1. Home
  2. Training Library
  3. Microsoft Azure
  4. Courses
  5. Implementing Networking for Azure Virtual Desktop

Network Connectivity

Network Connectivity

The most fundamental component of any cloud solution is the network. It is networking that will provide connectivity and security to your applications and solutions. This is most critical with an internet-accessible solution like Azure Virtual Desktop, so we need to properly build it and secure it.

In this course, we will help you design your Azure Virtual Desktop network components so you can not only gain insight into those Azure services but also understand how they integrate and relate to the Azure Virtual Desktop service and help you to pass the Azure Virtual Desktop Specialty exam.

Learning Objectives

  • Understand Azure virtual desktop networking requirements
  • Recommend the correct solution for network connectivity
  • Implement your Azure Virtual Desktop networking solution
  • Manage connectivity to the internet and on-premises networks
  • Implement and manage network security
  • Manage Azure Virtual Desktop session hosts using the Azure bastion service
  • Monitor and troubleshoot network connectivity

Intended Audience

  • Azure administrators with subject matter expertise in planning, delivering, and managing virtual desktop experiences and remote apps, for any device, on Azure
  • Anyone looking to learn more about Azure Virtual Desktop


To get the most out of this course, you should have knowledge of the following:

  • Azure networking
  • Network security 
  • Network monitoring and troubleshooting

There's a lot that goes into a network for any application, but with a virtual desktop there's a lot of details to think through, so let's take this one step at a time. The key to setting up the best network solution for a service like Azure Virtual Desktop is to remember that the laws of physics don't change. You should always keep all of your resources as close to each other as possible. This keeps latency as low as possible. Also, the shortest distance between any two points is a straight line. So the fewest number of hops in your connections will be the most performant ones.

In Azure Virtual Desktop, connectivity is established using something called reverse connect. This allows your AVD clients to connect over the public internet to the AVD service securely using TCP port 443, without the need of public IP addresses. This starts with your client authenticating to Azure Active Directory, which means you get to use all of the benefits of Azure AD Authentication, like named locations, conditional access, and multifactor authentication.

Once your sign-in is complete, you'll receive an Azure AD authentication token. Now that you're authenticated, the token will pass to the AVD service web access role, which will then present to you with a list of remote applications and desktops that you've been allowed to use. When you click on one of those icons to open that app or desktop, your token will be presented to the AVD gateway, which will make a certificate for you. And this'll be installed onto your client. The gateway service will also contact your AVD host pool and find a session host that is currently available. The gateway will then start a new outbound session from the session host back through the gateway to your client. With the connectivity finally established, you will log onto your Windows session, launching your remote application or desktop and you can get to work. So that's how Azure Virtual Desktop works. What about the clients?

About the Author

Dean Cefola is a Principal Azure Engineer at Microsoft and has worked in the IT industry for over 20 years. Dean has been supporting Azure Virtual Desktop from the beginning and is the Microsoft FastTrack Global Leader for AVD.