Azure virtual desktops are becoming super popular with businesses all around the world, but what are the advantages of using a virtual desktop and how do you set one up?

Well, I’m glad you asked. In today’s blog post and accompanying video, we’re going to take a closer look at virtual desktops, and I’ll be sharing a step-by-step process that you can follow to set up your Azure virtual desktop infrastructure.

Let’s get started.

What is an Azure Virtual Desktop?

If you’re new to Azure, the first thing you’ll be wondering is what an Azure virtual desktop actually is.

At its simplest, it’s like a regular desktop but it’s stored in the cloud. You access it by loading up your web browser and entering your Microsoft 365 credentials, at which point a full desktop launches right within your browser.

This virtual desktop includes all of your emails, files and folders, as well as your applications and pretty much anything else you might need. My company, Integral IT, has been selling a lot of these virtual desktops of late, and that’s because they have so many different use cases.

Understanding the Use Cases

The last three customers that we’ve sold Azure to are great examples of its use cases.

The first one is a law firm with 50 users spread over three separate offices. When we first started working with them, each office acted as a separate entity, with a physical server in each office. They all had their own set of files and folders and there was no sharing between one office and another.

Understandably, the partners of the law firm wanted to unify their technology so that there was better sharing throughout the company. They also wanted to pay a fixed price per user per month, rather than having to invest in expensive servers every couple of years. Azure was the perfect solution.

The second example is a US-based client with ten employees which didn’t have an office. All of their employees worked remotely, but they had an application that they needed to use throughout the business. Because they didn’t have an office, they also didn’t have a central place to install applications. Azure solved all that.

Then there’s a client of ours in Australia which employs a lot of contractors — people who work for them occasionally but who aren’t permanently on the payroll. They needed to give those contractors secure access to their systems, but they didn’t want to buy each one their own device. An Azure virtual desktop was the perfect solution, because it allowed contractors to use their own laptops while still securely accessing the systems they needed via a virtual desktop.

These three examples should give you an idea of the capabilities that Azure brings to the table, but they’re far from the only use cases. Honestly, I could write an entire article about the different ways of using Azure, but we’d be here forever. Let’s move on.

A Step-by-Step Guide to Setting Up an Azure Virtual Desktop

It’s time for us to get into the meat and potatoes of this article and to look at how to set up an Azure virtual desktop. Remember that if you’re struggling, you can always check out the video at the top of this post where I walk you through this process on screen. 

1.      Log into Microsoft 365 and the Azure Portal

The first step is to log into a few different areas of Microsoft 365. First up, you’ll want to log into the Microsoft 365 admin centre with a global admin account. Next, open up another tab and log into portal.azure.com with the same admin account. You’ll be doing most of your work in the Azure portal.

2.      Create Groups

Next up, you’ll want to create a couple of groups. The reasons for this will become obvious later on, but for now, use the navigation menu on the left-hand side to go to “Teams & groups” and then “Active teams & groups”.

On this page, select “Security groups” and then “Add a security group”. You’ll be prompted to enter a name and an optional description. For now, use the name “AVD Users” (AVD for “Azure Virtual Desktop”) and skip the description, then click “Next”.

Tick the checkbox under “Role assignment” and click on “Next” again. Then you can finish the process by clicking “Create group”.

With your AVD Users group ready to go, the next step is to repeat the process to create another group called “AVD Administrators”. After you create this group, click “Close” or navigate back to the “Active teams & groups” page.

3.      Add Users to Groups

We’re now ready to add the users that we want to access the Azure virtual desktop into the AVD Users group.

Click on the AVD Users group, then select the “Members” tab on the navigation menu on the right-hand side of the screen. Beneath that, you’ll see the option to “View all and manage members”, so go ahead and click it. Click “Add members” and select the users you want to be part of your AVD environment.

With that done, we can come back out and go into the AVD Administrators group. These people will have admin access to the AVD servers and will be able to install applications and carry out other admin tasks. AVD users will just have standard accounts.

Go ahead and add the members of your IT team and anyone else who needs to have admin access.

4.      Add Resource Groups

Now we’re going over to the Azure Portal.

The first thing we want to do is to add a resource group. I think of these as being like buckets containing all of the resources that are connected to your virtual desktop.

If the resource groups setting is there in your dashboard, you can click it. Otherwise, you can just search for it via the search bar at the top. Once you’ve loaded it, click “Create”.

At this point, you’ll be prompted to confirm your subscription, and it should go without saying that to do this, you need an Azure subscription. You’ll also be prompted to name the resource group, and so go ahead and name it “AVD-RG” (for “Azure Virtual Desktop Resource Group”).

You’ll also be asked to select a region. Throughout this process, it’s important for you to select the same region for all of your resources, whether that’s East US or UK South.

Go ahead and click “Next” to load the tags screen, which we’re going to skip for now. That leaves us with one final task, which is to click the “Create” button.

5.      Create a Virtual Network

Now it’s time for us to create a virtual network and to put it into the resource group bucket that we just made.

We need a network within Azure to run our Azure virtual desktop infrastructure, and so we’re going to navigate back to the homepage of the Azure Portal and click “Virtual networks”. Then, click the “Create” button in the top left corner of the screen to get the ball rolling.

Once again, it’s going to ask us what subscription we want to use, and you’re also going to be asked to select a resource group. Go ahead and choose the group that we just added. Then enter a name, such as “AVD-Network”, and select the same region that you chose before.

Click “Next” to be taken to the security settings. A lot of these options incur additional costs and so for the purposes of this guide, we’re not going to include any.

Hit “Next” to be taken through to a section for IP address spaces. You can leave the default settings as they are unless you have a good reason to change them. Click “Next” to go through to the tags screen, which we’re going to leave blank again, and then we can use the blue “Create” button to create that virtual network.

Wait while the deployment is in progress and after a minute or two, you’ll see a little popup in the top right corner to let you know that the deployment has been successful.

6.      Setting up the Virtual Desktop

6a. Create a Host Pool

Now, let’s go back to the home tab on the Azure Portal and select the “Azure Virtual Desktop” option. Again, if it’s not there then you can search for it.

We’ll be doing a few more things here, starting with creating a host pool before moving on to creating an application group and then a workspace.

Choose “Host pools” in the navigation menu and then click the blue “Create host pool” button. Once again, it’s going to ask you to confirm your subscription and select a resource group. You’ll also need to enter a name (e.g. “AVD-HP”) and to update the region so that it matches your others. Leave the validation environment radio button on “no”.

For the preferred app group type, you have two options. Desktop will provide users with a full desktop within Azure, while a remote app is just an application in Azure that you can publish to individual computers. For this tutorial, we’re going to stick with “Desktop”.

Now, we’ll move on to the host pool type. We’ve got two options here and can go for either personal or pooled. With AVD, we’re buying a host within Azure, and if it’s personal then it means that one person is logging into that host and has all of those resources for themselves. When it’s pooled, you’ve got multiple people logging onto that host and sharing the resources between them.

A pooled host pool type is the cheapest and arguably most common option, and so you’ll want to go ahead and select that unless you have a good reason not to. This will open up some additional options.

For the load balancing algorithm, you can choose between breadth-first and depth-first. The difference here is that breadth-first will spread users out across all of your hosts, so if you’ve got four users logging onto four hosts, it will put one user on each host. Depth-first will fill the hosts up one at a time and so it would put all four users on the same host and keep doing so until that host was full, before moving on to the next one.

For the purposes of this walkthrough, we’ll go with depth-first and set the max session limit to five, which means that each of those hosts will be limited to five users. Click “Next” and you’ll be prompted to add a virtual machine. Click the radio button to select “Yes”.

6b. Choose a Virtual Machine

This is going to pop up a whole bunch of options for you to work through, starting with the resource group. Select the group you created earlier, then enter a name prefix. The easiest option is to enter your company name, which will ensure that your first server will be called “[Company] One”, your second will be called “[Company] Two” and so on.

For the virtual machine type, leave it as “Azure virtual machine”, and be sure to update the virtual machine location so that it matches the one you selected earlier. Now we can move on to the availability options.

Here, we can choose between “No infrastructure redundancy required”, “Availability zones” and “Availability set”. Essentially, availability zones allow you to spread your infrastructure out over different regions so that if there’s a problem with a data centre or some other issue, you’ll still be able to access your virtual desktop. These zones and sets cost more money and so you should default to sticking with “No infrastructure redundancy required”.

For the purposes of this walkthrough, we’ll leave the security type option set at “Trusted launch virtual machines”, which will also check the two boxes below it. We can leave those settings as they are and move on to image.

This setting is basically asking us what software we want to be used on those virtual machines when people log on. There are a lot of options to choose from, including various versions of Windows 10 and Windows 11. We can also have Windows 11 with Microsoft 365 apps installed. Given that there’s no reason not to go for the very best, you’ll want to select the latest version of Windows 11 with Microsoft 365 apps bundled in.

You’ll then be asked to select the size of your virtual machine, and when you click the “Change size” link you’ll be presented with a wide range of options. I’ll make some recommendations about this in a moment, but for now, let’s stick to the standard virtual machine settings and set the number of virtual machines as one.

We’re also asked to select the disk type and disk size for our operating system. We can pick from either a standard SSD or a premium SSD, and I’d normally suggest spending the extra cash it takes to get the premium SSD because it will provide a higher level of performance. As for the disk size, make sure you choose an option that will provide you with enough space in your environment.

We’ll skip over the boot diagnostics section for now and move on to the network and security settings, where it’s going to ask us to choose a virtual network. Select the network you created back in step five, and then select the network security group type that you want to go with. Azure provides you with plenty of information if you want to dig deeper, but for now, feel free to leave it on “Basic”.

You can also choose to open some public inbound ports, but I’d advise against that unless you have to because that can be a security risk.

Next up, under the “Domain to join” section, we can choose whether we want to domain join these virtual machines or whether we want to make them part of Microsoft Entra ID. Personally, I’d go for Entra ID all day long, but it’s up to you. You can also choose whether to enrol the VM with Intune, which is always a good idea and so go ahead and do that.

We’ll then be asked to create an administrator account for the virtual machine, so go ahead and create a username and password for your admin user. This will cover us if we ever need to log on locally as an administrator, so make sure you don’t forget your login.

When you click “Next”, you’ll be taken to the workspace screen, where you’ll be asked if you want to register a desktop app group. We’re going to select “No” for now because we’re going to create a workspace later on.

A few more clicks on “Next” will take us to the advanced screen and the tags screen, which we can leave as is, before finally taking you to a screen where you can review and create your virtual desktop.

Advice On Choosing Virtual Machines

The server settings that you choose for your Azure virtual desktop will be key to both the performance of your AVD and the amount of money it’s going to cost you. Azure can get expensive quickly, so you’ve got to put some thought into the design of your virtual desktop if you want to keep your costs down.

In this article, we’re just taking a look at a basic virtual machine, but I could easily write a whole post or shoot a video on how to size your virtual machines. Let me know if that’s something you’d be interested in.

In the meantime, let me give you a real world example about how we sized a virtual machine for a recent client of ours — that law firm with 50 users across three offices. We implemented four servers called E4SV5s, each of which had four VCPUs and 32GB of RAM. That meant that in total, we had 15 virtual CPUs and 128 GB of RAM.

The clever thing here is that we used the scaling that was built into Azure so that during business hours (Monday to Friday from 9 AM to 5 PM), all four servers were operational. However, outside of business hours, three of those servers shut down so that there was only one active server in the evenings and over the weekend. Azure is a pay-per-use model, and so this made it much cheaper than having four servers running at the same time.

7.      Create a Workspace

Azure will now tell you that your deployment is complete, so go back to the Azure Portal and click “Azure Virtual Desktop” on that home screen. If you click on “Host pools”, you’ll be able to see the virtual desktop that you just created. If you click on “Application groups”, you’ll see that one of those was automatically created for you when you created the host pool.

Now, select “Workspaces” and click on “Create workspace”. Once again, it’s going to ask you to confirm your subscription and select your resource group. As for the workspace name, give it the name of your company. You can add a friendly name and/or a description if you want to, but that’s optional. You’ll also need to select your region from the list again.

Click “Next” to view the application groups screen, where you’ll want to select the “Yes” radio button before clicking the blue “Register application groups” link. You can then select the application group that was created automatically when you set up the host pool so that you can add it to the workspace.

Once you’ve done that, continue clicking “Next” to skip through the advanced and tags screens, then click the blue “Create” button to finish the process.

8.      Check That the Virtual Machine is Running

Navigate back to the homepage of the Azure Portal and click the “Azure Virtual Desktop” icon, then select “Host pools” in the left-hand menu and click on the name of your host pool. This will open up a window that will show you further details about your setup, including the number of total machines and the number of machines that can connect. If all’s gone according to plan, both of those figures will be at one.

9.      Assign Users

Go back to the Azure Portal homepage and choose “Azure Virtual Desktop”, then select “Application groups” from the navigation pane. This will open another window where you can select “Assignments” from the second navigation pane.

This is where the groups that we created earlier come into play. Click “Add”, select the two groups that we created in step two and then click “Select”. We’re also going to add some other permissions at the resource group level, so go back to the Azure Portal homepage and then to the resource groups menu before picking out your resource group.

You’ll be able to select “Access control (IAM)” from the navigation menu, and then click “Add” to get the ball rolling. There’s a search bar here, and if you type in “virtual machine” then you’ll be able to select “Virtual Machine User Login” from the results. Highlight that and click next, then the blue “Select members” link. Select the AVD users group and click on “Select”, then click “Review + assign” a couple of times until they’ve been added.

We’re going to go back in and add another role, this time for the admin side of things. Follow the same steps as before, but when you run the search, choose “Virtual Machine Administrator Login”. Continue the process and select your AVD administrators group, then finish up adding them and assigning their roles.

10.  Set Up Entra Single Sign On

It’s time to choose how you want people to access your virtual desktop. Go back to the Azure Portal homepage and click “Host pools”, then select your host pool. Under the settings menu, choose “RDP Properties”. This will load up the connection information screen.  

Next to the "Microsoft Entra single sign-on" menu, hit the drop down menu and choose “Connections will use Microsoft Entra authentication to provide single sign-on”. Then save your settings.

11.  Log On and Test

With all of the grunt work done, let’s go ahead and test our Azure virtual desktop.

Open a new browser window and point it to https://rdweb.wvd.microsoft.com/arm/webclient. You’ll want to bookmark this link as it’s the sign-in page that your users will visit to access their virtual desktop. You’ll automatically be prompted to sign in.

There’s also a remote desktop app that you can install from the Windows store. After you install and load that app, you can click “Subscribe” and log in with your username and password.

Regardless of which option you go with, after you enter your username and password, you should see the workspace that you created. Double click on it to connect and your Azure virtual desktop will load.  

Take a moment or two to look around and you should see that you have all of your Office apps, your File Explorer and everything else that you need from your virtual desktop.

12.  Set up Multi-Factor Authentication

There’s one last thing to do, and that’s to set up multi-factor authentication for better security.

Log out of your virtual desktop and go to the Microsoft 365 admin centre, then navigate through “Protection”, “Conditional Access” and then “Policies”. Select “New policy” and give it a name. Click on “Users”, then either select the radio button for all users or choose “Select users and groups” and manually specify who you want to require two-actor authentication.

Click on “Target resources” and “Select apps”, then choose “Select” and search for Azure Virtual Desktop. Click the checkbox beside it and then the blue “Select” button. We’ll leave “Conditions” as it is and move on to “Grant”, where we’re going to click on the checkbox on the right-hand side to require multifactor authentication.

After you click “Select” on the right-hand side, be sure to change the “Enable policy” button to “On” before you click on “Create”. You’ll see a little pop-up in the corner of the screen to confirm that the policy has been enabled.

To test it, follow those instructions from step eleven, making sure that you unsubscribe first so that the conditional access policy for multi-factor authentication can kick in. If all’s well, it’ll prompt you to set up Microsoft Authenticator after you enter your username and password.

From now on, your virtual desktop will ask people to use Microsoft Authenticator and multi-factor authentication every time they try to log in, and this applies whether they log in via the web or via the app.

Conclusion

So there you have it! That’s how to set up an Azure virtual desktop. I hope you found this article useful, and be sure to check out my video walkthrough if needed. You can subscribe to my YouTube channel while you’re at it.

Alternatively, give me a follow on your social networking sites of choice, and be sure to leave a comment to let me know how you get on so we can keep the discussion going. I’ll see you soon for another article!

About the Author

Jonathan Edwards is an IT expert with over 20 years of industry experience across a multitude of different areas. The founder and managing director of UK-based Integral IT, he helps companies all over the world by delivering IT services that bring real value to each and every customer, no matter how big or small.

If you need IT support, Integral IT can help. Get in touch today by emailing [email protected] or visiting www.integral-it.co.uk.