be used to join the virtual machines to your domain Identity – The getting started wizard supports Azure AD DS or AD DS. Select an option applicable to your environment. This selection will have an impact on the input needed for Virtual machines In the Virtual machines blade Do you want the users to share this machine? – This option determines if a single session (aka personal) or multi-session (aka pooled) host pool will be configured. When selecting Yes (multi session) this will also trigger the creation of Azure Files (AF) storage account (SA) that will be joined to either Azure AD DS or AD DS. Image type – allows to selecting image from the Image gallery, custom images, or VHDs from storage blobs. VM size – allows you to select size and SKU for the VMs that are going to be deployed. Number of VMs – defines how many VMs are to be provisioned in the host pool. Subnet – This option will only appear if this is an existing setup with AD DS. It allows you to select a subnet in the VNET. This must be the same subnet as the identity (AD DS or Azure AD DS) is located or has been peered to it Domain controller resource group – This option will only appear if this is an existing setup with AD DS. It requires a selection of the resource group (RG) to which the AD DS VM is located or peered to. The RG with the domain controller must be in the same subscription (peered subscriptions are not supported.) Domain controller virtual machine – This option will only appear if this is an existing setup with AD DS. It asks for the VM running the AD DS Assign existing users – when checked this will open the Select Azure AD users or Users group. Create validation user – when checked this will open two fields Validation user username and Validation user password NOTE: The validation users group will be created in the USERS container. The Validation Group must be synced to Azure AD for the process to complete successfully. If Azure AD Connect is not syncing the USERS container, then pre-create the AVDValidationUsers group into an organization unit (OU) that is being synced to Azure. 6. Empty subscription walkthrough This section walks the user through the getting started wizard on an empty subscription. In the context of this wizard an empty subscription is one that does not have Azure AD DS or AD DS configured. 6.1. Getting started wizard for empty subscription Open the preview URL hhttps://portal.azure.com/?trace=diagnostics&Mmicrosoft_azure_wvd=true&feature.easybutton=trueµsoft_azure_marketplace_ItemHideKey=Microsoft_Azure_WVD_Hidden#blade/Microsoft_Azure_WVD/WvdManagerMenuBlade/quickstart Note: this URL is subject to change and eventually will be remove and only https://portal.azure.com will be needed. If requested sign to Azure and open Azure Virtual Desktop management, then select the Quickstart blade This will open the landing page for the wizard. Click Create In the Basic blade select Subscription - allows you to select a subscription in which the wizards is going to deploy. How is your subscription configured – select Empty subscription. Resource group prefix – When getting started wizard is ran on an empty subscription we need to create three resource group all using this prefix Location – resource location Azure admin UPN – the full user principal name (UPN) for an account that has admin permissions on Azure AD and owner permission on the subscription AD Domain join UPN – the full user principal name (UPN) for an account that has permission and will be used to join the virtual machines to your domain In the Virtual machines blade Do you want the users to share this machine? – This option determines if a single session (aka personal) or multi-session (aka pooled) host pool will be configured. When selecting Yes (multi session) this will also trigger the creation of Azure Files (AF) storage account (SA) that will be joined to the either Azure AD DS or AD DS. Image type – allows to select image from Image gallery, custom images, or VHDs from storage blobs. VM size – allows selecting size and SKU for the VMs that are going to be deployed. Number of VMs – defines how many VMs are to be provisioned in the host pool. Assignments blade allows you to specify the creation of a validation user that is going to be assigned to test the deployment. Create validation user – when checked this will open two fields Validation user username and Validation user password. 7. Outcome of successful run of the getting started wizard This section covers what resources the getting started wizard deploys for its two variants, existing setup, and empty subscription. Existing setup refers to the presence of an Active Directory in the subscription. In the context of the getting started wizard Active Directory can be either Azure AD DS or AD DS. Empty subscriptions refer to an environment that does not have an active directory. 7.1. Existing setup Successful getting stated deployment on an environment that contains Azure AD DS or AD DS will include: Two resource groups (RG): First RG starting with a user defined prefix and ending at *deployment, that contains deployment artefacts. Second RG starting with a user defined prefix and ending at *WVD, that contains the AVD environment. AVD resources in RG ending in *WVD Workspace (EB-WVD-WS) Host pool (EB-WVD-HP) Desktop application group (EB-WVD-HP-DAG) Session hosts and their corresponding resource nothing Disk VM When the wizard is configured for multi-session Storage account, used for FSLogix configuration. Managed identity 7.2. Empty subscription Successful getting stated deployment on an environment that does not contain Azure AD DS or AD DS is considered empty by the getting started wizard. Three resource groups (RG): First RG starting with the user defined prefix and ending in *deployment, that contains deployment artefacts. Second RG starting with the user defined prefix and ending in *wvd, that contains the AVD environment. Third RG starting with the user defined prefix and ending in *prerequisite, that contains the Azure AD DS deployment. AVD resources in RG ending in *wvd Workspace (EB-WVD-WS) Host pool (EB-WVD-HP) Desktop application group (EB-WVD-HP-DAG) Session hosts and their corresponding resource nothing Disk VM Prerequisite resource in RG ending in *prerequisite 2 NICs Load balancer Public IP address Azure AD Domain Services Virtual network Network security group When the wizard is configured for multi-session Storage account, used for FSLogix configuration. Managed identity 7.3. Resource group for Azure AD Domain Service (*prerequisites) This screenshot shows the resource group where the getting started wizard deploys Azure AD Domain Service. 7.4. AVD host pool The screenshot below shows the host pool deployed with the getting started wizard. 7.5. Host pool resource group (*wvd) The screenshot below shows the *wvd resource group and the resource inside. 7.6. Resource group containing Azure Automation Runbooks (*deployment) This screenshot shows the content of the resource group ending on deployments, where the Automation Account and Runbooks that power the getting started wizard are created and stored. 8. Known issues 8.1. Session host name collisions Currently the getting started wizard can be ran multiple times on a subscription. When the wizard has deployed session hosts and is run a second time the session host names between the first and second deployment will be the same. This does not impact AVD but creates challenges with management in Azure and in the identity provider. 8.2. MSDN subscription support Using MSDN subscription with the getting started wizard is supported but the MSA user that is signed up for the the subscription cannot be used: Navigate to Azure Active Directory and select Users Select the user you are looking to use Confirm the user principal name (UPN) does not contain #EXT# (e.g. user_hotmail.com#EXT#@hotmail.onmicrosoft.com) The solution to this limitation is to create a new Azure AD native user and assign both Global Admin and Subscription owner roles.MSIX app attach from MSIX bundles
This article covers the process of using an MSIX bundles with MSIX app attach in WVD. For more information on MSIX bundles please read here. For this article we assume that the MSIX bundle has multiple version of the same application. Each version intended for different architecture. Further we will use the default language pack. Prerequisites A bundle (.MSIXbundle or .APPXbundle) MSIXMGR tool Prepare MSIX image Navigate to the folder where the MSIX bundles is located. Copy and rename the original.MSIXbundle to .Zip. Unzip the content into a folder and navigate to the folder. Inside find the *_x64.appx or *_x64.msix file. Use that file in as source package for the MSIXMGR. More details here.Re: MSIX AppAttach Storage and Performance
1. The largest deployment currently is 8000 users 2. Depends on how many virtual machines will access the individual file (AF currently has 2000 open handles limit) 3. Sorry this question only make sense in the context of deciding to use unmanaged disks on Azure Files for storing the MSIX images and that is not recommended, 4. Depends how many VMs and what is the size of the MSIX pacakgesRe: MSIX app attach is now generally available
Working on article and video here but in short 1) Add v1 of MSIX package, set it to active 2) publish host pool and assign to user 3) Add v2 of MSIX package, set it to active 4) automatically V1 package become inactive 5) users start to get V2 next time they logoff/loginRe: Adding MSIX applications to the host pool
You should never manually add files into the VHD that are not part of the MSIX, That breaks the validity of the MSIX package and we will report no valid MSIX is present. Here is a video explaining the creation of the MSIX image https://www.youtube.com/watch?v=Tz749vPRT0o&t=1s Now for the HTTPS? That is not how Azure Files work over SMB. I would recommend that on 1 of your machines you create a c:\share folder. Share it to everyone (read) put the package there and pass the path \\shares\<name of msix image>MSIX app attach is now generally available
We’re excited to announce that MSIX app attach for Windows Virtual Desktop is now generally available! MSIX app attach in Windows Virtual Desktop builds on top of MSIX and existing Windows Virtual Desktop features to dynamically deliver MSIX packaged applications to users. MSIX app attach in Windows Virtual Desktop offers: A way to manage MSIX app attach with the Windows Virtual Desktop management UI The ability to assign MSIX applications to users and user groups Delivery of MSIX applications to users through both RemoteApps and Remote Desktop New ways to use the Windows Virtual Desktop service and its features Getting started: Check out our documentation at https://aka.ms/msixandwvd We also have a walkthrough and sample MSIX packages at our blog at https://aka.ms/msixappattach Additional information: MSIX – https://aka.ms/msix Setting up Azure Files for MSIX app attach - Step by step guide on computer account auth for Azure Files - Microsoft Tech Community Setting up Azure NetApp File for MSIX app attach - Setting up Azure NetApp Files for MSIX App Attach | Step-by-Step Guide - Microsoft Tech Community Create MSIX images - https://aka.ms/msixmgrwvd
