Complete Guide to Setting up Azure Virtual Desktops
Summary
TLDRThis tutorial walks through setting up Azure Virtual Desktops, detailing the process of creating a resource group, virtual network, and host pool. It explains selecting the right region for resources, configuring a virtual machine with Windows 11, and setting up access control. The guide also covers creating a workspace and configuring RDP access for secure, web-based connections, culminating in a demonstration of accessing the virtual desktop environment.
Takeaways
- π Azure Virtual Desktops allow users to create and manage virtual machines using client operating systems like Windows 10 or 11 within Azure services.
- π To get started, users must navigate to the Azure portal and access the list of all resources, which includes virtual networks, workspaces, and storage accounts.
- π The process of creating a virtual desktop involves several steps, including setting up a resource group, a virtual network, and a host pool.
- π Creating a resource group is essential as it acts as a 'bucket' to organize the various resources needed for the virtual desktop.
- π A virtual network is necessary for the virtual desktop and must be created before setting up the host pool, ensuring all resources are in the same region for proper functionality.
- π» The host pool is a collection of virtual machines that users can access; it's created by specifying a name, location, and other configuration options like pool type and load balancing.
- π₯οΈ Virtual machines within the host pool can be created directly during the setup or added later, with options to customize the VM's name prefix, location, image, and hardware specifications.
- π Security is a consideration, with options to enable public inbound ports for remote access, although this is not recommended due to potential security risks.
- π€ Role assignments are crucial for managing access control, allowing users or administrators to have different levels of access to the virtual desktops.
- π Workspaces are used to organize and deliver applications to users, and they can be associated with one or more application groups for a streamlined user experience.
Q & A
What is Azure Virtual Desktops?
-Azure Virtual Desktops is a service that allows users to create and manage virtual machines running client operating systems like Windows 10 or 11 within Azure services.
Why can't you create a virtual desktop directly in Azure?
-You can't create a virtual desktop directly in Azure because it involves multiple steps similar to setting up a remote desktop application on a Windows Server, including creating a resource group, virtual network, and host pool.
What is the purpose of creating a resource group in Azure?
-A resource group in Azure acts as a container that holds related resources for an application, making it easier to manage and organize them.
Why is it important to place all resources in the same region in Azure?
-Placing all resources in the same region ensures that the services work correctly and efficiently as some Azure services may not function properly if resources are spread across different regions.
What is a virtual network in Azure and why is it needed for Virtual Desktops?
-A virtual network in Azure is a representation of your own network in the cloud, providing logical isolation from other networks. It is needed for Virtual Desktops to provide a secure and dedicated network for the virtual machines.
What is a host pool in the context of Azure Virtual Desktops?
-A host pool in Azure Virtual Desktops is a collection of one or more virtual machines that are configured as a group to provide desktops to users.
What is the difference between a personal and pooled host pool?
-A personal host pool allows a one-to-one mapping between a user and a virtual desktop, while a pooled host pool allows multiple users to access a shared set of virtual desktops.
What is the purpose of creating a workspace in Azure Virtual Desktops?
-A workspace in Azure Virtual Desktops is used to organize and publish applications to users, providing a centralized location for users to access their virtual desktops and applications.
How can users access their Azure Virtual Desktop sessions?
-Users can access their Azure Virtual Desktop sessions through a web browser or a remote desktop client, depending on the configuration and security settings.
What is the significance of assigning role-based access control (RBAC) in Azure Virtual Desktops?
-Assigning RBAC in Azure Virtual Desktops allows for fine-grained control over who has access to resources and what actions they can perform, enhancing security and management.
Outlines
π» Setting Up Azure Virtual Desktops
The paragraph introduces the process of setting up Azure Virtual Desktops, which involves adding virtual machines using client operating systems like Windows 10 or 11 within Azure services. The user navigates to the Azure portal and plans to create a virtual desktop, acknowledging that it's a multi-step process akin to setting up a remote desktop application on a Windows Server. The user outlines the necessary steps, such as creating a resource group, a virtual network, and a host pool, and begins by creating a resource group within the Azure portal. The importance of placing all resources in the same region for proper functionality is emphasized. The user then proceeds to create a resource group named 'virtual desktop-Dash group' in the US West region.
π Creating a Virtual Network for Azure Virtual Desktops
This section details the creation of a virtual network, which is a crucial component for Azure Virtual Desktops. The user explains that while the virtual desktop pool could be created with all the components within it, doing so separately provides clarity on each component's function. The user creates a virtual network named 'virtual desktop-Dash Network' and selects an IP address and subnet provided by default. The explanation covers the address space and subnet concepts, highlighting how multiple subnets can fit within an address space. The user completes the creation of the virtual network and moves on to the next step, which is creating the host pool.
π οΈ Configuring the Host Pool for Virtual Desktops
The host pool configuration is the focus of this paragraph. The user explains that a host pool is necessary before creating virtual desktops and guides through the creation process within the Azure portal. The user selects the 'virtual desktop group' resource group and names the pool 'jump in.' The location is chosen to match previous selections for consistency. The paragraph covers various options such as the validation environment, preferred app group type, pool type, load balancing method, and maximum users per session. The user decides to create a virtual machine within the host pool, setting the name prefix, location, security type, and image. The user also configures the virtual machine's resources, such as vCPUs and RAM, and chooses the virtual network previously created. The paragraph concludes with the user setting up access methods for the virtual desktop, opting for a web browser access over a public IP for security reasons.
π Assigning Permissions and Access to Virtual Desktops
In this paragraph, the user discusses assigning permissions and setting up access control for the virtual desktop. The user navigates to the host pool, assigns an application group, and adds a user account to access the virtual desktop. The user then sets up role assignments for both a standard user and an administrator, explaining the difference between the two access levels. The user also creates a workspace, which is used to organize and deliver applications to users. The workspace is configured with a name and friendly name, and the user assigns an application group to it. The user then sets up RDP access, ensuring that the virtual desktop can be accessed through a web browser. The paragraph concludes with the user demonstrating how to connect to the virtual desktop using a provided URL, showcasing the login process and the desktop environment once accessed.
Mindmap
Keywords
π‘Azure Virtual Desktops
π‘Resource Group
π‘Virtual Network
π‘Host Pool
π‘Session
π‘Role Assignment
π‘Active Directory
π‘Remote Desktop Protocol (RDP)
π‘Virtual Machine (VM)
π‘Workspace
π‘Load Balancing
Highlights
Introduction to Azure Virtual Desktops and the process of adding Virtual Machines using client operating systems like Windows 10 or 11.
Accessing the Azure portal and navigating to the 'All resources' section to view available services.
The necessity of creating a virtual desktop through a multi-step process akin to setting up a remote desktop application on a Windows Server.
Creating a resource group as a prerequisite for organizing the various resources needed for the virtual desktop.
The importance of placing all resources in the same region to ensure proper functionality.
The process of creating a virtual network and its integration with the resource group.
Explanation of IP addressing and subnetting within the virtual network.
The distinction between a personal and pooled host pool and the choice between breadth-first and depth-first load balancing.
The option to create a virtual machine during the host pool creation or to do it later.
Customization of virtual machines, including naming, location, security type, and image selection.
The allocation of resources such as vCPUs and RAM to virtual machines and the consideration of costs.
The selection of a virtual network for the virtual machines and the option to enable public inbound ports.
The process of assigning permissions to access the virtual desktop and setting up role assignments for user and administrator access.
The creation of a workspace to manage and deliver applications to users.
The configuration of RDP access for secure connection to the virtual desktop without using a public IP address.
The final step of accessing the virtual desktop through a web browser and the ability to connect to Azure Active Directory resources.
Comparison of Azure Virtual Desktops to Windows Server remote desktop application mode, highlighting the configurability in the Azure cloud.
Transcripts
Azure virtual desktops are a way that we
can add in Virtual machines using client
operating systems like Windows 10 or 11
inside Azure services so I'm logged into
portal.azure.com and I'm going to go to
where it says all resources just so you
can see a list of all the resources I
have there's all different kinds of
things in here virtual networks
workspace storage accounts things like
that what I want to do is I want to
create a virtual desktop but I can't
just create it directly it's almost like
creating a remote desktop application
set up on a Windows Server there's a lot
of steps you have to do before you get
to that point so let's take a look at
the different steps and get started
here's a list of assignments that we're
going to need to do such as creating the
resource Group create a virtual Network
create a host pool Etc
let's start by creating the resource
Group
I'm back at portal.azure.com and if you
don't see the resource Group in your
list just go ahead and type in Resource
Group in the search box and then it'll
show up and you can go ahead and add one
so I'll click on resource groups this is
also assuming that you already have an
Azure subscription if you don't have one
yet you'll need to log in the first time
create an account and add in your credit
card and then you'll be able to add in
your subscription so assuming that that
part is already done let's go ahead and
continue on
you can see I've already got multiple
resource groups the reason we need to
create a resource Group is because this
is like a bucket we're going to need to
create a lot of other things but we have
to put it in something and a bucket is
the best place to put it and in this
case that bucket is called a resource
Group you can see I already have my
subscription now I need to create the
resource Group name
and I'll call this the virtual desktop
Dash group and this next part is really
important because if you don't put all
of your different resources the things
we're going to create in the same region
then some things may not work right so
I'll choose us West
and click on next
tags are just something used to create
Organization for billable purposes so I
don't need to worry about that and now
I'll click create
and this doesn't take very long and it's
all done I'm going to go back to home
and back to
my search box and I'll type in the
second thing we need to do which is to
create a virtual Network
and I'll click on Virtual Networks
now one of the interesting things about
doing all this is I can do this within
creating the virtual desktop pool
however if I do it all there you may not
understand exactly all the different
pieces and what they do so just for
teaching purposes I'm going to go ahead
and do this outside of the pool and then
add them into the pool once we're done
so that'll make a lot more sense at that
time so I've already created the
resource Group now I can tie that to
my virtual Network by selecting it here
and now I'll give this a name
I'll call it virtual desktop Dash
Network now I'll choose the IP address
by default it's going to pick a 10 dot
address maybe something you haven't used
before so I'm going to choose the subnet
that it's picked for me which is 10.4
I'm perfectly fine with that you can see
that it creates an address space which
is going to be 10400 16 which gives you
65 000 addresses but then it adds a
subnet so the difference between the two
are that you can put a lot of different
subnets inside your address space and
it's picking a slash 24 which gives you
254 addresses it's just the way that
Azure does it so I'm going to go ahead
and choose this default subnet that it's
created along with the address space at
the top so if I wanted to I could create
additional subnets that would be
10.4.1.010.4.2.0 and they would all
nicely fit inside this 10400 slash 16
address space if I chose to do so and I
don't really need to do that so I'll go
ahead and click next
I don't need to make any other changes
so I'll just click next and I'll go
ahead and choose to create
and this doesn't take very long to
create
and that has been created I can go to
the resource and take a look at the
different properties but I need to get
on to the next step
so we've created our Resource Group
we've created a virtual Network and now
it's time to create the host pool
I'm going to go back to home
and I'm going to type in either Azure
virtual desktop or if you see the icon
there you can just go ahead and click on
it so once again you can click on the
search box if you'd like
now before I can create a virtual
desktop as I mentioned before I have to
create a host pool so I'll click on the
create a host pool and then from there I
can create my desktops once again my
Azure subscription the resource Group
will choose virtual desktop group
the pool name I'll call it
jump in
and the location you can see it
defaulted to something other than what I
was using before so I want to make sure
that I go down and choose the exact same
one I chose last time
now you have the validation environment
the validation environment just
basically allows you to test things out
before you apply them to production but
I'm going to go ahead and keep it as no
so we can keep moving forward then you
have the option for the preferred app
Group type you see you have the desktop
and you have the remote app
remote app allows you to deliver
applications remotely and desktop is
going to be where you just allow those
installations to happen locally I'm just
going to leave it a desktop and then
when it comes to the pool type
personal will allow a one-to-one
selection between the user and the
virtual desktop and pooled allows you to
create a group of people that can access
those desktops so I'm going to choose
the pooled option in this case just as
an example but you can do it either way
breadth first versus depth first breath
to First is going to be a way of load
balancing so we can do load balancing
where we allow a certain amount of
virtual desktops to log in before we
create another one or we can have
multiple different people log in and
then we create the other one later on so
I'm just going to choose the breadth
first and then the maximum number of
users per session you can put whatever
it is you'd like I'll just choose two
but you can choose as many that works
for you and it's a good idea to test
those out now the next thing I can do is
I can create a virtual machine right
here or I can choose no and do it later
I'll go ahead and choose yes to add this
virtual machine now the name prefix that
is going to be whatever your hosts start
with as a name so for instance if I call
this one jump in
then what's going to happen is the first
virtual desktop is created is going to
be jump in zero then jump in one then
jump in two that kind of thing and once
again I gotta make sure my virtual
machine location is in the same place
every single time
I don't want to add in infrastructure
redundancy although you can do that for
additional charge and you've got the
security type I'll leave that standard
and
here are your images I'm just going to
go ahead and choose a Windows 11.
multi-session although you can add in
with applications already pre-installed
so I'll choose that one and by default
it's going to choose these two vcpus and
eight gigs of RAM but you can go ahead
and change that if you need more or less
based on your cost I'm going to create
just a single virtual desktop but you
may want to choose 5 or 10 or however
many you'd like of course you'll be
charged per desktop to do that standard
SSD is fine
I don't necessarily need any Diagnostics
separate from what's shown there and
under the virtual Network I want to make
sure that I choose
my virtual desktop Network that I
created earlier
I can also add in public inbound ports
if I'd like and then I can remote into
that virtual desktop
it's not really recommended that we have
public inbound ports because it is a bit
of a security risk but you can do that
I'm going to choose no and the way I'm
going to access this is through a web
browser and it will work just as well as
say a remote desktop client over a
public IP but it'll be a lot more secure
you can also connect to this user remote
desktop if you have a VPN tunnel between
your network and Azure that requires a
lot of extra setup and there is a cost
roughly about five dollars a day from
what Microsoft tells us but that could
vary
under active directory there's no reason
to choose your on-premises active
directory if you've got Azure active
directory set up so I'm going to choose
that I don't need to enroll an InTune
but you may decide you would like to do
that
and I went ahead and added in a local
username and password that's separate
from active directory just in case you
need to log into it locally to fix any
particular problems I don't have an arm
template to add in this is supported by
virtual desktop classic we're going to
be using the newer version so this is
something that you may not even want to
configure I'm going to go on to
workspace I don't need to
and I'll click on advanced
and tags and review and create so I
didn't need to make any other changes
there so now I'll click create now this
portion can take up to about 20 minutes
because it's creating the pool then it's
creating the virtual desktop and it just
takes a lot of time to do this once this
is all set then we can go ahead and
finish up our configuration and start
accessing our virtual desktop
if I go back to our list you can see the
host pool has been created the Azure
virtual desktop's been created next I'm
going to be assigning an active
directory user and setting up Access
Control into that virtual desktop and
you need to add in a role assignment and
add in members as well
these next steps after creating the host
pool and virtual desktop actually go
fairly quickly it's just the host pool
and desktop portion that does take quite
a while to do the resource has been
created I'll click on go to resource
and now you can see that we have a
virtual desktop ready to go there's lots
of other settings I'm just going to
click on the virtual machines for the
virtual desktop and you can see that it
appended that jump in with the dash zero
just as I said that it would
and everything looks the way it should
so I'm going to go back to the host pool
now I need to assign some permission so
I'll click on application groups
and there's the jump in dash application
group now that was automatically created
I didn't create that myself it just
became created when I created the pool
so I'm going to click on assignments
and I'm going to click on ADD
and off to the right hand side you can
add in users or groups
and click select
so now my user account has access to the
dag or desktop application group
although now I'm available to log in
using the pool I need one additional
assignment so I'm going to go back
to home and I'll just go into
my virtual desktop Group which is the
resource Group
so I'm going to go up to access control
click on that
and then I'll click add
and I'll choose add role assignment
and there's lots of different role
assignments this is all part of the
role-based access control that Microsoft
is moving to so I'll type in Virtual
machine
because that ultimately that's exactly
what it is
and I'll click on virtual machine user
login
and I'll click next
and once again I will select members
I'll add in my account and click select
I'll choose review and assign
looks good and now it's added that role
assignment now take a look at all these
different options here you can choose
who has access to this resource you can
also set up deny assignments and create
a custom role as well here's your deny
assignments here you have your roles and
you have your classic administrators
we're not using classic administrators
anymore so we'll continue to move
forward with the latest and greatest
I'm going to do this one more time but
this time I'm going to add in a role
assignment for an administrator to the
virtual desktop
and I'll choose administrator login
click next and basically just do the
same thing
the difference between the two are going
to be whether a user will have complete
Administration over that virtual desktop
or just basic user and if you don't want
them to be adding their own applications
or making any changes then you don't
want them to be part of this
administrator group but in my case I do
I'm gonna go back home once again I'm
done there I'm going to click on Azure
virtual desktop
and now I need to create a workspace so
I'll click on workspaces
and I'll click on create a workspace
and what the workspace does is it
basically allows you to push out
applications off to those users if you
choose to do so but it's going to be
what it is that they see when they log
in so I'm going to choose my virtual
desktop group my subscription
everything's good there now I'm going to
call this workspace name
virtual desktop workspace
and we could have a friendly name as
well
I'll call it workspace one and once
again we have to choose our same
location
so I'll click next
I'm not going to register any
application groups at this time so I'll
click next Advanced tags we don't need
to worry about that review and create
and click create so there really wasn't
a lot of customization there but we need
to have at least one of our workspaces
assigned into our virtual desktop
now I'm going to click on go to that
resource
and I could have assigned an application
group during the creation but I just
wanted to show you these properties so I
can go ahead and add that in separately
so we'll choose
the one
application group already created and
click select
and now that has been added into our
workspace
now there can be multiple application
groups if you need to use those I'm just
going to have the one so now I'm going
to go back home and I'm going to go into
my host pool called jump in
and there's our pool once again
now we need to set up RDP access
although we're not getting in using a
remote desktop protocol over a public IP
address we are doing it over a web
browser so I need to allow that to
happen
so I'm going to paste in the semicolon
Target is aad joined and then colon I
colon one and that just lets any
applications know that this is going to
be an Azure active directory joined
computer so I'm going to paste this in
at the very end
just as you see here and click save
another good reason to do that is
because it also supports a single
sign-on
I'm going to click on overview
and my virtual desktop virtual machines
and everything is available
one of the last things to do is going to
be to copy this URL and
paste it into a web browser and connect
to our virtual desktop
I'm going to open up a new tab
right click and paste it in
and it's loading and there's the virtual
desktop session so I'll click on that
you can choose what you want to access
as far as local resources goes you can
choose whether or not to have it
continued to prompt
and now we're opening it up
it's asking for my username and password
and there it is my session is opening up
for my virtual desktop
now if you have any Azure active
directory resources such as storage that
you'd like to connect to you can do that
as well
and there is my desktop
I of course have access to all the same
menus and any applications that I might
have decided to set up
Azure virtual desktops Works in a
similar way as Windows Server remote
desktop application mode but you can
configure it instead in the Azure cloud
Browse More Related Video
Creating a Azure Cloud Server: A Step-by-Step Tutorial (IaaS)
Configure Proxmox GPU Passthrough (Step-by-Step Tutorial)
Windows Server 2012 r2 Tutorial Tagalog!
How to Configure LAN Segments in VMware Workstation Pro
#03 π» Membuat Project Laravel Baru menggunakan Docker Container
Full Node.js Deployment - NGINX, SSL With Lets Encrypt
5.0 / 5 (0 votes)