Tutorial: Create and connect to a Windows 11 desktop with Azure Virtual Desktop


TIme Zone:  


$tz = Get-TimeZone -ListAvailable |Out-Gridview -Outputmode Single

Set-TimeZone -ID $tz.Id


https://learn.microsoft.com/en-us/azure/virtual-desktop/tutorial-create-connect-personal-desktop?tabs=windows-client


https://learn.microsoft.com/en-us/azure/virtual-desktop/troubleshoot-azure-ad-connections


In this article

  1. Prerequisites
  2. Create a personal host pool, workspace, application group, and session host VM
  3. Assign users to the application group
  4. Enable connections from Remote Desktop clients

Show 2 more

Azure Virtual Desktop is a desktop and app virtualization service that runs on the cloud. This tutorial shows you how to deploy a Windows 11 Enterprise desktop in Azure Virtual Desktop using the Azure portal and how to connect to it. To learn more about the terminology used for Azure Virtual Desktop, see Azure Virtual Desktop terminology.

You will deploy a sample infrastructure by:

  • Creating a personal host pool.
  • Creating a session host virtual machine (VM) joined to your Azure Active Directory tenant with Windows 11 Enterprise and add it to the host pool.
  • Creating a workspace and an application group that publishes a desktop to the session host VM.
  • Assigning users to the application group.
  • Connecting to the desktop.

 Tip

This tutorial shows a simple way you can get started with Azure Virtual Desktop. It doesn't provide an in-depth guide of the different options or using more restrictive permissions. For more advanced scenarios or some suggestions of what else you can configure, see some of the articles we list in Next steps.

Prerequisites

You'll need:

  • An Azure account with an active subscription. If you don't have an Azure subscription, create a free account before you begin.

  • The account must be assigned the Owner or Contributor built-in role-based access control (RBAC) role on the subscription, or on an resource group. For more information, see Assign Azure roles using the Azure portal.

  • virtual network in the same Azure region you want to deploy your session hosts to.

  • A user account in Azure Active Directory you can use for connecting to the desktop. This account must be assigned the Virtual Machine User Login or Virtual Machine Administrator Login RBAC role on the subscription. Alternatively you can assign the role to the account on the session host VM or the resource group containing the VM after deployment.

  • A Remote Desktop client installed on your device to connect to the desktop. You can find a list of supported clients in Remote Desktop clients for Azure Virtual Desktop. Alternatively you can use the Remote Desktop Web client, which you can use through a supported web browser without installing any extra software.

Create a personal host pool, workspace, application group, and session host VM

To create a personal host pool, workspace, application group, and session host VM running Windows 11:

  1. Sign in to the Azure portal.

  2. In the search bar, type Azure Virtual Desktop and select the matching service entry.

  3. From the Azure Virtual Desktop overview page, select Create a host pool.

  4. On the Basics tab, complete the following information:

    ParameterValue/Description
    Project details
    SubscriptionSelect the subscription you want to deploy your host pool, session hosts, workspace, and application group in from the drop-down list.
    Resource groupSelect an existing resource group or select Create new and enter a name.
    Host pool nameEnter a name for the host pool, for example aad-hp01.
    LocationSelect the Azure region from the list where the host pool, workspace, and application group will be deployed.
    Validation environmentSelect No. This setting enables your host pool to receive service updates before all other production host pools, but isn't needed for this tutorial.
    Preferred app group typeSelect Desktop. With this personal host pool, you'll publish a desktop, but you won't also be able to add a RemoteApp application group to publish applications separately. See Next steps for more advanced scenarios.
    Host pool type
    Host pool typeSelect Personal. This means that end users have a dedicated assigned session host that they'll always connect to. Selecting Personal shows a new option for Assignment type.
    Assignment typeSelect Automatic. Automatic assignment means that a user will automatically get assigned the first available session host when they first sign in, which will then be dedicated to that user.

    Once you've completed this tab, select Next: Networking.

  5. On the Networking tab, select Enable public access from all networks, where end users can access the feed and session hosts securely over the public internet. Once you've completed this tab, select Next: Virtual Machines.

  6. On the Virtual machines tab, complete the following information:

    ParameterValue/Description
    Add Azure virtual machinesSelect Yes. This shows several new options.
    Resource groupThis automatically defaults to the resource group you chose your host pool to be in on the Basics tab.
    Name prefixEnter a name for your session hosts, for example aad-hp01-sh.

    This will be used as the prefix for your session host VMs. Each session host has a suffix of a hyphen and then a sequential number added to the end, for example aad-hp01-sh-0.

    This name prefix can be a maximum of 11 characters and is used in the computer name in the operating system. The prefix and the suffix combined can be a maximum of 15 characters. Session host names must be unique.
    Virtual machine locationSelect the Azure region where your session host VMs will be deployed. This must be the same region that your virtual network is in.
    Availability optionsSelect No infrastructure dependency required. This means that your session host VMs won't be deployed in an availability set or in availability zones.
    Security typeSelect Trusted launch virtual machines. Leave the subsequent defaults of Enable secure boot and Enable vTPM checked, and Integrity monitoring unchecked. For more information, see Trusted launch.
    ImageSelect Windows 11 Enterprise, version 22H2.
    Virtual machine sizeAccept the default SKU. If you want to use a different SKU, select Change size, then select from the list.
    Number of VMsEnter 1 as a minimum. You can deploy up to 400 session host VMs at this point if you wish, or you can add more later.

    With a personal host pool, each session host can only be assigned to one user, so you'll need one session host for each user connecting to this host pool. Once you've completed this tutorial, you can create a pooled host pool, where multiple users can connect to the same session host.
    OS disk typeSelect Premium SSD for best performance.
    Boot DiagnosticsSelect Enable with managed storage account (recommended).
    Network and security
    Virtual networkSelect your virtual network and subnet to connect session hosts to.
    Network security groupSelect Basic.
    Public inbound portsSelect No as you don't need to open inbound ports to connect to Azure Virtual Desktop. Learn more at Understanding Azure Virtual Desktop network connectivity.
    Domain to join
    Select which directory you would like to joinSelect Azure Active Directory.
    Enroll VM with IntuneSelect No.
    Virtual Machine Administrator account
    UsernameEnter a name to use as the local administrator account for these session host VMs.
    PasswordEnter a password for the local administrator account.
    Confirm passwordRe-enter the password.
    Custom configuration
    Custom configuration script URLLeave this blank.

    Once you've completed this tab, select Next: Workspace.

  7. On the Workspace tab, complete the following information:

    ParameterValue/Description
    Register desktop app groupSelect Yes. This registers the default desktop application group to the selected workspace.
    To this workspaceSelect Create new and enter a name, for example aad-ws01.

    Once you've completed this tab, select Next: Review + create. You don't need to complete the other tabs.

  8. On the Review + create tab, ensure validation passes and review the information that will be used during deployment. If validation doesn't pass, review the error message and check what you entered in each tab.

  9. Select Create. A host pool, workspace, application group, and session host will be created. Once your deployment is complete, select Go to resource. This goes to the host pool overview.

  10. Finally, from the host pool overview select Session hosts and verify the status of the session hosts is Available.

Assign users to the application group

Once your host pool, workspace, application group, and session host VM(s) have been deployed, you need to assign users to the application group that was automatically created. After users are assigned to the application group, they'll automatically be assigned to an available session host VM because Assignment type was set to Automatic when the host pool was created.

  1. From the host pool overview, select Application groups.

  2. Select the application group from the list, for example aad-hp01-DAG.

  3. From the application group overview, select Assignments.

  4. Select + Add, then search for and select the user account you want to be assigned to this application group.

  5. Finish by selecting Select.

Enable connections from Remote Desktop clients

 Tip

This section is optional if you're going to use a Windows device to connect to Azure Virtual Desktop that is joined to the same Azure AD tenant as your session host VMs and you're using the Remote Desktop client for Windows.

To enable connections from all of the Remote Desktop clients, you'll need to add an RDP property to your host pool configuration.

  1. Go back to the host pool overview, then select RDP Properties.

  2. Select the Advanced tab.

  3. In the RDP Properties box, add targetisaadjoined:i:1; to the start of the text in the box.

  4. Select Save.

Connect to the desktop

You're ready to connect to the desktop. The desktop takes longer to load the first time as the profile is being created, however subsequent connections will be quicker.

 Important

Make sure the user account you're using to connect has been assigned the Virtual Machine User Login or Virtual Machine Administrator Login RBAC role on the subscription, session host VM, or the resource group containing the VM, as mentioned in the prerequisites, else you won't be able to connect.

Select the relevant tab below and follow the steps, depending on which Remote Desktop client you're using. We've only listed the steps here for Windows, Web and macOS, but if you want to connect using one of our other Remote Desktop clients, see Remote Desktop clients for Azure Virtual Desktop.

  1. Open the Remote Desktop app on your device.

  2. Select the three dots in the top right-hand corner, then select Subscribe with URL.

  3. In the Email or Workspace URL box, enter https://rdweb.wvd.microsoft.com. After a few seconds, the message We found Workspaces at the following URLs should be displayed.

  4. Select Next.

  5. Sign in with the user account you assigned to the application group. After a few seconds, the workspace should show with an icon named SessionDesktop.

  6. Double-click SessionDesktop to launch a desktop session. You'll need to enter the password for the user account again.