Home / Nerdio Academy / Windows Virtual Desktop / Everything MSPs Need to Know About Windows Virtual Desktop

Everything MSPs Need to Know About Windows Virtual Desktop

Vadim Vladimirskiy
Vadim VladimirskiyFounder & CEO, Nerdio
0 commentsMay 15, 2019Articles

How to Deploy a Windows Virtual Desktop Pilot in two hours 

 

Interested in exploring Windows Virtual Desktop for yourself? 

If you’d like to deploy Windows Virtual Desktop into your existing Azure AD tenant for a test drive, you can do so in less than two hours using Nerdio for Azure. Even if you don’t have or want a Nerdio for Azure account, you can sign up for a free 30-day trial – no credit card required – to explore this Windows Virtual Desktop pilot. 

The alternative is learning a lot of PowerShell scripting, spending days by hand, and doing a lot of technical reading. 

Here’s what you’ll need to get started: 

Ready? You can read our detailed guide on deploying a WVD pilot here.  

Getting Started

Following this introduction will let you deploy Windows Virtual Desktop into your existing Azure AD tenant, but into a new Active Directory Domain Services (AD DS) deployment running in Azure to avoid issues. This will not cause any issues or conflict with your existing AD DS deployment.  Once the pilot is deployed it’s possible to “plug” it into your existing AD DS and start using it, but because this is a pilot, we will not be touching your production AD DS.  

There are two ways you can meet this 2-hour deployment benchmark: you can either learn lots of PowerShell scripting, spend days building things by hand, and do a lot of technical reading; or, you can use Nerdio for Azure Core. We’ll be showing how to do the latter. 

Deploy a Nerdio for Azure Core account 

You’ll need to create a new Nerdio for Azure account and connect to Azure using a global administrator account. Make sure you set AHU to ‘Yes’. You’ll also want to connect to Office 365 on the same administrator account. Specify your company name and continue.  

While the Nerdio for Azure Core account is provisioning, you’ll want to gather some information. It should only take around ten minutes.  

Here’s what you’ll need: 

  • Global administrator username 
  • NFA Account ID 
  • Resource Group Name 
  • Azure Region 
  • Azure Subscription ID 
  • AAD Tenant ID 

Now that your new account has been provisioned, just login to your new account, find the user you want to grant the rights to and hit ‘Show Extended Attributes’, check the ‘Grant domain admin rights’ box, and hit ‘Save’.  

Now you’ll need to grant WVD Consent to AAD. Head to the Windows Virtual Desktop consent page and under Server App in Consent Option, enter your AAD Tenant ID. Then sign in as your global administrator account, wait a few moments, and head back to the Windows Virtual Desktop consent page.  

Under Client App in Consent Option, enter the same AAD Tenant ID, and continue. Then just log back in and accept and you’re done with this step.  

Become a TenantCreator 

Now you’ll need to assign the TenantCreator application role to your global administrator account. Head over to the Azure Active Directory portal and login once again.  

Look for Windows Virtual Desktop in the Enterprise applications. Then you’ll want to add a new user under Users and groups. Go to Add Assignment, search for your global administrator account, and assign it. 

Ready to Deploy 

You’ll have to wait for Nerdio for Azure Core to finish provisioning before you can proceed here.  

You’ll also need to have .Net framework downloaded at version 4.7.2 or later. Open Windows PowerShell ISE as an Administrator, download this PowerShell script and open it with PowerShell ISE.  

Set the values in the variables section to the ones we set earlier and run your script. Note that this will upgrade the Azure and WVD PowerShell module to their latest available versions. 

It will take the script some time to run – maybe up to 30 minutes. Just one more step to go! 

Now, you just need to install a Remote Desktop client and connect it up. Subscribe to your newly-created desktop and select any of the four demo accounts. The default password is “AwesomeNerdioXXXX” (where XXXX is the NFA Core account ID from step 2). 

  • AITadmin@XXXX.nerdio.net
  • CCeo@XXXX.nerdio.net
  • AAccounting@XXXX.nerdio.net
  • SSales@XXXX.nerdio.net

 

You’ll find a published desktop called ‘Session Desktop.’ Launch it and enter the same credentials as before if it asks you to log in.  

That’s it – you're done! This pilot deployment should give you a feel for the experience, but once Windows Virtual Desktop enters general availability, Nerdio will be able to automate the entire deployment process for you.  

 

Want to give it a try yourself? No need to keep this tab open: you can download this section as a PDF guide right here: Guide - How to Deploy WVD in Two Hours with Nerdio


Windows Virtual Desktop and Multi-Factor Authentication  

 

Full integration with Azure Multi-Factor Authentication and CA is going to allow administrators to create highly secure and user-friendly virtual desktop environment in Azure.  Start Menu integration for RemoteApps, persistent subscriptions, and automatic updates of the client app all limit the amount of actions an end-user must take, improving their overall experience.  

Unlike previous versions of Remote Desktop Connection that were included in every version of Windows MS, this version must be downloaded and installed. The new client also requires .NET framework 4.7.2 or later to be downloaded and installed on a Windows machine before installing the client.   

Once in General Availability (GA), client apps will be available for MacOS, iOS, Android and HTML 5.  Nothing is confirmed, but it would be safe to assume that WVD will be accessible from almost any modern internet-connected device. 

Azure AD 

Windows Virtual Desktop has many advantages over RDS implementations, and one of them is that Azure AD is natively supported - and required - for WVD to work. A handful of benefits come along with this:  

  • A consistent set of credentials for local Active Directory, Office 365 and other Azure AD services, and Windows Virtual Desktop.
  • Native support for Azure multi-factor authentication (MFA).
  • Support for Azure Conditional Access (CA).

Azure MFA is part of the Azure AD Premium license, and included as part of E3/E5 Office 365 and Microsoft 365 products.   

Most users with Office 365 accounts should be able to start taking advantage of MFA with WVD right away. To take advantage of Conditional Access policies, users will need Azure AD Premium licenses. 

Remote Desktop App 

The WVD Remote Desktop app replaces the RemoteApp and Desktop Connections (RADC) and the Remote Desktop Connection (MSTSC) clients built into Windows.  After downloading and installing the .NET framework and the new Remote Desktop app, the first step is to subscribe to virtual desktops and RemoteApps using your Azure AD credentials. 

This subscription is persistent, meaning that even if you close a Remote Desktop app or reboot the PC, the user will not be required the re-subscribe—and will not be prompted for their password and MFA credentials. 

RemoteApp Integration 

If a user is entitled to RemoteApps, they will automatically integrate with the Start Menu and will appear like regular apps that are locally installed, even though they’re running in Azure WVD.  The icon in the task bar will have an indicator that the app is a RemoteApp. Otherwise, it will appear like a native, locally-installed application. 

Full Desktops 

If a user is entitled to a full, published WVD desktop then double-clicking on the desktop icon will open it using a familiar Remote Desktop Connection (MSTSC) interface in full screen, spanning multiple monitors.  Currently, it’s not possible to configure this from the client, but it will be in the future. 

Remote Desktop App Update 

When a new client version is available, the user will be notified by the client and the Windows Action Center.  Selecting the notification will start the update process. This feature allows administrators to install the app only once and rely on Microsoft to keep it up to date.  However, keep in mind that for the update to run, the user must have local administrator rights on the PC where the app is installed. 

 

Nerdio empowers MSPs to build successful cloud practices in Azure. We’ll continue to keep up on the latest Windows Virtual Desktop news and will keep this document updated.  

If you have any questions or comments, feel free to leave them below. Or you can get in touch with us directly!

GET IN TOUCH

 

 

Pages: 1 2 3