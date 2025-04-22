With numerous changes to both Citrix and VMware and the growth of Azure adoption across the enterprise, many organizations are looking toward Azure Virtual Desktop to deliver virtual applications and desktops to their end users.

For IT departments, a transition to AVD can feel daunting, especially for those accustomed to Citrix and VMware's end-user computing division -- now known as Omnissa. However, the simplified management, access to scale and integration with other Microsoft services make AVD a more attractive option.

New administrators should learn what exactly AVD offers and how they can initiate a new environment with this technology.

Why use Azure Virtual Desktop? Azure Virtual Desktop is an Azure service from Microsoft that provides access to virtual apps and desktops. For those who are familiar with the traditional Remote Desktop Services (RDS) features in Windows Server, it is quite similar. But, with AVD, Microsoft provides these roles as a managed multi-tenant service. The only things that admins need to worry about are the VMs or session hosts that host the applications. Figure 1. How the Azure service delivers Azure Virtual Desktop Some compelling benefits come with using this service. Licenses Using AVD also enables customers to use Windows 10 and 11 multisession, reducing the need for Windows Server and RDS client access licenses. The service itself and components are free for customers that have one of the existing licenses assigned to their users: Microsoft 365 E3, E5, A3, A5, F3 and Business Premium.

Windows Enterprise E3 and E5.

Windows Education A3 and A5. This means that organizations don't have to pay for the management components or the underlying OS -- the only additional costs are the hosting of VMs and other Azure services admins might use. Customers can combine this with the autoscaling feature, where the admin can scale the service up and down depending on usage needs. This reduces the cost of the service when organizations scale down. Native Azure services Being a native service means that admins can use all the benefits of Azure to manage the components. More and more organizations are now using infrastructure as code (IaC) and DevOps as they enable admins to deploy services faster with automation. Another benefit is that IT can integrate the service with other services, such as Azure Monitor and Microsoft Sentinel, to provide infrastructure and security monitoring. Security One often-overlooked benefit of AVD is security. While most VDI or desktop-as-a-service tools today have their services directly published to the internet, AVD is a bit different. The back-end machines are never directly accessible from the internet, and all communication is proxied through the AVD gateway service using a reverse TCP tunnel.

Prerequisites for creating a new Azure Virtual Desktop environment Creating an Azure Virtual Desktop environment only requires customers to have an Azure subscription with a virtual network. In most cases, organizations have an existing virtual network topology with a centralized firewall using Microsoft reference architecture or a hub-and-spoke topology. If AVD is deployed as part of an existing network topology, admins should ensure that the firewall is configured to allow the traffic listed in Microsoft's documentation. Organizations that want to provide the best possible experience for their users need a feature called Remote Desktop Protocol Shortpath.



Shortpath uses User Datagram Protocol transport instead of TCP and provides much higher-bandwidth and lower-latency connections. It is enabled by default, and it requires the correct firewall openings to be in place. Admins must ensure that they have opened up for Azure Communication Services. Also, make sure that the necessary licenses are assigned to the users who need the service and that those users are in the Entra ID tenant. This is required regardless of whether the environment uses domain-joined or Entra ID-joined machines. Additionally, IT needs an AVD workspace, which deploys the customer-managed services for the tenant. Then, deploy a host pool, which functions as a logical container to deploy session hosts. Host pools group together multiple VMs that have the same set of configuration and applications installed. For example, an organization might have two large corporate applications that need to be installed on different machines. In that case, it needs two host pools. One host pool consists of VMs that have one of the corporate applications installed, and another host pool is for the second application.



IT can host the session hosts by either using a native image from Microsoft or using a custom golden image. Secondly, these machines can either be joined to Active Directory and become domain-joined or they can be joined directly to Entra ID. IT must verify that the virtual network has network access to the domain controllers to use the domain-joined method. For Entra ID-joined, the only requirement is internet access. Once IT has deployed the VMs and installed the AVD agent, admins can assign them to users with assignment groups. This is where IT professionals can assign host pools to either Entra ID users or Entra ID groups. At its core, AVD is just an agent that admins install on the OS, which is then responsible for communicating with the central Microsoft services.