Prerequisites:

This blog is intended for readers who are familiar with Azure and its services.

INTRODUCTION

Virtualization played a key part in transforming our work lives whether in terms of productivity, reliability, connectivity & cost. One such service is Azure Virtual Desktop (AVD) defining desktop and app virtualization service (VDI) that runs on Azure.

NOTE:

Microsoft has transformed Windows Virtual Desktop (WVD) into Azure Virtual Desktop, which is the only virtual desktop infrastructure (VDI) that delivers simplified management, multi-session Windows 10, optimizations for Microsoft 365 Apps for enterprise and support for Remote Desktop Services (RDS) environments. Deploy and scale your Windows desktops and apps on Azure in minutes and get built-in security and compliance features.

Then How AVD is different from WVD?

Microsoft deprecating most of the Windows Virtual Desktop (WVD) services and upgrading most of VDI components with Azure which is AVD.

1. Deprecated Cmdlets (WVD):

• The Microsoft.RDInfra.RDPowershell module is outdated and specific to Windows Virtual Desktop (WVD), which has been superseded by Azure Virtual Desktop (AVD).

• While some cmdlets and features from WVD may still work for a short time, they are no longer being actively maintained, and Microsoft has transitioned to using AVD-specific cmdlets.

2. AVD-Specific Cmdlets:

• Microsoft has introduced the Az.DesktopVirtualization module, which provides the full suite of cmdlets to manage Azure Virtual Desktop (AVD). These cmdlets are modern, actively maintained, and designed to work with the full capabilities of AVD (including host pools, session hosts, application groups, and more).

• The Az.DesktopVirtualization module is built to integrate seamlessly with other Azure services, giving you better flexibility, scalability, and security.

AIM

Setting up Windows Desktops profiles more like DaaS (Desktop as a Service) for my on-prem users as well Entra ID users having same logon configuration within same domain.

Using my Microsoft Entra ID as UPN, I will be setting up AVD environment providing access to each session host to each user respectively ensuring multi session environment is intact.

LAB

My Lab started with creating a Free Azure account. The service which I had setup first is Microsoft Entra ID, for which I wanted to sync my on-prem identities & cloud identities to Entra ID and want to bring them on same page.

In order to achieve this, I used a Microsoft Entra ID tool called Entra ID Connect Tool.

I already had setup identities which are essential to provide during setting up the profiles.

1. Microsoft Entra ID → Hybrid Identity Administrator

2. On-Prem AD → Root Administrator with Enterprise Admin or Schema Admin

I also synced my other domains (Child, Tree Root etc.) as well by bypassing UPN suffixes required for DOMAIN with same DNS.

NOTE:

If requirement is for limited Identities Synchronization, then go with Custom instead of Express Settings.

Enabling Second Option provides more granular level selection for entities (mostly selecting OUs containing security principals).

Challenges #1

I was getting Sync Failure due to below Error,

Using the logs, I figured that there is error due to previously synced domains or Entities.

Diagnosis

Since I had setup Azure AD Connect on another server for which it had synchronization with same Azure Account long time ago.

For this It was best to remove Azure AD Sync completely by removing Entities, be it assigned Roles, Conditional Access etc. one by one and uninstalling the AD Connect services as well.

If these things are complicated, then recommended to take a new Azure Tenant Account with Free trial Subscription.

Challenges #2

After setting up Entra ID with Synchronization setup being successfully deployed with privileged identities connections. I was not seeing my on-prem identities in Entra ID.

Diagnosis

One of them being AD connect ran in Staging Mode. For which my on-prem identities were not syncing with Azure AD accordingly.

Make sure to UNCHECK the Staging Mode in order to sync the on-prem identities.

Usage of Staging Mode:

Staging mode can be used for several scenarios, including:

• High availability.

• Test and deploy new configuration changes.

• Introduce a new server and decommission the old.

Once my Entra ID is setup, I moved next to setup for Azure Virtual Desktop configurations.

To start the configuration of AVD setup, it’s important that below services are deployed to setup fully functional AVD environment.

1. Host Pool

2. Application Groups

3. Workspaces

Host Pool

1. A host pool is a collection of Azure virtual machines that are registered to Azure Virtual Desktop as session hosts. All session host virtual machines in a host pool should be sourced from the same image for a consistent user experience. You control the resources published to users through application groups.

   A host pool can be one of two types:

   • Personal, where each session host is assigned to an individual user. Personal host pools provide dedicated desktops to end-users that optimize environments for performance and data separation.

   • Pooled, where user sessions can be load balanced to any session host in the host pool. There can be multiple different users on a single session host at the same time. Pooled host pools provide a shared remote experience to end-users, which ensures lower costs and greater efficiency.

There are also two management approaches for host pools:

• Session host configuration (preview), where Azure Virtual Desktop manages the lifecycle of session hosts in a host pool for you using a combination of native features.

• Standard, where you manage creating, updating, and scaling session hosts in a host pool.

Application Groups

2. An application group controls access to a full desktop or a logical grouping of applications that are available on session hosts in a single host pool. Users can be assigned to multiple application groups across multiple host pools, which enable you to vary the applications and desktops that users can access.

   When you create an application group, it can be one of two types:

   • Desktop: users access the full Windows desktop from a session host. Available with pooled or personal host pools.

   • RemoteApp: users access individual applications you select and publish to the application group. Available with pooled host pools only.

Workspaces

A workspace is a logical grouping of application groups. Each application group must be associated with a workspace for users to see the desktops and applications published to them. An application group can only be assigned to a single workspace.

I started with configuring a host pool with below parameters:

Basics-

Session Hosts-

I proceeded without adding workspace & many changes in Advanced settings.

Challenges #3

My Host pool deployment was getting failed several times.

Diagnosis

At first, I realized that the issue is with the details I filled such as “UPN join”, “Quota/SKUs as per Location “.

After a long online surfing on various sites & videos related to diagnose this error, It was found that there’s limitation in terms of VM Sizes.

It is always recommended to choose B-series of VM Size for Azure Subscription under Free Trial:

NOTE: It’s also recommended to choose Standard SSD/HDD (mostly lowers specs which covers the quota of Azure Free Subscription).

After successful deployment of AVD pool, with required no of hosts (VMs) created. Needed specific users to be added to host pool to allow access for session hosts by users.

Adding users to host pools natively in Azure Virtual Desktop

To add users to AVD natively through the Azure Portal, go to Azure Virtual Desktop in the Azure Portal. Select the Application Group that is associated with your Host Pool*. On the next pop-up, s*elect “Assignments” then select “Add” at the top left. From there you can add your individual users or user groups to that Host Pool.

• Red Tick – Entra ID Group

• Blue Tick – OnPrem Group

Since AVD in setup, it is essential that users have seamless connectivity to these session host anytime & anywhere.

To fulfill this, I relied on RDS (Remote Desktop Service) service. Downloaded the RDS application and installed it in one of my on-prem server for testing purposes.

We can also access our VDI through browser as well (Workspace URL):

https://client.wvd.microsoft.com/xxx/xxx

NOTE: Ensure internet access is provided to the server with IE Enhanced is turned off.

Challenges #4

Faced this error while setting RDS service in my on-prem server

Diagnosis

Suspended all the process containing “Windows Installer” tasks (as per above snippet attached)

For more info,

Windows 10 : Error 1500 "Another Installation is in Progress you must - Microsoft Community

Once RDS service app is setup, enroll in it by using “Subscribe “or “Subscribe with URL “with users’ id. We get the Desktops & Apps assigned for the particular users either individually or via group.

Once desktop is accessed by entering VM’s credentials (setup during creation of session hosts in AVD), we get a VM accessed remotely.

NOTE: For the lab's sake, I relied on Desktop credentials only.

In real-work environment, a service named FSLogix is configured where same VM profile can be accessed using individual users’ credentials.

RESULT

For multi sessions, I configured the same RDS service in my alternate server following same procedure & logon my RDS Workspace with an alternate user. I got the below concurrent sessions.

REFERENCES

• https://learn.microsoft.com/en-us/azure/virtual-desktop/

• Windows 10 : Error 1500 "Another Installation is in Progress you must - Microsoft Community

• Remote Desktop Services | Microsoft Learn

• What is Microsoft Entra Connect and Connect Health. - Microsoft Entra ID | Microsoft Learn

• https://youtu.be/XhXJY1BUs6E?si=UVj3FQYBau7T9fUO

• https://youtu.be/aPEibGMvxZw?si=1U6QRI5rU-SSYeKY