Part 4

Part 4 | Step-by-Step Guide to Windows Virtual Desktop Fall 2019 Release

Share this post:
This content applies to the Fall 2019 release of Windows Virtual Desktop from Microsoft. The Spring 2020 update is still in public preview and is not currently recommended for production workloads according to Microsoft

Part 4 | Create a Host Pool

In Part 1 of this series, I gave you an overview of Windows Virtual Desktop. In Part 2, you created a WVD tenant. In Part 3, you created a service principal and a role assignment for the service principal. Now you will use the Azure Marketplace to provision a host pool. Host pools contain the virtual machines that users connect to in your WVD tenant.

Provision a new host pool

Start by signing in to your Azure Portal. Then, in the search bar at the top, type Windows Virtual Desktop. Be sure to select Windows Virtual Desktop – Provision a host pool from Marketplace. Windows Virtual Desktop under Services is used with the Windows Virtual Desktop Spring 2020 update, which I will cover in future posts.

This will take you to an overview of Windows Virtual Desktop. Click Create to begin provisioning your host pool.

The host pool provisioning wizard is organized into pages, or tabs. There are four tabs: Basics, Configure virtual machines, Virtual machine settings and Windows Virtual Desktop information.

Basics

On the Basics tab:

1. Subscription

Select your subscription from the list.

2. Resource group

Select an existing resource group, or select Create new and provide a unique name.

If you are trying to select an existing resource group an it is not in the list, you might need to change the region first in the next field, and then try to select the resource group again.

3. Region

Select a region from the dropdown list.

4. Host pool name

Enter a name for your host pool. This name must be unique.

5. Desktop type

If you select Personal, each user will be permanently assigned to a virtual machine.

If you select Pooled, you will be able to take advantage of Windows 10 multi-session, and have multiple users per VM.

6. Default desktop users

Enter a comma-separated list of UPNs of the users you want to grant access to Windows Virtual Desktop.

The users you list here will be added to the Desktop Application Group, and have access to the full Windows 10 desktop.

You can add users later as well, using PowerShell. I like to add a single user here, for testing, and add additional users later.

If you want to test your deployment at the end of this post, add at least one licensed user. Remember the license requirements from Part 1?

7. Service metadata location

Choose the same location as the virtual network that has connectivity to your Active Directory domain controller.

8. Select Next: Configure virtual machines

 

Configure virtual machines

On the Configure virtual machines tab:

    1. Create an Availability Set

      Availability Sets ensure that the VMs are distributed across multiple, isolated hardware nodes in a cluster, providing high availablilty.

    2. Usage Profile

      The usage profile determines the number of users per vCPU. The choices are Light (6), Medium (4), Heavy (2) and Custom. Choose custom to create a specific number of VMs.

    3. Total users

      The total number of users, combined with the usage profile and the VM size will determine how many VMs are created in your host pool.
      Number of VMs = TotalUsers / (UsageProfileNumber * #ofvCPUs)
      If you choose Light (6), and enter a total number of users of 50, and pick a VM size that has 4 vCPUs, you will create 3 VMs in your host pool. Each VM has 4 vCPUs and each vCPU can support 6 users, that’s 24 users per VM. Two VMs would cover 48 users, you’ll need 3 VMs for 50 users.

    4. Virtual machine size

      Here you will see the number of VMs that will be created, based on your selections above, and the default VM size.
      You can accept the default size, or select Change size to select a different size VM.

    5. Virtual machine name prefix

      VMs will be named by adding a dash and an incrementing number to the prefix you specify. (Prefix-1, Prefix-2,…)

 

6. Select Next: Virtual machine settings

Virtual machine settings

On the Virtual machine settings tab:

  1. Image source

    You can choose Blob storage, Managed image, or Gallery. The information required will be different, depending on what you choose.
    Blob storage will require an image URL that points to a generalized .vhd file in your storage account.
    Managed image will require the name of the Azure managed image to be used as the source OS for the VMs and the name of the existing resource group that contains the Azure managed image.
    Gallery will present a list of available OS images to choose from.

 

 

  1. Disk type

    Choose between Premium SSD, Standard SSD, and Standard HDD

  2. AD domain join UPN

    Enter the UPN and password of an account that has permissions to join the VMs to your domain.
    A local user account with the same user name and password will be created on the VMs in your host pool.
    Ideally, you would use a standard AD user account, that has been delegated the ability to join machines to the domain.
    Do not use an account that has MFA enabled.

  3. Specify domain or OU

    If you select No the suffix of the AD domain join UPN from the previous step will be used as the domain name to join, and the computer accounts for the VMs will be created in your default location in Active Directory. You can move them later, if you need to.
    If you want to specify a different domain, or specify a specific OU to create the computer accounts for the VMs in, select Yes and provide the domain name and/or the distinguished name of the OU.

  4. Virtual network

    Select the virtual network that is connected to your Active Directory domain controller.

  5. vmSubnet

    Select the subnet that the virtual machines will be connected to.

 

 

7. Select Next: Windows Virtual Desktop information

Windows Virtual Desktop information

On the Windows Virtual Desktop information tab:

  1. Windows Virtual Desktop tenant group name

    In most cases, you should leave the default value. This is used to simplify the management of multiple tenants.

  2. Windows Virtual Desktop tenant name

    Enter the name of your Windows Virtual Desktop tenant you created in Part 2.

  3. Windows Virtual Desktop tenant RDS Owner

    Select the type of account to use when creating your host pool. This account must have RDS Owner or RDS Contributor permissions in your Windows Virtual Desktop tenant.
    If you select User account, enter the UPN and password.
    If you created a service principal in Part 3, select Service Principal. Enter the application ID and password for the service principal, and the Azure AD tenant ID.

 

4. Select Next: Review and create

Review and create

When you select Review and create, Azure will run your configuration through a validation check. You should see a green bar across the top, stating that the validation passed. If validation fails, most likely some required information is missing or not valid. Use the Previous button, or click on the tab names at the top and make the appropriate changes.

Once everything looks correct, and validation passes, select Create to start the deployment of your host pool. This will take 20 minutes or longer, depending on how many VMs you are creating.

 

 

You can watch the deployment progress on the next screen. You can navigate away from this screen without interrupting the deployment.

 

 

Once the deployment has completed, you can select Go to resource, and you can see the resources that were deployed. You can select a resource and see details about the resource.

 

 

 

Connect to Windows Virtual Desktop

Time to test it out! There are a couple of ways to connect to Windows Virtual Desktop, depending on the OS you are using. For this test, you will use the web client, which will allow you to connect from any OS, all you need is an HTML5-capable browser.

Open your browser and navigate to https://rdweb.wvd.microsoft.com/webclient, and authenticate using the account you added to the Default desktop users when deploying the host pool.

 

 

 

Once authenticated, on the All Resources tab, you should see your tenant listed, with an icon representing the host pool.

 

 

Click the icon to connect. In the RDP prompt for access to local resources, make any changes necessary, and select Allow

 

 

You will then be prompted to Enter your credentials. Enter the user’s credentials again. This is to authenticate to the VM, where the prior authentication was to the WVD tenant. SSO is in the works.

 

 

Congratulations, you are now connected to a Windows Virtual Desktop!

 

 

If you chose the Windows 10 Enterprise multi-session with Office 365 ProPlus, you will notice that Office is already installed. How easy was that?

What’s Next?

Now that you have Windows Virtual Desktop up and running, your next task is to determine what users need access, and what they need access to. For full desktop access, you can add additional users to the Desktop Application Group using PowerShell. If you want to limit access to specific applications, you will need to create RemoteApp groups and grant access to them. I will show you how to do both in Part 5, Manage App Groups.

 

2 thoughts on “Part 4 | Step-by-Step Guide to Windows Virtual Desktop Fall 2019 Release”

  1. Hi Mike,
    Thank you for the very clear step by step instructions. I have two questions.
    1) It looks like only the 64-bit version of Office is installed. Is there a way to have it use the 32-bit version?
    2) We use a strict Conditional Access policy that uses Named Locations with Trusted IP’s. When i try to open office or Teams or any of our SaaS based solutions I am getting prompted for MFA. Do you know if there is a way to add the VDI to the Trusted IP range? It seems that traffic goes out through Azure and not over our VPN Tunnel to access those sites/services.

    Thank You,
    Damon

    1. Hi Damon,

      You’re welcome, I’m glad you are finding the articles useful!

      Unfortunately, all of the Marketplace images include the 64-bit version of the Office apps. If you want the 32-bit version, you will need to create an Azure managed image. Then you would select this image as the image source on the Virtual machine settings tab when provisioning your host pool.

      I’m not sure about the issue with your conditional access policies. The only information I was able to find was here: https://www.microsoft.com/en-us/download/details.aspx?id=56519

      If you download that JSON file and search for “windowsvirtualdesktop” you will see a list of public IPs used by WVD. I’m not sure if that will solve your problem.

      Let me know if it does, or we can look for another solution.

Leave a Reply

Your email address will not be published. Required fields are marked *