Desktop Image Lifecycle Management – Part 1 

Welcome to the first part of our series on desktop image lifecycle management. Throughout this article and the parts that follow, we’ll explore tactics and concepts you can use to take your cloud computing practice to the next level. Deciding to shift to Azure Virtual Desktop (AVD) is just the first step of the journey. The next step is understanding how to get the most out of this solution, and how it can help you to streamline your efforts to maintain and update the resources that underpin the end-user experience in the environments you support. 

Deploying Session Hosts with Images 

First, let’s discuss images in general. If you’re newer to AVD, or if you’ve been working with it for a while but haven’t operationalized the use of images, you’re missing out on some important optimizations. While dynamic session hosts can be configured manually, you’ll find that this becomes an extremely inefficient practice in a very short time. To discover why, let’s consider an example: 

You are the administrator for an Azure environment, and you’ve been tasked with building three dynamic, multi-user session hosts with breadth-first load balancing and configuring FSLogix to handle profile redirection for your end users. 

In this case, yes, the session hosts can be built manually, but using this as our method inherently requires that we triple the effort and time spent to deploy the three identical hosts. On top of that, if any of the production session hosts are configured incorrectly, it can contribute to configuration drift over time. And if all that wasn’t enough, if any of the session hosts experiences a critical failure during the business day, it can take hours to rebuild it. The end-user experience is also affected in this scenario, as they are all pushed to the two remaining session hosts until the third can be restored. Overall, manually building session hosts every time isn’t just harder on you, it also directly impacts other core elements of your business. 

So, what can we do instead?  

The answer to this question is to create a golden image with the appropriate configuration. Microsoft defines a golden image as an image that contains all apps, configurations, and settings you want to apply to your deployment. You can set yourself up for success with images in just ten short steps. 

Configuring a Host Session:  

  1. Create a virtual machine (VM) and create a backup.  (Note: You can create a backup of the VM now to save the initial “fresh” state.)   
  1. Apply any relevant updates to bring it into your organization’s compliance standards and install any relevant applications (those that should be generally available to end users). 
  1. Note: Using an RMM solution? Don’t install it just yet. Instead, install your RMM software on the session hosts once they are deployed. 
  1. Remove any local accounts. 
  1. This is a crucial step – the presence of local accounts on the VM can cause Sysprep to fail for several reasons. 
  1. When you’re done, take create a final backup of the VM – just in case Sysprep fails. 
  1. Clone the VM 
  1. Power off / deallocate the original VM. 
  1. Sysprep the cloned VM. 
  1. Capture the cloned VM as an image. 
  1. Delete/deallocate the cloned VM. 
  1. Use the image to deploy the dynamic session hosts. 

Since all three of the dynamic session hosts are configured in the same way in this scenario, a single image can be used to quickly deploy a host for the first time or to redeploy a session host that has suffered a critical failure. What used to take hours of work can now be resolved in a matter of 20-30 minutes. Creating your golden image is the crucial first step to centralizing updates and management. 

Note: Sysprep generalizes and removes user and domain-specific information from the machine, which in turn allows you to use the configuration in an image on various machines, even if all the components aren’t a direct match. You can use these to quickly provision dynamic hosts, or to provide a basis for the initial deployment of persistent/static hosts or Windows 365 (W365) cloud PCs. Learn more here. 

Golden Desktop Images 

Ready to create your first golden image? Check out this Microsoft article for the steps to capture a golden image in Azure. 

Want an even easier way to build your golden image? Nerdio Manager for MSP and Nerdio Manager for Enterprise both offer a quick, easy means to get started with images. Check out the links below for more information: 

Nerdio Manager for MSP 

Nerdio Manager for Enterprise 

Putting Images to Work for Future Updates and Management 

Now that we’ve streamlined our deployment process for deploying our dynamic hosts with images, things are working much more efficiently. If we have any major failures on our session hosts, we can easily deploy another host with an identical configuration. Users don’t experience as much downtime, and our team doesn’t have to waste time painstakingly rebuilding the same session hosts or restoring from a backup whenever something goes wrong. 

But using images to manage initial dynamic host deployment is only half of the power of this methodology. We can also use the golden image to handle patches and updates as they occur in our environments. At Nerdio, we refer to this as Image Lifecycle Management. If you’re not using your golden image to solve for patches and updates, you’re most likely manually applying updates to each session host, one at a time.  

Again, this works, but this methodology creates all sorts of unintended consequences. 

  • You may cause downtime for users if a session host must be rebooted or if users cannot be logged into it while you work. 


  • You may be adding to your costs by deploying a temporary fourth VM that allows you to maintain a total of three active session hosts while you work on each. 
Manually Applying Updates

To top it off, if you’re manually applying updates to your production session hosts, you’re also causing them to deviate further from that golden image we discussed earlier. If your manually updated session hosts have three months’ worth of patches and updates applied, but your golden image is still in the original state, you can’t use it to redeploy those hosts quickly if something goes wrong. 

These are big problems to account for, but the good news is, the solution to them is as straightforward as it is simple. All it takes is a small shift in tactics to solve all three of these pitfalls in one go. 

To get started, we’ll go back to the original VM that we used to build our golden image. Then, it’s a simple matter of nine easy steps to apply our updates. 

  1. Log into the original VM 
  1. Apply updates and changes. 
  1. Remember to create backups as you go! 
  1. Then power the original VM off and deallocate it. 
  1. Create a clone of the original VM. 
  1. Remove any local accounts from the cloned VM. 
  1. Sysprep the cloned VM. 
  1. When Sysprep is complete, capture an image from the cloned VM 
  1. Deallocate/delete the cloned VM. 
  1. Redeploy session hosts. 


And that’s all there is to it! If you’ve ever worked with images before, you’ll know that Sysprep can be fickle for several reasons. Chief among them is the limit to the total number of times you can Sysprep a machine. By adopting this workflow, we don’t ever need to Sysprep the original VM. Running Sysprep on the clone instead allows you to maintain and update the ideal configuration of your golden image over time. If you choose to, you can also maintain different versions of the golden image over time. This way, you’ll have a record of image objects you can use to redeploy if something goes awry. 

Now that you’ve applied updates to your images, applying them to your environment is simple and straightforward. When you’re ready to implement the changes, simply deploy a new dynamic session host with the most recent version of the golden image and set the others to drain mode. Once the original session hosts are empty of users, you can deallocate them. The benefits of doing this are significant. Managing updates in this manner ensures a soft handoff between session hosts and exponentially reduces both the downtime end users may experience, and the time it takes for your team to apply updates throughout the environment. 

The Nerdio Advantage 

Just like creating or importing images, Nerdio Manager for MSP and Nerdio Manager for Enterprise make reimaging with a golden image simple and fast. Steps 3 – 8 are automated in NMM and NME, meaning that a new golden image is just a click away once you finish applying updates to the original VM. Check out the links below to learn more about how Nerdio helps to streamline updating your session hosts with golden images. 

Nerdio Manager for MSP: 

Nerdio Manager for Enterprise: 

Note: Image Lifecycle Management is often used with dynamic hosts with profile redirection enabled (FSLogix). Outside of forming a golden image to use as a base to deploy new cloud PCs, it is not recommended for static hosts (AVD) or personal cloud PCs (W365) that require persistent, per-user configurations (E.g., custom application installations). 

And that’s Image Lifecycle Management in a nutshell! If you’ve been manually building session hosts, or applying updates to dynamic hosts in production, be sure to give the methods we covered in this article a try in your own environments. In part two, we’ll explore taking this one step further by automating this workflow through Nerdio Manager. We’ll see you soon! 

New, FREE NAF-100 Certification Launches Covering Azure Fundamentals  

I’ve been with Nerdio for 4 months and have been fortunate to meet many MSPs at our Training Camps. Understanding how Azure works is paramount to succeeding with your cloud practice which is why we’re excited to launch the NAF-100.

What is the NAF-100?  

The NAF-100 is our certification designed for any MSP who wants to build their cloud computing practice and any MSP staff who is involved in or supporting that initiative. Whether you have experience using Microsoft Azure or are currently evaluating if this solution suits your customers, the NAF-100 provides a powerful starting point for you to succeed with Microsoft’s public cloud. The certification program is optimized to help you cut through the noise, uncover what matters most, and take the next steps on your Azure journey. 

Moreover, the Nerdio Azure Fundamentals (NAF) certification serves as your springboard into the world of cloud computing in Microsoft Azure. Get started with no prerequisites! While a basic familiarity with configuring, deploying, and managing traditional IT environments can enhance your learning experience, it’s not required.

Furthermore, the NAF-100 functions as a primer for other Microsoft certifications that pave the way for success in Microsoft Azure. Once you pass the final exam, we recommend continuing your journey with foundational certifications such as: 

  • Microsoft MD-101* | Managing Modern Desktops (*The MD-101 certification will soon be updated to MD-102) 
  • Microsoft AZ-104 | Microsoft Azure Administrator 
  • Microsoft AZ-900 | Microsoft Azure Fundamentals

What is the purpose of the NAF-100?  

In a sea of Microsoft Azure content, it can be challenging to determine where to start your research. MSPs face an even more complex task, as the majority of available resources lack an MSP perspective in their writing. That’s where the NAF-100 comes in, offering rapid skill development and a jumpstart for you and your team. We have taken on the heavy lifting by identifying and organizing the essential fundamentals that MSPs need to know. Upon completing the NAF-100, you will have not only a solid foundation but also knowledge of the next steps to continue your Azure journey. 

Why are IT certifications like this important for MSPs?

One of the primary challenges faced by modern MSPs is finding the balance between learning and practical application. Your daily responsibilities revolve around your customers and their needs, making it difficult to dedicate extensive time each week to explore the vast universe of technologies in your stack. Additionally, conducting organic research and learning without specific objectives or problems to solve can leave you with a sense of not knowing what you need to know until the need arises. 

While becoming an expert by scouring through a knowledge base and absorbing countless articles is possible, it is often the slowest path to value. This is where certifications play a crucial role. Certifications provide structured learning paths that cover the scope and breadth of what you need to know. These carefully curated knowledge packages empower you to not only discuss the technologies that underpin your business but also extract maximum value from the solutions you choose to invest in.

What does the NAF-100 cover?  

The first important point to note about your cloud computing practice is that there will always be more to learn. The Nerdio Azure Fundamentals certification comprises eight sections and a final exam. The concept behind this certification is that by comprehending the competencies and technologies covered in each of these sections, you will establish a strong foundation to delve into more advanced concepts. This enables you to build exactly what you need without the hassle or overwhelm of starting from scratch. The entire course, including the material and the exam, should take approximately 2-3 hours to complete.

NAF-100 Syllabus: 

  • Azure Categories 
  • Identity & Identity Management 
  • Azure Subscriptions 
  • Resource Groups & Resources 
  • The Azure Hierarchy 
  • Selecting Foundational Resources 
  • Microsoft 365 & Azure 
  • Core Azure Services 

How does the NAF-100 compare/differ from Nerdio’s NMM-100 and NMM-200 Certifications?

Initially, we offered a condensed version of the Azure Fundamentals through the NMM-100 (Nerdio Manager for MSP) certification. However, we quickly realized the need for a more comprehensive exploration of the Azure fundamentals to ensure the success of MSPs in Azure as a whole. Without a solid understanding of the fundamentals, grasping the concepts covered in the NMM-100 and NMM-200 can be considerably more challenging. To address this, we extracted the fundamental concepts from the NMM-100 and developed them into a standalone certification that serves as an introduction to the concepts built upon by the NMM-100 and NMM-200.

Are the NMM-100 and NMM-200 certifications still valid? 

The NAF-100 serves as the foundation of our certifications at Nerdio. In contrast, the NMM-100 and NMM-200 certifications are more specialized, catering to specific roles and responsibilities within your business. This approach ensures that everyone in your organization has a central reference point to align with while maintaining their specialized lanes and responsibilities. 


In conclusion, the NAF-100 certification is the ideal choice for MSPs looking to strengthen their cloud computing practice in Microsoft Azure. With its tailored approach and structured learning path, this certification equips both experienced users and beginners to enhance their Azure skills. Act now by registering for the certification, and/or downloading the NAF-100 one-pager to share with your team. 

 Start your Azure journey with confidence and unlock the full potential of your MSP business. Start today and embrace the power of the NAF-100 certification.