Already a few weeks past since the global outbreak of the Corona Virus and already a lot of employees are working from home to decrease the number of new infections. To work efficiently, especially if Microsoft Teams alone is not a feasible solution for your business, I´ve started this article series about Windows Virtual Desktop – Microsoft´s Desktop-as-a-Service (DaaS) solution, where I would like to present you features / best practices in a short article every week!
Today I´m gonna reflect from my perspective the easiest way of deploying a Host Pool on Azure by using the administrative UI and explain how you can deploy this Management UI into your tenant. The general way how to deploy a Host Pool via Azure´s marketplace can be reviewed on the official Technet article: https://docs.microsoft.com/en-us/azure/virtual-desktop/create-host-pools-powershell
Step 1: The prerequisites
When Microsoft released WVD in preview last year, there was at the beginning only one possibility to deploy Host Pools. This had to be done via PowerShell.
As the administrative effort was too high for administrators without basic knowledge in PowerShell, Microsoft release a Management User Interface called “MSFT-WVD-SAAS-UX Environment“, which can be deployed via GitHub to your tenant. Important to say at this position is, that as the tool requires consent to interact with WVD it´s not supported for B2B scenarios anymore. This requires every Azure Active Directory tenant subscription to have it´s own management tool deployed.
To roll out this tool the prerequisites are straight forward:
- Account with Multi-Factor Authentication (MFA) disbaled
- Permission to create resources in the Azure subscription
- Permission to create new Azure applications.
Step 2: Rollout of the Management User Interface
As mentioned before, the first step is to deploy the Management interface via the above referenced link to GitHub, or by just clicking here.
Click on “Deploy to Azure”, which redirects you to the login page of Microsoft´s Online Services and redirects you to a new template based deployment. Here you have to define the resource group in your tenant where the application shall be deployed. Afterwards you can select if you want to you a Service Principal or a UPN of a priveleged user to deploy the application. In my simple scenario I will deploy this via the UPN of an Administrator which fulfils the prerequisites mentioned above. The next point to fill out is the Application Name. This name should be unique and will be the name of your application in Azure. Based on that name the URL will be generated to grant access to your application. When you´ve finished complete the deployment by clicking on “I agree to the terms and conditions stated above” and “Purchase”.
After the successful deployment, three resources will be created in the Resource Group specified.
The name of my application will also be used for the access to my management tool. This can also be retrieved by clicking on the app service e.g. KCLD-WVD (my example).
Once you click on the link, the Microsoft Login page appears again and requires you to login until you finally arrive in the new management console.
Step 3: Deploy the first Host Pool
Now we´re going to deploy the first Host Pool in our environment. In this article I´m going to focus on the deployment itself via the Management Tool. For some of you, the usage of PowerShell is more common, for this reason I will share my WVD PowerShell Cheat Sheet during the next week, but to get started we need to use the PowerShell to create a WVD tenant first.
To do so install the Windows Virtual Desktop PowerShell Module here.
Afterwards start the PowerShell and login to your Windows Virtual Desktop platform by typing:
Add-RdsAccount -DeploymentUrl "https://rdbroker.wvd.microsoft.com"
The login window will appear and asks you to sign in. To create the new tenant it´s important that you have your Azure Subscription ID and Azure AD (AAD) tenant ID ready. Execute the following command to name and create your first tenant.
New-RdsTenant -Name WVD-HighEnd -AadTenantId %TenantID% -AzureSubscriptionId %AzureSubscriptionID%
The values -AADTenantID and -AzureSubscriptionID must be filled out with your values. When the command completes successfully you can review your configuration by typing:
Alternatively the recently created tenant should appear in the Management UI, which has been rolled out earlier. This could look similar to this (I´ve cut the Azure AD Tenant ID):
Here you can see the configured values for our first Tenant which will host the “Host Pools” to provide to our end users.
By clicking on “Host Pools” in the middle of the window in our tenant, we can continue to create our first Host Pool with the name “WVD-HP01”.
By clicking on “Create a Host Pool” a side window opens which let you fill out the information for your first Host Pool. Have a look at my configuration. When you´ve finished continue by clicking on “Next” in the right lower corner.
Now you can choose if you want to create a Host Pool, to let multiple users work on one or more machines (pooled mode) or to create a personal desktop for your end users (personal mode). As we want to achieve that we consolidate resources with WVD, we select the pooled option and choose, how many users should be allowed to work on one machine. In my example this will be 5 (but attention!!! it requires to have enough resources available when you deploy the Virtual Machine image – otherwise your users wish to stay on-premises), click on “Done” to complete the creation.
The result is that we can see our recently created Host Pool in the middle of the Management UI.
Last but not least, you have the possibility via this GUI, which is comparable to the Windows Admin Center, to define the settings for your Host Pool in depth. To do so, select the Checkbox of the Host Pool you want to modify and click “Edit” in the upper menu bar of the middle screen to modify settings like the load balancer type, the session limit or different properties for RDP sessions to this Host Pool.
Step 4: Grant access to your Host Pool
Before we start assigning virtual desktops to that Host Pool, we need to define the users which are privileged to access these resources in the future. To do so, we click on our recently created Host Pool in the management portal, which redirects us to the general overview page.
To grant access we need to change the view by clicking on “App Groups”. This view will present us the default “Desktop Application Group” defined by Azure.
Important notice. If you´ve created this Host Pool for test purposes and you want to get rid of it, you MUST delete the Application Groups first!
To finally add users, you have two possibilities:
- Create a new App Group
- Modify the default App Group
This is up to you, but I prefer to create new App Groups to know to which user I grant access. This can be achieved by clicking on “+ Create a App Group”. Afterwards you can define your preferred name, as well as you are able to select to which resources you want to provide access (this can´t be changed afterwards and requires the recreation of the App Group – You need to delete existing Desktop groups first, otherwise the Management UI will drop an error). Click on “Save” if the settings fit for you.
By highlighting the recently created Group and having a look in the lower middle screen, we can see two tabs – Summary and Users. To assign users we need to click on “Users”.
By clicking the “+ Add User” button we can start adding our users. Some of you might ask yourself, isn´t it possible to add complete security groups? The answer: Not yet! There are some scripts available which can be run by an automated task to export users from security groups and import them into the App Group.
In this article I´ve presented you the easiest way – from my opinion – how to create and manage Host Pools in Windows Virtual Desktop. I´m sure that some of you prefer the PowerShell, because you´re more used to it and to be honest, I prefer it too. But to provide an introduction into the easy management for a normal Administrator I´ve preferred to highlight the graphical user interface. During the next week I will share my personal WVD Cheat Sheet, which shows you the management via PowerShell, so that we can have a look in the deployment of our desktop in the next article.
Thank you very much for reading! Stay safe and healthy!