In the next coming blogs we wil get a complete setup guide and which steps to take to get Azure Virtual Desktop running in your Azure subscription.
Azure Virtual Desktop (AVD) stands out as a powerful solution for delivering virtualised desktops and applications. Setting up AVD within an Azure Landing Zone with its dedicated subscription ensures optimal governance, security, and scalability.
In this guide, we’ll walk through the process of configuring host pools, app groups, and workspaces, followed by the creation of a golden image using Azure Image Builder. Finally, we’ll explore the integration of FSLogix with Azure Files and Cloud Kerberos Retrieval for enhanced user experience and security.
Setting Up Azure Virtual Desktop in an Azure Landing Zone
- Design Azure Landing Zone: Establish a well-architected Azure Landing Zone tailored to your organization’s needs, ensuring compliance, security, and efficiency.
- Create Dedicated Subscription: Allocate a separate Azure subscription for AVD deployment within the Landing Zone to isolate resources and manage costs effectively.
- Configure Networking: Set up Virtual Networks (VNets), subnets, and Network Security Groups (NSGs) to provide secure and isolated connectivity for AVD components.
- Provision Host Pools: Deploy host pools to provide virtual desktops for users, selecting appropriate VM sizes, scaling options, and load-balancing configurations based on workload requirements.
- Define App Groups: Organize applications into logical groups within AVD, assigning access permissions to users or user groups based on roles or departments.
- Create Workspaces: Establish workspaces to provide users with centralised access to virtual desktops and applications, simplifying management and user access.
Creating a Golden Image with Azure Image Builder
- Prepare Base Image: Start with a clean Windows image, ensuring it includes necessary updates, drivers, and prerequisite software.
- Configure Customizations: Install applications and apply security measures required for your organization’s desktop environment using PowerShell scripts.
- Capture Image with Azure Image Builder: Use Azure Image Builder to create a golden image from the customized VM, specifying configurations such as OS version, image type, and distribution settings.
- Schedule Image Builds: Set up recurring image builds to automatically capture and update the golden image with the latest patches and configurations. The best tip in this is, keep it as vanilla as possible. Use DevOps of Github Actions to trigger the build process or the trigger in the ImageBuilder.
Integrating FSLogix with Azure Files and Cloud Kerberos Retrieval
- Set Up Azure Files: Create Azure Files storage to host FSLogix profile containers, ensuring proper permissions and access controls are configured.
- Update FSLogix: Install and configure FSLogix on AVD session hosts, enabling profile containerisation and redirection to Azure Files storage for seamless user profile management.
- Enable Cloud Kerberos Retrieval: Configure Azure Active Directory Domain Services (AAD DS) and AVD to enable Cloud Kerberos Retrieval, facilitating secure authentication to on-premises resources.
- Test and Optimize: Conduct thorough testing to ensure proper functionality and performance of FSLogix profiles with Azure Files and Cloud Kerberos Retrieval, optimizing configurations as needed.
Intune
Use intune to manage your Azure Virtual Desktop. Use scripts and configuration policies to configure user specific settings or machine wide settings.
In the next posts, I will take you by the hand and provide tips and tricks which are learned during my journey. I will show you how to use the ImageBuilder but also which challenges there are with a Windows 11 Multi-Session host where not every intune policy is applied to.
IT Professional on a journey to discover the cloud platforms and become certified and an expert.
A Blog that follows the journey to get to the Cloud.
Azure Local | Azure Bicep | Azure Virtual Desktop | Powershell | Azure Certified | MCSA | Microsoft 365
