Managing Access to Azure Virtual Desktop
The course is part of this learning path
An important aspect of any Azure Virtual Desktop (AVD) environment is ensuring it is accessible and secure to not only meet best practices standards but also meet your organization’s requirements. To get the most out of this cloud-hosted service, it is important to use the correct features and components that make up the AVD environment, which will, in turn, give a much better experience for your users.
AVD allows organizations to set up redundant, scalable, and agile environments that offer the following key capabilities:
- Configure an unlimited number of host pools that can accommodate different workloads within an organization
- Create custom images for your multiple workloads or utilize the ready to deploy images in the Azure Gallery for testing
- Integrate Azure services to automate updates, power on/off, and autoscaling to help reduce costs and admin overhead
- Provision Personal (persistent) desktops which will allow for individual ownership
From a management perspective, you can utilize the Azure Portal, PowerShell, and REST interfaces to manage and implement AVD resources. You can publish a fully-featured desktop or single remote application for different sets of users. You also can assign multiple users to multiple application groups to reduce the number of images.
This course will help you implement access to your Azure Virtual Desktop environment and understand how it integrates with the other Azure services. It covers understanding Azure roles and RBAC for Azure Virtual Desktop, managing roles on session hosts, and configuring user restrictions via group policy and Azure policy.
- Plan and implement Azure roles and role-based access control (RBAC) for Azure Virtual Desktop
- Manage roles, groups, and rights assignment on Azure Virtual Desktop sessions
- Configure user restrictions by using AD group policies and Azure policies
This course is intended for anyone who wants to become an Azure Virtual Desktop Specialist and/or is preparing to take the AZ-140 exam.
To get the most from this course, it is recommended that you have a good understanding of Azure administration, although this is not essential.
In this short module, we covered two main areas around management of Azure Virtual Desktop environment. First, we discussed managing Azure Virtual Desktop with Group Policy, and depending on how the session hosts are domain joined, you have different options. You can either use the limited policies available where the session hosts are joined to an Azure AD Domain Services tenant, or you can use the traditional more granular policies that are available when the session hosts are joined to an active directory domain.
In the final part of the module, we discussed how to manage Azure Virtual Desktop with Endpoint Manager. We discussed the requirement to hybrid join the session hosts, which then opened up the many features of Endpoint Manager, including compliance policies to set compliance policy baselines on the session host, configuration profiles to control settings on Windows 10, including control panel access and desktop background to name a few. You can then manage session host updates and patching via the Windows Update for Business service and to ensure that OS stays secure. Finally, you can deploy applications, including Office suite Win32 apps and apps from the Windows store.
Shabaz Darr is a Senior Infrastructure Specialist at Netcompany based in the UK. He has 15 years plus experience working in the IT industry, 7 of those he has spent working with Microsoft Cloud Technologies in general, with a focus on MEM and IaaS. Shabaz is a Microsoft MVP in Enterprise Mobility with certifications in Azure Administration and Azure Virtual Desktop. During his time working with Microsoft Cloud, Shabaz has helped multiple public and private sector clients in the UK with designing and implementing secure Azure Virtual Desktop environments.