4 Benefits of Azure Virtual Desktop for Your Organization  

Over the last two years, there has been a significant increase in market demand for end user computing (EUC) technologies. As enterprises face new challenges implementing initiatives related to remote or hybrid work, hardware refreshes, decreasing their global carbon footprint, and strengthening cybersecurity and ensuring cyber resilience — many have turned to cloud client computing and desktop virtualization to meet their organization’s EUC needs. 

When it comes to selecting the right solutions to ensure the efficacy of your EUC strategy and the cloud infrastructure needed to support it, most customers turn to Microsoft. A well-known, popular tech giant in the industry, Microsoft has long been the standard when it comes to end user computing. And they have preserved their standing with two relatively new Azure services – Windows 365 and Azure Virtual Desktop (AVD).  

Learn more below about the specific benefits Azure Virtual Desktop provides organizations across four common enterprise use cases.  

1. Supporting Remote and Hybrid Work at Scale   

As workers continue to prefer work-from-home (WFH) and work-from-anywhere (WFA) environments, enterprises need to be able to quickly deploy new users on the fly with the desktops and resources they need. Organizations, especially large global ones, have a diverse set of workers. In addition to catering to the needs of different departments and full-time roles, many employ remote and contract workers who do not have the need to access all company data, apps and programs.   

AVD can accommodate any EUC need while ensuring proper access controls are in place. Host pools, user groups and automation help IT admins on the backend manage end users, and the right permissions associated, at scale with ease. Additionally, through the Azure Marketplace customers can trial and leverage AVD and Azure cloud resources quickly to meet their business needs. Procurement is fast and activating licenses takes mere minutes for many cloud-native solutions like Nerdio Manager.  

2. Refreshing Outdated Hardware  

As enterprises today face aging hardware against chip shortages and supply chain constraints, many are looking to migrate their EUC needs to a more operational expense (OPEX) model. In other words, they don’t want to buy thousands of new devices in 2022 only to have to do the same thing in 2026. By leveraging virtual desktops in Azure, customers can shift their computing model to the cloud and open up more cost-effective strategies for edge computing. AVD allows enterprises the ability to leverage tablets, iPads, or similar devices. Even outdated devices with aged hardware can be reborn as cloud devices. All the aforementioned AVD benefits allow enterprises to lay a secure, scalable foundation for their BYOD and WFA policies and practices.  

3. Decreasing Global Carbon Footprint  

As the world looks to decrease its carbon footprint and strive for a greener society, studies show that cloud computing in Azure can be up to 93 percent more energy-efficient compared to an on-premises environment. Additionally, using Microsoft Azure is up to 98 percent more carbon efficient than using a traditional enterprise datacenter. Being more sustainable and reducing waste is also another very important benefit related to conducting fewer hardware refreshes. Not only are you saving money by enabling more cloud compatible devices and extending the life of your hardware investments – but fewer devices will need to be recycled overall.  

4. Strengthening Cybersecurity and Cyber Resilience   

Security is arguably the largest concern given today’s threat landscape and high-profile breaches. With constant threats seeking to expose data, and the need to continue business operations even if you’ve been breached or a data center outage occurs, the move to cloud makes even more sense. Organizations can optimize their AVD deployments to be more resilient by taking actions like ensuring an active/active disaster recovery configuration. And in working with Microsoft, organizations benefit from over 3,500 global cybersecurity experts working tirelessly to defend against every threat and protect their data and assets in Azure.

Be sure to schedule a demo with us to see how AVD can benefit your organization.

A Guide to Microsoft Azure Performance Monitoring and Running Azure Speed Tests: How to Make Azure Virtual Desktop (AVD) Run Better


Troubleshooting performance issues in virtual desktop environments is challenging.  It requires a solid grasp of the deployment architecture and an understanding of how the various system components interact with each other.  Poor or inconsistent performance is the single biggest reason for an end-user to be unhappy with their virtual desktop and is by far the most common reason for failures of virtual desktop projects. 

In this article, we’ll explore a practical, methodical approach to identifying and resolving common performance issues that arise in Azure Virtual Desktop (AVD) environments deployed in Azure.  This is not meant to be an exhaustive guide for every possible deployment scenario, but rather an easy-to-follow, practical approach.  We will not use fancy monitoring and reporting tools and will leverage only free, built-in tools for performance monitoring such as the Task Manager, Resource Monitor, and Azure Monitor. 

There are four likely areas that should be investigated when users report poor performance and this write-up will be organized in the following order: 

Reproducible vs. Sporadic: Azure Performance Problems 

Just like when you bring your car to a mechanic and the problem “goes away” by itself, pinning down performance problems can be difficult.  However, understanding specifically what the user means by “it’s slow” and being able to reproduce it at will decreases the difficulty of performance troubleshooting by an order of magnitude.   

For this discussion, let’s assume that performance issues are constant or reproducible.  Once we have a good grasp on how to troubleshoot these “easier” problems we’ll be able to tackle the more challenging “sporadic” performance issues.  The approach to troubleshooting reproducible issues is different from sporadic ones.  When the issue is happening in real-time, we want to watch various real-time metrics and identify the one constraint that’s the bottleneck.  When issues occur sporadically without a way to “make it happen” we have to rely on good quality reporting tools that can monitor many metrics at a granular level and help us correlate the occurrence of the issue with a historical view of the system metrics at that time. 

There is never more than ONE constraint at a time 

It is critical to remember that there is one, and only one, bottleneck that is constraining the system at any one time.  The goal should be identifying that one constraint and eliminating it.  Once that’s done, the bottleneck will shift elsewhere and that will become the new constraint of the system.  It is very possible that as soon as the current constraint is alleviated, the system performance improves only marginally until the bottleneck shifts elsewhere but that doesn’t negate the fact that our focus should always be on finding the one bottleneck that’s constraining the system right now.  Such focus will make our job significantly easier – solving for one variable – even if soon after we’ll have to solve for another. 

Microsoft Azure Troubleshooting Tools 

In this guide we are going to rely on a handful of free monitoring and troubleshooting tools.   

  • Task Manager – will be used to monitor and troubleshoot CPU-based system constraints 
  • Right-click task bar and select Task Manager OR
  • Press CTRL-ALT-DEL and click on Task Manager OR
  • From Run box or command prompt type taskmgr 
  • Resource Monitor – will be used to monitor and troubleshoot RAM and DISK related constraints 
  • From Task Manager>Performance tab click “Open Resource Monitor” link on the bottom left OR
  • From Run box or command prompt type resmon 
  • Ping – will be used to monitor and troubleshoot NETWORK latency and packet loss 
  • PingPlotter – can be used to correlate packet loss and latency with poor user experience and determine where along the path the issue occurred 
  • PingPlotter Free can be downloaded here 
  • Speedtest.net – will be used to measure internet bandwidth on local connection and within virtual desktop session 
  • Iperf – can be used for advanced throughput measurement between two network nodes 
  • Iperf can be downloaded here 
  • Azure Monitor is a very powerful tool that can be used to monitor many different metrics for any Azure resource.  Monitoring and graphing Standard Metrics available on Azure resources is free.  Azure Monitor can be used to configure monitoring of CPU, RAM, DISK and NETWORK metrics on one or more Azure desktop VMs and use the data collected overtime to correlate user-reported performance issues with actual system behavior.  It is a great way to figure out what’s causing sporadic performance issue if they cannot be easily reproduced and monitored with the other tools mentioned above. 
  • Azure Monitor can be accessed in the Azure Portal>Monitor 
  • Detailed information about the capabilities can be found here 

Now that we understand the objective and have our tools in hand, we’re ready to begin the process of troubleshooting performance and implementing best practices. 

Performance issues related to CPU-based constraints are the most common and easiest to identify.  All you need to do is observe the Windows Task Manager while the problem is occurring.  The Performance tab will clearly show you if CPU utilization (as a percentage of total) is high or low.  If you’re seeing total CPU constantly spiking or flatlining at 75% or more, you’re likely CPU constrained.    

High CPU utilization may be the result of some other issue that’s causing CPU usage to be high.  For instance, if free RAM is low and the OS starts paging RAM contents to disk, this will spike CPU and disk activity — but the root cause of the problem will be RAM exhaustion, not CPU usage.  Therefore, it is important to understand precisely what is causing high CPU usage and why.   

CPU usage is typically measured in % CPU utilization of total CPU capacity available.  This is important, because it is nothing more than the ratio between “how much CPU is being used” divided by “how much CPU is available”.  This means that the usage can be high as a result of high CPU demand by users (e.g. watching YouTube) and applications or low amounts of available CPU (e.g. under-provisioned VM) – or both.  Therefore, the resolution to a CPU-based performance constraint is simple: reduce demand on CPU and/or increase the amount of available CPU. 

Understanding how much CPU is available is easy.  Just look at the Task Manager performance tab to see how many cores or logical processors there are in your VM. 

Understanding what is consuming the CPU and how much is being consumed can be done by looking at the Task Manager details tab and sorting the list of processes according to the CPU column in descending order.  You can also add the “CPU Time” column to see which process has been consuming a lot of CPU in aggregate over time since the VM booted up. 

What you’re looking for here is unusually high usage patterns for a single or handful of processes that are not expected.  If a process (other than System Idle Process) is at the top of the list most of the time, you need to determine whether that’s expected or the process is having an issue and may need to be killed.  If CPU utilization is high but the list of processes looks normal, with each process consuming a fraction of the CPU capacity, then it’s likely that the actual, legitimate load placed on the VM exceeds its available CPU. 

How CPU contention manifests itself to the end-user 

  • “Not responding” applications 
  • Slow log on and log off 
  • Slow launching of new applications, opening, and saving files 
  • Slow switching between windows 
  • Spinning (loading) cursor 
  • Web page loading slowly 
  • Pegged CPU can sometimes mimic network performance issues (audio distortion, slow screen refreshes) when the agent can’t keep up 

Check out our video overview below and/or read more about steps to resolve CPU-related issues.

  1. Connect to session host VM and look on performance tab of Task Manager.  If CPU is consistently low or moderate, then move your troubleshooting on to another system component. 
  2. If CPU is spiking high and frequently or staying near the top consistently, determine if this is normal behavior or if something unusual is happening.  Check the details tab in Task Manager and look for any processes at the top of the sorted list that aren’t expected to be there. 
  3. If there is an offending process at the top of list, investigate what it is, what user it is running under, and why it is keeping the CPU so busy.  Terminate the process if appropriate or take steps to optimize it depending on what it is. 
  4. If all processes are as expected and none are using an excessive amount of CPU constantly, then add more capacity or decrease load to improve performance. 
    1. To increase capacity, increase the size of the VM 
    2. To decrease CPU load, spread users out across more session hosts 
  5. In most scenarios, AVD session hosts are CPU-bound, meaning that you will run out of CPU capacity before running out of RAM capacity.   The most common VM families are Ds-series (v3 and v2) and Es-series. 
  6. Here are some common mistakes that we often see lead to CPU-related performance issues 
    1. Using burstable (B-series) VMs for production workloads.  These VMs may look like they have decent amount of CPU, but they have associated CPU quotas that limit how much of that CPU can be used.  Don’t use B-series VMs as session hosts in production (learn more about B-series VMs in the Nerdio Academy). 
    2. Leaving unnecessary start-up items that launch with every user login and needlessly consume CPU.  The more users log in, the more processes start up and the more CPU is wasted.  Check the All Users StartUp folder (C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp) for any items that don’t belong.  This should typically be an empty folder in a AVD deployment. 
    3. When deploying AVD session hosts from an image, updates may be installing every time a session host is deployed.  This happens when Windows Update was run on the template VM but the update didn’t finish installing.  Creating an image and then deploying session hosts from this image will install these updates (very CPU-intensive process).  Be sure that updates are fully installed on the template VM before capturing it as an image.  Allow the template VM to stay on for a long time and watch the CPU graph in Task Manager.  Once all CPU activity dies down, capture the image. 
    4. Streaming services like Pandora, Spotify, and YouTube consume a ton of CPU on virtual desktops rendering and encoding media.  These offenders can be easily seen in Task Manager during performance issues and will be at the top of the list.  Educate your users to stream on their local devices and not on the virtual desktop.  This will increase performance for others and reduce your bandwidth costs. 

On Azure Virtual Desktop (AVD) session hosts, RAM is primarily consumed by applications that run within users’ sessions.  Modern applications use a lot of RAM.  Each Google Chrome tab, open Word document, Outlook, Teams, and other apps can consume tens or even hundreds of MBs of RAM.  With multiple users sharing a session host VM, this usage can add up quickly and consume all available RAM.

High memory usage in it of itself is not an issue.  An application loading its bits into RAM will run faster than having to fetch data from a much slower disk.  However, when too many applications load too much of their data into RAM, then hard faults (previously known as page faults) start to slow down the VM.

A hard fault happens when a memory page that an application expects to find in RAM is unavailable and the page has been moved to the pagefile on disk.  This causes the operating system to go to disk to retrieve this data, which takes orders of magnitude more time than fetching it from RAM.  Consistently high page faults are an indication that the system is starved for available RAM.  Simply high RAM usage (used RAM as % of total available) is not a problem on its own but it is usually an indication that hard page faults are likely.

Diagnosing RAM-related performance issues can be done using Windows Resource Monitor.  This tool can be launched from the performance tab of Task Manager or by running “resmon” from the Run dialog box.  Looking at memory usage in the Task Manager will tell you the amount of RAM used but won’t tell you anything about hard faults.

In the Resource Monitor>Memory tab you want to focus on the Hard Faults/sec counter first.  If you’re seeing little or no activity there the system is likely not RAM constrained at the moment.  Bursts or constant hard fault activity is an indication of a performance issue.

If there are hard faults, then sort the running processes by the “Hard faults/sec” column and look for the ones contributing most to the performance issue.

RAM-related performance issues can result from too many users and applications, a single process hogging an unreasonable amount of RAM, or a faulty application that doesn’t release the RAM even when it’s not using it.

How RAM contention manifests itself to the end-user

  • “Not responding” applications
  • Slow log on and log off
  • Slow launching of new applications
  • Slow switching between windows
  • Already-running applications slow, jittery. Idle applications slow to resume.
  • Unexpected app crashes
  • Windows errors for low virtual memory

Check out our video overview below and/or read more about steps to resolve RAM-related issues.

  • If high memory usage is the result of normal user and application load on the VM then the only thing to do is upgrade the VM size to one with more RAM or spread users out over more session host VMs. The most cost effective first step is to upgrade from a general purpose VM size (e.g. Dsv3) to a memory optimized VM size (e.g. Esv3).  The memory optimized instances double the amount of available RAM while keeping the number of CPU cores constant and only increase the VM price by approximately 15%.
  • If high memory usage is the result of a faulty process or application, close that process or sign out the user. It is a good idea to educate users to log off their desktop session at the end of the day or put in place automation policies that will automatically log users off after a certain period of inactivity.
  • Applications that cause memory leaks can pose a challenge when session hosts stay on for long periods of time. Scheduling VMs to restart on a regular basis (e.g. nightly) or using autoscaling can prevent such problems by clearing the memory on a regular basis.

So far, we’ve covered how to troubleshoot AVD performance for CPU and RAM. Troubleshooting disk performance is a bit more challenging, however.  Slow disk response and long disk queues can have significant performance impact on end-user experience. 

For AVD session hosts, two disks are important: the local disk on session host VM and FSLogix profile container:

  1. Session host VM local disk is where system temporary files are written and where application binaries are launched from.  Slow disk performance will reduce the overall responsiveness of the user’s desktop session especially when it comes to launching applications and starting up the VM.  Virtual desktop VMs have a unique disk I/O profile and can benefit from faster storage such as Ephemeral OS disks in Azure.
  2. FSLogix Profile Containers are VHD files mounted over the network and stored on a file server outside of the session host VM.  These virtual disks are where user temp files, indexing, and user data are written to.  The performance of the underlying FSLogix storage system and the network that connects the session host VM to that storage has significant impact on user performance.

Resource Monitor is a useful tool to diagnose disk problems.  The Disk tab shows the per-volume Disk Queue Length.  A high queue length value (constantly over 1 and certainly spiking to the teens) is a good indication that the operating system is spending a lot of time waiting for the disk to respond to requests and the queue is long.  A consistently low disk queue length (<1) is a good indication that disk is likely not the constraint.

Keep in mind that looking at Disk Queue Length metric on the session host tells you how well the local disk is performing but doesn’t tell you how well the FSLogix VHD disk is performing.  Therefore, you need to run Resource Monitor on both the session host VM and the file server hosting the FSLogix containers.

If disk queue length is high, then there is likely high activity being generated by some processes running on the system.  Expanding the Disk Activity section on the disk tab of Resource Monitor will show you what process is using which file on disk.  This can be helpful in narrowing down who or what is generating so much disk activity that disk queue length is high.

In Azure, each managed disk size has performance limitations and so does each VM size.  Selecting a VM for FSLogix file server (e.g. FS01) that’s too small can lead to poor user performance even when using the fast Premium SSD disks.  In the chart below you can see the currently available Premium SSD managed disks with the corresponding IOPS and throughput limits.  The performance limitations increase (vertically) with disk size and a single VM can have multiple disks to horizontally scale performance limitations.  For instance, two P10 disks will allow for 500 IOPS each so if a Windows volume is created to span both of them then the new effective IOPS limit on this volume will be roughly 1000 IOPS.

Even with the fastest, largest managed disks, storage performance may still suffer if the VM to which these disks are connected is undersized.  Each VM family and size has its own set of parameters and performance limitations, include storage IOPS and throughput.  For example, general purpose VM information can be found here.  An example of the Dsv3 series is below.

If the file server VM that’s storing FSLogix profiles is a D2sv3 with a P40 (2TB) Premium SSD managed disk then the throughput will be limited to 48MBps (instead of 250MBps allowed by the disk) and IOPS will be limited to 3200 (instead of 7500 allowed by the disk).

How DISK contention manifests itself the end-user

  • Slow log on and log off
  • “Not responding” applications
  • Slow launching of new applications, especially apps with large cache or temp files (e.g. browsers)
  • Slow switching between windows
  • Slow to open & save files
  • RAM bottlenecks can impact disk through page faults

Check out our video overview below and/or read more about steps to resolve disk-related issues.

  • Make sure your file server VM is not undersized and both it and the managed disks that are attached to it have sufficient throughput and IOPS capabilities to support the number of users in the deployment.
  • Do not use Standard HDD storage (S-disks) for session hosts OS or FSLogix storage. At a minimum use Standard SSD (E-type) disks.
  • Consider using Ephemeral OS disks for session host VMs.
  • Use Premium SSD (P-type) disks for file servers where FSLogix profiles are stored. Other storage types will almost certainly reduce user performance.
  • Roam users’ indexed search cache data by storing it in the FSLogix container. Otherwise, every time a user logs in, their index will be rebuilt and cause excessive disk I/O.
  • Store users’ cached Outlook data (OST file) in the FSLogix container. Expect high disk IO when users log in for the first time and start using Outlook.  While the OST file is being hydrated with newly downloaded data, disk IO will be high.  If many users are logging in for the first time at the same time, overall performance will suffer.  Plan for this to happen during the go-live and try to stage users in groups rather have them logging in all at once.
  • Streaming activity (e.g. Spotify) can produce a lot of FSLogix VHD I/O. Learn how to spot a single user’s VHD file on the file server being very active (using Resource Monitor) and educate users to do their streaming locally.
  • Consider scalability of disk I/O in large environments.
    • The larger the Premium SSD P-disk is, the more I/O and throughput it can tolerate.
    • Multiple P-disks can be attached to a VM and a Windows volume can be created across them. This allows for I/O to be spread across multiple disks.
    • Scale Out File Server can spread the I/O across multiple file server VMs with one or more disks attached to each.
    • Azure Files on Premium Storage are a fast storage option.
    • NetApp Files are a high-performance option.
    • Ultra-SSD (U-type) disks are also very fast.

Network latency and packet loss can create a poor end-user experience.  Bandwidth, on its own, is not a likely contributor to poor performance unless the bandwidth is very constrained and that leads to latency of packet loss.  It is very important to draw the distinction between bandwidth, latency, and packet loss.  They are different, and often independent, measures of network quality and troubleshooting one when the problem is with another can lead to lots of wasted effort and erroneous conclusions. 

We often see bandwidth tests (e.g., speedtest.net) being used to rule out the network as the cause of slowness and this is a big and common mistake.  A speed test tells you how much bandwidth there is at a point in time, but it says nothing about the latency and packet loss of the connection between the end-user device and the virtual desktop in Azure. 

Let’s define some terms first:

  • 1. Bandwidth is the “capacity” of a connection (also known as throughput).  It answers the question of “how much data can be pushed through this connection in a given unit of time”.  It is typically measured in Mbps (megabits per second).  The easiest analogy to understand bandwidth is to think of a water pipe, where the water is data and the diameter of the pipe is bandwidth.  The “thicker” the pipe, the more water can be pushed through it over a given period of time.  The more bandwidth a network “pipe” has, the more data can be pushed through it. 
  • Effective, end-to-end bandwidth is determined by the “thinnest” segment of the connection.  This means that when the data travels from the end-user to the Azure VM over multiple networks (e.g. user’s home wifi, cable router, internet backbone, AVD management service, Azure vNet, etc.), the connection segment that has the lowest bandwidth will determine the overall end-to-end bandwidth.
  • Bandwidth between two network nodes can be measured by pushing as much data as the pipe will tolerate for a period of time and then measuring how much was actually transferred.  This is how speedtest.net (and other such tools) work.  They try to download and upload as much data as they can in a preset amount of time and then calculate the bandwidth.  It is important to note that a bandwidth test measures bandwidth between two network nodes: user’s device and some internet hosted speed test server.  There are other, more sophisticated ways, to measure actual bandwidth between two network nodes.  A popular tool that is often used is iperf.  When using iperf you must be sure to saturate the network, which won’t always happen with the default settings.  Settings like TCP window size and concurrent threads need to be tweaked to saturate the connection and get a true measure of network throughput. 
  • 2. Latency is the length of time that it takes data to reach from one end of the connection to the other (e.g. from the end-user’s device to the Azure VM).  In our water pipe analogy, it is the length of the pipe.  The base latency of a network connection is determined by the physical distance that this connection spans.  The latency of a connection between two points that are far away from each other will be higher than that of two network nodes that are physically close to each other – all else being equal.  Network latency is typically measured in ms (milliseconds).
  • Latency can be easily measured by simple tools like “ping”.  The time value returned by the ping command is the round-trip time that it took a data packet to make it from source to destination and back from destination to source.  For a decent virtual desktop experience, the round-trip latency should less than 100ms.  Between 100ms and 200ms is still ok, but anything above 200ms is going to be noticeable by the end-user.
  • The base latency is determined by physical distance of the connection, but other factors can contribute to high latency.  For instance, if the routers responsible for routing the data packets along the way are busy then latency will increase.  If they are very busy, it will increase a lot.  End-user experience is very latency sensitive.  Increased latency will be immediately noticed by the end-user.  They will notice slowness of screen refreshes, delay in typed characters appearing on the screen, and slow response to mouse clicks.
  • Lack of bandwidth can contribute to high latency.  Imagine our water pipe being filled with water.  A drop of water will take longer to get from one end to the other because the pipe is full.  The same happens when the bandwidth is limited, and the amount of data being pushed through the network connection exceeds its throughput capacity.  This will cause latency to spike and user performance to plummet.  For example, if a user is streaming a full screen HD video on their virtual desktop and saturating the network connection with that traffic, typing is going to be “laggy”. 
  • 3. Packet loss is the % of data packets that get dropped or lost along the way and never make it from the source to the destination.  It is the biggest user performance killer.  Packet loss happens when routing infrastructure along the way of the data packet gets very busy and drops the packet or as a result of poor line quality.  For instance, if a user has a cable internet connection and the quality of the signal from the cable company to the user’s cable model is poor this can manifest itself as packet loss.
  • Packet loss will cause “laggy” typing performance, slow screen refreshes, and overall “sticking” for the user.  This is because commands that are sent by the user to the virtual desktop aren’t making it there in a timely fashion. 
  • The TCP network protocol is designed to acknowledge that data has been received and if not, it is retransmitted.  High levels of TCP retransmits could be the result of packet loss.  UDP traffic is not acknowledged and if it’s dropped it never gets resent.  High-performance desktop streaming protocols (e.g. RDP v10) are designed to leverage UDP for screen streaming.
  • Packet loss can also result from line saturation, just like high latency.  If more traffic is being pushed through the line than it can support, then not only will latency go up, but packet loss can also result.
  • The easiest way to test for packet loss is to use the ping command.  A reply indicates that the ICMP packet made it all the way there and back and a Request Timed Out indicates packet loss.  At the end of the ping command there is a summary with a percentage of loss. 

So, how does all of this apply to Azure & Azure Virtual Desktop?   

 There are three network segments to be aware of when troubleshooting AVD user performance:  

  1. User’s device –> AVD Management Service (connection broker) hosted by Microsoft in various regions.  The host name that the user connects to is rdweb.avd.microsoft.com and gets routed to the closest connection broker based on user’s location. 
  2. AVD Management Service (connection broker) –> user’s Azure desktop VM.  This happens via “reverse connect” that is initiated by the AVD agent installed on the desktop VM.   
  3. Azure desktop VM’s –>  public internet.  This is what you’d measure by running a speedtest.net 

Connection segment #1 and #2 are primarily responsible for a user’s experience.  Connection segment #3 isn’t.  Unfortunately, most tend to run a speed test on their local device and virtual desktop and use those data points as a baseline for troubleshooting connectivity.  However, by understanding bandwidth, latency, and packet loss and the three connection segments involved in connectivity to a virtual desktop we can see how these data points are of little value. 

How NETWORK contention manifests itself to the end-user 

  • Slow screen refresh (or painting) 
  • Delayed typing and cursor 
  • Jittery mouse 
  • Bursts of letters appearing while typing 
  • Audio degraded or distorted 
  • Screen goes blank, then reappears 
  • Fonts fuzzy, overall image becomes less sharp (focused) 
  • Aero Shake triggering while dragging windows 

Check out our video overview below and/or read more about steps to resolve network-related issues.

What to do about it 

  • From a probability standpoint, it is much more likely that the issue is with segment #1 than #2 or #3. 
  • Measure bandwidth of the local connection by running a speed test 
  • If the bandwidth is decent, check for latency and packet loss by running a continuous ping for a few minutes.  This requires pinging a host that responds to ICMP pings.  Unfortunately, AVD connection brokers do not.  However, you can ping www.microsoft.com.  High or “spikey” latency and even occasional packet loss will contribute to poor user connectivity. 
  • Remember that latency and packet loss issues can be sporadic.  Meaning, when you run the test, things look good, but the user still reports that there are problems.  It is important to run the tests while the user is experiencing the problem.  Tools like PingPlotter can be very helpful in doing this in the background and then correlating the problem with user reports. 
  • Troubleshooting local connectivity is the only resolution to segment #1 problems.   
  • If you can identify that the problem is in segment #2, although this would be difficult to do, then a support case with Microsoft should be opened.  There is nothing you can do to resolve this problem on your own. 
  • If connectivity from the Azure VM to the public internet is the problem (segment #3) then there are a few things you can try before opening a case with Microsoft. 
  • Stop (deallocate) the VM and start it again.  This may move it to another physical host in Azure that may improve network connectivity. 
  • Redeploy the VM from the Azure portal to have it forcefully move to another physical host in Azure. 
  • Check Azure health status page to see if there are any current service impairment incidents that could be affecting your VMs. 
  • Try running a speed test from another VM on the same network.  If the problem is not present on the second VM, then investigate CPU, RAM, and DISK as potential root causes. 
  • Temporarily disable any software firewalls or AV solutions running on the desktop VM and see if that makes a difference. 
  • If none of this helps, open a ticket with Azure support. 

How much bandwidth is really needed for virtual desktops? 

Maxing out available bandwidth usually generates symptoms that match most other networking issues, probably because most networking issues in the public internet are caused by lack of bandwidth or changes in traffic flows that cause momentary bottlenecks while routes converge. Users would typically perceive this as slow screen refreshes, screens going out of focus (or taking a while to sharpen), screens going blank (depending on bandwidth bottleneck severity), and definitely audio distortions. This is also accompanied with very slow jittery mouse and keyboard activity.   

While troubleshooting this type of an issue you would typically see high ping times (typically not timeouts or drops, unless it’s extremely bad), and usually traceroute can identify the bottleneck point – usually first or second hop from the end-user location would be the problem point if their office bandwidth is exhausted. Topping out available bandwidth with virtual desktops would reflect symptoms creeping up slowly, with occasional bursts causing the worst symptoms. If users are experiencing long periods of issues, it’s usually things like downloads and uploads consuming bandwidth for extended periods of time – virtual desktop network traffic usually comes in spurts with activity on the screen. Unless the users have sustained activity on the screen, the symptoms from maxing out bandwidth would pop up frequently and then disappear. 

The typical average bandwidth consumption we see is roughly 0.5Mbps per active user, with more active users bumping that up to roughly 2Mbps/user. That’s just an estimate based on averages – users with extremely active screens (multimedia or applications with constantly changing visuals) can peak as high as 50Mbps (you read that right!). That’s definitely the high end, but users watching full screen videos could easily push 15-20Mbps each – imagine a team of employees participating in a full-screen video webinar or watching training videos, 10 users at 10Mbps apiece would saturate a 100Mbps link.  Keeping these rough guidelines in mind will help you properly size the network connectivity required to support a good experience for your virtual desktop users. 


Good performance is critical for a successful desktop virtualization deployment.  End-users will reject their new virtual desktops if poor performance impedes their productivity.  Troubleshooting AVD performance is similar in some respects to traditional desktop performance troubleshooting but is much more complex and requires an understanding of all system components.  A methodical, diligent approach to identifying the root cause of the problem is needed and this guide provides the building blocks and tips for going through such a process. 

At Nerdio, thousands of virtual desktop environments have been deployed on our platform and we help hundreds of partners deliver high-quality, high-performance virtual desktop environments to their customers.

Free White Paper Download!

6 Cost Reduction Strategies for Azure Virtual Desktop (AVD)

When speaking to new Nerdio customers, we mention that an average Azure Virtual Desktop (AVD) customer saves 50%-75% on Azure compute and storage with Nerdio Manager’s cost optimization technology.  This data point is sometimes dismissed as “marketing-speak” or something that’s only true in rare, unique cases.  

This article outlines 6 cost reducing strategies delivered by the Nerdio Manager platform that lower the costs of a typical AVD deployment by more than 80%.  Although mileage may vary from one environment to the next, these significant cost savings are real and supported by data from thousands of Azure Virtual Desktop deployments managed with Nerdio Manager. 

What are the typical Azure Virtual Desktop costs? 

By analyzing several thousand Nerdio AVD deployments with well over a million users and ranging in size from a handful of desktops to tens of thousands of active users, we see that the primary costs of Azure Virtual Desktop fall into the following categories: 

  1. Compute (VMs used as session hosts) – 70% 
  2. OS disks storage (managed disks attached to session host VMs) – 12% 
  3. FSLogix storage (Azure Files or Azure NetApp Files hosting user profiles) – 9% 
  4. Networking (egress bandwidth, VPN gateways, global VNet peering) – 3% 
  5. Other (images, Log Analytics, Azure Automation, backup) – 6%

The first three categories (VMs, OS disks and FSLogix storage) account for more than 90% of the total and we will focus on these three categories of costs.  Optimization of the “Networking” and “Other” categories is also possible but because the cost reduction impact is low relative to the total, we won’t cover it here. 

AVD environment example and assumptions 

To perform the analysis, we will select a sample use-case representing a common way to deploy AVD. First, we’ll calculate the “unoptimized” per-user cost representing the most common way we see Azure Virtual Desktop deployed before adding Nerdio Manager into the mix.  We will then layer on Nerdio’s 6 optimization strategies and see the cost reduction impact of each.  Finally, we’ll summarize the results in an easy-to-use reference-able table. 

Here are the assumptions we will use for our sample AVD deployment: 

  • Number of users: 192 (Somewhat of a strange number but was selected to make the math a little easier.) 
  • User type: Heavy (per-Microsoft definition this means 2 users per vCPU) 
  • Session host VM size: D8s_v4 (common VM used in AVD environments) 
  • OS disk: P10 – 128 GB Premium SSD (common disk size used in multi-session deployments) 
  • FSLogix profile size: 20 GB (stored on Azure Files Premium) 
  • Hours in typical work week: 50 (10 hours per weekday) 
  • Azure pricing: South Central US (list pricing) 

Let’s now calculate the “unoptimized” cost for this deployment:   

  • Compute: $4,038 
    • 12 D8s_v4 VMs are needed to support 192 users (16 users per VM) 
  • OS disks: $215 
    • Each of the 12 VMs needs a P10 SSD disk 
  • FSLogix storage: $737 
    • 20 GB per user at $0.19 per GB 
  • Total: $4,991 ($26/user) 

This is how AVD is typically deployed.  Even without cost optimizations, the cost per user is $26/month, which is very attractive.  However, we can do MUCH better.  Let’s see how low we can take the cost.

#1: VM Power Management 

Since the compute cost of session host VMs is by far the largest cost component, we’ll start there.  Because users are accessing their desktop only 50 hours/week (per assumption above), there is no reason to keep the VMs on and running the compute meter 24/7.  Instead, we can use Nerdio Manager’s auto-scaling capability to automatically turn VMs on at the beginning of the day (or upon user login) and turn them off once they are no longer needed at night and on weekends.  If users need to connect outside of standard business hours, they can still do so, and the system will automatically make a desktop available to the user even after- hours. 

  • Compute: $1,202 (reduction of $2,836 or 70%) 
    • 50 work hours is 30% of the total 168 hours in a week.  Keeping VMs on 30% of the time means that the remaining 70% of the time we’re saving on VM compute costs. 
  • OS disks: $215 (no change) 
    • Even when VMs are powered off the OS disks are still incurring costs 
  • FSLogix storage: $737 (no change) 
    • Even when VMs are powered off the storage of user profiles is incurring costs 
  • Total: $2,154 ($11.22/user)

Implementing the power management strategy reduces the compute cost component and the total per user cost is decreased by 57% as compared to the unoptimized scenario.

What about Reserved Instances (RIs)?  More on this below (strategy #3), but RIs save between 40% and 60% on compute (depending on 1-year or 3-year reservation terms), whereas auto-scaling in this case saves more (70%).  Plus, with auto-scaling and pay-as-you-go pricing you don’t have to make a long-term commitment to a VM family or Azure region.  This makes the AVD deployment more flexible.

#2: Just-in-time Provisioning (burst capacity) 

While we can save a significant amount by simply powering VMs off when not in use, the OS disks associated with the powered off VMs are still running up the bill.  Using Nerdio Manager’s “burst capacity” just-in-time (JIT) provisioning capabilities, we can remove some (or all) of the VMs that are not in use and save on the cost of the OS disks when users are not logged in.  For the analysis below, we’ll assume that 50% of the VMs (6 in our case) will always exist (base capacity) and the remaining 6 (burst capacity) can be created automatically only as needed and deleted when no longer in use.  We can also have all VMs automatically deleted when not in use and re-created on demand but keeping a few “base capacity” VMs around makes the VM creation process transparent to the users since this happens in the background after users are already logged into the “base capacity” VMs. 

As a side benefit of JIT burst capacity configuration, we’ll ensure that our session hosts are always in their “pristine” state and avoid configuration drift that happens when session hosts aren’t rebuilt regularly from the image.  Burst capacity will delete and re-create half of the VMs each day and ensure that all VMs are being rebuilt from the latest image version on a regular basis. 

  • Compute: $1,202 (reduction of $2,836 or 70%) 
    • 50 work hours is 30% of the total 168 hours in a week.  Keeping VMs on 30% of the time means that the remaining 70% of the time we’re saving on VM compute costs. 
  • OS disks$140 (reduction of $76 or 35%) 
    • 6 of the VMs with their OS disks will be deleted when not in use and the OS disks will no longer incur storage costs until the VMs are re-created. 
  • FSLogix storage: $737 (no change) 
    • Even when VMs are powered off, the storage of user profiles is incurring costs. 
  • Total: $2,079 ($10.83/user) 

Implementing the just-in-time, burst capacity auto-scaling strategy reduces the OS disk cost component, and the total per user cost is decreased by 58% as compared to the unoptimized cost.

#3: Three-year Reserved Instances + Auto-Scaling 

As mentioned above, auto-scaling PAYG VMs typically saves more than using RIs for all these VMs.  But what if you could combine auto-scaling to get the 70% compute cost reduction and add RIs to save an additional 60% on the remaining compute costs?  With Nerdio Manager’s RI Analytics, you can do just that. 

Reserved Instances are typically purchased for all, or almost all, session host VMs in an AVD deployment.  However, once compute capacity has been reserved and pre-paid, auto-scaling no longer makes sense from a cost reduction perspective.  There is a more efficient way to use RIs than reserving all compute capacity. 

First, implement auto-scaling to reduce the total number of hours the VMs are turned on.  In our example, that’s 50 hours out of 168 each week.  In most real-world scenarios, the number of hours is even lower because not all users log in at the beginning of each day and not all users log off all the way at the end of the day.  The capacity “ramps up” and then “ramps down” with fewer hours when all CPU cores are utilized.  This is where Nerdio Manager’s RI Analytics comes in.  After observing a week or more of auto-scale behavior, Nerdio Manager will recommend the number of CPU cores to reserve based on actual usage.  This means the total number of compute hours is first reduced by auto-scaling and then the cost is further reduced by reservations for those remaining hours.  

  • Compute: $457 (reduction of $3,582 or 89%) 
    • 50 work hours is 30% of the total 168 hours in a week.  Keeping VMs on 30% of the time means that the remaining 70% of the time we’re saving on VM compute costs.   
    • Applying RIs to the remaining 50 hours of 12 running VMs reduces the overall compute costs by 89%. 
  • OS disks: $140 (reduction of $76 or 35%) 
    • 6 of the VMs with their OS disks will be deleted when not in use and the OS disks will no longer incur storage costs until the VMs are re-created. 
  • FSLogix storage: $737 (no change) 
    • Even when VMs are powered off the storage of user profiles is incurring costs. 
  • Total: $1,333 ($6.94/user)  

Combining power management, just-in-time VM creation and 3-year reservations reduces the per-user cost by 73% as compared to an unoptimized AVD deployment.

#4: OS Disk Auto-scaling 

We’ve already saved 35% on OS disk storage costs by implementing Strategy #2 and using auto-scale burst capacity.  However, 6 VMs are remaining as base capacity (to allow for faster boot up times) and these VMs aren’t always on.  While started, all VMs have a high performing, but expensive, premium SSD disk (P10).  But when the VMs are stopped, using a premium SSD is wasteful.  Wouldn’t it be nice to automatically convert the OS disk of all stopped VMs to a cheaper standard HDD (75% cheaper than premium SSD)?  With Nerdio Manager’s OS Disk Auto-scaling, that’s exactly what happens. 

When configuring auto-scaling on a host pool in Nerdio Manager, you specify the “running OS disk type” and “stopped OS disk type”.  The auto-scale engine will automatically convert the expensive Premium SSD to cheaper Standard HDD as soon as the VM is stopped (e.g. after hours) and convert it back to Premium SSD right before the VM is started back up. 

  • Compute: $457 (reduction of $3,582 or 89%) 
    • 50 work hours is 30% of the total 168 hours in a week.  Keeping VMs on 30% of the time means that the remaining 70% of the time we’re saving on VM compute costs.   
    • Applying RIs to the remaining 50 hours of 12 running VMs reduces the overall compute costs by 89%. 
  • OS disks$89 (reduction of $126 or 59%) 
    • 6 of the VMs with their OS disks will be deleted when not in use and the OS disks will no longer incur storage costs until the VMs are re-created.   
    • Remaining 6 VMs’ OS disks will be converted to Standard HDD when stopped and back to Premium SSD when started back up. 
  • FSLogix storage: $737 (no change) 
    • Even when VMs are powered off the storage of user profiles is incurring costs. 
  • Total: $1,283 ($6.68/user) 

We’ve now accounted for 4 cost reduction strategies and the AVD cost has plummeted 74% as compared to an unoptimized deployment.  We’re not done yet.

Free White Paper Download!

“9 Ways to Reduce Cost and Risk of DaaS with Nerdio Manager for Enterprise”

#5: Shrink VM OS Disk From 128 GB to 64 GB 

All Azure Gallery Windows 10 and 11 images come with a 128 GB OS disk.  This means that even though there is plenty of free space on the C: drive, we’re still paying for this extra space.  The cost of a 128 GB OS disk is 100% more than a 64 GB OS disk of the same storage type.  Nerdio Manager can reduce the size of the default 128 GB OS disk to 64 GB and save 50% on the OS disk storage. 

In multi-session, pooled environments no data is being stored on the C: drive and all user data is redirected to the FSLogix file share.  Also, since VMs are being regularly deleted and re-created from the image, there is no growing disk space consumption on the system drive.  You can also layer on just-in-time provisioning and OS Disk Auto-scale with disk size reduction. 

  •  Compute: $457 (reduction of $3,582 or 89%) 
    • 50 work hours is 30% of the total 168 hours in a week.  Keeping VMs on 30% of the time means that the remaining 70% of the time we’re saving on VM compute costs.   
    • Applying RIs to the remaining 50 hours of 12 running VMs reduces the overall compute costs by 89%. 
  • OS disks$46 (reduction of $169 or 79%) 
    • 6 of the VMs with their OS disks will be deleted when not in use and the OS disks will no longer incur storage costs until the VMs are re-created.   
    • Remaining 6 VMs’ OS disks will be converted to Standard HDD when stopped and back to Premium SSD when started back up. 
    • OS disk size reduced from default 128 GB to 64 GB for all VMs. 
  • FSLogix storage: $737 (no change) 
    • Even when VMs are powered off the storage of user profiles is incurring costs. 
  • Total: $1,240 ($6.46/user) 

With one more cost reduction strategy to go we’re already up to 75% savings relative to an unoptimized AVD deployment.

#6: FSLogix Whitespace Reduction and Azure Files Auto-scale 

The final cost reduction strategy focuses on the remaining large cost component of AVD – FSLogix storage.  FSLogix user profiles are VHD(X) files stored on a file share.  In this example, we’re assuming that these VHD(X) files are stored on an Azure Files premium share.  The performance of the file share is critical in ensuring a high-quality end-user experience and the performance of Azure Files is determined by the provisioned quota, regardless of actual space usage. 

FSLogix profiles are “thin-provisioned” VHD(X) virtual disks. This means that they grow once data is added to the user profile, but they never shrink.  Even if contents are deleted from inside of the VHD(X) file, the size of the file remains the same and can only grow.  This obviously leads to expensive wasted storage space on Azure Files premium. 

To address this inefficiency and reduce the cost of Azure Files premium, Nerdio Manager can remove white space from FSLogix profiles.  This process can be scheduled to run on a regular basis (e.g. weekly or monthly) and typically results in 50% space usage reduction.  However, reducing space usage is not sufficient since Azure Files premium costs are determined based on provisioned quota, not actual usage.  Nerdio Manager’s storage auto-scaling helps here.  It automatically adjusts the provisioned quota on Azure Files premium shares based on available free space and storage latency.  If latency increases due to insufficient performance, Nerdio Manager will automatically increase the provisioned quota to increase performance and decrease it when it’s no longer needed. 

  •   Compute: $457 (reduction of $3,582 or 89%) 
    • 50 work hours is 30% of the total 168 hours in a week.  Keeping VMs on 30% of the time means that the remaining 70% of the time we’re saving on VM compute costs.   
    • Applying RIs to the remaining 50 hours of 12 running VMs reduces the overall compute costs by 89%. 
  • OS disks: $46 (reduction of $169 or 79%) 
    • 6 of the VMs with their OS disks will be deleted when not in use and the OS disks will no longer incur storage costs until the VMs are re-created. 
    • Remaining 6 VMs’ OS disks will be converted to Standard HDD when stopped and back to Premium SSD when started back up. 
    • OS disk size reduced from default 128 GB to 64 GB for all VMs. 
  • FSLogix storage$369 (reduction of $369 or 50%) 
    • Storage consumption is reduced by 50% by running scheduled white space removal process. 
    • Performance and free space are balanced with costs using Nerdio Manager storage auto-scaling for Azure Files. 
  • Total: $871 ($4.54/user)

After applying Nerdio’s 6 cost reduction strategies using Nerdio Manager, the cost was reduced by 83%!  Going from the typical, unoptimized monthly per user cost of $26 down to $4.54 is incredible.  Once we add in the Nerdio Manager license cost of $3 per monthly active user the annual user cost is $90.  This is by far less expensive, more secure, more flexible and versatile, and easier to maintain than any physical device. 

An average Nerdio Manager customer pays for the monthly license within the first 6 days of each month with Azure compute and storage savings.  The remaining days of savings help reduce per-user costs making AVD the most cost-effective virtual desktop solution on the market.

Free White Paper Download!

“9 Ways to Reduce Cost and Risk of DaaS with Nerdio Manager for Enterprise”

Feature Request Submissions for Nerdio Manager for Enterprise – Submit Requests

At Nerdio we LOVE customer feedback and always have. It’s how we learn and improve our products and services to better help our customer and partners. You are the ones using Nerdio, so who better to tell us what works, what doesn’t, or what you might be missing to better service your clients and employees?!  

Almost weekly we receive new feature ideas and suggestions from our customers, partners, and community enthusiasts. It’s amazing to see how creative some of you are! And to see how quickly we can incorporate your suggestions into our product.  

Our New Feature Request Form  

To make the process of suggesting a new Nerdio Manager for Enterprise feature more structured and flexible we’ve created a submission page and feature request form. Traditionally we’ve heard about new features through a personal email or while on a call with a current customer. We’re hoping this will provide a faster, easier route that is accessible anytime!  

Schedule a Demo of Nerdio Manager for Enterprise and we’ll walk you through our most recent and popular product updates!

Timing + Consideration  

Although we greatly appreciate your ideas and suggestions (and the time you take out of your busy schedules to submit) to help improve our products and services, we cannot guarantee that your submission will make it into Nerdio Manager for Enterprise.  

If your idea makes sense and addresses a market need, your chances of making it into the product are good. The time this normally takes depends on where we are in our next sprint release, the complexity of the request, and so on. This can range from a few weeks to several months.   

Next Steps  

One we receive your submission; we will review internally. If we have any questions, we will reach out via the email you provided with the submission.  

As always, thank you very much for your interest in Nerdio! We appreciate your ongoing support in helping us improve our services.  

Employee Spotlight: Get to Know Misty Bannigan

  1. What’s your role here at Nerdio? What do you do on a day-to-day basis and how do you help partners/customers? 

I’m a Partner Success Manager for Nerdio on the MSP side.  I mostly have conversations with business owners or tech’s that are looking for an easier way to Manage and optimize Azure/AVD/Win365 environments.  A lot of what I do is demoing our software & showing the ease of use along with the amazing value our tool provides MSPs around building their practice. 

  1. What’s a fun fact about you that most people don’t know/couldn’t guess? 

I dealt poker for 12 years and that’s actually how I met my husband.  I went to Las Vegas on a last minute whim and he happened to be out there at the same time with some mutual friends.  We’re both from Florida and started dating upon his return & “The Rest is History”! Also, I lived in Turks & Caicos for a year 😊 

  1. What’s one technology advancement you hope to see or think we will see in the next ten years? 

Flying Cars – or at least cars that are MUCH better at self-driving.  This is something I’d love to see happen if it can be done right so there are less accidents and people can focus more on what’s important.  

  1. What are three albums you’d bring with you to a deserted island? 

Phantom of the Opera, The Greatest Showman soundtrack, Stroke 9 – Nasty Little Thoughts 

  1. In your opinion, what’s the most rewarding part of working for Nerdio? 

The relationships that I’m building.  By having so many different types of conversations, it’s continuing to help with both personal & professional growth and I’m constantly learning new things.  

  1. What sitcom family or friend group would you choose to be a part of? 

Full House or The Office 

  1. Besides a standard computer, what is the earliest piece of technology you remember owning? 

Atari & then when I was 6 or 7 my mom & dad finally bought my brother and I a Nintendo for Christmas.  That was the coolest gift ever back then! 

  1. You joined Nerdio in April. What drew you to join Nerdio’s team?

The huge amount of opportunity that’s sitting right in front of me & the people.  I had conversations with a few people from HR to C-Level to my direct manager & couldn’t believe how passionate everyone was.  I knew it was a team I wanted to be a part of and am so glad I joined and took a leap of faith.  

  1. What’s the most valuable thing you’ve learned while working in tech? 

That everything is constantly changing & evolving, and you have to be willing to change with it or you will get left behind.  This forces you to be more open to new ideas, new ways of thinking and just to become a Student of Learning. 

  1. What’s a current technology trend you’re passionate about? 

Blockchain & Cryptocurrency.

How Azure Virtual Desktop Can Help IT Teams Reduce Risk

According to PwC’s 2022 Digital Trust Insights report published this month, fewer than 40% of c-suite respondents believe their organizations have fully mitigated the risks resulting from the sudden shift to remote work and the digital cloud that will persist into 2023. 

Operating desktops in the cloud presents several security benefits when proper access management controls, configurations and policies are in place. The above stat hits home for us here at Nerdio because we continue to see and support organizations in refining and optimizing their approaches to work and hybrid work.  

Running desktops in the cloud can help mitigate risk and reduce the overall threat attack surface. We connected with our VP, Product, Amol Dalvi to discuss how Azure and Azure Virtual Desktop can be viewed and leveraged in a risk context. 

What Azure and AVD technologies can IT teams use to better manage and mitigate risk?  

Reverse Connect, RemoteApps, and desktop images (not specific to Azure) are three technologies that organizations can use when managing their IT risks.  

  • Reverse Connect: Microsoft’s ingenious approach of using reverse connect for AVD session host servers to connect out to the end user dramatically changed the conversation around security of virtual desktops. In the past, the open ports required for RDS based virtual desktops were often a major security concern. 
  • Desktop Images: All AVD host pools that serve up virtual desktops to end-users are based on a desktop image. A golden image, so to speak, that IT administrators can control. IT admins are able to vet applications their end-users are getting access to, and the process of patching & keeping the apps up-to-date is far more regular, reliable and rigorous. 
  • RemoteApps: The ability to publish individual applications to end-users instead of a full desktop is something that is often overlooked as an excellent way to reduce security risk. By controlling which apps end-users have access to, IT admins can control what data the end-users have access to. Additionally, IT teams can use FSLogix application masking to help in this regard.  

How can AVD make the job of overseeing risk mitigation easier for an IT team? 

A prime example to point to in answering this question is image management. Since AVD host pools are built off images, the IT and security teams can focus on securing their desktop images. This includes things like ensuring the desktop images are regularly patched and the right apps are installed. Rather than dealing with all the endpoint devices in the organization or the various number of host pools, they can oversee security at scale by focusing on a few desktop images for their hundreds or thousands of users. 

Because patching is done for the images, not individual session hosts, IT admins are able to apply patches on their schedule. They can then test that image, from both a security and functional perspective, without hassling end-users. And once they are comfortable, they can deploy the image to live session hosts with minimal disruption to end-users. 

How concerned about risk should IT teams be when adding or managing external users in AVD? 

The beauty of AVD is that it relies on Azure AD for identity management. Authentication is offloaded to Azure AD, allowing IT admins to take advantage of all the security features it has to offer. This would be authentication of all end-users including any users from another Azure AD tenant an organization may have been allowed into their tenant. 

Interested in learning more about how your organization can minimize the risks AND COSTS of Azure-based virtual desktops? Check out our free white paper – ‘9 Ways to Reduce the Risk and Cost of DaaS with Nerdio Manager for Enterprise’  

How To Be A Channel Sales Rockstar

In August I traveled to Nashville, Denver, CO (twice); Chicago, IL; Charlotte, NC; NYC, Sydney (AUS) and Gold Coast (AUS). I wrote this blog in New Zealand, and had Nerdio stops in Bellevue, WA; Montreal, Canada; Washington D.C; Omaha, NE; Nashville, TN, and my hometown of Boston, MA by month’s end.  

When traveling I tend to be very work focused: arrive, accomplish as much as I can, and head home to my family. Yet, I do love to actually explore new places. So, I’ve put some conscious effort this year to blend work and fun experiences when and where feasible.  

I’ve cheered on the home team at multiple sporting events, eaten Nashville hot chicken IN Nashville, experienced real Texas barbecue, got a home-cooked dinner by family I don’t see often in their home state, wined and dined at a famous Chicago Steakhouse (Gibson’s), ridden a roller coaster, walked the beach in California (a real treat for an east coast boy!), and heard tornado sirens for the first time ever. 

Because I lead our MSP sales team, work hard to bring valuable insights to the MSP and Azure communities, sneak some fun in here and there, and do not get a lot of time in my home office, I am often asked, “How do you do it all and succeed in your role?”  

In addition to tips on how sales professionals can best leverage (and manage) events and travel alongside their daily responsibilities – check out my answer to the question below.  

Master What You Can Control  

When on the road, you are very much at the mercy of others. I have had hotel issues, flight cancellations and delays, and the pleasure of arriving late/early with no place to eat but a vending machine. Flexibility and a great attitude will do you wonders in those situations and are great tools to have in your back pocket. That being said, most times events go (more or less) according to plan.   

So, I never go on a trip without a plan. I always read the news of the day before I even get out of bed, both industry specific and not. It’s critical to be informed of what is going on in your industry and the world in order to be a chameleon, be adaptable. I always want to be able to hold an engaging conversation with anyone I meet, which means being informed on a wide range of topics at least at a surface level and a deep level of knowledge on topics related to your business.  

By the time I arrive in the city I’m traveling to I generally know how every hour of my time on the road will be spent. My iPhone and Outlook are used heavily in keeping things straight. I block every minute of my day on my calendar when on the road to maximize my time and get things done.  

I plan how long it will take from when I land to get to where I need to be, when I can build in time for meetings, catch up on email, eat, sleep (make sure you get enough), do something fun, and travel home.  

Lastly, I recommend you make honesty, transparency and dependability your ‘guiding lights’ – they continue to serve me well. These three items, while different, are closely related and the most important qualities to sales success. I am constantly thinking of these qualities and ensuring I meet them at the highest level possible, both internally with my team and externally with my customers and strategic partners.  

When you mess up, own it. If someone emails or calls me, I try to reply as quickly as possible and I try to treat everyone I interact with like family.  

Intelligently Leverage Your Tools + Your Team  

Our Nerdio sales engine doesn’t stop because I’m on the road teaching a group of MSPs about Azure.  I have countless emails, meetings (internal and external), demos, and team management responsibilities that still need to get done. I navigate this by blocking out my time and being efficient. I use mobile apps for all the major tools we use at Nerdio such as our CRM system, Microsoft Teams, OneDrive, Outlook, and text.  

If I’m at the airport, my laptop is usually open or I’m on the phone. I make it a point to clear out my emails at the beginning of every flight. Once that’s done, I can relax or catch up on sleep until I arrive. I also try to clear my inbox every night before I go to bed so in the worst case, folks will get a reply from me the same day. One tip that’s served me well in this regard is to get as many cell numbers as possible because people tend to reply to texts faster than email in many cases. 

The other big recommendation I have to ensure you get the things done you need to is do not be afraid to ask for help. Just like the saying goes, ‘it takes a village to raise a child,’ it takes a team to build a company. I lean on my colleagues often to help get work done where applicable, and I feel comfortable doing so.  

We have a world-class events team internally that really helps take the stress off our salespeople when it comes to travel and planning our Nerdio hosted events like our free one-day Training Camps. Some of their tactics that contribute to my, and my team’s, success include sending a Know Before You Go (KBYG) and blocking off our in-person time for us. The KBYG email is sent the day before any event we do. It includes need-to-know information about who is attending, important times, addresses, lead capture, speaking sessions and anything else pertinent.  

In addition, our team sends calendar invites weeks in advance for everything pre-scheduled they can – meetings, presentations, and even booth time at a tradeshow. 

A Parting Thought 

While the focus of this article is from a business and performance perspective, I’d be remiss if I didn’t include this next part. I really recommend planning and reserving time with your family, pets and friends if you’re traveling for work on a weekly or monthly basis. Time is something you can never get back or make up. 

It’s easy to miss out on this time while you’re home because there is so much to catch up on like laundry, cleaning, haircuts, car maintenance, etc. You think, “I’ll have time with my family when I’m back home next,” but that doesn’t always turn out to be the case. Everyone has their own schedule to maintain so you must arrange schedules. And your kids aren’t going to look back on folding clothes and socks as one of their favorite memories with you – so plan the ones they will now 😊  

Personally, I rely heavily on my calendar and make it a point to build in a lot of fun time with these important groups. I try to be home every weekend with at least one activity planned with my family, and one with friends.   

FSLogix Profile Containers in Azure Virtual Desktop (AVD): Here’s What You Need to Know

A common question we get from Managed Service Providers (MSPs) is about the way FSLogix profiles are configured and how they work with Azure Virtual Desktop (AVD).  In this article, I’ll provide a technical overview of the technology.  This is a 200-level technical article.

First, you can find everything there is to know about FSLogix here. This is an extensive documentation repository but can be overwhelming at first glance.  I’ll try to distill the relevant information here.

What is FSLogix Profile Container technology and why should it be used?

There are actually 4 FSLogix products:

  1. Profile Container
  2. Office Container
  3. Application Masking
  4. Java Version Control

Here, we will focus on #1 only – Profile Container (PC).  Office Container benefits are automatically included in the Profile Container product, so we won’t discuss Office Container at all.  Application Masking and Java Version Control are interesting technologies that we’ll explore in future articles.

In a nutshell, Profile Container redirects a user’s profile (what’s typically stored in C:\Users) to a VHD file on a file share.  This allows a user to log into a different desktop VM each time they connect and still have access to the same user profile settings since the profile container is mounted under C:\Users whenever a user logs in. 

This functionality is what enables users to be assigned to session host pools with multiple VMs and still have a consistent user experience when they get redirected to a different VM each time by the AVD connection broker.

How is FSLogix Profile Container enabled?

Profile Container (PC) is enabled via a simple registry entry in HKLM\SOFTWARE\FSLogix\Profiles after it is downloaded and installed.  Here you enable the Profile Container and point it at a UNC of a file share location where the profile VHD file will be created when users log in.

Nerdio Note:

FSLogix Profile Container is enabled by default on the Nerdio configured AVD Windows 10 multi-session template VM.  The profile location is set to \\FS01\Profiles\%Username%.

Also, there is an XML file in the \\FS01\Profiles location that excludes the Desktop and Documents folders from being included in the FSLogix PC.  Instead, these folders are redirected to \\FS01\Users\%username% folder using Group Policy.  This reduces the size of the FSLogix VHD file and allows enables IT administrators to centrally back up and manage users’ personal data.

That’s all it takes to enable FSLogix Profile Container.

What happens when a user logs in?

When a user logs into a desktop VM where FSLogix PC is enabled, the system first checks for the presence of a local profile for the user.  If a local profile exists (e.g. a folder is present in c:\users and registry entry for the local profile exists in ProfileList key), then FSLogix PC skips the process of creating or connecting to a network profile specified by the registry entry mentioned above.

If no local profile exists, PC tries to connect to the UNC location specified in the registry and connect to a profile that already exists or will create a new one.  The user must have Modify permissions to the profile folder on the file share.  If the PC cannot mount or create a profile, it will default to using a local profile if one exists or create a new one if it does not.  In this situation, all user personalization settings will be stored in c:\users and will be lost once the user logs into another desktop VM in the future.

Nerdio Note:

To avoid a situation where a local profile that already exists on a desktop VM prevents the creation of a network-based profile, the Nerdio golden image includes an entry that will automatically delete the local profile and create a VHD one in the file share.

The registry entry is DeleteLocalProfileWhenVHDShouldApply and it is set to value of 1.

How can you tell if the Profile Container redirection is working?

There are a few ways to do this:

  1. Look in C:\Users and see if there is a folder called “Local_username”. The presence of this folder with a recent modified date indicates that profile container redirection to a file share is working.
  2. Look in the file share for the VHD file and note its modified date. If it is current, then redirection is likely working.
  3. If the user account has local administrator rights on the desktop VM, check the disk configuration Windows utility. You’ll see a virtual mapped drive listed.

What can you do if Profile Container redirection is not working?

If you notice that profile redirection isn’t working, verify the following:

  1. Profile Container operation can be controlled with local security groups that can be used to include or exclude users or groups from having their profiles redirected. Use Computer Management>Local Users and Groups to verify that that the user (or a group that includes the user) is not excluded from PC.
  2. Make sure that there is not a local copy of the profile already on the desktop preventing PC from turning on. If there is, either delete the local profile or use the DeleteLocalProfileWhenVHDShouldApply registry key to have FSLogix PC do this for you automatically on the next login.
  3. Make sure the user can access the UNC file path where FSLogix PC is expecting to create the profile VHD file. Make sure that the path is correct and browsable and that the user can create and delete items inside of the file share.  If not, troubleshoot share access or NTFS permissions.
  4. In Event Viewer, find the FSLogix Apps operation log and look for the entry that shows whether the profile mount worked. If the exit code is not 0, look up the code here.
  5. Once you’ve verified 1-4 above, see if the user may be logged in to another session host desktop VM and the VHD file on the file share is locked by that session. You can log into the file server and check Computer Management>Open files for more information.  If the profile container VHD file is locked, close the file handle and log in again.

Additional recommendations for FSLogix Profile Container

FSLogix Profile Container requires little configuration to enable and gracefully fail over from a redirected profile to a local profile.  Unfortunately, this can create a situation in which a user may not be aware that their settings aren’t being saved on the file share and are going to be discarded because they are saved locally.  To avoid this situation, it may be advisable to prevent users whose profiles cannot be redirected from logging in and using the system with local profiles.  To do so, the following two registry entries can be added on the desktop VMs and set to a value of 1.

  • PreventLoginWithFailure
  • PreventLoginWithTempProfile

Putting it all together

Here is the recommended configuration of FSLogix on host pool template VM in the Nerdio environment.

At Nerdio, our mission is to empower MSPs to build successful cloud practices in Microsoft Azure with technology and knowledge.  Nerdio for Azure simplifies and automates the deployment, pricing, management, and cost-optimization of AVD environments in Azure, and our educational content is custom-tailored for MSPs to help them succeed with Azure and partner with Microsoft.

FSLogix Anatomy + Common Issues: Storage, App, Profile Container 

Here at Nerdio, we’ve been entrenched in Azure Virtual Desktop (AVD) since the very beginning, which means we’re chock-full of knowledge about Microsoft’s recommended profile solution for AVD: FSLogix.   

FSLogix may be new to many MSPs who haven’t worked with Azure or AVD, so we’re always compiling tips and helpful ways to train MSPs on what FSLogix is and how to troubleshoot it.  The best route for training we’ve found with FSLogix is to start with breaking down its anatomy and the related common troubleshooting issues for each component.  

What is FSLogix? 

FSLogix is a robust profile solution for non-persistent desktops (like AVD hosts). It is Microsoft’s recommended profile solution for AVD and moves MSPs away from “roaming” profiles to a profile that is mounted and feels like a local profile.   If you’ve worked with User Profile Disks (UPDs), you’ll feel right at home with FSLogix. 

3 Moving Parts 

FSLogix’s name may be more intimidating than what is really under the hood. There are essentially three pieces at its core.  


Most users decide to use one of two FSLogix storage options: either a file server VM (virtual machine) or Azure Files. A file server VM requires the user to manage the underlying server object, and it needs to be in the same region as the host. Azure Files uses Azure Storage, which is an IaaS (Infrastructure-as-a-Service) service, so the underlying assets don’t need to be manually managed. Using premium storage is recommended for both a file server VM and Azure Files. Learn more about these options in this video.  

You’ll find when adding an account in Nerdio Manager for MSP that you are required to establish a new, or pointing to an existing, FSLogix storage path.  This Server Message Block (SMB) share is where the FSLogix profile containers will be stored.  Permissions are critical to this share and are the most common support request we see with FSLogix.  You can find more information about FSLogix permissions via  Microsoft’s documentation linked HERE

The performance of your storage is a major player in FSLogix performance. Slow login times are a common symptom of under-performing storage. If Azure Files is used for this storage, we always recommend using premium storage and perhaps auto-scaling your Azure Files storage to optimize through put during working hours.  Nerdio Manager for MSP has a great feature for Auto-Scaling Azure Files. This scaling feature can also ensure there is adequate available space as your FSLogix storage grows.  One last word of caution on the storage front – you must back up your FSLogix storage! It is essential as it stores user profile data. 

FSLogix Application 

The second piece of the FSLogix puzzle is the application. We rarely see a support issue related to the FSLogix application itself and more often we’ll see a misconfiguration of the FSLogix settings. The FSLogix app is only required on a session host (AVD host) that users are logging into. It is not required on the user’s storage device, image or anywhere else they would not be logging in.   

The biggest things we see MSPs struggle with related to the application are updating the registry settings and keeping the application updated to the latest version.  

Registry settings for the FSLogix application are used to provide FSLogix settings and point FSLogix to your storage location.  Nerdio Manager for MSP allows you to store these settings in an FSLogix Configuration profile under Settings>Integrations for your customer accounts.   

Nerdio can then install FSLogix (latest GA version) with your settings upon AVD host creation, taking the worry out of keeping FSLogix updated and retaining your settings via our automation.  Combine this with Auto-healing features available for Auto-scale (Including FSLogix health checks) and the application piece of FSLogix is no sweat.   

Profile Container 

Yes, this is all leading up to the user profile, I promise!  With storage established and FSLogix running on the AVD host, all you need now is users.    

Upon a user’s first login, a profile container will be created in the storage location designated.   The user’s profile will be a VHDX or VHD file depending on the settings configured (with VHDX being preferred).  By default, this will include the user’s entire profile.  Think of everything that would be in a user’s C:\User\<username> folder and this will be stored in their FSLogix profile container.   

 When a user logs in, the FSLogix app will go to the storage location and mount that user’s profile container to the AVD host.  When the user logs off, this is dismounted from that host.  This gives a user the ability to potentially login to a new host with each login but feel as though they’re logging into their same desktop each day. This also gives the opportunity to scale-in (remove) AVD hosts, reimage, delete and move users to a different pool without losing their data and settings.   

Common support issues we’ll see related to profile containers include the following: 

  • Profile locked due to the file being in use 
  • Profile (VHD/VHDX) reached FSLogix’s default 30GB maximum size 
  • Symptoms are “full disk” errors, unable to receive new mail in Outlook 
  • FSLogix has a 30GB default size limit for containers. This can be expanded via registry setting 
  • Profile Corruption 
  • If the VHD/VHDX file were to be corrupted, FSLogix may rename the file with a “CORRUPT” in the file name.   
  • May be resolved by restoring a backup of the VHD/VHDX from a known working date 

FSLogix is a great solution to use alongside Azure Virtual Desktop, but it can be a complex tool. Here at Nerdio, we can help you learn how to use it. Read our blog on ‘5 Things MSPs Must Know about FSLogix for additional insights or contact us to discuss your MSP’s unique needs.

Azure Virtual Desktop (AVD) End-User Experience and Multi-Factor Authentication (MFA)

Azure Virtual Desktop (AVD) introduces a new end-user experience via a brand-new Remote Desktop application.  Unlike previous versions of Remote Desktop Connection that were included in every version of Windows OS, this one must be downloaded and installed.  The new client also requires .NET framework 4.7.2 or later to be downloaded and installed on a Windows machine before installing the client.  Once in General Availability (GA), client apps will be available for MacOS, iOS, Android and HTML 5.  Suffice it to say, AVD will be accessible from almost any modern, internet-connected device.

In this article, we will focus on the end-user experience when using a Windows PC with a special focus on how multi-factor authentication plays into the user login experience.  We will review the user login process in detail using the latest version of the Remote Desktop app v1.2 available today.  The user interface will likely change slightly in future releases, but the overall authentication and login flow is likely to stay consistent.

Azure Active Directory (AD) is Required

One of the many advantages of AVD over previous RDS implementations is that Azure Active Directory (AD) is natively supported, and in fact required, for AVD to work.  This brings with it many benefits including:

  • Consistent set of credentials for local Active Directory (when synced to AAD with ADConnect), Office 365 and other Azure AD services, and Azure Virtual Desktop. No more maintaining independent sets of user credentials.
  • Support for Azure MFA (multi-factor authentication) in its native form. User experience is identical to that of accessing Office 365 resources.  Something that most users are well familiar with at this point.
  • Support for Azure Conditional Access (CA). This is great for administrators who want to control AVD access by users based on their location, device, and other conditions.

Azure MFA is available as part of the Azure AD Premium license.  It is also included as part of E3/E5 Office 365 and Microsoft 365 products.  Most users with Office 365 accounts should be able to start taking advantage of MFA with AVD right away.  To take advantage of Conditional Access policies, users will need Azure AD Premium licenses.

Remote Desktop App

The AVD Remote Desktop app replaces the RemoteApp and Desktop Connections (RADC) and the Remote Desktop Connection (MSTSC) clients built into Windows.  After downloading and installing the .NET framework and the new Remote Desktop app, the first step is to Subscribe to virtual desktops and RemoteApps using Azure AD credentials.

Clicking Subscribe takes the user to the standard Microsoft cloud login screen:

Here you specify the user’s Azure AD credentials and all MFA and CA policies apply.  For instance, here is what the next prompt looks like when MFA with phone-based authentication is enabled:

Once authenticated, the Remote Desktop app will subscribe the user’s PC to desktops and RemoteApps that the user is entitled to.

This subscription is persistent, meaning that even if you close and Remote Desktop app or reboot the PC, the user will not be required the re-subscribe again and therefore not prompted for password and MFA credentials.

RemoteApp Integration

If a user is entitled to RemoteApps, these will become automatically integrated into the Start Menu and will appear like regular apps that are locally installed, even though they are running in Azure Virtual Desktop.  Once a user connects to a RemoteApp the icon in the task bar will have an indicator that the app is a RemoteApp but otherwise it will appear like a native, locally-installed application.

Full Desktops

If a user is entitled to a full, published AVD desktop then double-clicking on the desktop icon will open it using a familiar Remote Desktop Connection (MSTSC) interface in full screen, spanning multiple monitors.  Monitor configuration can be set by the administrator on the AVD Host Pool configuration.  At this time, it is not yet possible to configure this from the client, but it will be possible in the future.

Remote Desktop App Update

When a new version of the client is available, the user will be notified by the client and the Windows Action Center.  Selecting the notification will start the update process. This is a welcome feature that allows administrators to install the app only once and rely on Microsoft to keep it up to date.  Keep in mind that for the update to run, the user must have local administrator rights on the PC where the app is installed.

Clicking on the “…” next to the AVD Tenant name (getnerdio in the screenshot below) you can see the version settings and have a button to trigger a manual subscription update in case new RemoteApps or desktops have been published to the user.

In conclusion, the end-user experience in AVD is a welcome change and will be much appreciated by users and admins everywhere.  Full integration with Azure MFA and CA is going to allow administrators to create highly secure virtual desktop environment in Azure that are still easily accessible by end-users.  Start Menu integration for RemoteApps, persistent subscriptions, and automatic updates of the client app are going to limit the number of clicks an end-user will have to go through on a regular basis and improve the user experience.