Looking for an overview of Windows Virtual Desktop? Take a look at the following YouTube video by Microsoft Mechanics or the overview docs. For this post well be diving straight into the configuration!
Before we get started, youre going to need the following:
- Azure AD
- Syncing with AD via Connect or AAD DS
- An Azure subscription
- With a virtual network containing or connected to an AD server
- Windows 10 Enterprise licensing [though E3, E5, M365 E3/E5] or licensing for the OS you are looking to deploy [Win7 and Server also supported]
The reason AD is required is because WVD machines must be domain or hybrid joined. Theres also a list of url requirements which you can find here.
Allow Windows Virtual Desktop to access your Azure AD tenant
Go to: //rdweb.wvd.microsoft.com/ and log in with your Global Admin account. Select Server App and consent to WVD access and provide the Azure AD Tenant ID [Azure AD -> Properties -> Directory ID].
Then, navigate back to //rdweb.wvd.microsoft.com and select Client App, and resubmit the same permissions.
Back in the Azure Portal, open up Azure Active Directory and select Enterprise Applications. Under all applications, youll now see:
Select Windows Virtual Desktop > Users and groups > +Add user. Here, we need a user with Global Admin rights who will create the WVD tenant. They will have the TenantCreator role.
Create the WVD tenant!
This will require PowerShell [Windows PowerShell, not Core], so make sure you have the Az and Microsoft.RDInfra.RDPowerShell modules installed. Once you have those modules installed, run the following commands:
Import-Module -Name Az Import-Module -Name Microsoft.RDInfra.RDPowerShell $brokerurl = "//rdbroker.wvd.microsoft.com" $aadTenantId = "same tenant ID used to consent" $azureSubscriptionId = "subscription for deployment"Then well need to sign-in with the TenantCreator role accoutn:
Add-RdsAccount -DeploymentUrl $brokerurlAnd then we create the tenant:
Add the Azure AD Global Admin and your AD Domain Admin to the WVD RDS Owners Group using the following command:
New-RdsRoleAssignment -SignInName "" -RoleDefinitionName "RDS Contributor" -TenantName "TenantNameFromAbove" -AadTenantId $aadTenantId New-RdsRoleAssignment -SignInName "" -RoleDefinitionName "RDS Contributor" -TenantName "TenantNameFromAbove" -AadTenantId $aadTenantIdGreat!
Now that we have a tenant, we need a Host Pool
In the Azure portal, select Create a Resource and search for Windows Virtual Desktop Provision a host pool.
Select it and press Create. Select the settings youd like to use for your WVD environment.
For this post well be using a Marketing place image. In an upcoming blog post, well describe how to use a managed or custom image.
Important settings: For AD domain join UPN well need an account that has rights to join devices to your Active Directory domain [not required to be synced up to Azure AD]. The virtual network will also need line of site to your domain controller to complete the domain join.
Important settings: for Windows Virtual Desktop details, use the tenant group name and tenant name from the PowerShell output from before. The UPN here should be the TenantCreator role.
Great! That will kick off our host pool creation:
Now youve made your first WVD tenant!
How do I access WVD?
You can use either the mobile clients, Windows 10 client, or go straight to any HTML5 browser: //aka.ms/wvdweb. Once you log in with a user in a host pool, youll see the desktop: