Basic Azure Virtual Desktop (AVD) setup
HTML-код
- Опубликовано: 8 сен 2024
- This is a walk through of a simple Azure Virtual Desktop (AVD) setup connected to Azure AD. You'll see how to create Host Pools, Application Groups and Workspaces as well as connect to the virtual environment using a browser.
Buddy i am seeing this video in 2023 (2) years later and you explain so well for a noob like me! Thank you! - great explanation!
Thank you so much for this video Robert! I had spent several hours reading Microsoft Documentation but was facing some troubles. Following your tutorial, the first implementation was really easy. Very well explained. Congratulations.
Hey Robert, what a great step by step walk through in setting up AVD. Clear and to the point. Made my set up very easy the first time around. Thank you so much.
Thanks Robert... Have setup a couple of test environments. Working well.
Great video. Easy steps to follow. One thing that gave me some problems: When selecting an admin username for your VMs, do not use 'Administrator'. It will show you a green check mark, but the deployment will fail. Anything else will work.
Just did this and we have an Conditional Access MFA policy enabled. Had to add an exclusion to the "Azure Windows VM Sign-In" cloud app to be able to connect. Enjoy and thank you!
Great tutorial no beating around bushes straight to point.. thankyou ....!
Thanks, mate! It was great.👍
Thank you so much Robert. That really helped. There was a couple of crucial steps I was missing that was causing muxh frustration, but your tutorial cleared it right up.
Thanks Robert you've been a great help. I've encountered so much gobbledegook trying to asses whether Azure is for me or not. As a very old engineer I thought "Forget it" stick to pencil and paper, but you've opened up a new field to play in ,Thanks again
Great vid, the auto create in azure for AVD doesn't work, this tutorial worked perfectly! Thanks.
Man thank you so much ! i have to configure an environment like this for my final project and i was completely lost !
Much easier to understand et reproduce now
Solid Foundation in learning Azure Virtual Desktop. The Best.
Great tutorial. Gives you the basic you need to know and is also easy to follow. Thanks Robert!
A very well presented instructional video. The additional explanations and descriptions of whats happening when actions are performed and selections made were super useful and really added to my understanding of this process.
Thanks
Thank you so much! You explained everything quite clearly, and made it very easy to follow.
Thx, very clear, from the beginning to end. Great Work!!!
Best tutorial thus far. I love the explanation.
Great explanation
Man!! This Tutorial is so usefull. Thanks!!
Excellent tutorial. Thank you very much for this.
Great video. The only quarrel I have is when you went to connect via web browser. As a first timer I don't feel like you explained the connection steps well enough. You just started typing a random URL into your web browser without explaining how you got it or why that URL works for your specific environment. Otherwise a terrific video and thank you.
summary at the end was useful very useful.
Great tutorial.
Cool and calm way of explaining it quite easily.
Great video, this was exactly what i was looking for. I quite liked how you set everything up.
Bob you're always the best, thanks for this tutorial.
Great video! Subscribed!
Wonderful video sir ... and really appreciated ... Thanks
a great simple step by step tutorial, thanks!
Best one yet
Very useful, rich content 👌
what an excellent video¡¡¡¡¡, thank you very much for solving one of my problems
great video, however i can't see the txt you're typing in, in RDP properties
Very well explained and great summary...
appreciate this. thanks.
This Video really helped me. Thank you
This was extremely helpful!
handy for resetuping s or creating karaoke tracks. Thanks for the recomndation!
Great explanation!
That was a really great video, Thank you. Was the Windows Desktop an image you made, or was it something that MS provides as a template?
I'm really surprised how many people put up videos READING documentation instead of actually SHOWING what the hell basic users would do. I can see many people finding this helpful in doing their tasks rather than reading through hours of documentation.
Super Helpful 👍
dude tNice tutorials is super good! subbed
thank you!!
Hi I had to add enablerdsaadauth:i:1 to the RDP properties too otherwise it gave me a sign in error - thanks for the vid
For anyone stuck at the DomainJoinedCheck. I logged into the VM with bastion and updated everything. In Azure it under Virtual Machines.
This was super helpful! By any chance do you have a document with these steps? Now that I've gone through it a short written guide would be handy. If not, I'll write one up myself.
Thanks again! Great video, easy to follow and helped me get setup. The only issue I had was error logging in because of MFA, I'll look at the link you supplied to the person below to see how to change to policy based MFA.
No documentation from me sorry. MS docs is probably your best bet
Will it be possible to connect to the desktop from a Chromebook (with ac Chrome Browser)? Thank you for this clear step-by-step video.
Yes it is possible as you just use a browser, any browser.
Hi Robert you have amazing video, from the config of AVD. Is AD DS is in place or you did use just an AAD only?
AAD only. AAD DS introduces complications and limitations and really now a legacy approach
Hi Robert, Thank you for this great video. It is very easy to follow. However, when i tried to use a custom image, I can't connect to the AVDs, does this support custom images? or do i need to follow a different procedure?
Yes but u need to ensure your custom image allows remote RDP sessions.
nice and detailed :)
Hi Robert thank you for the videos they are sure helping me start to understand how AVD’S can be setup. I had one question about storage though. If I setup a pool of machines to use an app that needs a shared location for the data, do I need to do a setup like in your “ Creating a basic Lan in Azure” video? What I mean is do I need to create an additional VM dc and add a disc to it for the data? Then share it to the AVD’S. The app on the AVD’S is older and in an on Prem setup that app has a central spot for the data files. Not sure if there is a way around creating that VM for a DC just for a shared file location. Hope that’s not clear as mud.
Yup, if you want a shared data location you need to configure that on the same Azure VLAN. That could be a server or Azure Files, etc.
@@directorcia thanks Robert I will check azure files and se why that’s about.
Hi Robert, thank you very much for your video.
The JSON file inside the HostPool contains the names of the users who created the infrastructure. What happens if those users are deleted?
Can this compromise the correct functioning of the enabled "autoscale"?
Thank you very much
use a managed service account if needed
Gracias!
Great video BUT I followed step by step, 3 times, and I am still getting "Oops, we couldn't connect to "SessionDesktop"
Sign in failed. Please check your username and password and try again." The only thing I can think of is that am using a 30-day trial with the $200 credit so, maybeeeee, that's an issue? Any thoughts? Either way, you have made a very helpful video and I have subscribed for more. Thank you!
The trial is not the issue. Typically it is something like Conditional Access. Have a look through all the comments here for other ways people have solved this issue for their set up.
Hi Robert , thank you for the video, l have question , on your deployment we deployed 2 VM , how to know on which one l am connected?
It is a pool. You connect to one that is available depending on your config/ If you want to connect to dedicated machine you need a different config. AVD is aimed to pooled machines and allocations made into the pool.
I followed your example, but as a few have sort of mentioned, I have MFA turned on and cannot access it with those accounts. I can access everything with the local admin or an account that does not have MFA, but when I try with an account that has MFA, I get an error that says "Sign in failed. Please check your username and password." I'm using the Azure AD account I assigned to all of the resources.
MFA i have found as an issue during set up. If you set up this environment in your own tenant that already has SSO enable on the workstations it works fine in my experience. You also get challenges with MFA when using Azure AD Domain services or a local DC as well. Best experience for MFA is direct Azure AD joined for everything. The solution lies in what identity solution you are using Azure AD DS, a local DC or Azure AD directly.
THis may help - docs.microsoft.com/en-us/azure/virtual-desktop/set-up-mfa
May also be worthwhile checking whether Conditional Access is restricting access as I have.
Thank you so much.
These threads got me on the right direction, wanted to post what ultimately worked for me - changing from user based MFA to conditional access allowed my main account to access the AVD I setup in this video. My account could not access the AVD, I would give an "incorrect password" error.
Great video! What would the aproximate cost be to run a setup like this?
It is consumption based. You only pay for what you use.
It is consumption based. You only pay for what you use.
The gallery image you selected "win11 + 365 app", does it come with FSLogix ???
if not how do you handle the profiles (office & users) ???
FSLogix is not dependent on VM image. User information is handled with enterprise state roaming and know folder move with ODFB
Will this work with MFA enabled when you set up your AVD connected to Azure AD?
Best bet is to use a non MFA account during set up to avoid issues. After that, MFA works as expected with logins and AVD even supports Windows Hello for Business on local device.
Hi, thank you for the video. Do you know when selecting pooled would each user get a different MAC address of is it the same MAC address for all users? Cheers
I don't know
Thanks for the Video . If possible do you know what sort of permissions do you need to add users or Groups to the Assignment .
I think there is an AVD admin role
I have followed this walk through step by step. However, when I try to connect to the desktop using the url at the end of the video, I get the message "It looks like your system administrator hasn’t set up any resources for {user account} yet. Please choose a different account or try again. If you believe you have received this message in error, please contact your system administrator." I logged in with the same account I added to the workspace etc, but to no avail. I even created a new user account, it lets me log in and change the password at first login, but still get the same message. Is this anything to do with my using the Free trial of Azure?
The trial may have limitations due to the region it is established in. Try logging a support ticket with Azure or contacting Azure Support on Twitter to resolve.
At 17:39, you add targetisaadjoined:i:1 but this text is already in the rdp properties. Do you need to add it twice?
No
Thanks Robert for a great video. If we are doing it for a client who is already on MS 365 (Standard/basic) licensing, can we add this Azure desktop to the tenant? or we start a new seperate subscription?
Also, if there is a third party app involved, Do we give this software provider access to a session to the newly created virtual desktop to do the install of their software? Would this be then available to other users who will connect to this session? Thanks
M365 Business Basic/Standard contain NO AVD licensing.
The third party app can be installed in the base VM image.
This is an amazing video.. But when I log into the web mobile client, I can't use a personal email for outlook. UGHHHH and that email is hooked up to my AZURE. Is there anyway around this?
Not really as you are logging into Azure AD and typically you can only do that with a corporate email. You maybe able to use Azure B2B to add the Outlook account but I doubt it can login to an Azure AD joined machine.
I might just use the Desktop RDP instead.
Cheers Robo, what's the quickest way to stop the desktop / vm charging you overnight when not running? I don't really want to go into the portal every evening when logging off.
Azure automations
@@directorcia do you have a RUclips vid that you recommend. Cheers
@@adamwillis1299 my whole channel
Thanks alot
Thank for the video. Having managed a local network for years, we want to move to Azure but it's a bit confusing. Why do we need a workspace as well as the virtual desktops?
Also how do we know how many AVDs & multiple users a resource pool can handle?
The workspace allows you to target different users and roles. It also allows you to publish virtual machines and/or remote apps to them. As MS says "A workspace is a logical grouping of application groups in Azure Virtual Desktop. Each Azure Virtual Desktop application group must be associated with a workspace for users to see the remote apps and desktops published to them."
@@directorcia thank you, I'm still trying to get my head around that though. Different way of working.
@@gigmix1958 At the end of the day, a 'modern' device doesn't have to be something physical like a Surface PC, it can be a device you access virtually through a browser. That is a handy thing in the age of supply chain constraints. Likewise, if you just want to deploy an application to people without having to buy physical infrastructure then you can use a Remote App. Either way, you need to control who has access to what and that is where a workspace comes in. The great thing with AVD is that it can scale up or down dynamically as you need based on the load. Sooner or later on prem solutions will hit limits.
Thank you!!!!
Thank you. Question: You have already created an admin userID/Password to login to the VM as an admin. Why do we need a VM Admin Login RBAC role in this scenario?
Best when u set up initially
Hi I'm getting an error adding the targetisaadjoined:i:1 in the settings, telling me its incorrect and not allowing me to save it - any ideas on how to fix that?
Ensure it isn't in there already. Don't copy and paste it, type manually. Check spelling.
Great guide. However, I did struggle to login initially until I reset my password. Is this due to Azure ADDS not being aware of my current password? Guessing I had to reset my password for the new Hash to be written? Not 100% sure though?
If you elect to Azure AD DS then the password is only synced from Azure AD when it is reset in Azure AD. This is a limitation of using Azure AD DS rather than pure Azure AD which is now supported. This is outlined in Microsoft's documentation on Azure AD DS.
@@directorcia I realize this is an older video but is Azure AD DS now required by chance? I thought I may have read a few places that it was required. You can use a VM or Azure's AD DS as a service. Would be great if it's not something I have to set up.
@@richarddstephens Azure AD DS is only required if you need to interface to older software that requires things like NTLM and Kerberos. If you all Azure AD then AADS not required.
Hello, is it possible to create host pool with 1 virtual machine and have a max session limit of 10 users
Sure, performance is up to you and you want to config and VM size. However multiple vms provides redundancy
On the last part to create and review the virtual machine it says "Validation failed. Required information is missing or invalid" however it does not tell me what is missing or invalid. How do I fix?
Log a support call with Microsoft I suggest. You can also try and create a stand alone VM to see if you get the same error and can isolate trouble. Typically It has to do with the type of VM you are trying to provision and there maybe many issues with that.
I have followed this walk through step by step. However, when I try to connect to the desktop using the url at the end of the video, I get the message "Privacy settings for managed resources have been preset by your organization. "Loading" is the only thing on the screen besides that with the dots showing its working. Is this anything to do with my using the Free trial of Azure?"
Any ideas?
Seems to me that it is something to do with how your systems have been locked down. You can try another browser, machine, the dedicated app MS provides on the desktop and mobile. Failing all that log a support call with MS or ping Azure Support on Twitter.
We have about 20 virtual servers running various SQL databases and applications. How would that work with AVD? Would I have to move everything to Azure? That would seem to be the best choice from a performance perspective. Otherwise I guess I would have to create a VPN back to my on prem servers. Would the AVD be able to run any windows app I can run on my Windows 10 desktop?
No you don't need to need to move all to Azure. AVD is a desktop focused solution, like RDS on prem. Yes, AVD can run any app especially using the app publishing capability.
Great Video. Stupid question: Will the Azure Virtual Desktops look as "Azure AD Joined" within AAD\Devices ?
Depending on how you set it up = Yes typically
@@directorcia Hmm ok. I will find out. I am following your video with my lab. I am new into Azure. My goal is to create a small network/environment within Azure..Thanks for your quick reply.
Do i need to open a port ? I get this: Oops, we couldn't connect to "SessionDesktop"
Sign in failed. Please check your username and password and try again. That error is after mfa. Thoughts?
@@indigo04r40 No ports need to be opened but check things like Conditional Access policies. Read through comments to find similar discussions
@@indigo04r40 I suggest this is NOT an option for a small environment. Windows 365 Enterprise is a far easier option than this for that.
Hi Robert, Do you have a video explaining the FSLogix configuration for the AVD?
Can I use FSlogix with AAD? or necessarily with AAD DS?
No. There are plenty from MS out there.
@@arochecerocero U can use FSXlogix anywhere to my knowledge
Also, would this be a good fit for Quick books Enterprise and enable multi-user so they can use the same database?
Sure
@@directorcia So funny, I have the exact same situation. To take it a step further, could you provide both users who want to access Quick Books Desktop, access to the "app" itself where they can log in with their QB credentials? I'm very new to VDS so I'm not sure, but I think in the video once they load the URL, could you show an icon to the QB application so they are loading right into the application vs loading the desktop?
@@richarddstephens If you publish an application all they see is the icon for the application, they cannot interact with the remote desktop at all. That app can be published to any desktop or device with internet connectivity. That way it looks like a normal app to the end user, even though it is hosted on AVD.
Can you have 1 VM in the pool with multi-session?
I need to have an application that multiple people use that reference the C:\Data folder that can be accessed via a browser.
Yes but why would you??
@@directorcia Only have 5 users that need to use, therefor trying to keep costs down.
@@em7yn it is designed for pooled use. If u want cheap and cheerful there are far better options.
Hello Rob, are you able to share the RDP Properties-Advanced tab? Thanks in advance.
Can u not just screen shot ruclips.net/video/jMAanEp-ugI/видео.html? I simply added targetisaadjoined:i:1
Great tutorial! Two things if you have a few moments. 1) Created 3 VM's in the host pool (0,1,2) and the 2nd VM has failed the 'DomainJoinedCheck'. Created the pool twice and both times same VM failed. Used same settings for all 3 during setup. 2) Was successful at logging into a web RD session using the original admin account that came up. But when trying a user account, it says login info is incorrect. Used exact email address for the user and even after resetting the password and using the temp one MS created, it still is saying the login info is wrong. Thoughts on these?
Typically need to use accounts without MFA to do domain joins. User needs rights to logon to machine from AVD as well as RDP.
The same thing happened to me. I fixed it by disabling MFA on my account. After that, it let me log in. However, there should be a way to have MFA and access to Azure Virtual Desktop.
@@efrainlongart7412 There is - docs.microsoft.com/en-us/azure/virtual-desktop/set-up-mfa. Per user MFA is not supported as I understand it, you need to use a policy (like CA) to enforce.
@@directorcia Great! I'll try that later. Thanks!
Is Azure AD Domain Services required for this to work or Azure AD is enough? I am starting a company and I do not want any servers on-prem.
Azure AD DS only required if you have legacy apps or requirements
Hi Robert, I have a quick question about this. If we have multiple VMs running in the pool, how could we install the same applications on all of them. Let's say if I wanted to install a SQL server management studio on all the hosts. Is there a way to do this?
You install the app on each VM in pool or you create and use an initial image with that app on the image or you stream the image using Remote Apps from AVD. You could use a policy from say Intune to deploy that app to each VM desktop. AVD VMs are not mirrored, they are unique machines in effect.
@@directorcia Thanks for the clarification Robert! Just like to ask if there is a way to specify a VM to log into if you have multiple vms in the pool? I saw in the video that you created 2 virtual machines, however I wonder if it's possible to specify one to log into?
@@fazedank5262 No, You login to pool and then allocated a free VM sessions from there. Why do you want to login to a specific VM? AVD handles all the gateway and routing. Your identity is also managed across all VMs thanks to the pool. You can set up pools to have dedicated VMs for each user but that is very inefficient use of the resource and you'd be better with Windows Virtual Desktop rather than AVD in that case.
As I said, to get the same apps on VMs use s deployment policy using Intune, Group Policy or the like. Failing that, use a base VM image with the apps required.
@@directorcia Thank you very much for your answer Robert. I think I will try to go for the image creation option. You definitely set me on the right path!
Danke!
This is great. I followed steps and everything worked fine. I restarted the VM and can no longer get in. Oops, we couldn't connect to "SessionDesktop"
Sign in failed. Please check your username and password and try again. Thoughts on how to resolve? No changes other then restarting and shows available in pool.
Typically it is a permissions issue for that user. Try an administrator or create a stand alone VM in same Vnet and try RDP from there without going via AVD.
@@directorcia Thanks for your reply. So it was all working the day before then the next day couldn't connect possibly after a VM restart. I recreated the VM without adding to Intune and it seems to be fine now. Wondering if adding the original VM to Intune caused an overnight policy to be applied that prevented access. I've seen other posts where people have had issues with AVD and Intune. I also had a user with MFA enabled that couldn't connect. Great job on the straightforward video.
@@eits79 If you apply a policy that limits remote desktop access then that could indeed be a problem. I had issues with conditional access, so there could be many reasons given the nature of cloud PC. The more locked down your existing environment the more careful you will need to be.
I followed your steps to a T and repeated this 3 times. I am unable to access the virtual desktop. I'm not sure why. I have done everything you have. Once I go to the website too access the desktops it just keeps loading and the desktops never appear.
Do you have MFA on your logins? If so that will be a blocker. Conditional access can also be a blocker. Failing that, read this or log a support call with MS - docs.microsoft.com/en-us/azure/virtual-desktop/troubleshoot-set-up-overview
@@directorcia I figured it out, there's a new URL for the desktops. Once I used it I was able to see the sessionhost icon
@@443TRELL What is the URL?
@@directorcia The new URL has (/)arm(/) port 443 client(.)wvd(.)microsoft(.)com/arm/webclient/index(.)html
Keep getting "sign in failed". Any ideas?
Check your conditional access rules
Greate video. Thank you for the effort you put in towards setting it up. I have a question, I have set up a pool with 5 machines which I would like members of a specific team in my organization to use and share the software in it. Do you think that it is best to reduce the number of sessions to just 1 but have all 6 users long into a single session or should I leave the sessions as they are? My goal is for the team to share the same desktop application resource. Could you help please?
Appreciate the feedback. You need to figure out whether you want a breadth or width solution (i.e. number of hosts and session on each). That will depend on the resources they require to run their apps. It all comes down to user experience and short changing compute resources will not aid user productivity.
@@directorcia Thanks for your prompt response. So the users all her their workstations but have a need to share access to a Desktop Application. I am only setting this up so they can share access to a single desktop application. Does this make sense?
@@fountainabani6326 Sharing has little to do with it as each user gets their own instance (compute, RAM, disk, etc). You need to work out firstly how much resources the running application requires for a single user instance. Then you multiple that by how many users will be concurrently active in the environment. That total amount of resources will then determine how much compute power you require in total. Then you can decide whether you want breadth or depth in the AVD environment to share the total compute resource between.
targetisaadjoined:i:1 is already in the beginning of the RDP config string
Yup. Doesn’t hurt anything. Small fonts are hard to read.
@@directorcia I followed all the instructions, but I keep getting failure to join the domain.. I am using the "azure active directory" option, but it looks like it worked only once and only for one VM.. any idea?.. Thanks in advance
@@CrusaderGeneral Have you disabled MFA for the join user? also do you have conditional access configured? if so, modify or remove it for those users. You can always log a support ticket with MS to troubleshoot.
the targetisaadjoined:i:1 is not saving, also the link at the end is not showing up anything, did i do something wrong?
Verify the syntax is exactly correct in your environment. Otherwise call MS to help
@@directorcia everythings seems to be fine, but as I get the the link at the end. Normally there would be a circle ontop of the page with the two letters of your name. When I login there, nothing shows up. It takes a long while for it to load.
@@thekrimsonchin6023 it is hard to troubleshoot without seeing the system. Call Microsoft to assist. I suggest it is your security, typically something like conditional access, mfa, or the like. Ensure you have gone through all the other comments here as there are plenty of troubleshooting tips.
Can’t configure a VM. None of the VM’s are available.
Have u a paid subscription of Azure?
excuse me, how to make cursor with yellow
Camtasia screen recording software
What is the pricing for this?
It is based on consumption i.e. how much you use.