Configure User Settings through Group Policies and Endpoint Policies
Start course

An important aspect of any Azure Virtual Desktop (AVD) environment is ensuring you are able to manage the environment and apps in an efficient manner.  This includes managing printers and policies and being able to troubleshoot issues quickly. This in turn gives a much smoother experience to end-users. AVD allows integration with both on-premises and cloud-native services, which allows you to: 

  • Deploy group policies and cloud-managed policies to manage user settings
  • Deploy printers via Azure
  • Configure environment properties
  • Troubleshoot issues

Ensuring settings within the environment are configured correctly is an important factor in giving the end-user a good experience when they are using Azure Virtual Desktop. This course will help you to configure end-user experience settings and allow you to streamline your Azure Virtual Desktop experience.  

Learning Objectives

  • Configure Universal Print
  • Configure user settings through Group Policies and Endpoint Manager policies
  • Configure persistent and non-persistent desktop environments
  • Configure Remote Desktop Protocol (RDP) properties on a host pool
  • Configure session timeout properties
  • Troubleshoot user profile issues
  • Troubleshoot Azure Virtual Desktop clients

Intended Audience

This course is intended for people who:

  • Want to become an Azure Virtual Desktop Specialist
  • Are preparing to take the AZ-140 exam


If you wish to get the most out of this course, you should have a good understanding of Azure administration, but this is not essential.


Welcome to this module on configuring user settings through group policy and endpoint manager policies.  In this module we will cover the following topics:

  • Configuring Azure Virtual Desktop via Group Policy, including a walkthrough demo
  • Configuring Azure Virtual Desktop via Endpoint Manager, including a walkthrough demo

Let’s start this module by looking at configuring AVD via Group Policy.  In order to allow Group Policy to be able to access Azure Virtual Desktop, you need to ensure your session hosts are either Active Directory Domain joined, or Hybrid joined.

You can then deploy group policies the same way you would in an on-premises environment, including being able to configure both computer configuration policies and user configuration policies.  Let’s do a demo configuration of a group policy for Azure Virtual Desktop.

Here we are logged into one of our Azure virtual machines that we are preparing as a golden image for our AVD deployment.  We need to navigate to the local group policy app from the Start menu.  As you can see here we have both Computer and User configuration.  

We will now browse to the Windows settings under Computer configuration, then Security settings then click on the Network List Manager Policies.  We have 4 options here, but we want to choose All networks.  This policy Is going to allow us to control permissions for if users can change the network name, location, or icon from within the session.  We are going to change each option so the user cannot change any of them and click on OK.

Let’s check out some additional settings we can configure via Group Policy.  This time, under computer configuration, let's select administrative templates and then expand network.  Here we have a whole host of settings we can configure, including Background Intelligent Transfer Service (BITS) and DirectAccess Client Experience Settings.  

Let’s select the BITS settings and again we have a whole list of settings we can configure.  For example, if we double click ‘Do not allow the computer to act as a BITS processing server’ if we enable this then the session hosts will no longer cache downloaded files and offer them to its peers.

Let’s now check out the network settings we can configure, specifically the ‘Prohibit use of Internet Connection Sharing on you DNS Domain network’.  By enabling this setting, ICS cannot be enabled or configured by an administrator and the service cannot be run on this session host. We have multiple policies we can configure but this very much depends on your organization’s requirements. Now we have looked at configuring Group policy for Azure Virtual Desktop, let’s look at configuring AVD via Endpoint Manager.

In order to allow Endpoint Manager to be able to access Azure Virtual Desktop, you need to ensure your session hosts are either Azure AD joined, or Hybrid joined.  However, there are some limitations, for example, it is not possible to deploy a configuration policy to configure Wi-Fi settings on a Windows 10 device.  Additionally, Autopilot reset is not currently supported with Endpoint Manager integration.  Another limitation example is that it is not currently possible to remotely wipe an Azure Virtual Desktop session host via Endpoint Manager. 

We will finish this module with a demo of configuring Azure Virtual Desktop via Endpoint Manager.

Here we are logged into the Endpoint Manager portal. Let’s navigate to our session host which is Azure AD enrolled which we can see if currently fully compliant and managed by Intune.  If we click on it we can see we have multiple options we can manage, but if we go back a step we can see the different types of policies and profiles we can configure, including Compliance policies, configuration profiles, and Windows 10 update rings.

If we go back into the device again, we can see the options that are support and not supported as they are greyed out, and if needed, we can obtain information from the left-hand side menu regarding device compliance and configuration.

About the Author

Shabaz Darr is a Senior Infrastructure Specialist at Netcompany based in the UK. He has 15 years plus experience working in the IT industry, 7 of those he has spent working with Microsoft Cloud Technologies in general, with a focus on MEM and IaaS. Shabaz is a Microsoft MVP in Enterprise Mobility with certifications in Azure Administration and Azure Virtual Desktop. During his time working with Microsoft Cloud, Shabaz has helped multiple public and private sector clients in the UK with designing and implementing secure Azure Virtual Desktop environments.