February 13, 2025 • 43 mins
Welcome to Episode 395 of the Microsoft Cloud IT Pro Podcast. In this episode, we dive into Azure Virtual Desktop (AVD) and how it enables organizations to deliver secure, scalable Virtual Desktop Infrastructure (VDI) in the cloud. Whether you’re looking to modernize remote work, enhance security, or optimize IT costs, AVD provides a flexible solution for accessing virtualized Windows desktops and applications from anywhere.Topics covered include:
What is Azure Virtual Desktop? A breakdown of AVD’s features, benefits, and common use cases.
Deployment essentials – Setting up host pools, session hosts, and assigning users.
Configuration best practices – Managing user profiles with FSLogix and securing AVD with Microsoft Intune.
Cost estimation – Key factors affecting pricing and how to optimize expenses.
Getting started – Steps to connect via the Remote Desktop client on multiple platforms.
Whether you’re an IT admin or just exploring VDI in Azure, this episode is packed with insights to help you get started. Tune in and take your remote desktop strategy to the next level!
Your support makes this show possible! Please consider becoming a premium member for access to live shows and more. Check out our membership options.
Show Notes
Azure Virtual Desktop documentation
Understand and estimate costs for Azure Virtual Desktop
Azure Virtual Desktop
Azure Virtual Desktop documentation for users
Get started with the Remote Desktop client
FSLogix for user profiles
Managing with Intune
Manage the operation system of sessions hosts (with Intune)
About the sponsors
Would you like to become the irreplaceable Microsoft 365 resource for your organization? Let us know!
Mark as Played
Transcript
Episode Transcript
Available transcripts are automatically generated. Complete accuracy is not guaranteed.
(00:03):
Welcome to episode 395
of the Microsoft Cloud IT Pro podcast recorded
live on 02/10/2025.
This is a show about Microsoft three sixty
five and Azure from the perspective of IT
pros and end users, where we discuss a
topic or recent news and how it relates
to you. Today, we dive into Azure Virtual
(00:23):
Desktop or AVD and how it enables organizations
to deliver secure, scalable, virtual
desktop infrastructure, or VDI, in the cloud. We
discussed the benefits of AVD for modern remote
work, enhanced security, and optimizing costs for your
organization.
I'm back from Miami where I was Friday.
(00:45):
You're
off to your destination sitting in a dark
room. So I'm in Seattle this week, yes,
for, some work stuff and a conference
that's that's here along the way. So we've
been kinda gallivanting all over the place. We
should address, you know, speaking of recording and
audio and things like that, we think we
got the audio glitches worked out.
(01:05):
And whatever happened in the last episode or
two with weird skips and things should be
turned off for
subsequent ones going forward. Yes. I apologize,
anybody. We did get some feedback of people
that noticed it as well. But, yes, there
was some I think it was some AI,
ironically enough, for was as we talked about
Copilot, it was some AI processing to remove
(01:27):
some silences,
and we have since reuploaded
a
cleaned up version where that processing was not
in place and future ones should not have
that on there. Well, why don't we go
ahead and get into our topic for today?
Alright. So topic for today. We talked about
a few topics. Like, we had talked about
comparing
different VDI solutions on Azure. And
(01:47):
for today,
let's talk about instead of trying to compare
them, that would be a long episode,
VDI and Azure, otherwise known as
ABD. Well, we're gonna do ABD and Azure.
We could do VDI with Citrix. There's lots
of options. We're gonna talk specifically
Azure Virtual Desktop today in Azure, kinda getting
started with it, things to think about.
(02:09):
I've set this up for
several clients now, actually. I have some other
ones that are looking to go to it.
So we will kinda
dive into this and maybe even some of
the pros, cons
as well with the whole
VDI
thing in Azure. I think of this as
getting started with VDI in Azure and then
(02:30):
kind of parenthesis at the end of that,
just Azure Virtual Desktop.
Because if you're going to do a virtual
desktop solution in Azure, I think it makes
sense to look at the first party ones.
And then you have the third party ones
that exist out there. And sometimes there's that
mix of also
first party third party where you can buy
things through the Azure Marketplace
(02:51):
and say you're a customer that's out there
on a a Mac agreement or like a
more formal commitment to spend, then you can
go ahead and also kind of do that
consumption that way out of the Marketplace. So
we'll start with Azure Virtual Desktop today, which,
you know, I think it'd be fair to
say is the
solution
that Microsoft would lead with. So it's the
(03:13):
leading VDI solution
in in Azure today. But there's lots of
other options there. So we'll kinda talk about
the first one, Microsoft first party. What's there?
What you get out of the box? And
how all that comes together? And potentially, how
that can enable you in the world of
100% remote, hybrid, all all that goodness. Where
do we wanna start with Azure Virtual Desktop?
(03:35):
Should we start with a little bit of
just, like, what it is? I mean, I
think I sometimes you can assume everybody just
knows what Azure Virtual Desktops are, what VDI
is.
But maybe just starting off with, like, a
definition
of what is Azure Virtual Desktop. You know
me? I always like a good definition. You
like a good definition? I do. So it
is a virtualization
(03:57):
service. Imagine that. Right? Virtual desktop is virtualization.
Runs on Azure where you can essentially
publish out
different
different virtualized experiences,
I would say, in end users. Whether you
wanna push out a virtualized
desktop
and you can think of this as kinda
like an RDP type of desktop where you're
(04:18):
remoting into the machine,
getting the full desktop experience where you can
launch applications,
you have your start menu.
It's like a full RDP experience
Similar to, like, the old terminal services sessions
that used to do with on prem
where
you're not necessarily
the configuration is different. Like, typical RDP, you're
(04:39):
going over port thirty three eighty nine most
of the time.
Usually, you're limited to, like, one or two
sessions, and if somebody else tries to log
in, you get booted out. Virtual desktops
give you a
host of resources that allow you to kinda
configure how many people you wanna log in,
get that desktop experience.
But kind of along with that, if you
don't wanna do a full desktop, this also
(05:01):
allows you to do individual apps. So, again,
now you connect to this virtual desktop environment,
and instead of launching
that desktop experience where you're logging into a
full machine, you're just launching an individual app.
Maybe it's Office apps or a browser
or
a
another third party application,
(05:22):
one of your internal applications that you use
for your company.
There's lots of different ways you can kinda
configure these apps, publish these apps out. But
now instead of having to provide that full
desktop, people can just go in and launch
an app in this virtualized environment
that can give you lots of different benefits
when you think of that type of scenario.
For sure. And we've talked about other solutions
(05:44):
here as well. So you recently had an
interview
on M365
link
and some of the things that go on
with Windows three sixty five desktops.
These concepts are similar. It's just less of
a managed service and more of a service
that you can come in and manage
with that virtual desktop infrastructure.
So you're gonna get kind of more knobs
(06:06):
and more levers that you can,
you know, tweak, twist, pull, push to configure
your environment and get it to where it
needs to be. Yeah. Definitely. And I think
because you brought that up, that's always one
thing to compare. And I've had this discussion
is when do you wanna do, like, a
managed service, like a Windows three sixty five,
the cloud PC
(06:27):
versus your Azure realtor dot virtual desktop. And
like you said, there's some pros and cons
there in terms of how much do you
wanna manage.
I would say there can be some pricing
that comes in there in terms
of what users are doing in these environments,
because the cloud PC is always gonna be
the full desktop. That one's not published apps.
ABD,
you do get some additional,
(06:49):
configuration options there.
And I think
the other thing to think about when you
start going down this route is it's like,
this is what it is.
Why would you go this route? And
I've seen this take off a lot with
work from home. I think there's a lot
of security benefits here, or there can be
a lot of security benefits here as well,
(07:10):
especially with
external vendors. And I see
this type of environment spun up a lot
where
you do have data in your environment or
certain applications
that you wanna protect because
when you give users devices, typically, like, I
have my laptop here, I have a desktop,
whatever it is, if I'm going in and
(07:31):
connecting to
an application
or I'm logging into
Office three sixty five, to SharePoint, to OneDrive,
I can take those files, I can copy
them down to my machine potentially,
or even from a network perspective, there is
information that's going out
over the network. Maybe you set a VPN,
(07:52):
but then you have the VPN to deal
with. When you get into this Azure Virtual
Desktop environment,
you stand up these hosts and the machines
that are running this environment,
really within your network. And because we're talking
Azure, is you're setting this up within your
Azure network,
and now all that traffic is staying within
(08:13):
that network, within that VNET or that particular
subnet on Azure. You can control
that those networking connections a little bit more
from these machines, but these machines now aren't
necessarily a machine someone can just walk away
with or download data to. It's staying within,
I would say, the the confines
of your organization. Where they're remoting into machines
(08:35):
in your organization,
you can do things like prevent what they're
allowed to copy and paste out of that
machine, whether they're allowed to
map different
drives from their local machine up over this
remote connection. From an RDP perspective, you're not
opening up a public port. All of this
happens over port four forty three, HTTPS,
(08:58):
so there's not additional
ports or networking considerations
to take into effect in terms of
where
users can connect to these VMs from. You're
not punching holes in your firewall to get
to them. So I think some of those
from that remote work perspective
or if you have I've seen this too
with contractors
(09:20):
overseas.
You have contractors in a different country than
you are, and there are certain requirements there
around maybe data being allowed to
go over your network from one country to
another
with a VDI type environment because it's all
in the same network. All that data, all
that traffic can stay within
that your home country, I would say. So
(09:40):
it's not you're not, again, opening up that
data to be traveling
across the network to a whole bunch of
different countries. The other use case and and,
you know, I think there's the kind of
the thin client and let me come in
and get my desktop. But the other one
that I use all the time is when
I'm on my personal device
and I don't have my work device near
(10:01):
me. So if I'm just on my personal
laptop and I don't have my work laptop
near me, I still might need to get
in and send an email or you know,
check on something
and go in and triage.
And with my employer, all my devices need
to be registered in MDM. So my personal
laptop is not registered in MDM. Like, that's
(10:21):
just not happening.
So in that world, I also have access
just to those virtual desktops, and it it's
actually AVD that my employer uses
to go ahead and get us out there
and and get us quick access to that.
So if I'm traveling, like this week, I'm
on the West Coast, I can just hop
in, you know, if I'm here in my
hotel room on my personal laptop and not
over in the office where my work one
(10:41):
is, then I can still hop onto that
desktop. You know, I can just go to
the the West US AVD pool and start
to hit that side. Or when I'm back
home in Florida, I can hit the East
US pool. If I travel to Europe, I
can hit the European pool,
Asia, things like that. So that's super helpful
as well. And now that I think MMR
is getting a little bit better and some
(11:02):
of the camera pass through, mic pass through,
things like that, it it smooths it out
and
generally makes it a little bit better. So
kinda now that we've got an idea of
the use cases, things like that, why don't
we talk through some of the setup, what's
involved, what you need to have? So what
you need, you need an Azure subscription.
Step one, get an Azure subscription.
(11:25):
Yes. Azure subscription. You need some place to
go deploy these VMs.
Step two, you need
some type
of Active Directory environment. I would say one
nice thing about
AVD I don't know I haven't tried to
do this with other VDI environments, but since
we're talking AVD,
(11:45):
you can use
a traditional Active Directory where you're gonna have
your domain controller up in the cloud,
join them there. But you can also make
these just entry joined. So if you don't
have a typical domain controller
and you just have Entra ID or Microsoft
Entra ID,
you can also
(12:06):
join
these
servers, these hosts that are using to power
ABD straight to Entra. So you are going
to need either Entra ID
or a and to be honest, if you
have an Azure subscription, you're gonna have Entra
ID, so you better have one or the
other of those or both of them. You
also need a network.
So you are going to need that VNet
(12:28):
set up in Azure that you can join
these machines to.
Obviously,
if you're using AD,
whatever network is gonna have to have line
of sight to
between your ABD
environment, your,
that ABD network and your the network that
your domain is in. And really to get
started,
(12:48):
oh, you need a Microsoft three sixty five
subscription
or some way to license
Windows. And I don't know if we wanna
get into pricing or not yet, but you
do need to have Windows licenses. And if
you are running, like, a Microsoft three sixty
five e three or e five,
those licenses
include Windows, and they include the Windows license
(13:09):
for your users
for,
ABD. So your cost is going to be
the hardware for these hosts, but you're not
gonna have to worry about, again, going back
to on prem days where you're worried about,
like, terminal server licensing or Windows licensing for
the server.
That's all gonna be included with that Microsoft
three sixty five license. Some of the licensing
constructs are a little bit weird. So I
(13:31):
think it's a good call out that, yes,
you have to have Windows licensing,
But let's hold off for a couple minutes
and we can kind of talk AVD cost
and estimation and things like that. Because Windows
licensing is almost its own certification on the
side to go out and figure out where
you're going to pick that up from. But
it's definitely consideration for you. Yeah. You have
to think about the operating system, the applications
(13:51):
that are gonna be deployed there.
And you would have done this in any
other VDI environment as well.
Do I even have the rights or the
ability with the vendors that I contract with
to be able to run that software on
a remote desktop? How is it licensed? You
know, does does that piece of software require
a little USB key to be plugged in
the whole time? Well, like, that's maybe not
(14:13):
gonna work for you in this scenario kind
of thing. So you do have to walk
through and and think through that as well.
I would imagine most folks who are looking
at a
remote desktop solution or or a virtual desktop
solution,
they've kind of already worked through this in
on prem land. Like, I see a lot
of folks who are going to cloud. And
(14:33):
then, you know, the cloud first ones,
you know, a lot of them, I think,
for probably for the better or for them,
just end up in the more out of
the box, sassy kind of solutions,
you know, like Windows desktop, like Windows three
sixty five desktop. I would agree. So that's
really I mean, once you have that, that's
all you need to get started. And I
(14:53):
would my opinion, to just stand up a
small ABD environment. Get a couple servers up
there, get it running to the point where
you can log in. Once you have those
things in place,
it's pretty straightforward.
It can get complicated quickly depending as you
scale it out and all of that. There's
lots of different buttons. But once you have
those,
(15:14):
there's just a couple things to create, and
you can be up and running with ABD.
Do we wanna start diving through, like, now
you have those in place, steps to go
stand up ABD? So we should probably start
with host pools and session hosts. So I
was on the fence. I'm like, do you
start with host pools or do you start
with workspaces?
Because
the I would say the first thing you
(15:36):
go in and create because I think you
can get all the way through a workspace
without any
yeah. The first thing you need is a
workspace. We're gonna start with that. So
a workspace is where these different and I'm
gonna call them applications
live.
But applications
groups or applications that live within a workspace
could be a desktop environment, that RDP type
(15:58):
of session, or it could be those individual
applications.
So, really, what a workspace is is you're
gonna go in and you're gonna pick a
subscription and a resource group for this workspace,
give it a workspace name, give it a
friendly name. So this is what people are
going to see when they go log in
to
the ABD environment. So like you said, Scott,
(16:19):
when you're in Europe, when you're out on
the West Coast, the East Coast, you may
have a workspace that is
based
on East Coast, West Coast, Europe, etcetera, because
one thing you do in addition to the
name and the subscription is give it the
location
where this particular workspace is gonna live. What
(16:40):
region, East US, East US 2, West US,
etcetera. And
once you have kind of this workspace defined,
you can choose at that point in time
to go create one of these application groups.
Applications are gonna live there. If not, you
can just go through, and that's really all
you need is just that default workspace.
After the workspace,
(17:01):
it's kind of a toss-up here because then
you need application groups and you need host
pools. The next thing you're probably gonna wanna
do is that host pool after workspace.
So a host pool is going to be
exactly that. You're gonna say this is a
pool of hosts, a pool of VMs
that are gonna power the different applications,
(17:23):
or the different RDP sessions
within my environment.
So once you have that workspace, you can
go in and same type of thing, you
pick your subscription, you pick your resource group,
you give your host pool a name.
The workspace can be different than the host
pool. So the host pool here, you also
pick a location for, and then you're going
to pick, is this going to be a
(17:45):
host pool that hosts
remote
desktop sessions where people are logging in, or
is this host pool going to host remote
apps? So this is one scenario you can't,
like, mix and match within a host pool.
You pick one or the other. And this
is where workspaces
can come into place
is you could create a host pool for
(18:05):
desktops and a host pool for those remote
apps, launching your Office apps, Firefox, etcetera,
and put them within the same workspace so
that even though you have these different pools
on the back end running your resources,
for your end users, they show up in
a single workspace
and give it a cohesive look for your
end users.
(18:26):
So you're gonna pick that type. Are these
desktops or applications?
And then
do you want this host pool? You have
two different types of host pools that you
can set up. You can set up a
pooled host pool where it's really just taking
a bunch of resources,
pooling all those resources together,
and as users log in, they just draw
from this pool of resources.
(18:47):
The other option is personal, and this gets
into if you wanna kinda host more of
like your own cloud PC type of environment
where a
host is tied to a specific individual.
So if we were creating one for the
podcast, Scott, and we did personal, I would
have to go in and stand up a
host for you and a host for me,
and then I pick
Scott gets this host, Ben gets this host.
(19:09):
So instead of pulling from
a conglomeration of resources in a pooled scenario,
we get our own dedicated
resources. And then from there, you're gonna go
pick how many virtual machines do you wanna
add. And from this this point in time,
it's a lot like just standing up a
virtual machine in Azure. You're gonna go
have a few unique things. You're gonna have
(19:30):
the resource group. You're gonna have the prefix
that you use for session hosts.
So naming your servers. And
this is a little bit unique is that
you don't pick the full name. You pick
a prefix, and then it'll start appending 0123456
on up as you create additional hosts in
your host pool. I so think through that
prefix. Know that it's gonna start adding numbers
(19:52):
to it, so you do have a limited
number of characters. I believe it's 11 that
you can use
because it starts
appending other things to it. I was just
looking ten, eleven. That's 11. Length of 11
for your prefix.
Then you can go pick your virtual machine
settings, regions, availability
(20:13):
zones,
secure boot, TPM,
your disk images, your size of your VMs,
how many you wanna create. So if you're
creating a big host pool and you wanna
create 10 or 15 at a time, you
can do that. OS disks, networking,
domain settings to join the domain,
virtual machine admin account,
get a lot of your normal,
(20:35):
VM settings. With the images,
I would say
look at what images are out there. You
have your
typical Windows seven, Windows 11 or Windows Server,
Windows 11
images. But a lot of times in ABD,
especially if you're doing these
pooled resources and multiple people sharing a VM,
there is a very specific image out there
(20:57):
from Microsoft, the Windows multi session image.
And there's also a multi session with your
Microsoft three sixty five apps. So if you're
standing up that environment
and you are gonna have pool resources, you're
gonna be using Microsoft three sixty five, you
wanna make sure you're grabbing this multi session
image from the marketplace
(21:19):
because Microsoft has done a lot of work
in there to optimize that
certain configurations
around your desktop applications to ensure that those
work well within multi session.
So if you go, like, just grab the
default Windows 11 or Windows 10,
and you're doing that multi session type scenario,
you could run into
(21:39):
several different issues.
The other thing you can do is you
can do custom images. You can go do
your own shared images, your own
golden images.
There's guidance around how to do all that.
If you're gonna go that route, same thing.
Make sure that you're starting with that multi
session image in Azure and creating your own
customized golden image from there. Just, again, to
(22:01):
help with that. I wonder which path you
go down given you've done this with, you
know, a couple customers on your side.
Do you kinda recommend
the image path? Or do you recommend
the
let's go with an out of the box
marketplace image? Like you said, it's gonna be
kinda bootstrapped and configured and have that good
(22:22):
known configuration for, say,
multi session
teams, right, and and everything tweaked and and
ready to go in that image. And then
doing post deployment because I, you know, I
could be jumping the gun a little bit,
but one of the things that happens here
as well is you can manage these environments
and these units of compute. You know, you
said resources a bunch of times. I'm just
(22:44):
thinking in the back of my head. Units
of compute. Units of compute. Units of compute.
I'm spinning up VMs and disks
and things like that behind it. But you
can also manage all that with Intune. Which
means you also get
the management
kind of plane and
tasks and the ability to push things out
of Intune that come from that stack. So
you can also do a lot of your
(23:05):
post configuration as far as, like,
boot of a host comes up and does
this. Well, let me go ahead and pull
these things down for this period of time.
And that can get into the weirdness, like
you said, of what type of host pool
is it. Is it a user host pool?
Is it a big
shared pool where we're doing multi session and
and those kinds of things. But you can
(23:26):
kinda have your cake and eat it too.
It's just you have to think through everything
end to end because there's a bunch of
moving pieces in there between how the host
pools compose, what the underlying units of compute
are. There's a lot of granularity, like you
said, even down to your deployment types because
you're deploying VMs. Like, what zones do these
go into?
What does that look like and how does
it all spin up? But then, yeah, you
(23:48):
know, if it's one less thing to worry
about, I think, if you don't have to
manage images, then you can just use the
out of the box marketplace stuff and do
post deployment, post boot, you know, think through
your roaming profiles and and all those kinds
of things as well and and get your
environments up that way. Yes.
(24:10):
Do you feel overwhelmed by trying to manage
your Office three sixty five environment? Are you
facing unexpected issues that disrupt your company's productivity?
Intelligink is here to help. Much like you
take your car to the mechanic that has
specialized knowledge on how to best keep your
car running, Intelligink helps you with your Microsoft
cloud environment because that's their expertise.
Intelligent keeps up with the latest updates in
(24:32):
the Microsoft cloud to help keep your business
running smoothly and ahead of the curve. Whether
you are a small organization with just a
few users up to an organization of several
thousand
employees. They want to partner with you to
implement and administer
your Microsoft cloud technology.
Visit them at inteliginc.com/podcast.
That's intelligink.com/podcast
(24:59):
for more information or to schedule a thirty
minute call to get started with them today.
Remember, Intelligink focuses on the Microsoft cloud so
you can focus on your business.
So I do the marketplace image as much
as I can. I do have one client
where
we created a golden image and did the
(25:19):
custom image. Again, I started
from that multi session image to build the
custom one. And I would say,
again, it depends.
Like you said, multisession is great. Part of
what I would say you run into with
just doing Intune and just doing post deployment
is,
one, can you get Intune to do
(25:41):
everything
you need?
So certain applications can
be very complex
to get set up with Intune and deploy
if there's more than just, like, run an
MSI to get it there.
The other thing Microsoft
does still recommend, and if you think about
it, it does kinda make sense, is not
to turn on the auto updating in your
(26:02):
Windows updates.
You can do, like, the security updates, but
you still wanna be careful with feature updates.
Even some of the other patching,
think through the whole whole host pool scenario
where
if you have
a pool of 50 different virtual machines,
and
because it's pooled, a user could log out
(26:23):
and log in to
log out, log in again the same day,
and end up on a completely different host
than they were on fifteen minutes before.
So if your
machines
aren't
all identical,
you could, in theory,
end up with weird things, especially if you're
doing the whole roaming profiles in FSLogix
(26:44):
where, like I think of Teams for an
example. Teams does not install in program files
anymore. It does some weird stuff with what
it puts in a user's
app data or app data. So if you're,
like, have a roaming profile and you end
up with two different versions of Teams on
different machines,
different things with browsers, like, all those different
things you think about that if you go
(27:06):
to a different machine and something's mismatched where
problems could arise. So there is, I would
say, an aspect that's nice to doing a
custom image
that
certain things you control.
And when it's time
to do certain updates, you just do a
refresh of the image and
start there.
But like you said, there are certain things
(27:27):
you can manage with Intune, certain applications you
can install with Intune.
So I end up with that weird mix
of certain applications.
Absolutely. I just push them down from Intune.
I don't worry about putting them in the
global image. Adobe Reader is a great one.
Push Adobe Reader down from Intune. Your Office
applications,
those are bundled in the image. What other
ones? Firefox. I think they tend to push
(27:49):
different browsers down through Intune.
But, yeah, there's other things and other scenarios
where you absolutely still end up doing custom
images. That felt like a really long answer.
Yeah. Well, I mean, you can also mix
and match. So
you can do both along the way. You
know, I think image management used to be
a lot easier when it was all local.
And you could kind of do everything in
(28:10):
your local hypervisor and then just load it
into your environment.
And managing Azure images in general is a
little bit different. Like, there's a different set
of drivers and considerations
and how you might wanna think about even,
you know, just monitoring VM health and things
like that that end up on those. So
it's not something where you kinda walk in
and you go, it's just the way I
(28:30):
did it on prem. It's it's different. And
I think you're better served by kinda thinking
about it as different. Like, if you're not
in this world today or you're coming in
and you're like, you know, I just just
do golden images today and it's fine.
You might wanna rethink that and take some
time and plan through it because it might
not be the fit for everything along the
way. So before we leave the kind of
(28:50):
compute side of it, I think the other
thing that's important to mention is these are
units of compute that get spun up. These
are virtual machines.
So they consume
CPU. They potentially consume GPU. They consume disks.
So that means you need to have quota
for all those things as well. Like, I
can't stand up
a 50,
a 50
(29:11):
VM host pool
if I don't have access to, you know,
those hundred CPUs
or those 200 CPUs
and that actual quota in that region ready
to go in there. And then the other
thing to keep in mind is just because
you have a quota doesn't always mean that
the compute is available as well. Like that's
another weird one. You can't just go and
(29:33):
always spin up 50 VMs depending on your
environment, your quota, and what's going on, especially
if it's not all reserved compute that's reserved
and held out for you all the time.
Yes. I have absolutely hit that before where
we went to go stand up and I
mean, a lot of default quotas are, like,
50 CPUs.
And one of these in particular,
(29:53):
we needed to stand up, like, twenty sixteen
core VMs
or twenty four sixteen core VMs.
That is a lot more than 50. So
we had to go get quota right away.
The other thing I would also say is
a lot of these
going back to even your custom images, if
you wanna refresh these. Right? If you have
(30:14):
a VM that
has issues
or when I go to
stand up new images, let's say I go
do an update, I wanna refresh with my
golden image, Intune does not push stuff down
instantaneously.
So if this is one of those environments
where it has to run around the clock
or you have to have a certain number
around the clock, you may actually have to
(30:35):
run
double the amount of compute that you normally
would for twelve hours or for twenty four
hours so that your
new images can come up, Intune can get
deployed, they can get joined to AD,
they can get all the applications pushed down
to them. All that stuff that maybe takes
a few hours to do can get done
(30:57):
on your new VMs while your old VMs
are still running, which means you need twice
the amount of quota. And then you can
shut down your old images, get rid of
them as people log out of them as
you don't need them anymore. But sometimes you
need a lot more quota than you initially
think because of some of that overlap in
how you do your deployments. We got compute.
You mentioned kind of roaming profiles in FSLogix.
(31:19):
So once you've got your compute, I think
there's a step kind of in the middle
here where you've got to assign your users.
So we talked about the need for Active
Directory or Azure
AD, Entra ID to be there. And push
those things through. So you've got to assign
those users to virtual desktops
or
to your groups of applications
(31:40):
that you have out there. You gotta give
those users access, potentially bootstrap them, get them
going, get them set up on the Windows
app.
All that kind of stuff.
And once that's ready to go, then we're
into
actually configuring that. So you mentioned roaming profiles,
FSLogix.
Let's kinda take a step back there, maybe
(32:01):
real high level. What's what the benefits are
of FSLX,
FSLogix profiles,
profile containers,
and how that impacts the user experience. So
profiles, this is a big one. I would
say this is almost a requirement
if you are doing that pooled approach. Because
we we talked about it. Right? Like, this
one environment
(32:22):
or a larger environment, you may have 24
different
VMs in a shared host pool. Let's say
each one of those can support 10 people.
You have, like, 240 users that are using
ABD across those 24 VMs. If you don't
do the whole
roaming profiles, which is essentially
my profile
for my Windows environment, is stored off in
(32:44):
another
storage account. It could be NetApp storage. It
could be Azure files.
But that typical
c users,
b steging,
s h og is stored out there. When
I log in to a virtual machine, it
goes out to that file share, grabs my
profile,
loads it into that VM that I'm connected
(33:04):
to so that as I'm doing my work,
working in my documents or
working within Outlook,
all of that application
data that's stored in my user profile,
stored in there. When I log out of
the VM, it gets written back to
that network storage location,
and saved out there. The benefit is is
(33:25):
because I'm in that pooled environment, and I
mentioned this before, I may go log in
ten minutes later and end up on a
completely different virtual machine.
If I have my profile on that network
drive, now it can pull in my profile,
pull it into that second VM I'm logged
into,
and I really am just picking up right
where I left off. All my applications
(33:45):
are configured the same. My documents are there.
Everything I configured on my desk top is
there.
Everything is configured as it should be or
as I left it versus if I'm not
doing that and I'm logging in from one
machine to another machine to another machine, those
profiles are local to that machine. So now
I have
a profile on every single VM I've logged
into,
(34:06):
and
the information that's stored in my user profile
on my machine
is different because it's on all these other
virtual machines. The other downside is guess what
else profiles take up on all those different
virtual machines? Storage space on your c drive.
Mhmm.
If I have 240
users
logging in to each one of those machines
at any time, 240
(34:27):
profiles
on each machine across however many machines. I
said 24 machines.
It takes up a lot of storage space
as well, so you end up with a
whole mess of profiles
and
storage bloat and expensive disks and all of
that. So, absolutely, if you're going down this
pooled route, I and if you're doing more
(34:49):
than if you're doing really more than one
machine, you should think about doing these roaming
profiles,
doing FSLogix.
I have done this before where it's a
small company,
five users.
They want the benefits of ABD from the
remote application logging in. They just stand up
one great big machine. There's some downsides to
that, but one great big machine, you don't
(35:10):
need to go through the extra effort of
roaming profiles because
you got a handful of people, their profiles
are on the machine,
you can get away with it and be
fine. I think beyond the consistency of the
user experience, which is important,
hey, let's make sure my app config carries
over and those things are there, You'll also
see vastly improved login times because all that
(35:31):
information already exists and it's ready to go
and it doesn't need to be bootstrapped.
If you think about the out of the
box bootstrapping experience for just logging in the
first time as a user to a new
desktop,
you don't want your users to go through
that every time. So, yeah, if you do
have that pool out there and then that's
ready to go, I think that's a consideration
for you. So we got roaming profiles. We
(35:53):
talked a little bit about management with Intune.
Management with Intune does extend beyond deploying applications.
You can also monitor
VM health and and some things in there.
So I think it's a little bit of
a mix between what you're gonna monitor potentially
in Intune versus
Azure Virtual Desktop as a service
and Yep. And the health of your pools,
(36:15):
things like that. Yeah. We talked about FSLogix.
Intune, you can also push out all your
FSLogix settings.
So, typically, a lot of people did that
with GPOs. Those are all in Intune now.
So you can say, here's all my FSLogix
settings, all that. That's another big reason to
put them in Intune. Alright. So we got
that. Other considerations,
(36:35):
cost.
So you mentioned Windows licensing, things like that.
I think that's definitely out there.
You know, you've got the cost of Azure
Virtual Desktop itself. Like, here's the cost of
the service. Which do you know what the
cost of that is, Scott? Free? Nothing. Yeah.
It's free. It's all management. It it's it's
kinda like AKS It really is. And those
things. But then you roll in your virtual
(36:56):
machines on top of that, your storage is
gonna have a cost to it. So if
you deploy those FSLogix profiles into Azure Files
or Azure NetApp Files,
That's another thing that you potentially need to
consider that's out there. You also need to
consider your network usage. Depending on how your
egress goes from regions, things like that, there
can be billable networking components in there for
(37:18):
you. So it's worth it to spend a
little bit of time in the Azure pricing
calculator as well and add some of those
services in and see where you're going to
land. Like if you know you're going to
have
n hundred gigabytes
or
n terabytes
of user profiles,
Well, go figure that out and and start
to spec that cost. Start to spec some
of your
VM sizes. And, you know, you can play
(37:40):
around with the sizes within the pools and
things like that.
There can be some meaningful differences between
the cost of a VM
size and series as you're stepping in. And
that might even, you know, impact the regions
that you go to. Maybe you require a
certain VM size or VM series
(38:01):
for your multi session pool compute
and that forces you into, say, like, East
US 2 in The US versus East US.
Or it forces you into West Europe versus
North Europe. Things like that. So
you you know, make sure that you're paying
attention to all of those things as well
when you're standing up your your environment
(38:21):
and
you're getting ready to go for it. You
can also use reserved instances for your compute.
So if you are a customer with reservations,
that's potentially another consideration for you or an
optimization that you can make along the way.
Is the same reservations that you're using for
your other compute in Azure, if you happen
to be using it there, can also be
used for, your pooled compute over in your
(38:42):
host pools in APD. Yep. Another cost I
would
100%
factor in is think about cost of log
analytics.
There are a lot of insights for ABD
around
errors when users are connecting,
around monitoring
the performance
of your ABD environment,
(39:02):
monitoring host diagnostics,
round trip times between your users and ABD,
any errors that users may log into, utilization,
all of that those insights in your monitoring
of ABD,
is tied to or is it's required to
have that tied to a log analytics workbook.
(39:23):
So if you do want to have any
type of
monitoring, logging
insights into all of that, you're gonna have
that cost of log analytics. And you can
also do scaling. So you mentioned reserved instances
as
a tweak and optimization.
The other thing you can do is scaling.
So if you
(39:43):
in the evenings, everybody leaves, it's not being
used at night. As people log out, you
can also shut
down and
turn on VMs
based on utilization and usage to help with
some optimization there. So you're not leaving
24 VMs running twenty four seven. You'd scale
down and you have four of them running
overnight. As people start logging in in the
(40:03):
morning, you ramp up, turn them on as
needed. Then again, as they leave, you start
shutting them down as people are logging off,
headed home for the evenings. Yeah. It's it's
basically VM scale sets and some of the
things that come in there.
All available and ready to go. So you
get that up, get your compute running, get
your users on there while your users need
to connect. That's just the Windows app these
(40:24):
days, AKA the remote desktop client.
I always forget all the platforms it runs
on. So you know the other one that
I do as I mentioned about like I'm
on my personal laptop and maybe I go
into AVD through the Windows app. I also
have you know my iPad. Sometimes I go
in there through my iPad real quick too
if I can just jam something out and
get it done. So you've got remote desktop
(40:47):
connectivity and clients across
Windows, macOS,
iOS,
Android,
you know all that stuff's out there
ready to go for you. You probably have
to give your users some information like
you know, make sure you log in with
your organizational ID. So that way, the first
time you log in, it ties into your
workspace
or workspaces
(41:08):
and presents that back to you in that
client. Like, if you're in the Windows app,
you know, it'll just present you a bunch
of, like, accordion,
Hey. You've got access to this workspace, this
workspace, this workspace. And then within those, here's
your
your units of compute that are available to
you. Yep. You can also do it, Scott,
right in the browser. If you don't want
to install an application, you just want to
go to the browser, there is a
(41:29):
URL you can visit, log in via the
browser, and do your remote desktop right in
your browser as well. Yeah. I always forget
that one. Like, it's just easier for me
to have the app there and sign in,
and then your workspace is automatically tied into
it. I've I've gotten quite lazy in my
old age. Yes. And, fortunately, to now the
Windows app, if you have multiple tenants, because
(41:49):
that's the world I live in, you can
add multiple accounts and quickly flip
between
different accounts and
different m three sixty five environments, different a
d v AVD environments within the app too,
which is also a handy aspect to it.
Cool. Well, that was a little bit of
a whirlwind one and a long one for
us. So
thanks for those of you that are still
(42:10):
listening
and
sticking
with us.
And so we've got AVD
end to end. We'll have to see if
we can talk about some more VDI stuff
in the future here. But we'll have links
in the show notes for everybody to
go out and
listen.
As always, you can give us feedback and
(42:31):
questions via the website. We're on threads
at MSCloudITPro.
We're on
the Mastodon,
LinkedIn,
Facebook. Hit us up. Let let us know
what you want to do. Blue Sky. Come
on, Scott. Blue Sky. Blue Sky. That's where
I've seen I've had most of my interactions
lately on Blue Sky. Blue Sky is out
there as well.
Yeah. All the socials. You can find us
(42:52):
somewhere. All the all the socials.
Alright. Well, thank you, Scott. Enjoy
Seattle. Hopefully,
you get some nice weather out there, and
I will enjoy sunny, warm Florida. Well, it's
cold here. It's currently 22 degrees Fahrenheit. So,
like, we're Go skiing. By minus 10. Celsius
minus 10. It's it's cold. It's chilly. Alright.
(43:12):
Well, thanks. Enjoy. Stay warm, and we'll talk
to you again soon. Alright. Thanks,
bud. If you enjoyed the podcast, go leave
us a five star rating in iTunes. It
helps to get the word out so more
IT pros can learn about Office three sixty
five and Azure.
If you have any questions you want us
to address on the show, or feedback about
the show, feel free to reach out via
(43:34):
our website, Twitter, or Facebook.
Thanks again for listening, and have a great
day.
Welcome to episode 395
of the Microsoft Cloud IT Pro podcast recorded
live on 02/10/2025.
This is a show about Microsoft three sixty
five and Azure from the perspective of IT
pros and end users, where we discuss a
topic or recent news and how it relates
to you. Today, we dive into Azure Virtual
(00:23):
Desktop or AVD and how it enables organizations
to deliver secure, scalable, virtual
desktop infrastructure, or VDI, in the cloud. We
discussed the benefits of AVD for modern remote
work, enhanced security, and optimizing costs for your
organization.
I'm back from Miami where I was Friday.
(00:45):
You're
off to your destination sitting in a dark
room. So I'm in Seattle this week, yes,
for, some work stuff and a conference
that's that's here along the way. So we've
been kinda gallivanting all over the place. We
should address, you know, speaking of recording and
audio and things like that, we think we
got the audio glitches worked out.
(01:05):
And whatever happened in the last episode or
two with weird skips and things should be
turned off for
subsequent ones going forward. Yes. I apologize,
anybody. We did get some feedback of people
that noticed it as well. But, yes, there
was some I think it was some AI,
ironically enough, for was as we talked about
Copilot, it was some AI processing to remove
(01:27):
some silences,
and we have since reuploaded
a
cleaned up version where that processing was not
in place and future ones should not have
that on there. Well, why don't we go
ahead and get into our topic for today?
Alright. So topic for today. We talked about
a few topics. Like, we had talked about
comparing
different VDI solutions on Azure. And
(01:47):
for today,
let's talk about instead of trying to compare
them, that would be a long episode,
VDI and Azure, otherwise known as
ABD. Well, we're gonna do ABD and Azure.
We could do VDI with Citrix. There's lots
of options. We're gonna talk specifically
Azure Virtual Desktop today in Azure, kinda getting
started with it, things to think about.
(02:09):
I've set this up for
several clients now, actually. I have some other
ones that are looking to go to it.
So we will kinda
dive into this and maybe even some of
the pros, cons
as well with the whole
VDI
thing in Azure. I think of this as
getting started with VDI in Azure and then
(02:30):
kind of parenthesis at the end of that,
just Azure Virtual Desktop.
Because if you're going to do a virtual
desktop solution in Azure, I think it makes
sense to look at the first party ones.
And then you have the third party ones
that exist out there. And sometimes there's that
mix of also
first party third party where you can buy
things through the Azure Marketplace
(02:51):
and say you're a customer that's out there
on a a Mac agreement or like a
more formal commitment to spend, then you can
go ahead and also kind of do that
consumption that way out of the Marketplace. So
we'll start with Azure Virtual Desktop today, which,
you know, I think it'd be fair to
say is the
solution
that Microsoft would lead with. So it's the
(03:13):
leading VDI solution
in in Azure today. But there's lots of
other options there. So we'll kinda talk about
the first one, Microsoft first party. What's there?
What you get out of the box? And
how all that comes together? And potentially, how
that can enable you in the world of
100% remote, hybrid, all all that goodness. Where
do we wanna start with Azure Virtual Desktop?
(03:35):
Should we start with a little bit of
just, like, what it is? I mean, I
think I sometimes you can assume everybody just
knows what Azure Virtual Desktops are, what VDI
is.
But maybe just starting off with, like, a
definition
of what is Azure Virtual Desktop. You know
me? I always like a good definition. You
like a good definition? I do. So it
is a virtualization
(03:57):
service. Imagine that. Right? Virtual desktop is virtualization.
Runs on Azure where you can essentially
publish out
different
different virtualized experiences,
I would say, in end users. Whether you
wanna push out a virtualized
desktop
and you can think of this as kinda
like an RDP type of desktop where you're
(04:18):
remoting into the machine,
getting the full desktop experience where you can
launch applications,
you have your start menu.
It's like a full RDP experience
Similar to, like, the old terminal services sessions
that used to do with on prem
where
you're not necessarily
the configuration is different. Like, typical RDP, you're
(04:39):
going over port thirty three eighty nine most
of the time.
Usually, you're limited to, like, one or two
sessions, and if somebody else tries to log
in, you get booted out. Virtual desktops
give you a
host of resources that allow you to kinda
configure how many people you wanna log in,
get that desktop experience.
But kind of along with that, if you
don't wanna do a full desktop, this also
(05:01):
allows you to do individual apps. So, again,
now you connect to this virtual desktop environment,
and instead of launching
that desktop experience where you're logging into a
full machine, you're just launching an individual app.
Maybe it's Office apps or a browser
or
a
another third party application,
(05:22):
one of your internal applications that you use
for your company.
There's lots of different ways you can kinda
configure these apps, publish these apps out. But
now instead of having to provide that full
desktop, people can just go in and launch
an app in this virtualized environment
that can give you lots of different benefits
when you think of that type of scenario.
For sure. And we've talked about other solutions
(05:44):
here as well. So you recently had an
interview
on M365
link
and some of the things that go on
with Windows three sixty five desktops.
These concepts are similar. It's just less of
a managed service and more of a service
that you can come in and manage
with that virtual desktop infrastructure.
So you're gonna get kind of more knobs
(06:06):
and more levers that you can,
you know, tweak, twist, pull, push to configure
your environment and get it to where it
needs to be. Yeah. Definitely. And I think
because you brought that up, that's always one
thing to compare. And I've had this discussion
is when do you wanna do, like, a
managed service, like a Windows three sixty five,
the cloud PC
(06:27):
versus your Azure realtor dot virtual desktop. And
like you said, there's some pros and cons
there in terms of how much do you
wanna manage.
I would say there can be some pricing
that comes in there in terms
of what users are doing in these environments,
because the cloud PC is always gonna be
the full desktop. That one's not published apps.
ABD,
you do get some additional,
(06:49):
configuration options there.
And I think
the other thing to think about when you
start going down this route is it's like,
this is what it is.
Why would you go this route? And
I've seen this take off a lot with
work from home. I think there's a lot
of security benefits here, or there can be
a lot of security benefits here as well,
(07:10):
especially with
external vendors. And I see
this type of environment spun up a lot
where
you do have data in your environment or
certain applications
that you wanna protect because
when you give users devices, typically, like, I
have my laptop here, I have a desktop,
whatever it is, if I'm going in and
(07:31):
connecting to
an application
or I'm logging into
Office three sixty five, to SharePoint, to OneDrive,
I can take those files, I can copy
them down to my machine potentially,
or even from a network perspective, there is
information that's going out
over the network. Maybe you set a VPN,
(07:52):
but then you have the VPN to deal
with. When you get into this Azure Virtual
Desktop environment,
you stand up these hosts and the machines
that are running this environment,
really within your network. And because we're talking
Azure, is you're setting this up within your
Azure network,
and now all that traffic is staying within
(08:13):
that network, within that VNET or that particular
subnet on Azure. You can control
that those networking connections a little bit more
from these machines, but these machines now aren't
necessarily a machine someone can just walk away
with or download data to. It's staying within,
I would say, the the confines
of your organization. Where they're remoting into machines
(08:35):
in your organization,
you can do things like prevent what they're
allowed to copy and paste out of that
machine, whether they're allowed to
map different
drives from their local machine up over this
remote connection. From an RDP perspective, you're not
opening up a public port. All of this
happens over port four forty three, HTTPS,
(08:58):
so there's not additional
ports or networking considerations
to take into effect in terms of
where
users can connect to these VMs from. You're
not punching holes in your firewall to get
to them. So I think some of those
from that remote work perspective
or if you have I've seen this too
with contractors
(09:20):
overseas.
You have contractors in a different country than
you are, and there are certain requirements there
around maybe data being allowed to
go over your network from one country to
another
with a VDI type environment because it's all
in the same network. All that data, all
that traffic can stay within
that your home country, I would say. So
(09:40):
it's not you're not, again, opening up that
data to be traveling
across the network to a whole bunch of
different countries. The other use case and and,
you know, I think there's the kind of
the thin client and let me come in
and get my desktop. But the other one
that I use all the time is when
I'm on my personal device
and I don't have my work device near
(10:01):
me. So if I'm just on my personal
laptop and I don't have my work laptop
near me, I still might need to get
in and send an email or you know,
check on something
and go in and triage.
And with my employer, all my devices need
to be registered in MDM. So my personal
laptop is not registered in MDM. Like, that's
(10:21):
just not happening.
So in that world, I also have access
just to those virtual desktops, and it it's
actually AVD that my employer uses
to go ahead and get us out there
and and get us quick access to that.
So if I'm traveling, like this week, I'm
on the West Coast, I can just hop
in, you know, if I'm here in my
hotel room on my personal laptop and not
over in the office where my work one
(10:41):
is, then I can still hop onto that
desktop. You know, I can just go to
the the West US AVD pool and start
to hit that side. Or when I'm back
home in Florida, I can hit the East
US pool. If I travel to Europe, I
can hit the European pool,
Asia, things like that. So that's super helpful
as well. And now that I think MMR
is getting a little bit better and some
(11:02):
of the camera pass through, mic pass through,
things like that, it it smooths it out
and
generally makes it a little bit better. So
kinda now that we've got an idea of
the use cases, things like that, why don't
we talk through some of the setup, what's
involved, what you need to have? So what
you need, you need an Azure subscription.
Step one, get an Azure subscription.
(11:25):
Yes. Azure subscription. You need some place to
go deploy these VMs.
Step two, you need
some type
of Active Directory environment. I would say one
nice thing about
AVD I don't know I haven't tried to
do this with other VDI environments, but since
we're talking AVD,
(11:45):
you can use
a traditional Active Directory where you're gonna have
your domain controller up in the cloud,
join them there. But you can also make
these just entry joined. So if you don't
have a typical domain controller
and you just have Entra ID or Microsoft
Entra ID,
you can also
(12:06):
join
these
servers, these hosts that are using to power
ABD straight to Entra. So you are going
to need either Entra ID
or a and to be honest, if you
have an Azure subscription, you're gonna have Entra
ID, so you better have one or the
other of those or both of them. You
also need a network.
So you are going to need that VNet
(12:28):
set up in Azure that you can join
these machines to.
Obviously,
if you're using AD,
whatever network is gonna have to have line
of sight to
between your ABD
environment, your,
that ABD network and your the network that
your domain is in. And really to get
started,
(12:48):
oh, you need a Microsoft three sixty five
subscription
or some way to license
Windows. And I don't know if we wanna
get into pricing or not yet, but you
do need to have Windows licenses. And if
you are running, like, a Microsoft three sixty
five e three or e five,
those licenses
include Windows, and they include the Windows license
(13:09):
for your users
for,
ABD. So your cost is going to be
the hardware for these hosts, but you're not
gonna have to worry about, again, going back
to on prem days where you're worried about,
like, terminal server licensing or Windows licensing for
the server.
That's all gonna be included with that Microsoft
three sixty five license. Some of the licensing
constructs are a little bit weird. So I
(13:31):
think it's a good call out that, yes,
you have to have Windows licensing,
But let's hold off for a couple minutes
and we can kind of talk AVD cost
and estimation and things like that. Because Windows
licensing is almost its own certification on the
side to go out and figure out where
you're going to pick that up from. But
it's definitely consideration for you. Yeah. You have
to think about the operating system, the applications
(13:51):
that are gonna be deployed there.
And you would have done this in any
other VDI environment as well.
Do I even have the rights or the
ability with the vendors that I contract with
to be able to run that software on
a remote desktop? How is it licensed? You
know, does does that piece of software require
a little USB key to be plugged in
the whole time? Well, like, that's maybe not
(14:13):
gonna work for you in this scenario kind
of thing. So you do have to walk
through and and think through that as well.
I would imagine most folks who are looking
at a
remote desktop solution or or a virtual desktop
solution,
they've kind of already worked through this in
on prem land. Like, I see a lot
of folks who are going to cloud. And
(14:33):
then, you know, the cloud first ones,
you know, a lot of them, I think,
for probably for the better or for them,
just end up in the more out of
the box, sassy kind of solutions,
you know, like Windows desktop, like Windows three
sixty five desktop. I would agree. So that's
really I mean, once you have that, that's
all you need to get started. And I
(14:53):
would my opinion, to just stand up a
small ABD environment. Get a couple servers up
there, get it running to the point where
you can log in. Once you have those
things in place,
it's pretty straightforward.
It can get complicated quickly depending as you
scale it out and all of that. There's
lots of different buttons. But once you have
those,
(15:14):
there's just a couple things to create, and
you can be up and running with ABD.
Do we wanna start diving through, like, now
you have those in place, steps to go
stand up ABD? So we should probably start
with host pools and session hosts. So I
was on the fence. I'm like, do you
start with host pools or do you start
with workspaces?
Because
the I would say the first thing you
(15:36):
go in and create because I think you
can get all the way through a workspace
without any
yeah. The first thing you need is a
workspace. We're gonna start with that. So
a workspace is where these different and I'm
gonna call them applications
live.
But applications
groups or applications that live within a workspace
could be a desktop environment, that RDP type
(15:58):
of session, or it could be those individual
applications.
So, really, what a workspace is is you're
gonna go in and you're gonna pick a
subscription and a resource group for this workspace,
give it a workspace name, give it a
friendly name. So this is what people are
going to see when they go log in
to
the ABD environment. So like you said, Scott,
(16:19):
when you're in Europe, when you're out on
the West Coast, the East Coast, you may
have a workspace that is
based
on East Coast, West Coast, Europe, etcetera, because
one thing you do in addition to the
name and the subscription is give it the
location
where this particular workspace is gonna live. What
(16:40):
region, East US, East US 2, West US,
etcetera. And
once you have kind of this workspace defined,
you can choose at that point in time
to go create one of these application groups.
Applications are gonna live there. If not, you
can just go through, and that's really all
you need is just that default workspace.
After the workspace,
(17:01):
it's kind of a toss-up here because then
you need application groups and you need host
pools. The next thing you're probably gonna wanna
do is that host pool after workspace.
So a host pool is going to be
exactly that. You're gonna say this is a
pool of hosts, a pool of VMs
that are gonna power the different applications,
(17:23):
or the different RDP sessions
within my environment.
So once you have that workspace, you can
go in and same type of thing, you
pick your subscription, you pick your resource group,
you give your host pool a name.
The workspace can be different than the host
pool. So the host pool here, you also
pick a location for, and then you're going
to pick, is this going to be a
(17:45):
host pool that hosts
remote
desktop sessions where people are logging in, or
is this host pool going to host remote
apps? So this is one scenario you can't,
like, mix and match within a host pool.
You pick one or the other. And this
is where workspaces
can come into place
is you could create a host pool for
(18:05):
desktops and a host pool for those remote
apps, launching your Office apps, Firefox, etcetera,
and put them within the same workspace so
that even though you have these different pools
on the back end running your resources,
for your end users, they show up in
a single workspace
and give it a cohesive look for your
end users.
(18:26):
So you're gonna pick that type. Are these
desktops or applications?
And then
do you want this host pool? You have
two different types of host pools that you
can set up. You can set up a
pooled host pool where it's really just taking
a bunch of resources,
pooling all those resources together,
and as users log in, they just draw
from this pool of resources.
(18:47):
The other option is personal, and this gets
into if you wanna kinda host more of
like your own cloud PC type of environment
where a
host is tied to a specific individual.
So if we were creating one for the
podcast, Scott, and we did personal, I would
have to go in and stand up a
host for you and a host for me,
and then I pick
Scott gets this host, Ben gets this host.
(19:09):
So instead of pulling from
a conglomeration of resources in a pooled scenario,
we get our own dedicated
resources. And then from there, you're gonna go
pick how many virtual machines do you wanna
add. And from this this point in time,
it's a lot like just standing up a
virtual machine in Azure. You're gonna go
have a few unique things. You're gonna have
(19:30):
the resource group. You're gonna have the prefix
that you use for session hosts.
So naming your servers. And
this is a little bit unique is that
you don't pick the full name. You pick
a prefix, and then it'll start appending 0123456
on up as you create additional hosts in
your host pool. I so think through that
prefix. Know that it's gonna start adding numbers
(19:52):
to it, so you do have a limited
number of characters. I believe it's 11 that
you can use
because it starts
appending other things to it. I was just
looking ten, eleven. That's 11. Length of 11
for your prefix.
Then you can go pick your virtual machine
settings, regions, availability
(20:13):
zones,
secure boot, TPM,
your disk images, your size of your VMs,
how many you wanna create. So if you're
creating a big host pool and you wanna
create 10 or 15 at a time, you
can do that. OS disks, networking,
domain settings to join the domain,
virtual machine admin account,
get a lot of your normal,
(20:35):
VM settings. With the images,
I would say
look at what images are out there. You
have your
typical Windows seven, Windows 11 or Windows Server,
Windows 11
images. But a lot of times in ABD,
especially if you're doing these
pooled resources and multiple people sharing a VM,
there is a very specific image out there
(20:57):
from Microsoft, the Windows multi session image.
And there's also a multi session with your
Microsoft three sixty five apps. So if you're
standing up that environment
and you are gonna have pool resources, you're
gonna be using Microsoft three sixty five, you
wanna make sure you're grabbing this multi session
image from the marketplace
(21:19):
because Microsoft has done a lot of work
in there to optimize that
certain configurations
around your desktop applications to ensure that those
work well within multi session.
So if you go, like, just grab the
default Windows 11 or Windows 10,
and you're doing that multi session type scenario,
you could run into
(21:39):
several different issues.
The other thing you can do is you
can do custom images. You can go do
your own shared images, your own
golden images.
There's guidance around how to do all that.
If you're gonna go that route, same thing.
Make sure that you're starting with that multi
session image in Azure and creating your own
customized golden image from there. Just, again, to
(22:01):
help with that. I wonder which path you
go down given you've done this with, you
know, a couple customers on your side.
Do you kinda recommend
the image path? Or do you recommend
the
let's go with an out of the box
marketplace image? Like you said, it's gonna be
kinda bootstrapped and configured and have that good
(22:22):
known configuration for, say,
multi session
teams, right, and and everything tweaked and and
ready to go in that image. And then
doing post deployment because I, you know, I
could be jumping the gun a little bit,
but one of the things that happens here
as well is you can manage these environments
and these units of compute. You know, you
said resources a bunch of times. I'm just
(22:44):
thinking in the back of my head. Units
of compute. Units of compute. Units of compute.
I'm spinning up VMs and disks
and things like that behind it. But you
can also manage all that with Intune. Which
means you also get
the management
kind of plane and
tasks and the ability to push things out
of Intune that come from that stack. So
you can also do a lot of your
(23:05):
post configuration as far as, like,
boot of a host comes up and does
this. Well, let me go ahead and pull
these things down for this period of time.
And that can get into the weirdness, like
you said, of what type of host pool
is it. Is it a user host pool?
Is it a big
shared pool where we're doing multi session and
and those kinds of things. But you can
(23:26):
kinda have your cake and eat it too.
It's just you have to think through everything
end to end because there's a bunch of
moving pieces in there between how the host
pools compose, what the underlying units of compute
are. There's a lot of granularity, like you
said, even down to your deployment types because
you're deploying VMs. Like, what zones do these
go into?
What does that look like and how does
it all spin up? But then, yeah, you
(23:48):
know, if it's one less thing to worry
about, I think, if you don't have to
manage images, then you can just use the
out of the box marketplace stuff and do
post deployment, post boot, you know, think through
your roaming profiles and and all those kinds
of things as well and and get your
environments up that way. Yes.
(24:10):
Do you feel overwhelmed by trying to manage
your Office three sixty five environment? Are you
facing unexpected issues that disrupt your company's productivity?
Intelligink is here to help. Much like you
take your car to the mechanic that has
specialized knowledge on how to best keep your
car running, Intelligink helps you with your Microsoft
cloud environment because that's their expertise.
Intelligent keeps up with the latest updates in
(24:32):
the Microsoft cloud to help keep your business
running smoothly and ahead of the curve. Whether
you are a small organization with just a
few users up to an organization of several
thousand
employees. They want to partner with you to
implement and administer
your Microsoft cloud technology.
Visit them at inteliginc.com/podcast.
That's intelligink.com/podcast
(24:59):
for more information or to schedule a thirty
minute call to get started with them today.
Remember, Intelligink focuses on the Microsoft cloud so
you can focus on your business.
So I do the marketplace image as much
as I can. I do have one client
where
we created a golden image and did the
(25:19):
custom image. Again, I started
from that multi session image to build the
custom one. And I would say,
again, it depends.
Like you said, multisession is great. Part of
what I would say you run into with
just doing Intune and just doing post deployment
is,
one, can you get Intune to do
(25:41):
everything
you need?
So certain applications can
be very complex
to get set up with Intune and deploy
if there's more than just, like, run an
MSI to get it there.
The other thing Microsoft
does still recommend, and if you think about
it, it does kinda make sense, is not
to turn on the auto updating in your
(26:02):
Windows updates.
You can do, like, the security updates, but
you still wanna be careful with feature updates.
Even some of the other patching,
think through the whole whole host pool scenario
where
if you have
a pool of 50 different virtual machines,
and
because it's pooled, a user could log out
(26:23):
and log in to
log out, log in again the same day,
and end up on a completely different host
than they were on fifteen minutes before.
So if your
machines
aren't
all identical,
you could, in theory,
end up with weird things, especially if you're
doing the whole roaming profiles in FSLogix
(26:44):
where, like I think of Teams for an
example. Teams does not install in program files
anymore. It does some weird stuff with what
it puts in a user's
app data or app data. So if you're,
like, have a roaming profile and you end
up with two different versions of Teams on
different machines,
different things with browsers, like, all those different
things you think about that if you go
(27:06):
to a different machine and something's mismatched where
problems could arise. So there is, I would
say, an aspect that's nice to doing a
custom image
that
certain things you control.
And when it's time
to do certain updates, you just do a
refresh of the image and
start there.
But like you said, there are certain things
(27:27):
you can manage with Intune, certain applications you
can install with Intune.
So I end up with that weird mix
of certain applications.
Absolutely. I just push them down from Intune.
I don't worry about putting them in the
global image. Adobe Reader is a great one.
Push Adobe Reader down from Intune. Your Office
applications,
those are bundled in the image. What other
ones? Firefox. I think they tend to push
(27:49):
different browsers down through Intune.
But, yeah, there's other things and other scenarios
where you absolutely still end up doing custom
images. That felt like a really long answer.
Yeah. Well, I mean, you can also mix
and match. So
you can do both along the way. You
know, I think image management used to be
a lot easier when it was all local.
And you could kind of do everything in
(28:10):
your local hypervisor and then just load it
into your environment.
And managing Azure images in general is a
little bit different. Like, there's a different set
of drivers and considerations
and how you might wanna think about even,
you know, just monitoring VM health and things
like that that end up on those. So
it's not something where you kinda walk in
and you go, it's just the way I
(28:30):
did it on prem. It's it's different. And
I think you're better served by kinda thinking
about it as different. Like, if you're not
in this world today or you're coming in
and you're like, you know, I just just
do golden images today and it's fine.
You might wanna rethink that and take some
time and plan through it because it might
not be the fit for everything along the
way. So before we leave the kind of
(28:50):
compute side of it, I think the other
thing that's important to mention is these are
units of compute that get spun up. These
are virtual machines.
So they consume
CPU. They potentially consume GPU. They consume disks.
So that means you need to have quota
for all those things as well. Like, I
can't stand up
a 50,
a 50
(29:11):
VM host pool
if I don't have access to, you know,
those hundred CPUs
or those 200 CPUs
and that actual quota in that region ready
to go in there. And then the other
thing to keep in mind is just because
you have a quota doesn't always mean that
the compute is available as well. Like that's
another weird one. You can't just go and
(29:33):
always spin up 50 VMs depending on your
environment, your quota, and what's going on, especially
if it's not all reserved compute that's reserved
and held out for you all the time.
Yes. I have absolutely hit that before where
we went to go stand up and I
mean, a lot of default quotas are, like,
50 CPUs.
And one of these in particular,
(29:53):
we needed to stand up, like, twenty sixteen
core VMs
or twenty four sixteen core VMs.
That is a lot more than 50. So
we had to go get quota right away.
The other thing I would also say is
a lot of these
going back to even your custom images, if
you wanna refresh these. Right? If you have
(30:14):
a VM that
has issues
or when I go to
stand up new images, let's say I go
do an update, I wanna refresh with my
golden image, Intune does not push stuff down
instantaneously.
So if this is one of those environments
where it has to run around the clock
or you have to have a certain number
around the clock, you may actually have to
(30:35):
run
double the amount of compute that you normally
would for twelve hours or for twenty four
hours so that your
new images can come up, Intune can get
deployed, they can get joined to AD,
they can get all the applications pushed down
to them. All that stuff that maybe takes
a few hours to do can get done
(30:57):
on your new VMs while your old VMs
are still running, which means you need twice
the amount of quota. And then you can
shut down your old images, get rid of
them as people log out of them as
you don't need them anymore. But sometimes you
need a lot more quota than you initially
think because of some of that overlap in
how you do your deployments. We got compute.
You mentioned kind of roaming profiles in FSLogix.
(31:19):
So once you've got your compute, I think
there's a step kind of in the middle
here where you've got to assign your users.
So we talked about the need for Active
Directory or Azure
AD, Entra ID to be there. And push
those things through. So you've got to assign
those users to virtual desktops
or
to your groups of applications
(31:40):
that you have out there. You gotta give
those users access, potentially bootstrap them, get them
going, get them set up on the Windows
app.
All that kind of stuff.
And once that's ready to go, then we're
into
actually configuring that. So you mentioned roaming profiles,
FSLogix.
Let's kinda take a step back there, maybe
(32:01):
real high level. What's what the benefits are
of FSLX,
FSLogix profiles,
profile containers,
and how that impacts the user experience. So
profiles, this is a big one. I would
say this is almost a requirement
if you are doing that pooled approach. Because
we we talked about it. Right? Like, this
one environment
(32:22):
or a larger environment, you may have 24
different
VMs in a shared host pool. Let's say
each one of those can support 10 people.
You have, like, 240 users that are using
ABD across those 24 VMs. If you don't
do the whole
roaming profiles, which is essentially
my profile
for my Windows environment, is stored off in
(32:44):
another
storage account. It could be NetApp storage. It
could be Azure files.
But that typical
c users,
b steging,
s h og is stored out there. When
I log in to a virtual machine, it
goes out to that file share, grabs my
profile,
loads it into that VM that I'm connected
(33:04):
to so that as I'm doing my work,
working in my documents or
working within Outlook,
all of that application
data that's stored in my user profile,
stored in there. When I log out of
the VM, it gets written back to
that network storage location,
and saved out there. The benefit is is
(33:25):
because I'm in that pooled environment, and I
mentioned this before, I may go log in
ten minutes later and end up on a
completely different virtual machine.
If I have my profile on that network
drive, now it can pull in my profile,
pull it into that second VM I'm logged
into,
and I really am just picking up right
where I left off. All my applications
(33:45):
are configured the same. My documents are there.
Everything I configured on my desk top is
there.
Everything is configured as it should be or
as I left it versus if I'm not
doing that and I'm logging in from one
machine to another machine to another machine, those
profiles are local to that machine. So now
I have
a profile on every single VM I've logged
into,
(34:06):
and
the information that's stored in my user profile
on my machine
is different because it's on all these other
virtual machines. The other downside is guess what
else profiles take up on all those different
virtual machines? Storage space on your c drive.
Mhmm.
If I have 240
users
logging in to each one of those machines
at any time, 240
(34:27):
profiles
on each machine across however many machines. I
said 24 machines.
It takes up a lot of storage space
as well, so you end up with a
whole mess of profiles
and
storage bloat and expensive disks and all of
that. So, absolutely, if you're going down this
pooled route, I and if you're doing more
(34:49):
than if you're doing really more than one
machine, you should think about doing these roaming
profiles,
doing FSLogix.
I have done this before where it's a
small company,
five users.
They want the benefits of ABD from the
remote application logging in. They just stand up
one great big machine. There's some downsides to
that, but one great big machine, you don't
(35:10):
need to go through the extra effort of
roaming profiles because
you got a handful of people, their profiles
are on the machine,
you can get away with it and be
fine. I think beyond the consistency of the
user experience, which is important,
hey, let's make sure my app config carries
over and those things are there, You'll also
see vastly improved login times because all that
(35:31):
information already exists and it's ready to go
and it doesn't need to be bootstrapped.
If you think about the out of the
box bootstrapping experience for just logging in the
first time as a user to a new
desktop,
you don't want your users to go through
that every time. So, yeah, if you do
have that pool out there and then that's
ready to go, I think that's a consideration
for you. So we got roaming profiles. We
(35:53):
talked a little bit about management with Intune.
Management with Intune does extend beyond deploying applications.
You can also monitor
VM health and and some things in there.
So I think it's a little bit of
a mix between what you're gonna monitor potentially
in Intune versus
Azure Virtual Desktop as a service
and Yep. And the health of your pools,
(36:15):
things like that. Yeah. We talked about FSLogix.
Intune, you can also push out all your
FSLogix settings.
So, typically, a lot of people did that
with GPOs. Those are all in Intune now.
So you can say, here's all my FSLogix
settings, all that. That's another big reason to
put them in Intune. Alright. So we got
that. Other considerations,
(36:35):
cost.
So you mentioned Windows licensing, things like that.
I think that's definitely out there.
You know, you've got the cost of Azure
Virtual Desktop itself. Like, here's the cost of
the service. Which do you know what the
cost of that is, Scott? Free? Nothing. Yeah.
It's free. It's all management. It it's it's
kinda like AKS It really is. And those
things. But then you roll in your virtual
(36:56):
machines on top of that, your storage is
gonna have a cost to it. So if
you deploy those FSLogix profiles into Azure Files
or Azure NetApp Files,
That's another thing that you potentially need to
consider that's out there. You also need to
consider your network usage. Depending on how your
egress goes from regions, things like that, there
can be billable networking components in there for
(37:18):
you. So it's worth it to spend a
little bit of time in the Azure pricing
calculator as well and add some of those
services in and see where you're going to
land. Like if you know you're going to
have
n hundred gigabytes
or
n terabytes
of user profiles,
Well, go figure that out and and start
to spec that cost. Start to spec some
of your
VM sizes. And, you know, you can play
(37:40):
around with the sizes within the pools and
things like that.
There can be some meaningful differences between
the cost of a VM
size and series as you're stepping in. And
that might even, you know, impact the regions
that you go to. Maybe you require a
certain VM size or VM series
(38:01):
for your multi session pool compute
and that forces you into, say, like, East
US 2 in The US versus East US.
Or it forces you into West Europe versus
North Europe. Things like that. So
you you know, make sure that you're paying
attention to all of those things as well
when you're standing up your your environment
(38:21):
and
you're getting ready to go for it. You
can also use reserved instances for your compute.
So if you are a customer with reservations,
that's potentially another consideration for you or an
optimization that you can make along the way.
Is the same reservations that you're using for
your other compute in Azure, if you happen
to be using it there, can also be
used for, your pooled compute over in your
(38:42):
host pools in APD. Yep. Another cost I
would
100%
factor in is think about cost of log
analytics.
There are a lot of insights for ABD
around
errors when users are connecting,
around monitoring
the performance
of your ABD environment,
(39:02):
monitoring host diagnostics,
round trip times between your users and ABD,
any errors that users may log into, utilization,
all of that those insights in your monitoring
of ABD,
is tied to or is it's required to
have that tied to a log analytics workbook.
(39:23):
So if you do want to have any
type of
monitoring, logging
insights into all of that, you're gonna have
that cost of log analytics. And you can
also do scaling. So you mentioned reserved instances
as
a tweak and optimization.
The other thing you can do is scaling.
So if you
(39:43):
in the evenings, everybody leaves, it's not being
used at night. As people log out, you
can also shut
down and
turn on VMs
based on utilization and usage to help with
some optimization there. So you're not leaving
24 VMs running twenty four seven. You'd scale
down and you have four of them running
overnight. As people start logging in in the
(40:03):
morning, you ramp up, turn them on as
needed. Then again, as they leave, you start
shutting them down as people are logging off,
headed home for the evenings. Yeah. It's it's
basically VM scale sets and some of the
things that come in there.
All available and ready to go. So you
get that up, get your compute running, get
your users on there while your users need
to connect. That's just the Windows app these
(40:24):
days, AKA the remote desktop client.
I always forget all the platforms it runs
on. So you know the other one that
I do as I mentioned about like I'm
on my personal laptop and maybe I go
into AVD through the Windows app. I also
have you know my iPad. Sometimes I go
in there through my iPad real quick too
if I can just jam something out and
get it done. So you've got remote desktop
(40:47):
connectivity and clients across
Windows, macOS,
iOS,
Android,
you know all that stuff's out there
ready to go for you. You probably have
to give your users some information like
you know, make sure you log in with
your organizational ID. So that way, the first
time you log in, it ties into your
workspace
or workspaces
(41:08):
and presents that back to you in that
client. Like, if you're in the Windows app,
you know, it'll just present you a bunch
of, like, accordion,
Hey. You've got access to this workspace, this
workspace, this workspace. And then within those, here's
your
your units of compute that are available to
you. Yep. You can also do it, Scott,
right in the browser. If you don't want
to install an application, you just want to
go to the browser, there is a
(41:29):
URL you can visit, log in via the
browser, and do your remote desktop right in
your browser as well. Yeah. I always forget
that one. Like, it's just easier for me
to have the app there and sign in,
and then your workspace is automatically tied into
it. I've I've gotten quite lazy in my
old age. Yes. And, fortunately, to now the
Windows app, if you have multiple tenants, because
(41:49):
that's the world I live in, you can
add multiple accounts and quickly flip
between
different accounts and
different m three sixty five environments, different a
d v AVD environments within the app too,
which is also a handy aspect to it.
Cool. Well, that was a little bit of
a whirlwind one and a long one for
us. So
thanks for those of you that are still
(42:10):
listening
and
sticking
with us.
And so we've got AVD
end to end. We'll have to see if
we can talk about some more VDI stuff
in the future here. But we'll have links
in the show notes for everybody to
go out and
listen.
As always, you can give us feedback and
(42:31):
questions via the website. We're on threads
at MSCloudITPro.
We're on
the Mastodon,
LinkedIn,
Facebook. Hit us up. Let let us know
what you want to do. Blue Sky. Come
on, Scott. Blue Sky. Blue Sky. That's where
I've seen I've had most of my interactions
lately on Blue Sky. Blue Sky is out
there as well.
Yeah. All the socials. You can find us
(42:52):
somewhere. All the all the socials.
Alright. Well, thank you, Scott. Enjoy
Seattle. Hopefully,
you get some nice weather out there, and
I will enjoy sunny, warm Florida. Well, it's
cold here. It's currently 22 degrees Fahrenheit. So,
like, we're Go skiing. By minus 10. Celsius
minus 10. It's it's cold. It's chilly. Alright.
(43:12):
Well, thanks. Enjoy. Stay warm, and we'll talk
to you again soon. Alright. Thanks,
bud. If you enjoyed the podcast, go leave
us a five star rating in iTunes. It
helps to get the word out so more
IT pros can learn about Office three sixty
five and Azure.
If you have any questions you want us
to address on the show, or feedback about
the show, feel free to reach out via
(43:34):
our website, Twitter, or Facebook.
Thanks again for listening, and have a great
day.
Popular Podcasts
On Purpose with Jay Shetty
I’m Jay Shetty host of On Purpose the worlds #1 Mental Health podcast and I’m so grateful you found us. I started this podcast 5 years ago to invite you into conversations and workshops that are designed to help make you happier, healthier and more healed. I believe that when you (yes you) feel seen, heard and understood you’re able to deal with relationship struggles, work challenges and life’s ups and downs with more ease and grace. I interview experts, celebrities, thought leaders and athletes so that we can grow our mindset, build better habits and uncover a side of them we’ve never seen before. New episodes every Monday and Friday. Your support means the world to me and I don’t take it for granted — click the follow button and leave a review to help us spread the love with On Purpose. I can’t wait for you to listen to your first or 500th episode!
Stuff You Should Know
If you've ever wanted to know about champagne, satanism, the Stonewall Uprising, chaos theory, LSD, El Nino, true crime and Rosa Parks, then look no further. Josh and Chuck have you covered.
Dateline NBC
Current and classic episodes, featuring compelling true-crime mysteries, powerful documentaries and in-depth investigations. Follow now to get the latest episodes of Dateline NBC completely free, or subscribe to Dateline Premium for ad-free listening and exclusive bonus content: DatelinePremium.com