AzureVirtualDesktop

From Piszczynski
Revision as of 13:04, 30 December 2022 by piszczynski>Aleks (→‎Create and configure session host images)

Automate creation of azure virtual desktop

This cmdlet will create the host pool, workspace, and desktop app group. Additionally, it will register the desktop app group to the workspace. You can either create a workspace with this cmdlet or use an existing workspace

  • New-AzWvdHostPool -ResourceGroupName <resourcegroupname> -Name <hostpoolname> -WorkspaceName <workspacename> -HostPoolType <Pooled|Personal> -LoadBalancerType <BreadthFirst|DepthFirst|Persistent> -Location <region> -DesktopAppGroupName <appgroupname>

Run the next cmdlet to create a registration token to authorize a session host to join the host pool and save it to a new file on your local computer. You can specify how long the registration token is valid by using the -ExpirationHours parameter.

  • New-AzWvdRegistrationInfo -ResourceGroupName <resourcegroupname> -HostPoolName <hostpoolname> -ExpirationTime $((get-date).ToUniversalTime().AddDays(1).ToString('yyyy-MM-ddTHH:mm:ss.fffffffZ'))

After that, run this cmdlet to add Azure Active Directory users to the default desktop app group for the host pool.

  • New-AzRoleAssignment -SignInName <userupn> -RoleDefinitionName "Desktop Virtualization User" -ResourceName <hostpoolname+"-DAG"> -ResourceGroupName <resourcegroupname> -ResourceType 'Microsoft.DesktopVirtualization/applicationGroups'

Run this next cmdlet to add Azure Active Directory user groups to the default desktop app group for the host pool:

  • New-AzRoleAssignment -ObjectId <usergroupobjectid> -RoleDefinitionName "Desktop Virtualization User" -ResourceName <hostpoolname+"-DAG"> -ResourceGroupName <resourcegroupname> -ResourceType 'Microsoft.DesktopVirtualization/applicationGroups'

Run the following cmdlet to export the registration token to a variable, which will be used later to register the virtual machines to the Azure Virtual Desktop host pool.

  • $token = Get-AzWvdRegistrationInfo -ResourceGroupName <resourcegroupname> -HostPoolName <hostpoolname>


Assign Users to Host Pool

Automatic assignment

To configure a host pool to automatically assign users to VMs, run the following PowerShell cmdlet:

  • Update-AzWvdHostPool -ResourceGroupName <resourcegroupname> -Name <hostpoolname> -PersonalDesktopAssignmentType Automatic```

To assign a user to the personal desktop host pool, run the following PowerShell cmdlet:

  • New-AzRoleAssignment -SignInName <userupn> -RoleDefinitionName "Desktop Virtualization User" -ResourceName <appgroupname> -ResourceGroupName <resourcegroupname> -ResourceType 'Microsoft.DesktopVirtualization/applicationGroups'

Direct Assignment

To configure a host pool to require direct assignment of users to session hosts, run the following PowerShell cmdlet:

  • Update-AzWvdHostPool -ResourceGroupName <resourcegroupname> -Name <hostpoolname> -PersonalDesktopAssignmentType Direct

To assign a user to the personal desktop host pool, run the following PowerShell cmdlet:

  • New-AzRoleAssignment -SignInName <userupn> -RoleDefinitionName "Desktop Virtualization User" -ResourceName <appgroupname> -ResourceGroupName <resourcegroupname> -ResourceType 'Microsoft.DesktopVirtualization/applicationGroups'

To assign a user to a specific session host, run the following PowerShell cmdlet:

  • Update-AzWvdSessionHost -HostPoolName <hostpoolname> -Name <sessionhostname> -ResourceGroupName <resourcegroupname> -AssignedUser <userupn>

Use the Azure portal also to assign users directly - Azure Virtual Desktop page > Host pools


Edit Remote Desktop Protocol properties for users (RDP settings)

To add or edit a single custom Remote Desktop Protocol property, run the following PowerShell cmdlet:

  • Set-RdsHostPool -TenantName <tenantname> -Name <hostpoolname> -CustomRdpProperty "<property>"

Edit multiple custom properties using semi colon seperated list:

  • $properties="<property1>;<property2>;<property3>"
    • Set-RdsHostPool -TenantName <tenantname> -Name <hostpoolname> -CustomRdpProperty $properties

To enable access from Windows devices not joined to Azure AD, add targetisaadjoined:i:1 as a custom RDP property to the host pool.

To access Azure AD-joined virtual machines using the web, Android, macOS and iOS clients, you must add targetisaadjoined:i:1 as a custom RDP property to the host pool. These connections are restricted to entering user name and password credentials when signing in to the session host.

Apply Licence to Azure virtual desktop session host

  • $vm = Get-AzVM -ResourceGroup <resourceGroupName> -Name <vmName>
    • $vm.LicenseType = "Windows_Client"
      • Update-AzVM -ResourceGroupName <resourceGroupName> -VM $vm

Verify license:

  • Get-AzVM -ResourceGroupName <resourceGroupName> -Name <vmName>

Run the following cmdlet to see a list of all session host virtual machines that have the Windows license applied in your Azure subscription:

  • $vms = Get-AzVM
    • $vms | Where-Object {$_.LicenseType -like "Windows_Client"} | Select-Object ResourceGroupName, Name, LicenseType


Create and configure session host images

Create Local Image

Can use Hyper-V manager to create a VM with a copied VHD

Ensure checkpoints are disabled:

  • Set-VM -Name <VMNAME> -CheckpointType Disabled

Ensure that the Disk is a Fixed disk as disks by default are created as dynamic. Using Hyper-V powershell module convert the disk to fixed:

  • Convert-VHD –Path c:\test\MY-VM.vhdx –DestinationPath c:\test\MY-NEW-VM.vhd -VHDType Fixed

Then you can upload the image (VHD) to an azure Blob container either with storage explorer or using azcopy

Modify/Configure Session Host image

Disable Automatic Updates via regkey:

  • reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU" /v NoAutoUpdate /t REG_DWORD /d 1 /f

Specify Start layout for Windows 10 computers:

  • reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer" /v SpecialRoamingOverrideAllowed /t REG_DWORD /d 1 /f

Set up time zone redirection

  • reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services" /v fEnableTimeZoneRedirection /t REG_DWORD /d 1 /f

Disable Storage Sense (Microsoft recommends for azure virtual desktop hosts)

  • reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\StorageSense\Parameters\StoragePolicy" /v 01 /t REG_DWORD /d 0 /f