Azure, WVD

Getting up and running with Windows Virtual Desktop

Hey folks, in this post I am going to go over the steps required to get up and running with Windows Virtual Desktop.  I have recently started a new position where I am working with WVD a lot, so I am setting up my own little test environment.  I thought I would document what I have done here just in case it helps somebody else. We will be performing the following tasks:

  1. Grant permissions to Windows Virtual Desktop
  2. Assign Tenant Creator Rights
  3. Create the WVD Tenant
  4. Create the WVD Service Principle
  5. Create the host pool
  6. Publish and Assign Apps

So let’s get cracking!!

Pre-Requisites

To do this you will need:

  • Azure Active Directory Tenant
  • Global Administrator Account within the Azure Active Directory Tenant
  • Azure Subscription

You will also need either a real domain controller with Azure AD Connect syncing with the Azure Active Directory Tenant or Azure Active Directory Domain Services.  I built a domain controller inside Azure to save on costs, but you can also use a domain controller inside your existing environment if you want to. 

Note if you use an existing Domain Controller then you must setup AD Connect into your Azure Active Directory. If you have Office 365 then you will probably already have this anyway.

Grant permissions to Windows Virtual Desktop

Launch the following URL’s to grant permissions to Windows Virtual Desktop Service so it can query your Azure Active Directory. You will need to log in using your Azure Active Directory Global Administrator Account

https://login.microsoftonline.com/{tenant}/adminconsent?client_id=5a0aa725-4958-4b0c-80a9-34562e23f3b7&redirect_uri=https%3A%2F%2Frdweb.wvd.microsoft.com%2FRDWeb%2FConsentCallback

https://login.microsoftonline.com/{tenant}/adminconsent?client_id=fa4345a4-a730-4230-84a8-7d9651b86739&redirect_uri=https%3A%2F%2Frdweb.wvd.microsoft.com%2FRDWeb%2FConsentCallback

image

Assign Tenant Creator Rights

Next log into the Azure Portal and grant the Azure account you are using TenantCreator rights in the Windows Virtual Desktop Application as shown below:

image

Create the WVD Tenant

Now that we have the permissions to create the Tenant, we can move onto the next stage which is to actually create the WVD Tenant.  You will need 3 pieces of information to do this:

  • The name that you want to call the tenant
  • Your Azure Active Directory ID
  • Your Subscription ID

Once you have that you need to download and import the Windows Virtual Desktop PowerShell module by running the following PowerShell commands:

Install-Module –Name Microsoft.RDInfra.RDPowerShell

Import-Module –Name Microsoft.RDInfra.RDInfra.RDPowerShell

image

We can then begin the process of creating the WVD Tenant by using the command:

Add-RDSAccount –DeploymentURL “https://rdbroker.wvd.microsoft.com”.  You will be prompted for your Azure credentials.

Once you have authenticated you can create your Tenant. The command to issue is:

New-RdsTenant -Name <TenantName> -AadTenantId <DirectoryID> -AzureSubscriptionId <SubscriptionID>

image

Create the WVD Service Principle

Now we are ready to create the service principle. The service principal is an identity which is used to automate specific management tasks and is used as credentials when running any ARM templates for WVD (as we will be doing here).  Using a service principal is a much better option than using a Domain Account and is much more secure, so use it if you can.

The commands to setup the service principal are:

Import-Module AzureAD
$aadContext = Connect-AzureAD
$svcPrincipal = New-AzureADApplication -AvailableToOtherTenants $true -DisplayName “Windows Virtual Desktop Svc Principal”
$svcPrincipalCreds = New-AzureADApplicationPasswordCredential -ObjectId $svcPrincipal.ObjectId

image

You will need to note down the values of the svcPrincipalCreds, the aadContext.TenantId and the svcPrincipal.AppId

Now we need to create the Role Assignment so the Service Principle is associated with the RDS Owner role

$myTenantName = “<Windows Virtual Desktop Tenant Name>”
New-RdsRoleAssignment -RoleDefinitionName “RDS Owner” -ApplicationId $svcPrincipal.AppId -TenantName $myTenantName

image

Now we need to sign in using the Service Principal and make sure everything is working fine

image

OK now we can proceed and create our host pool!!

Create the Host Pool

Now we will create the host pool. The Host Pool is the virtual machines from where your applications and desktops will be hosted from.  If you are coming from a Citrix background these are the RDSH Hosts Smile

Head over to the Portal and search for “Windows Virtual Desktop – Provision a host pool”

image

Click the Create Button to begin the process of creating the host pool

image

Now we will need to fill in some details:

  • Resource Group – I would recommend creating a separate Resource Group for WVD Hosts if you can
  • Region – Select the Region that is closest to your users or applications
  • Hostpool Name – Enter a name for your host pool
  • Desktop Type – Select whether you want dedicated desktops per user (Personal) or Pool Desktops (Shared)
  • Desktop Users – You can leave this blank for now and add these later

image

On the next screen we need to configure the VM Configuration.  As this is only my test lab I have created a small VM but you will need to select a size of VM which is applicable to your requirements.  I will be discussing sizing in a separate post.

image

Next we select the following options

  • Image OS Version – Here we can select the version of the OS we want to use. In most cases this will be Windows 10 Enterprise multi-session
  • Disk Type – Select the type of disk you want to use. This will be based on your requirements – Basic HDD, Standard SSD and Premium SSD. All have different IOPS and throughput.
  • AD domain join UPN – This is the Active Directory account which will be used to join your host pool to the domain. This account must be a Domain account (NOT Azure Active Directory Account) and have the required permissions for a domain join
  • Domain or OU – if there is a specific OU you need to join then specify it here
  • Configure virtual networks – Select the Network and subnet that your VMs will be a member of. Note – make sure that the DNS Servers in this network are configured to point to your DNS Servers to allow you to join the VMs to the domain.

image

Next we configure the WVD Details.

  • Tenant Group Name – leave this at the defaults
  • Windows Virtual Desktop Tenant Name – This is the WVD Tenant name we created earlier
  • Windows Virtual Desktop Tenant RDS Owner – Select service principal
  • Enter the details that we retrieved earlier when we created the service principal:
    • Application ID = svcPrincipal.AppId
    • Azure AD Tenant ID = aadContext.TenantId
    • Password = svcPrincipalCreds

image

Click Create and ensure validation is passed. We can now create the host pool. It should take around 10-15 minutes to create the host pool. If everything has worked out OK you should see the following Smile

image

If you head over to your resource group you should see your Host Pool VMs have been created successfully

image

Publish and Assign Apps

OK so now that we have created our tenant and created a host pool its time to publish some apps! In WVD we publish apps into Application Groups. So this could be your different departments, groups of users etc. Use the PowerShell commands below:

New-RdsAppGroup <tenantname> <hostpoolname> <appgroupname> -ResourceType “RemoteApp”

In the example below I have created a new App group called TESTAPPGROUP in the Pool name WVDTESTPOOL3

image

Now we have an app group, we need to populate it with apps. To enumerate the Apps from the Start Menu you run the following PowerShell commands:

Get-RdsStartMenuApp <tenantname> <hostpoolname> <appgroupname>

I have done this below. WVDTESTLAB2 is my Tenant Name, WVDTESTPOOL3 is the Pool we created earlier.

image

Next we want to publish the apps we need. In the example below I published wordpad. Use the AppAlias property which is returned from the Get-RdsStartMenuApp command.

New-RdsRemoteApp <tenantname> <hostpoolname> <appgroupname> -Name <remoteappname> -AppAlias <appalias>

image

Next we need to publish the App Group to a user.  We do this using the Add-RDSAppGroupUser cmdlet. In the example below we published the Test App Group (which we published Wordpad into) to a user.

Add-RdsAppGroupUser <tenantname> <hostpoolname> <appgroupname> -UserPrincipalName <userupn>

image

And that should be our app published successfully!! From here you test it with the HTML5 Client. The URL is https://rdweb.wvd.microsoft.com/webclient/index.html

image

And now we can see and launch the application successfully.

I hope this has been a useful guide for you and if you have any questions or queries please feel free to drop me a message on twitter or leave a comment.

Thanks!!

Leave a Reply

Your email address will not be published. Required fields are marked *