NERDIO GUIDE
Blog
Introduction
Orphaned or unused virtual desktops in your Azure Virtual Desktop (AVD) environment are virtual machines (VMs) that are no longer actively used but continue to consume resources. Ignoring these resources can lead to significant unnecessary costs, potential security vulnerabilities, and an overly complex infrastructure.
This guide will walk you through the essential steps to identify and safely de-provision these resources, ensuring your AVD environment is both cost-effective and secure.
How can I proactively prevent orphaned AVD virtual desktops from being created?
Implementing proactive strategies is the most effective way to avoid the costly and time-consuming process of cleaning up orphaned resources after the fact. By establishing clear policies and automated processes, you can prevent unused VMs and other AVD components from being left behind.
What are common reasons for orphaned AVD resources?
- User offboarding: A primary cause is when a user is deprovisioned from the organization, but their AVD session host is not properly removed from the host pool. The VM is left running or in an allocated state.
- Failed deployments: Sometimes, an automated provisioning script or manual deployment fails midway, leaving behind resources like VMs, disks, or network interfaces that are not attached to a host pool.
- Improper scaling: Changes to host pool scaling plans or manual adjustments can sometimes leave VMs in a running state even when there are no users, or create resources that are not properly registered.
What best practices can I implement to prevent orphaned desktops?
- Automated lifecycle management: Use automation to handle the entire lifecycle of a virtual desktop, from provisioning to deprovisioning, as part of your user management process.
- Infrastructure as Code (IaC): Use tools like Azure Resource Manager (ARM) templates, Bicep, or Terraform to deploy AVD resources in a consistent, repeatable manner. This reduces manual errors and makes it easier to clean up resources later.
- Clear deprovisioning policies: Establish and enforce a clear, documented process for what happens to a user's virtual desktop when they leave the organization or no longer need access.
This diagram illustrates a proactive, automated lifecycle for AVD resources, from creation to de-provisioning, to help you prevent orphaned virtual desktops from being created in the first place.
How can I identify unused virtual desktops in AVD using native azure tools?
Native Azure tools provide powerful capabilities for monitoring and querying your environment to identify resources that are no longer in use. You can leverage these tools to gain visibility into your AVD deployment and pinpoint potential cost-saving opportunities, even set up alerts for unexpected AVD cost spikes.
How do I use azure monitor and log analytics to find unused virtual desktops?
- First, ensure that your AVD host pools and workspaces are configured to send diagnostic logs to a Log Analytics workspace.
- In your Log Analytics workspace, use Kusto Query Language (KQL) to query the WVDConnections table. A common approach is to look for session hosts that have not had any user connections over a specific time period (e.g., 30, 60, or 90 days). Here’s an example KQL query:
WVDConnections
| where TimeGenerated > ago(60d)
| summarize LastConnectionTime = max(TimeGenerated) by SessionHostName
| project SessionHostName, LastConnectionTime
| join kind=rightouter (
AzureDiagnostics
| where Category == "HostRegistration"
| summarize HostRegistrationTime = max(TimeGenerated) by HostName
| project HostName = HostName
) on $left.SessionHostName == $right.HostName
| where isempty(SessionHostName)
| project UnusedHost = HostName
This query first identifies all session hosts that have had connections in the last 60 days, and then performs a join to find any registered session hosts that do not appear in this list, indicating they are likely unused.
Can I use Azure Resource Graph Explorer to identify resources?
- Yes, Azure Resource Graph Explorer is an excellent tool for querying your Azure environment at scale.
- You can use KQL queries to find all virtual machines tagged as AVD session hosts and then cross-reference this list with your Log Analytics data or other monitoring reports.
- This is particularly useful for finding resources that may have been created but never properly registered with an AVD host pool.
Know the TCO
This step-by-step wizard tool gives you the total cost of ownership for AVD in your organization.
What manual and scripted methods are available to de-provision unused AVD resources?
Once you have identified the unused or orphaned resources, you need a safe and reliable method to remove them. You can perform this manually through the Azure portal or automate the process with scripting tools like PowerShell.
How can I manually de-provision a virtual desktop through the Azure portal?
- Navigate to your AVD host pool in the Azure portal.
- Under "Session hosts," identify the session host you want to remove.
- First, put the session host in "drain mode" to prevent any new user connections.
- Next, delete the session host from the host pool.
- Finally, navigate to the associated virtual machine and delete it along with its associated resources like the OS disk and network interfaces. Be very careful to select the correct resources to avoid accidental deletion.
How can I automate de-provisioning with powershell and azure cli?
- For environments with many session hosts, scripting is more efficient and reliable.
- PowerShell: You can use the Az.DesktopVirtualization and Az.Compute modules. The process involves identifying unused hosts, draining them, and then using cmdlets like Remove-AzWvdSessionHost and Remove-AzVm to delete the resources.
- Azure CLI: The az desktopvirtualization and az vm command groups provide similar functionality for scripting the deprovisioning process.
- These scripts can be integrated into Azure Automation runbooks or scheduled tasks to run on a regular basis, automating the cleanup process.
How does Nerdio simplify the identification and de-provisioning of orphaned virtual desktops?
For enterprise-scale AVD environments, relying solely on native tools and manual scripting can become complex, time-consuming, and prone to human error. Nerdio Manager for Enterprise is a management and automation platform that simplifies and optimizes AVD deployments, providing a more robust solution for lifecycle management.
This table provides a clear comparison of the benefits and drawbacks of manual versus automated methods for managing and de-provisioning AVD virtual desktops.
| Feature | Manual/Scripted Approach | Automated with Nerdio |
|---|---|---|
| Effort | High; requires significant manual intervention or complex script creation and maintenance. | Low; policy-driven automation reduces administrative burden. |
| Reliability | Prone to human error, inconsistencies, and missed resources. | Consistent and accurate; policies ensure all associated resources are handled. |
| Time to Identify | Requires manual KQL queries, PowerShell scripts, and analysis, which can be time-consuming. | Instant visibility via a centralized dashboard and proactive flagging of unused resources. |
| Scalability | Difficult to manage effectively in large, dynamic enterprise environments. | Designed for enterprise scale, easily managing thousands of virtual desktops. |
| Cost Impact | Reactive cleanup often occurs after significant costs have accrued; potential for ongoing wasted spend. | Proactive cost optimization through intelligent auto-scaling and automated de-provisioning, leading to significant savings. |
What are the limitations of manual or native scripting for enterprise-scale AVD environments?
- Native scripting requires deep technical expertise in KQL, PowerShell, and Azure CLI.
- Manual cleanups are time-consuming and carry a high risk of accidentally deleting the wrong resources.
- It is difficult to maintain a consistent process and audit trail for a large number of resources and administrators.
- Native tools often lack a centralized, easy-to-use interface for a comprehensive view of resource utilization.
How can Nerdio automate the identification of unused resources?
- Nerdio provides a centralized dashboard that gives you immediate visibility into the status and usage of all your AVD resources. This eliminates the need for complex, manual queries.
- The platform's built-in analytics and reporting proactively flag underutilized or unused session hosts, making it simple for administrators to identify potential orphaned resources.
- You can easily see the last connected user and last connection time for any VM, helping you make informed decisions about deprovisioning.
How can Nerdio automate the de-provisioning process?
- Nerdio's intelligent auto-scaling and lifecycle management features can be configured to automatically de-provision resources based on your business rules.
- For example, you can set policies to automatically shut down or deallocate session hosts after a user has disconnected for a specified period.
- When an administrator deprovisions a user, Nerdio can automatically remove all associated AVD resources, including the session host, OS disk, and user profile disk (if applicable), ensuring no orphaned resources are left behind.
- This policy-driven automation saves countless hours of manual work, reduces the risk of human error, and ensures your AVD environment remains optimized for cost and performance.
See this demo to learn how you can optimize processes, improve security, increase reliability, and save up to 70% on Microsoft Azure costs.
Optimize and save
See how you can optimize processes, improve security, increase reliability, and save up to 70% on Microsoft Azure costs.
Frequently Asked Questions
Related resources
Blog
Nerdio Manager for Enterprise
Easily solve 5 common AVD pain points
Blog
Nerdio Manager for Enterprise
Simplifying app management & delivery in AVD with Nerdio
About the author
