How to Setup Azure Virtual Desktop?

How to Setup Azure Virtual Desktop

A step by step Explanation of Azure Virtual Desktop Setup:

Hyper-V or a revived version of Windows Virtual PC are not Azure Virtual Desktop (AVD), formerly known as Windows Virtual Desktop (WVD). It doesn’t even install like VMplayer or VMware Workstation on your local computer. Instead, using Azure Windows Virtual Desktops, AVD enables you to scale and deploy virtualized Windows desktops and applications. You’ve come to the correct spot if you’re seeking further details regarding Azure Virtual Desktop. For IT professionals who are studying AVD, initiating a trial with AVD, or onboarding AVD, this Guide to Getting Started is ideal.

What is Azure Virtual Desktop? (previously known as Windows Virtual Desktop)

Users can utilize any device to access Azure Virtual Desktop (AVD) or Windows Virtual Desktop (WVD), which is a desktop and app virtualization service hosted in the cloud. Consider it Azure-powered Desktop-as-a-Service. WVD offers a multi-session, yet persistent and friendly Windows experience. Even though it offers a Windows 7 experience, the majority of enterprises prefer Windows 10 due to support. Naturally, it also provides your users with access to your critical O365 apps.

Why do you think Cloud is opted now?

Pushing desktops from the cloud may seem unusual at first, but it is the next development in the digital transition. You may now swiftly deploy desktop applications with the same scalability possibilities, much like how you expand business web-based applications to your employees and consumers. Why not host the desktops in the cloud as well if your programs and data have already been moved there? Everything remains in one place thanks to centralization, which also improves performance. By letting software define the desktop, you may reduce your reliance on outdated hardware and shorten product life cycles. Traditional VDI accomplishes this, but from a configuration and deployment standpoint, establishing a cloud desktop platform is much easier. You also gain from Azure’s strength, security, and scalability.

What are the benefits of Windows Virtual Desktop also known as Azure Virtual Desktop?

In order to increase their agility, businesses are undergoing digital revolutions, and Windows Virtual Desktop is a shining illustration of this flexible fluidity. No matter where they are, users can access the desktop experience they are used to. Any device that has the Windows Virtual Desktop HTML5 web client or the WVD native client application can access the network. Here is a list of some of the things WVD can perform for you.

  • Virtualize desktops and applications, then allocate and link people to them.
  • Deliver Office 365 ProPlus to your users in a streamlined environment by virtualizing it.
  • Decrease the impact of hardware product life cycles to lower your CAPEX expenses.
  • Cut expenses by combining resources for multiple sessions and lowering the quantity of virtual machines in your setup.
  • You can easily bring your Windows Server desktops and applications, together with your current Remote Desktop Services (RDS), to any machine.
  • Publicate as many host pools as necessary to handle the variety of tasks you have.
  • Decrease the impact of hardware product life cycles to lower your CAPEX expenses.
  • Gives your administrators a streamlined and cohesive administration experience.

Windows Virtual Desktop Requirements

Before beginning with the actual process of setting up, here is a list of small requirements that needs to be fulfilled so that your steps go hand in hand:

  1. The project must be able to be funded by you. If you have enough Azure subscription credits, you may support the project by hosting the virtual machine resources (HINT: You can create a free account here if you don’t already have one). Microsoft utilizes your credit card information and working phone number to verify your identification, so you’ll need both.
  2. Access to your Azure Active Directory is required.
  3. You will require access to a user account with the owner role on the Azure subscription and Global Administrator access to Office 365.
  4. On a Windows 10 computer, you must download and install the Windows Virtual Desktop cmdlets for Windows PowerShell. The “real work” that we’ll be doing is made possible by these cmdlets.
  5. WVD is managed via conventional Active Directory. You have two options: create a new domain controller in Azure or use your current AD. as though it were kept in your data center. You must therefore have domain admin access to your on-premise AD, or create your own DC in Azure by following this tutorial.

Thus, until the next part of the voyage, you might have a few tasks to complete. We’ll get our hands dirty and start the initial WVD setup by finishing the early configuration stages after you’ve finished your homework.

Setup & Registration

Use these initial steps to follow the option of setup and registration. However, the most important step is to have the consent of your concerned organization.

Permissions & Consent

Step 1: Log in

With your Global Administrator Count, log into your Azure Subscription.

Step 2: Have Consent

Next, navigate to the Windows Virtual Desktop Consent Page ( ) by opening a new tab in your browser.

Windows Virtual Desktop Consent Page

First, select “Server App” as the “Consent Option,” then enter your “AAD Tenant GUID or name” and click “Submit.” As you can see below, the Consent page details everything you agree to.

Azure domain name is represented by the GUID. The tenant ID is a lengthy alphanumeric number that is simple to search up on your Azure portal but practically impossible to memorize.

Note: Go to to obtain your “AAD Tenant GUID or name”.

If there is nothing there, your membership is not active. To obtain a free one if necessary, sign up at

Step 3: Accept all Permissions

The following step will require you to hit ‘Accept’, this way Microsoft will grant you permissions to set up the virtual Desktop.

Accept all Permissions

If you’ve followed the steps correctly, you’ll find this option:

Thank you

Next is a repeated process in which you have to follow the same series of steps however this time we choose the client type.

Step 4: Provide Consent

Following the recommended 30-second delay, go back to the previous steps and change the “Consent Option” to “Client App.” Then, enter your “AAD Tenant GUID or name” and click “Submit.”

Provide Consent

Step 5: Accept Permissions

Microsoft will next ask you to authorize access once more in order for the Windows Virtual Desktop Client to function. Click “Accept” when required to do so.

Accept Permissions

This will again be followed by a confirmation.


Assigning Users & Administrators

Step 1: Assign Enterprise Application Administrators

The following action involves setting up Azure AD’s Enterprise Application Administrators to allow at least one of your accounts to create a Windows Virtual Desktop tenant. Use this blade in your Azure Portal, or open “Azure Active Directory” and select “Enterprise Applications”:

Step 2: Go to Windows Virtual Desktop

Next click on the ‘Windows virtual Desktop’. You can search if you’re unable to find it.

Step 3: Select Users & Groups

Select “Users & Groups” and later click on “Add user”.

Step 4: Assign Users

Select the user you want to provide permission to establish Windows Virtual Tenants to from the search results, then click “Assign.”

Step 5: Confirm Results

The result should look similar to what is shown below

Then, after going through a few more preliminary stages, we’ll dip our toes in the water and start the first PowerShell scripts needed for this procedure.

Preparing your WVD Environment

Finding Your Azure Subscription ID and AD Tenant ID

We need to complete a few more preliminary procedures before we build our virtual machine environment:

Tenant ID (also known as Directory ID) for Azure Active Directory

Your subscription ID for Azure

By choosing “Azure Active Directory,” then clicking “Properties,” or by going to this link while logged into your Azure Portal, you may find the Active Directory tenant ID (also known as the Directory ID) on the Azure Portal:

The Active Directory tenant ID, also known as the Directory ID, should be copied and stored securely for future reference.

Step 1: Locate the Subscription ID:

In the same Azure Portal session, either utilize the “Search” option to look for “Subscriptions” or go to the following site while logged in to your Azure Portal to find the Subscription ID:

Step 2: Copy the Subscription ID:

Copy and save your subscription ID somewhere, as you would need it later:

Configure Powershell

It’s time to dive into some PowerShell stuff (apologies if you assumed that switching to the cloud would make you immune to PowerShell). GUI menu navigation isn’t the only method used in cloud management. You shouldn’t be intimidated by this because we’ll be clearly and swiftly outlining the sequential phases.

Step 1: Installation of PowerShell Modules

Installing PowerShell’s necessary modules is the first step. Recall that you obtained and prepared the Windows Virtual Desktop cmdlets for Windows PowerShell in part 2.

Step 2: Run Commands

You can issue certain commands once the cmdlets have been installed. PowerShell or PowerShell ISE can be used. PowerShell ISE is what I suggest utilizing since it allows you to record and store your actions as you go. Select one, launch an elevated prompt, and enter the following cmdlets in the specified order.

Set-executionpolicy -executionpolicy unrestricted
Install-Module -Name Microsoft.RDInfra.RDPowerShell -Force
Import-Module -Name Microsoft.RDInfra.RDPowerShell
Install-Module -Name Az -AllowClobber -Force
Import-Module -Name Az -AllowClobber

Step 3: Connect to Azure

It will ask you to run the following cmdlet to Azure, once the required modules from above have been successfully installed.
Add-RdsAccount -DeploymentUrl “

With this command, it will open up a pop up in which you can type in your credentials of your Tenant Creator Account.

Setting Up Windows Virtual Desktop Tenant

Step 1: How to Create Windows Virtual Desktop Tenant

The command to construct your Windows Virtual Desktop tenant should now be executed. You must use the Subscription ID and Active Directory tenant ID that you previously saved. The RDSTenant name should be the name of the tenant you are creating, and the AadTenantId string and AzureSubscriptionId string should both correspond to the tenancy and subscription identifiers from your Azure site, respectively.

Note: This command needs to fit on a single line. The aforementioned command can be copied and pasted into NotePad for appropriate editing.

If you encounter “Company WVD tenant” in a script, you must update this variable to reflect your tenant’s true name. This value is all I’m utilizing in this instance.

As soon as you give the command, the following will appear:

Step 2: RDS Owner

RDS Owner

Step 3: Create Your Host Pools

A host pool consists of one or more virtual machines gathered together. The devices are the same.

I’m going to make two host pools in my example. A single one for the “Remote Application Group” and another for the “Desktop Application Group.”

Host pool 1 will only include whole desktops, and host pool 2 will only have published programs in order to maintain simplicity. Run the following cmdlets to construct the host pools after replacing “CompanyWVDtenant” with the actual tenant name for your company.

The commands are on two different lines, as you can see.

New-RdsHostPool -TenantName CompanyWVDtenant -name “WVD-Host-Pool01″
New-RdsHostPool -TenantName CompanyWVDtenant -name “WVD-Host-Pool02″

Step 4: Create Desktop and Remote Application Groups

Create the “Desktop Application Group” on host pool 1 and the “Remote Application Group” on host pool 2 by running the following cmdlets.

Once more, update “CompanyWVDtenant” with the actual tenant name associated with your company.

Keep in mind that every virtual machine you build must be domain-joined. That implies in order for these virtual machines to connect, you need to already have an Active Directory domain controller setup. Additionally, the domain controller needs to be set up with Azure AD Connect and have a minimum of one user account synchronized with Azure AD. Additionally, you must already have a Point-to-Site VPN configured in Azure.

Do not panic if you do not understand any of it! The following parts focus on that.

You may be able to skip the next several classes and begin producing the WVDs yourself, though, if you are aware of what this means and are certain that you already meet all the requirements.

Configuring Your DC and VMs

This part of our WVD series covers setting up an Azure DC. Yes, You intend to establish a genuine “on-prem” Domain Controller. aside from that, it will reside in Azure rather than in your datacenter.

Therefore, this “How to” article might still be very helpful to you even if you don’t plan on using WVD anytime soon.

There are some excellent advantages to establishing a DC in the Azure cloud for those who still maintain their AD infrastructure on-premise. You may provide your design more flexibility and resilience by replicating AD from your on-premises environment. If your on-premises network goes down, you may decide whether to load balance the authentication traffic or send it all to the cloud.

Let’s begin by establishing a virtual DC.

Adding, Creating and Configuring Virtual Machines

Step 1: Add Virtual Machines

Select ‘Virtual Machines’ on the Azure Portals, then click on Add.

Step 2: Create Virtual Machines

To establish a new resource group, select “Create new” from the “Create a virtual machine” screen > Subscription > Resource group. Next, provide the resource group with a meaningful name. As you use the same resource group for all of your virtual machines, make a note of the name.

Note: Use the resource group you already have if you would want to utilize it instead of creating a new one.

Step 3: Create Virtual Machines

Provide the name of your virtual machine in the “Instance Details” column. In my example, the region is set to East US 2, the image can be either Windows Server 2016 Datacenter or Windows Server 2019 Datacenter, and if it isn’t already selected, the size can be “Standard DS1 v2”.

Examine the following notes before clicking OK.

Note: While virtual machines (VMs) can reside in any Azure region, the data associated with them is stored in East US 2 (for further information, visit ).

It is not required that you select East US-2 as your region. The secret is to choose the location that provides your area with the fastest response time. To choose the optimal region, you would want to run some speed tests on the regions if this were for a production environment.

Furthermore take note that Server 2019 no longer supports the File Replication Service (FRS) if you are adding a DC to an already-existing environment. You might need to migrate your AD from FRS to DFS in order to complete this task. To learn more about it, go to

Step 4: Administrator Account

You can enter anything you like for the Administrator account. I chose “wvdadmin” since I’ll eventually use the same account as the local admin account for the VM. Next, pick a password with at least 12 characters that you can easily remember. Select “None” under “Public inbound ports.” Without opening RDP across the internet, there is a better approach to access to your virtual machines in Azure, which I will discuss later.

Step 5: Save Money

If you already have a Windows license for the OS type you choose above, you can save money by checking the “Confirmation” box and choosing the “Yes” radio button under the “Save money” option.

Disk Configuration

Step 1: Disk Options

Under the Disks option, leave the “OS disk type” at “Premium SSD” and choose “Create and attach a new disk” under the “Data disks” option.

Step 2: Disk Types

At the given next screen click any ‘Disk Type’ you like and then click ‘OK’, at the bottom of the screen.

Important Note: Remember that the cost of your virtual machines is determined by the resources you utilize. Remember that the more performance or capacity you choose for your networking, processing, and storage components, the more expensive they will be.

I’ve selected the least priced alternatives for this WVD example.

This is an illustration of the options that are accessible, for example, when choosing the kind and capacity of the disk.

Step 3: Host Caching

Make sure to click ‘Host Caching’ at the next shown screen. Also check if it is set to None.

Network Configuration

Step 1: Public IP

You can choose all of the settings on the following screen, with the exception of “Public IP.” In order to utilize it again for the other VMs you create later, set it to “None” and then make a note of the “Virtual network” and “Subnet” that are generated. Since we will be connecting to our Azure environment using a VPN, a Public IP is not required.

Step 2: Select Timezone

Set the default “Shutdown time” and notification if necessary under the “Management” page after choosing the appropriate Time Zone for your VM. If you don’t want to use the auto-shutdown right now, you may easily turn it off. Also pay attention to the “Diagnostics storage account” that is being established. At the bottom of the screen, select “Next: Advanced” to continue.

Note: In light of the fact that this is a demo setting, selecting a shutdown time aids in the solution’s economics because resource expenses do not accrue when the system is idle.

Step 3: Review and Create

If you don’t intend to use them, skip the “Advanced” and “Tags” pages and jump straight to the “Review + create” tab. Look for the “Validation passed” message at the top of the screen after making sure everything is accurate. You can proceed if there is a screen checkbox. After clicking “Create,” watch for the deployment to be completed.

Step 4: Go to VM

As and when the deployment is successful, click on the ‘Go to Resource’ button and go to your newly created VM.

Step 5: Networking

Now by clicking on Networking, click on ‘Network Interface’.

Step 6: IP Configurations

Now select ‘IP Configurations’ and click on the option of ‘IP Configuration’ shown on the screen.

Step 7: Change Dynamic to Static

Change the “Assignment” under the “Private IP address settings” from “Dynamic” to “Static” and then click “Save.” It should be noted that static addressing in Azure does not indicate that an address is manually assigned. Do not alter the IP address to a different value as it only reserves the original address given by the DHCP.

Note: Try refreshing the page, if you’re not able to add the address range.

More info:

  • Virtual network address space: ( –
  • Default subnet: ( –
  • Gateway subnet: ( –

Our first Azure server, which serves as our domain controller, has now been fully created. But we are unable to access it safely. We could approach it insecurely, but that’s not a good idea because doing so would put us in the public eye and would make us feel uneasy—even briefly.

So hold on tight.

As soon as we can, we’ll connect to and work with the VM that will serve as your DC. once we’ve established our link, which is about to happen.

Naturally, it is not yet a DC. The domain server roles still need to be installed, and the server needs to be promoted to a DC. But everything will be fine.

To keep the bad guys out, we must secure our environment before building an AD database. In order to do that, we must establish a Point to Site VPN, which we will do later in this book.

Setting Up Your VPN

You need safe, encrypted connections whether you are using your laptop at a remote location or your on-premises network to access your WVD machine.

If you are replicating AD traffic between your on-premise DCs and the one you recently deployed in Azure, security is extremely crucial. In this chapter of our WVD series, we encrypt our network traffic by setting up and configuring a VPN connection.

VPN Configuration

Step 1: Point to Site VPN

Initially, in order to control the virtual machine (VM) without requiring the public internet to be opened for RDP, we must establish a Point to Site VPN connection. To accomplish this, first search for “virtual network gateway” using the Azure portal’s “Search” feature, then select “Virtual network gateways” from the list of results. To proceed, select “Add” or “Create a virtual network gateway.”

Step 2: Create Virtual Network Gateway

Fill out the values for your environment at the ‘Create Virtual Network Gateway’ screen. Using the guide given below, you can fill in all the information and then Click “Review+Create”.

Step 3: Confirm Validation

Now if you see the message “Validation Passes”, you’re good to continue with your work. Next, you need to click on ’Create’ at the bottom of the screen.

Note: The deployment at this stage takes more than usual time. Make sure you have more than 30 minutes to finish the process. If you feel like taking a break, this will definitely be a good time.

Resources, Certificates, and Other Configurations

Step 4: Add Resources

When the deployment is successful, pick “All resources” from the portal’s left column, then click the network gateway name you created in the previous step. If the “Go to resource” button is visible, click it. Using the filter could be beneficial if you have a lot of resources.

Step 5: Point-to-site Configurations

Now click on “Point-to-site-configuration” under “Settings” and then click on “Configure now” at the next screen. This will be present there on the right hand side of the screen.

Step 6: Address Pool

If you followed my instructions correctly, you should input any private internet range ( that is not included in your Azure Virtual Network range for the “Address Pool”; if not, enter anything outside of ( –, and then click “Save.” Whichever network address you choose, don’t forget to add it as an extra address space in your virtual network. To help you visualize how everything is connected, you might want to sketch out your IP configuration on paper.

Step 7: Create Root and Client Certificates

It’s time to use PowerShell once more, which shouldn’t be too difficult at this point. Since they are used for encryption, the Root and Client certificates must be created for the Point-to-Site configuration. Run the following two scripts from an elevated PowerShell (or PowerShell ISE) session. The root and client certificates required for the P2S connection are created using this process under “Current User > Personal > Certificates.”

This is the root certificate one:

Root Ccert:

$cert = New-SelfSignedCertificate -Type Custom -KeySpec Signature -Subject "CN=P2SRootCert" -KeyExportPolicy Exportable
-HashAlgorithm sha256 -KeyLength 2048 `
-CertStoreLocation “Cert:\CurrentUser\My” -KeyUsageProperty Sign -KeyUsage CertSign

Here is the one for the client cert:

Client Cert:

New-SelfSignedCertificate -Type Custom -DnsName P2SChildCert -KeySpec Signature -Subject "CN=P2SChildCert" -KeyExportPolicy Exportable
-HashAlgorithm sha256 -KeyLength 2048 -CertStoreLocation "Cert:\CurrentUser\My"
-Signer $cert -TextExtension @(“{text}”)

Key Notes:

Step 8: Create Root and Client Certificates

Now using the same PowerShell session, run the “certmgr”, open the Certificate Manager in the current user scope. Expand “Current User> Personal > Certificates.”

Step 9: P2SRootCert

Click “Next” after selecting “All Tasks” > “Export…” from the context menu of the right-clicked P2SRootCert. Click “Next” once again, then choose “Base-64 encoded X.509 (.CER)” from the radio button (remain with the default of not exporting the private key).

Step 10: Save Certificate

Now by clicking on Browse… choose a location to save your file. Make sure you give the file a descriptive name with .CER as the extension. Now click on “Next”, then “Finish” to export the certificate.

Step 11: Copy Certificate Text

Navigate to the certificate, then select “Open With” from the menu (right-click > Notepad) to access it. Select the text that appears between “—–BEGIN CERTIFICATE—–” and “—–END CERTIFICATE—–” and use the keyboard shortcut CTRL+C to copy it to the clipboard.

Step 12: Add Name

Provide a meaningful name in the “NAME” field under “Point-to-site-configuration” > “Root certificates” on the Azure Portal. The text you copied from Notepad should then be pasted (CTRL+V) into the “PUBLIC CERTIFICATE DATA” area on the right. Lastly, to enable the “Save” option, click anywhere outside of the field. Finally, make sure to click “Save.”

Installing and Connecting Your VPN

Step 1: Download VPN Client

The “Download VPN Client” option appears once the changes have been saved. You will need to extract and launch the appropriate VPN application for your client OS later, so download the VPN client package and make a note of where the zip gets saved.

Step 2: Export Point-to-Site Client Certificate

Exporting the Point-to-Site Client certificate is the next step. This is what we do in case we have to install the certificate on a different computer. Run “certmgr” in your PowerShell session to reopen “Certificate Manager” on the machine from which you exported the Point-to-Site Root certificate. Next, make “Current User > Personal > Certificates” more expansive. Click “Next” to proceed. Now, right-click on “PS2ChildCert” and select “All Tasks” > “Export.” Make sure the option “Yes, export the private key” is chosen before clicking “Next.”

Step 3: Export Point-to-Site Client Certificate

The default format is set to be “.PFX”. Check the format and click next.

Step 4: Password

To secure the private key, tick the “Password” box and enter a password in the “Security” screen. Before selecting “Next,” if preferred, adjust the encryption level. Make a careful note of this password since you will require it each time a new user has to have this client certificate installed.

Step 5: Finish Certificate Export

Select a location to save the file by clicking “Browse…” on the “File to Export” box. To export the certificate, don’t forget to give the file a meaningful name and include the “.PFX” extension. Then, click “Next” and “Finish.”

Step 6: P2SRootCert (Optional)

Optional: Now would be a great opportunity to carry out the previously described steps for the “P2SRootCert” in order to obtain a “PFX” version of the certificate that has the private key included.

Step 7: Install VPN Client

Now, extract the VPN Client Zip file that you previously downloaded onto the Windows client computer that you have been using for all of the previous procedures. Install the VPN Client version that corresponds with your client operating system next (be sure to execute the install as administrator). You don’t need to install the client certificate again because you already have the P2S Client certificate installed. In the event that the P2S Client certificate is not installed, you must double-click the Client certificate and input the password for the P2S Client Certificate private key while logged in as the user who requires VPN access. You are now able to install the VPN.

Step 8: Connect to VPN

  • By clicking on the network icon from the task bar connect to VPN and select VPN Connection.
  • Now at the VPN Settings screen, again click on the VPN Connection, and click on “connect”.
  • At the screen below, click on “connect”, now click continue on the pop up message which asks for your permission.
  • Considering this being your final task, click on “Yes” or any UAC prompts if needed.

You’re linked to Azure now

Congratulations! Your Point-to-Site VPN connection to Azure has established. Pinging the virtual machine (VM) you built in the last installment to check the connection would probably be your first impulse if you’re like most networking experts. If you are unable to ping it, don’t panic. The default local firewall settings most likely won’t allow you to. But you will be able to access it via a remote desktop session. Start MSTSC on your client computer by using the run command there, and then enter the IP address ( of the virtual machine you want to connect to. After that, log in using the local admin credentials you previously assigned. Do not freak out if you can’t remember the password. The “Support + Troubleshooting” section of the Virtual Machine’s properties in the Azure portal, followed by the “Reset password” option, is where you can change the password.

The link between your Azure environment and yourself is now secure. You are currently fully immersed in Azure-style cloud computing. It’s time to set up the server we created now that we can access it, which is what we do in the following section.

Phone +1800-961-8947