Microsoft's Azure Virtual Desktop service can provide plenty of value and integrations with other Microsoft services, but organizations must understand the requirements and architecture before jumping in.
The Azure Virtual Desktop (AVD) service, released in June 2021, serves as a more traditional desktop as a service (DaaS) offering compared to Windows Virtual Desktop (WVD), and there are a few notable points where AVD stands out.
Why choose Azure Virtual Desktop?
While there was plenty of overlap between WVD and AVD, Microsoft offers significant features and functionality to distinguish AVD. These features include:
- Enhanced support for Azure Active Directory (AD), which eliminates the need for a domain controller.
- Microsoft Endpoint Manager (MEM) and Intune integrations for Windows 10 multi-session virtual machine management
- Streamlined deployment within the Azure portal, making administration faster and easier
Whether an organization is running an on-premises remote desktop environment, an earlier implementation of WVD or another DaaS offering, Azure Virtual Desktop is enticing from both a business and technical standpoint.
Understanding Azure Virtual Desktop requirements before deployment make implementation easy, so it's critical to review them before embarking on the deployment process.
Requirements for running Azure Virtual Desktop
The key administrative requirements for AVD focus on the operating system availability and Active Directory framework. In addition, IT admins cannot overlook network considerations and support for users' physical devices.
Virtual desktops running on Azure offer multisession Windows 10 or 11 functionality, enabling a more cost-effective environment from a licensing perspective. Multiuser workstation OS functionality is a key feature that Azure offers for virtual desktops, distinguishing it from other options on the market. AVD even supports Windows 7 or Windows Server 2012 R2 through 2022.
When a workstation OS hosts the user sessions, any of the following licenses can serve: Microsoft 365 E3, E5, A3, A5, F3; and Business Premium Windows E3, E5, A3, A5. If Windows Server is the base OS, the organization will need Remote Desktop Services client access licenses (CALs) with software assurance.
Many organizations have fully adopted Azure AD, which is the optimal approach for an AVD environment. Microsoft implements Azure AD as part of Microsoft 365, so this framework is already in place for organizations with Microsoft 365 licensing. IT departments typically use Azure AD to support AVD authentication and management requirements. However, Windows Server Active Directory can also serve as the directory infrastructure.
User accounts must reside in the same Active Directory infrastructure as the virtual machines the users will be accessing, regardless of whether IT sources Azure AD or Windows Server Active Directory. This requirement ensures security and provides an authentication framework. User accounts external to the base Active Directory infrastructure, such as B2B or Microsoft accounts (MSAs), cannot access AVD resources. For example, a partner user account linked via B2B cannot access AVD resources, but a subsidiary user account that resides within the same Active Directory infrastructure can access AVD resources.
The Azure-based VMs that users access can live in any Azure region, but organizations should factor in network latency and regulatory restrictions when determining where to host them. While dedicated ExpressRoute networks can provide optimal connectivity, organizations should typically focus on internet connections with a preference for the nearest Azure region that provides user access.
For example, imagine a user based in the United States accessing virtual desktops hosted in Europe or Asia. Latency due to the large distance from endpoint to host will decrease the user experience. In addition, some countries such as Germany require that data stays within its borders, so Germany-based users would have to access virtual desktops that their organization is hosting within Germany to comply with data residency.
In most cases, AVD supports the physical endpoint device that the users have or prefer. These include Windows desktops, macOS, iOS and Android devices. In addition, the HTML-based web client can access AVD resources.
Customizations within Azure Virtual Desktop
AVD customizations fall within two key areas: OS deployments and application deployments.
Most commonly, organizations deploy AVD via the administrative interface within the Azure portal; it is user-friendly and the easiest mechanism. Advanced users can deploy via Azure Virtual Desktop PowerShell, Azure Resource Manager templates and REST APIs.
Though in name AVD focuses on virtual desktops, this service can also deploy individual remote applications to users. For example, if only some users work from virtual desktops but others require access to one or more virtual apps, IT can use AVD to present only the necessary applications for each subset of users. IT admins can also customize user data storage, including files and profiles, based on organizational requirements. Options for storage include file shares, OneDrive and FSLogix.
Very few deployments are based on vanilla virtual desktops because users need applications to perform basic tasks. At a minimum, organizations typically include Microsoft 365 productivity applications with virtual desktops. But plenty of organizations have numerous additional business applications that users need to access. It falls on IT to integrate these applications within the virtual desktop. While most applications are easy to add to a virtual desktop, some applications -- especially custom and legacy apps -- are more troublesome and require additional effort.
Getting numerous applications to function properly within a multiuser Windows 10 virtual desktop can be arduous. IT administrators should fully test apps from multiple accounts and scenarios to ensure full functionality. For example, some applications pull user data from the AppData folder, and if this folder is redirected, users may experience latency for certain application activities. Just because an application performs perfectly for some tasks, it doesn't mean that the architecture is without flaws.
How to support an Azure Virtual Desktop environment
Azure Virtual Desktop provides easier support and troubleshooting options compared to on-premises deployments.
Once IT admins are accustomed to the Azure portal, administering an AVD environment is straightforward. Tasks such as creating images and profile containers are easy to handle. There are wizards to guide admins through processes such as creating host pools, application groups and workspaces, and Microsoft provides excellent documentation and technical support.
Rather than relying on Windows Event Viewer and other basic tools, Azure provides monitoring and troubleshooting tools such as Log Analytics and Azure Monitor. In particular, Azure's Monitoring Insights provides a detailed view of diagnostics, performance, utilization, alerts and more.
As with all Azure services, Microsoft is continuously updating features and functionality. For example, in November 2021, Microsoft released autoscale into public preview, which allows IT to automate stopping and starting session hosts based on a set schedule. An organization that is largely shutting down at the end of the year may wish to curtail Azure for cost savings.
Additional Azure services may be necessary during or after the initial deployment to address user and system requirements appropriately. This could include upgraded licensing, more effective virtual machines, additional storage and ExpressRoute connections. Further, Microsoft Consulting is available to address complex new requirements and projects.
In addition, third-party products and services may be necessary to address business and technical needs beyond what Microsoft provides within Azure. While Azure does provide a plethora of tools and resources, third-party vendors may have niche offerings that provide better functionality for some organizations.
For example, where IT departments need detailed monitoring to support a large AVD user base, a third-party tool such as ControlUp or EG Innovations may allow admins to quickly pinpoint user and system issues in a way that the native AVD tools don't support. These third-party options may also provide detailed reports beyond the native AVD options.