0% found this document useful (0 votes)

525 views174 pages

Az 140t00a Enu Powerpoint

Uploaded by

Vasilios Douros

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

525 views174 pages

Az 140t00a Enu Powerpoint

Uploaded by

Vasilios Douros

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

You are on page 1/ 174

AZ-140: Configuring and Operating

Microsoft Azure Virtual Desktop

Module 0: Welcome to Configuring and Operating Microsoft
Azure Virtual Desktop
Welcome, audience profile, syllabus, AZ-140 exam, and study resources

© Copyright Microsoft Corporation. All rights reserved.

Course Outline
• Module 0: Welcome to Configuring and Operating Microsoft Azure
Virtual Desktop

• Module 1: Plan an Azure Virtual Desktop implementation

• Module 2: Implement an Azure Virtual Desktop infrastructure

• Module 3: Manage access and security

• Module 4: Manage user environments and apps

• Module 5: Monitor and maintain an Azure Virtual Desktop

infrastructure

NOTE: The module order listed above aligns with the learning objectives described on the see the AZ-140: Configuring
and Operating Microsoft Azure Virtual Desktop certification page

© Copyright Microsoft Corporation. All rights reserved.

Welcome

Thank you for joining us today

We’ve worked together with the Microsoft Partner Network and Microsoft IT Academies to bring you a
world-class learning experience. At the end of class, please complete an evaluation of your experience.
Your feedback is valued!

Microsoft Certified Your instructor is a premier technical and instructional expert who meets ongoing
Trainers + Instructors. certification requirements.

Customer Satisfaction
Our partners offer a satisfaction guarantee, and we hold them accountable for it.
Guarantee.

After training, consider pursuing a Microsoft Certification to help distinguish your

Certification Exam
technical expertise and experience. Ask your instructor about available exam
Benefits. promotions and discounts.

We wish you a great learning experience and ongoing career success!

©Microsoft Corporation
Azure
Hello!
Instructor introduction
Instructor: <Name>
<Title or other credentials,
e.g., Microsoft Certified Trainer>
<Affiliation/Company>
<A few words about my technical
and professional experience

©Microsoft Corporation
Azure
Hello!
Student introductions
Let’s get acquainted
• Your name
• Company affiliation
• Title/function
• Microsoft Azure experience
• Your expectations for the
course

©Microsoft Corporation
Azure
Facilities

Class hours Messages

Building hours Smoking

Parking Internet access

Restrooms Recycling

Meals Emergency procedures

Phones

©Microsoft Corporation
Azure
Azure Virtual Desktop admin role

Azure Virtual Desktop administrators plan, deliver, and manage virtual desktop
experiences and remote apps, for any device, on Azure.

Azure Virtual Desktop administrator responsibilities include planning, deploying, packaging,

updating, and maintaining the Azure Virtual Desktop infrastructure.

They create session host images, implement and manage FSLogix, monitor Azure Virtual
Desktop performance, and automate Azure Virtual Desktop management tasks.

Azure Virtual Desktop administrators work closely with the Azure Administrators and
Architects, along with Microsoft 365 Administrators.

©Microsoft Corporation
Azure
About this Course: Prerequisites
Successful Azure Virtual Desktop administrators start this role with experience on operating
systems, virtualization, cloud infrastructure, storage structures, and networking.
Additionally, some experience with planning, deploying, packaging, updating, and maintaining a
hybrid cloud infrastructure. This knowledge includes:
• Understanding of on-premises virtualization technologies, including: VMs, virtual networking,
and virtual hard disks.
• Understanding of network configuration, including TCP/IP, Domain Name System (DNS), virtual
private networks (VPNs), firewalls, and encryption technologies.
• Understanding of Active Directory concepts, including users, groups, role-based accessed
control.
• Understanding of resilience and disaster recovery, including backup and restore operations.

Note: If you are new to Azure and cloud computing, consider the free online content: Azure
Fundamentals .
©Microsoft Corporation
Azure
Course Outline
Module 1: Plan an Azure Virtual Desktop implementation Module 4 Manage user environments and apps
• Azure Virtual Desktop Architecture • Implement and manage FSLogix
• Design the Azure Virtual Desktop architecture • Configure user experience settings
• Design for user identities and profiles • Install and configure apps on a session host
• Labs • Labs
• Review questions • Review Questions
Module 2: Implement an Azure Virtual Desktop Module 5 Monitor and maintain a Azure Virtual Desktop
infrastructure infrastructure
• Implement and manage networking for AVD
• Plan and implement business continuity and disaster recovery
• Implement and manage storage for AVD
• Automate AVD management tasks
• Create and configure host pools and session hosts
• Monitor and manage performance and health
• Create and manage session host image
• Lab
• Labs
• Review questions
• Review questions
Module 3 Manage access and security
• Manage access
• Manage security
• Review questions

© Copyright Microsoft Corporation. All rights reserved.

Certification (AZ-140)
Each study area has a percentage indicating the relative weight of the area on the exam.
The higher the percentage, the more questions you are likely to see in that area.

Study Area Percentages

Plan an Azure Virtual Desktop architecture 10-15%
Implement an Azure Virtual Desktop infrastructure 25-30%
Manage access and security 10-15%
Manage user environments and apps 20-25%
Monitor and maintain an Azure Virtual Desktop infrastructure 20-25%

For more information, on the skills measured in the exam, please visit the AZ-140: Configuring and
Operating Microsoft Azure Virtual Desktop page.

©Microsoft Corporation
Azure
©Microsoft Corporation
Azure
Hands-on Labs
• All hands-on labs are optional
• You will use a Microsoft Learning Azure Pass to provide access to Microsoft
Azure.
• Check the dollar balance of you Azure Pass within Microsoft Azure once you have
set up your subscription
• Be aware of how much you are consuming and do not allow Microsoft Azure
components to run overnight or for extended periods
• Lab instructions are in the AZ-140 GitHub repository. For this class use the <your
region> location.
• Most of the labs in this course require the prerequisite of completing Labs 1 and
2 in Module 1.
Lab - Prepare for deployment of Azure Virtual Desktop (Azure AD DS).
Lab - Prepare for deployment of Azure Virtual Desktop (AD DS).

©Microsoft Corporation
Azure
Additional Resources (Optional)

Microsoft Learn provides self paced skills training for Azure Virtual Desktop.

Visit the Deliver remote desktops and apps from Azure with Azure Virtual Desktop learning
path for the following modules:
• Introduction to Azure Virtual Desktop in Microsoft Azure
• Prepare for Azure Virtual Desktop in Microsoft Azure
• Deploy Azure Virtual Desktop in Microsoft Azure
• Optimize Azure Virtual Desktop in Microsoft Azure
• Secure an Azure Virtual Desktop deployment
• Deploy applications by using MSIX app attach for Azure Virtual Desktop

©Microsoft Corporation
Azure
Thank you.

© Copyright Microsoft Corporation. All rights reserved.

AZ-140: Configuring and Operating
Microsoft Azure Virtual Desktop
Course Outline
• Module 0: Welcome to Configuring and Operating Microsoft Azure
Virtual Desktop

• Module 1: Plan an Azure Virtual Desktop implementation

• Module 2: Implement an Azure Virtual Desktop infrastructure

• Module 3: Manage access and security

• Module 4: Manage user environments and apps

• Module 5: Monitor and maintain an Azure Virtual Desktop

infrastructure

NOTE: The module order listed above aligns with the learning objectives described on the see the AZ-140: Configuring
and Operating Microsoft Azure Virtual Desktop certification page

© Copyright Microsoft Corporation. All rights reserved.

Module 1: Plan an Azure Virtual Desktop implementation
AVD basics, pricing, personal and pooled desktops, user identities, and profiles

© Copyright Microsoft Corporation. All rights reserved.

Azure Virtual Desktop Architecture

Design the Azure Virtual Desktop infrastructure

Learning
Objectives
Design for user identities and profiles

Labs

Module Review Questions

© Copyright Microsoft Corporation. All rights reserved.

Azure Virtual Desktop Architecture

© Copyright Microsoft Corporation. All rights reserved.

Azure Virtual Desktop
Azure Virtual Desktop is a desktop and application virtualization service that runs in Azure

Common use cases:

• Security and regulation applications: financial services, healthcare, and government.
• Elastic workforce: remote workers, contractors, and partner access.
• Employees: bring your own device (BYOD), mobile users, call centers, and branch workers.
• Specialized workloads: design and engineering, legacy apps, and software development test.

© Copyright Microsoft Corporation. All rights reserved.

Azure Virtual Desktop for the enterprise

© Copyright Microsoft Corporation. All rights reserved.

Azure Virtual Desktop components (Azure managed)
• Web Access: users access
virtual desktops through an
HTML5-compatible browser

• Gateway: connects remote

users to AVD apps and
desktops from any internet-
connected device

• Connection Broker: manages

user connections to virtual
desktops and apps

• Diagnostics: event-based
aggregator that marks each
user or administrator action

• Extensibility components:
manage AVD using Windows
PowerShell or REST APIs
© Copyright Microsoft Corporation. All rights reserved.
Azure Virtual Desktop components (Customer managed)
• Azure Virtual Network: Connect
an Azure Virtual Desktop to an
on-premises network using a
VPN or Azure ExpressRoute.

• Azure AD: Azure Virtual Desktop

uses Azure AD for identity and
access management.

• AD DS: Azure Virtual Desktop

VMs must domain-join an AD
DS service, and the AD DS must
be in sync with Azure AD to
associate users between the two
services. You can use Azure AD
Connect to associate AD DS with
Azure AD.

• Azure Virtual Desktop session

hosts: A host pool can run the
operating systems. © Copyright Microsoft Corporation. All rights reserved.
Personal and pooled desktops
Host pools are a collection of one or more identical virtual machines (VMs) within Azure Virtual
Desktop environments.

© Copyright Microsoft Corporation. All rights reserved.

Service updates for AVD desktops

Options for updating AVD desktops:

• Microsoft Endpoint Configuration Manager (MECM) updates server and desktop
operating systems.
• Windows Updates for Business updates desktop operating systems like Windows
10 multi-session.
• Azure Update Management updates server operating systems.
• Azure Log Analytics checks compliance.

© Copyright Microsoft Corporation. All rights reserved.

Azure limitations for Azure Virtual Desktop

• Can't create more than 200 application groups

per single Azure AD tenant
• Don't publish more than 50 applications per
application group
• Don't deploy more than 5,000 VMs per Azure
subscription per region
• Limit around 1,200 VMs per Azure subscription
per region
• API throttling limits don't allow more than 600
Azure VM reboots per hour
• Can deploy 399 VMs per Azure Virtual Desktop
ARM template deployment without Availability
Sets

© Copyright Microsoft Corporation. All rights reserved.

VM sizing
Use the virtual machine sizing guidelines for the maximum suggested number of users per
virtual central processing unit (vCPU) and minimum VM configurations.

© Copyright Microsoft Corporation. All rights reserved.

Design the Azure Virtual Desktop infrastructure

© Copyright Microsoft Corporation. All rights reserved.

Assess existing physical and virtual desktop environments
Approved partner providers and ISVs can help assess an existing physical and virtual desktop environment
using automated tools for AVD integrations.

For migration partners, see Migration Opportunities for Partners for Azure Virtual Desktop.
For a full list of Azure Virtual Desktop partners, see Azure Virtual Desktop partner integrations.
© Copyright Microsoft Corporation. All rights reserved.
Assess network capacity and speed requirements for AVD
Minimum recommended bandwidths for a smooth user experience for using applications:

Workload type Recommended bandwidth

Light 1.5 Mbps
Medium 3 Mbps
Heavy 5 Mbps
Power 15 Mbps

Bandwidth recommendations for a smooth user experience for display resolutions:

Typical display resolutions at 30 fps Recommended bandwidth
About 1024 × 768 px 1.5 Mbps
About 1280 × 720 px 3 Mbps
About 1920 × 1080 px 5 Mbps
About 3840 × 2160 px (4K) 15 Mbps
© Copyright Microsoft Corporation. All rights reserved.
Azure Virtual Desktop Experience Estimator
Use the Azure Virtual Desktop Experience Estimator to determine the connection
RTT from your location to each Azure region you can deploy VMs

Connection round trip Azure region in which

Through the Azure Virtual
time from your current you can deploy virtual
Desktop service
location machines

© Copyright Microsoft Corporation. All rights reserved.

Recommend an operating system for a AVD implementation
Access Azure Virtual Desktop resources on devices with Windows 10, Windows 10 IoT
Enterprise, and Windows 7 using the Windows Desktop client.

Choose the client that matches your

version of Windows:
• Windows 64-bit
• Windows 32-bit
• Windows ARM64

NOTE: The client doesn't support Window 8 or Windows 8.1.

© Copyright Microsoft Corporation. All rights reserved.
Balancing host pools: Breadth-first
Ideal for providing the best experience for users connecting to their pooled virtual
desktop environment.

© Copyright Microsoft Corporation. All rights reserved.

Balancing host pools: Breadth-first
Ideal for providing the best experience for users connecting to their pooled virtual
desktop environment.

© Copyright Microsoft Corporation. All rights reserved.

Recommendations for subscriptions and management groups
A Global Administrator in Azure AD may
need to elevate access to access
subscriptions and management groups,
such as:

• Regain access to an Azure subscription or

management group when a user has lost
access
• Grant another user access to an Azure
subscription or management group
• See all Azure subscriptions or management
groups in an organization
• Allow an automation app to access all
Azure subscriptions or management
groups

© Copyright Microsoft Corporation. All rights reserved.

Configure a location for the Azure Virtual Desktop metadata
Azure Virtual Desktop stores global metadata information (tenant names, host pool names, app group
names, and user principal names) in a datacenter.
• Whenever a customer creates a service object, they must enter a location for the service object
• The location entered determines where the metadata for the object will be stored
• The customer will choose an Azure region and the metadata will be stored in the related
geography
Currently support for storing
metadata in the following
geographies:
• United States (US) (generally
available)
• Europe (EU) (generally available)
• United Kingdom (UK) (public
preview)

© Copyright Microsoft Corporation. All rights reserved.

Recommend a configuration for performance requirements
• Platform metrics are
collected automatically
for the virtual machine
host
• You need an agent to
collect performance data
from the guest operating
system
• Use an agent to collect
log data from the guest
operating system
• You can create diagnostic
settings for a virtual
machine to send platform
metrics to other
destinations

© Copyright Microsoft Corporation. All rights reserved.

Calculate and recommend a configuration for Azure VM
capacity requirements
Standard or larger user workloads with 20 or more users:

Maximum
vCPU/RAM/OS storage Profile container
Workload type users per Example Azure instances
minimum storage minimum
vCPU

8 vCPUs, 16 GB RAM, 16 GB D8s_v4, F8s_v2, D8as_v4, D16s_v4,

Light 6 30 GB
storage F16s_v2, D16as_v4

8 vCPUs, 16 GB RAM, 32 GB D8s_v4, F8s_v2, D8as_v4, D16s_v4,

Medium 4 30 GB
storage F16s_v2, D16as_v4

8 vCPUs, 16 GB RAM, 32 GB D8s_v4, F8s_v2, D8as_v4, D16s_v4,

Heavy 2 30 GB
storage F16s_v2, D16as_v4

6 vCPUs, 56 GB RAM, 340 GB D8s_v4, F8s_v2, D8as_v4, D16s_v4,

Power 1 30 GB
storage F16s_v2, D16as_v4, NV12, NVv4

© Copyright Microsoft Corporation. All rights reserved.

Design for user identities and profiles

© Copyright Microsoft Corporation. All rights reserved.

Select an appropriate licensing model for AVD based on
requirements
• Access Windows 10 Enterprise and Windows 7 Enterprise desktops and apps at no
additional cost if you have an eligible Windows or Microsoft 365 license

• Access to desktops powered by Windows Server Remote Desktop Services desktops and
apps at no additional cost if you are an eligible Microsoft RDS and Client Access License
(CAL) customer
TYPE DESCRIPTION ELIGIBILITY
Virtualize Windows 10 Access Windows 10 Enterprise and Windows 7 Enterprise You are eligible to access Windows 10 and Windows 7 with Azure
and Windows 7 desktops and apps at no additional cost if you have an eligible Virtual Desktop if you have one of the following per user licenses:
Windows or Microsoft 365 license.
Microsoft 365 E3/E5
Get free Extended Security Updates until January 2023 for your Microsoft 365 A3/A5/Student Use Benefits
Windows 7 virtual desktop—offering more options to support Microsoft 365 F3
legacy apps while you transition to Windows 10. Microsoft 365 Business Premium**
Windows 10 Enterprise E3/E5
Windows 10 Education A3/A5
Windows 10 VDA per user
Virtualize Windows Access desktops powered by Windows Server Remote Desktop You are eligible to access Windows Server 2012 R2 and newer
Server Services desktops and apps at no additional cost if you are an desktops and apps if you have a per-user or per-device RDS CAL
eligible Microsoft Remote Desktop Services (RDS) Client Access license with active Software Assurance (SA).
License (CAL) customer.
© Copyright Microsoft Corporation. All rights reserved.
Personal and multi-session desktop scenarios
Use case scenarios for single users accessing a persistent virtual desktop:
EXAMPLE NUMBER OF TYPE OF USER VCPUS RAM EAST US WEST EUROPE SOUTHEAST
WORKLOADS USERS IN PRICING PRICING ASIA PRICING
SCENARIO
Graphics 100 Engineers and graphic designers with 3D 12 112 GB See estimate See estimate See estimate
Workstation modeling, simulations, and CAD
workloads. Users spend 5-6 hours a day
requiring workstation capability.

Microsoft Office 1000 Standard knowledge workers making use 2 4 GB See estimate See estimate See estimate
of Microsoft Office products. Users work
8-10 hour days.

Use case scenarios for multiple users sharing a pooled (non-persistent) virtual desktop:
EXAMPLE NUMBER OF TYPE OF USER USER DENSITY EAST US WEST EUROPE SOUTHEAST
WORKLOADS USERS IN PRICING PRICING ASIA PRICING
SCENARIO
Microsoft Office 1000 Standard knowledge workers making use of 2 per vCPU See estimate See estimate See estimate
Microsoft Office products. 24/7 RI is used to avoid
need for management of virtual machines.
Call center/data 1000 Call center users with low intensity workloads, 6 per vCPU See estimate See estimate See estimate
entry primarily engaged in data entry. Users operate in
three 8-hour shifts, making a 24/7 RI instance the
most cost effective option.

© Copyright Microsoft Corporation. All rights reserved.

Recommend an appropriate storage solution

• FSLogix is designed to roam profiles in

remote computing environments, such
as AVD
• At sign-in, a container is dynamically
attached to the computing environment
using a natively supported VHD and a
VHDX
• The user profile is immediately available
and appears in the system exactly like a
native user profile

© Copyright Microsoft Corporation. All rights reserved.

Windows Desktop client deployment (host pools)
The diagram below shows an Azure
Virtual Desktop workspace with two host
pools:

• Host pool A has two application groups:

Desktop and RemoteApp. These resources
are shared (pooled) across the sales team.

• Host pool B has a Desktop application

group with personal desktops available to
an engineering team.

© Copyright Microsoft Corporation. All rights reserved.

Plan for AVD client deployment - RDP
Remote Desktop web client uses a compatible web browser to access remote resources
(apps and desktops) published to you by your admin.

For access to remote apps

and desktops, users need:
• A domain
• Username
• Password
• URL (provided by the
admin)
• A supported web browser

© Copyright Microsoft Corporation. All rights reserved.

Windows Desktop client to multiple devices
Deploying using group policies or the Microsoft Endpoint Configuration Manager lets you run
the installer silently using a command line.

Per-device installation, run:

msiexec.exe /I <path to the MSI> /qn ALLUSERS=1

Per-user installation, run:

msiexec.exe /i `<path to the MSI>` /qn ALLUSERS=2 MSIINSTALLPERUSER=1

© Copyright Microsoft Corporation. All rights reserved.

Hybrid Identity with Azure Active Directory (1 of 2)

You can use the following authentication methods to implement hybrid identity
with Azure AD
• Password hash synchronization (PHS)
• Pass-through authentication (PTA)
• Federation (AD FS)

© Copyright Microsoft Corporation. All rights reserved.

Hybrid Identity with Azure Active Directory (2 of 2)

I need to: PHS and SSO PTA and SSO AD FS

Sync new user, contact, and group accounts created in my on-
X X X
premises Active Directory to the cloud automatically.
Set up my tenant for Office 365 hybrid scenarios. X X X
Enable my users to sign in and access cloud services using their
X X X
on-premises password.
Implement single sign-on using corporate credentials. X X X
Ensure no password hashes are stored in the cloud. X X
Enable cloud-based multi-factor authentication solutions. X X X
Enable on-premises multi-factor authentication solutions. X
Support smartcard authentication for my users. X
Display password expiry notifications in the Office Portal and on
X
the Windows 10 desktop.

©Microsoft Corporation
Azure
Plan for Azure AD Connect for user identities (1 of 2)

Integrating on-premises directories with Azure AD

provides a common identity for accessing both cloud
and on-premises resources.

• Users can use a single identity to access on-

premises applications and cloud services such as
Office 365.

• Single tool to provide an easy deployment

experience for synchronization and sign-in.

• Azure AD Connect replaces older versions of

identity integration tools such as DirSync and Azure
AD Sync.

©Microsoft Corporation
Azure
Plan for Azure AD Connect for user identities (2 of 2)
Password hash synchronization - A sign-in method that synchronizes a hash of a users on-premises
AD password with Azure AD.

Pass-through authentication - A sign-in method that allows users to use the same password on-
premises and in the cloud but doesn't require the additional infrastructure of a federated environment.

Federation integration - Is used to configure a hybrid environment using an on-premises AD FS

infrastructure. It also provides AD FS management capabilities such as certificate renewal and
additional AD FS server deployments.

Synchronization - Responsible for creating users, groups, and other objects. As well as, making sure
identity information for your on-premises users and groups is matching the cloud.

Health Monitoring - Azure AD Connect Health can provide robust monitoring and provide a central
location in the Azure portal to view this activity.

©Microsoft Corporation
Azure
Lab - Prepare for deployment
of Azure Virtual Desktop
(Azure AD DS)
Note: this lab is a prerequisite for fulfilling other labs
for this course where Azure AD DS is required.

Estimated time: 60 minutes , where provisioning of an

Azure AD DS takes involves about 90-minute wait time.

Lab - Prepare for deployment of Azure Virtual Desktop (Azure AD DS).

© Copyright Microsoft Corporation. All rights reserved.

Lab - Prepare for
deployment of Azure
Virtual Desktop (AD DS)
Note: this lab is a prerequisite for fulfilling other labs
for this course where Azure AD DS is required.

Estimated time: 60 minutes

Lab - Prepare for deployment of Azure Virtual Desktop (AD DS).

© Copyright Microsoft Corporation. All rights reserved.

Module 1 Review Questions

© Copyright Microsoft Corporation. All rights reserved.

Online Role-based training resources:
Microsoft Learn
https://docs.microsoft.com/en-us/learn/

© Copyright Microsoft Corporation. All rights reserved.

Thank you.

© Copyright Microsoft Corporation. All rights reserved.

Course Outline
• Module 0: Welcome to Configuring and Operating Microsoft Azure
Virtual Desktop

• Module 1: Plan an Azure Virtual Desktop implementation

• Module 2: Implement an Azure Virtual Desktop infrastructure

• Module 3: Manage access and security

• Module 4: Manage user environments and apps

• Module 5: Monitor and maintain an Azure Virtual Desktop

infrastructure

NOTE: The module order listed above aligns with the learning objectives described on the see the AZ-140: Configuring
and Operating Microsoft Azure Virtual Desktop certification page

© Copyright Microsoft Corporation. All rights reserved.

Module 2: Implement an Azure Virtual Desktop infrastructure
AVD network connectivity, storage accounts, and host pool automation

© Copyright Microsoft Corporation. All rights reserved.

Implement and manage networking for Azure Virtual Desktop

Implement and manage storage for Azure Virtual Desktop

Learning Create and configure host pools and session hosts

Objectives
Create and manage session host image

Labs

Module Review Questions

© Copyright Microsoft Corporation. All rights reserved.

Implement and manage networking for Azure Virtual
Desktop

© Copyright Microsoft Corporation. All rights reserved.

Implement Azure virtual network connectivity
Communication between Azure resources is done by one of the following:

© Copyright Microsoft Corporation. All rights reserved.

Manage connectivity to the internet and on-premises networks
Point-to-site virtual private network (VPN):
• Each computer that wants to establish connectivity with a virtual network must configure its
connection.
• The communication between a computer and a virtual network is sent through an encrypted
tunnel over the internet.

Site-to-site VPN: Established between on-premises VPN device and an Azure VPN Gateway that is
deployed in a virtual network.
• Enables any on-premises resource that you authorize to access a virtual network.
• The communication between an on-premises VPN device and an Azure VPN gateway is sent
through an encrypted tunnel over the internet.

Azure ExpressRoute: Established between your network and Azure, through an ExpressRoute
partner.
• This connection is private.
• Traffic does not go over the internet.
© Copyright Microsoft Corporation. All rights reserved.
Understanding Azure Virtual Desktop network connectivity
1. When authenticated in Azure Active Directory, a token is returned to the Remote Desktop Services client.
2. The gateway checks the token with the connection broker.
3. The broker queries the Azure SQL database for resources assigned to the user.
4. The gateway and the broker select the session host for the connected client.
5. The session host creates a reverse connection to the client by using the Azure Virtual Desktop gateway.

© Copyright Microsoft Corporation. All rights reserved.

Azure Virtual Desktop network connections

© Copyright Microsoft Corporation. All rights reserved.

Configure AVD session hosts using Azure Bastion

Azure Bastion provides secure

connectivity to all VMs in a
virtual network in which it is
provisioned.

Using Azure Bastion protects

your virtual machines from
exposing RDP/SSH ports to the
outside world, while still
providing secure access using
RDP/SSH.

© Copyright Microsoft Corporation. All rights reserved.

x
Azure Network Watcher provides tools to monitor, diagnose, view metrics, and enable or disable
logs for resources in an Azure virtual network.

Connection Monitor 2.0 monitors

communication at a regular interval
and informs you of reachability,
latency, and network topology
changes between the VM and the
endpoint.

If an endpoint becomes unreachable,

connection troubleshoot informs you
of the reason.

© Copyright Microsoft Corporation. All rights reserved.

Implement and manage storage for Azure Virtual
Desktop

© Copyright Microsoft Corporation. All rights reserved.

Storage for FSLogix components
The process of accessing a user profile after signing into a RD client
1. User signs into the Remote Desktop client
2. User gets assigned to a session host virtual machine (VM)
3. VM gets the user profile from the Azure file share
4. If MSIX app attach configured, apps are dynamically delivered to the session host VM. MSIX app
attach uses FSLogix storage concepts, but for applications
5. User gets their Azure Virtual Desktop workspace populated with their assigned app(s) or session
desktop

© Copyright Microsoft Corporation. All rights reserved.

User Profiles and FSLogix components
FSLogix profile containers are the AVD user profile solution.

• FSLogix is designed to roam

profiles in remote computing
environments.
• It stores a complete user profile
in a single container.
• At sign in, this container is
dynamically attached to the
computing environment using
natively supported VHD and
VHDX.
• The VHD or VHDX files are
stored to this location and
attached to users the next time
they sign in.

© Copyright Microsoft Corporation. All rights reserved.

Configure storage for FSLogix components
To configure the virtual machines with the FSLogix software, do the following on each machine registered to
the host pool:
1. Connect to the virtual machine with the credentials you provided when creating the virtual machine.
2. Launch an internet browser and navigate to download the FSLogix agent.
3. Navigate to either \Win32\Release or \X64\Release in the .zip file and run FSLogixAppsSetup to install
the FSLogix agent.
4. Navigate to Program Files > FSLogix > Apps to confirm
the agent installed.
5. From the start menu, run RegEdit as an administrator.
Navigate
to Computer\HKEY_LOCAL_MACHINE\software\FSLogix
6. Create a key named Profiles.
7. Create the following values for the Profiles key:

Name Type Data/Value

Enabled DWORD 1

VHDLocations Multi-String Value "Network path for file share"

© Copyright Microsoft Corporation. All rights reserved.

Configure storage accounts
Azure supports multiple types of storage accounts for different storage scenarios.

There are two main types of storage accounts for Azure Files.

General purpose version 2 (GPv2) storage accounts: Allow you to deploy Azure file shares on standard/hard
disk-based (HDD-based) hardware.
• In addition to storing Azure file shares, GPv2 storage accounts can store other storage resources such
as blob containers, queues, or tables.
• File shares can be deployed into the transaction optimized (default), hot, or cool tiers.

FileStorage storage accounts: FileStorage storage accounts allow you to deploy Azure file shares on
premium/solid-state disk-based (SSD-based) hardware.
• FileStorage accounts can only be used to store Azure file shares; no other storage resources (blob
containers, queues, tables, etc.) can be deployed in a FileStorage account.

© Copyright Microsoft Corporation. All rights reserved.

Configure disks
Add a data disk
1. Go to the Azure portal to add a data disk. Search
for and select Virtual machines.
2. Select a virtual machine from the list.
3. On the Virtual machine page, select Disks.
4. On the Disks page, select Add data disk.
5. In the drop-down for the new disk, select Create
disk.
6. In the Create managed disk page, type in a name
for the disk and adjust the other settings as
necessary. When you're done, select Create.
7. In the Disks page, select Save to save the new disk
configuration for the VM.
8. After Azure creates the disk and attaches it to the
virtual machine, the new disk is listed in the virtual
machine's disk settings under Data disks.

© Copyright Microsoft Corporation. All rights reserved.

Create file shares
Once you've created a storage account, all that is left is to create your file share.
The process is the same for a premium file share or a standard file share.
You should consider the following differences:
• Standard file shares may be deployed into one of the standard tiers:
• transaction optimized (default)
• Hot
• Cool
• This is a per file share tier that is not affected by the blob access tier of the storage
account.
• You can change the tier of the share at any time after it has been deployed.
• Premium file shares cannot be directly converted to standard file shares in any standard tier.
• You can move file shares between tiers within GPv2 storage account types (transaction
optimized, hot, and cool).

© Copyright Microsoft Corporation. All rights reserved.

Create and configure host pools and session hosts

© Copyright Microsoft Corporation. All rights reserved.

Configure the personal desktop host pool assignment type
To configure a host pool to automatically assign users to VMs, run the following PowerShell cmdlet:
Update-AzWVDHostPool -ResourceGroupName <resourcegroupname> -Name <hostpoolname> -PersonalDesktopAssignmentType Automatic

To assign a user to the personal desktop host pool, run the following PowerShell cmdlet:
New-AzRoleAssignment -SignInName <userupn> -RoleDefinitionName "Desktop Virtualization User" -
ResourceName <appgroupname> -ResourceGroupName <resourcegroupname> -
ResourceType 'Microsoft.DesktopVirtualization/applicationGroups'

To configure a host pool to require direct assignment of users to session hosts, run this PowerShell cmdlet:
Update-AzWVDHostPool -ResourceGroupName <resourcegroupname> -Name <hostpoolname> -PersonalDesktopAssignmentType Direct

© Copyright Microsoft Corporation. All rights reserved.

Automate creation of an AVD host pool using PowerShell
To create the host pool, workspace, desktop app group, and register the desktop app group to
the workspace, run:
New-AzWVDHostPool -ResourceGroupName <resourcegroupname> -Name <hostpoolname> -WorkspaceName <workspacename> -HostPoolType
<Pooled|Personal> -LoadBalancerType <BreadthFirst|DepthFirst|Persistent> -Location <region> -DesktopAppGroupName
<appgroupname>

To create a registration token to authorize a session host to join the host pool and save it to a
new file on your local computer, run:
New-AzWVDRegistrationInfo -ResourceGroupName <resourcegroupname> -HostPoolName <hostpoolname> -ExpirationTime $((get-
date).ToUniversalTime().AddDays(1).ToString('yyyy-MM-ddTHH:mm:ss.fffffffZ'))

To add Azure Active Directory users to the default desktop app group for the host pool, run:
New-AzRoleAssignment -SignInName <userupn> -RoleDefinitionName "Desktop Virtualization User" -ResourceName
<hostpoolname+"-DAG"> -ResourceGroupName <resourcegroupname> -ResourceType
'Microsoft.DesktopVirtualization/applicationGroups'

To add Azure Active Directory user groups to the default desktop app group for the host pool, run:
New-AzRoleAssignment -ObjectId <usergroupobjectid> -RoleDefinitionName "Desktop Virtualization User" -ResourceName
<hostpoolname+"-DAG"> -ResourceGroupName <resourcegroupname> -ResourceType
'Microsoft.DesktopVirtualization/applicationGroups'

© Copyright Microsoft Corporation. All rights reserved.

Customize RDP properties for a host pool
To add or edit a single custom RDP property, run:
Update-AzWVDHostPool -ResourceGroupName <resourcegroupname> -Name <hostpoolname> -CustomRdpProperty <property>

To add or edit multiple custom RDP properties, run the following by providing the custom
RDP properties as a semicolon-separated string:
$properties="<property1>;<property2>;<property3>"
Update-AzWVDHostPool -ResourceGroupName <resourcegroupname> -Name <hostpoolname> -CustomRdpProperty $properties

You can check to make sure the RDP property was added by running:
Get-AzWVDHostPool -ResourceGroupName <resourcegroupname> -Name <hostpoolname> | format-list Name, CustomRdpProperty

Name : <hostpoolname>
CustomRdpProperty : <customRDPpropertystring>

© Copyright Microsoft Corporation. All rights reserved.

Manage licensing for session hosts that run Windows client or
Windows Server
Azure Virtual Desktop licensing allows you to apply a license to any Windows or Windows Server
virtual machine that is registered as a session host in a host pool and receives user connections.
• You can create a host pool and its session host virtual machines using the Azure Marketplace
offering .
• Virtual machines created this way automatically have the license applied.
• You can create a host pool and its session host virtual machines using the GitHub Azure
Resource Manager template .
• Virtual machines created this way automatically have the license applied.
• You can apply a license to an existing session host virtual machine.
Apply a Windows license to a session host VM, run:
$vm = Get-AzVM -ResourceGroup <resourceGroupName> -Name <vmName>
$vm.LicenseType = "Windows_Client"
Update-AzVM -ResourceGroupName <resourceGroupName> -VM $vm

© Copyright Microsoft Corporation. All rights reserved.

Create and manage session host image

© Copyright Microsoft Corporation. All rights reserved.

Create a master image
You can use an image from the Azure Image Gallery.

Local image creation

Windows 10 Enterprise multi-session is Once you've downloaded the image to a local location,
available in the Azure Image Gallery. open Hyper-V Manager to create a VM with the VHD
There are two options for customizing you copied. To create a VM with the copied VHD:
the image: 1. Open the New Virtual Machine Wizard.
• The first option is to provision a 2. On the Specify Generation page, select Generation 1.
virtual machine (VM) in Azure 3. Under Checkpoint Type, disable checkpoints by
• The second option is to create the unchecking the check box.
image locally by downloading the
image, provisioning a Hyper-V VM,
and customizing it to suit your needs

© Copyright Microsoft Corporation. All rights reserved.

Modify a session host image

To disable Automatic Updates via local Group Policy, run:

reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU" /v NoAutoUpdate /t REG_DWORD /d 1 /f

Run this command to specify a Start layout for Windows 10 PCs, run:
reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer" /v SpecialRoamingOverrideAllowed /t REG_DWORD /d 1 /f

To redirect time zones, run this command on the master image:

reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services" /v fEnableTimeZoneRedirection /t REG_DWORD /d 1 /f

© Copyright Microsoft Corporation. All rights reserved.

Plan for image update and management
If you have many images that you need to maintain and would like to make them available
throughout your company, you can use a Shared Image Gallery as a repository.

The Shared Image Gallery feature has multiple resource types:

Resource Description
This is a resource that can be used to create an image version in an image gallery. An image
Image source source can be an existing Azure VM that is either generalized or specialized, a managed image,
a snapshot, a VHD or an image version in another image gallery.
Like the Azure Marketplace, an image gallery is a repository for managing and sharing images,
Image gallery
but you control who has access.
Image definitions are created within a gallery and carry information about the image and
requirements for using it internally. This includes whether the image is Windows or Linux,
Image definition
release notes, and minimum and maximum memory requirements. It is a definition of a type of
image.
An image version is what you use to create a VM when using a gallery. You can have multiple
versions of an image as needed for your environment. Like a managed image, when you use an
Image version
image version to create a VM, the image version is used to create new disks for the VM. Image
versions can be used multiple times.
© Copyright Microsoft Corporation. All rights reserved.
Create and use a Shared Image Gallery (SIG) using the portal
To create the gallery image definition inside of your gallery the gallery image is
named myImageDefinition.
1. select Add a new image definition from the top of the page.
2. In the Add new image definition to shared image gallery, for Region, select East US.
3. For Image definition name, type myImageDefinition.
4. For Operating system, select the correct option based on your source VM.
5. For VM generation, select the option based on your source VM. In most cases, this will be Gen 1.
6. For Operating system state, select the option based on your source VM.
7. For Publisher, type myPublisher.
8. For Offer, type myOffer.
9. For SKU, type mySKU.
10. When finished, select Review + create.
11. After the image definition passes validation, select Create.

© Copyright Microsoft Corporation. All rights reserved.

Install language packs in Azure Virtual Desktop
You need the following to To create a custom Windows 10 Enterprise multi-session
customize a Windows 10 Enterprise image manually:
multi-session images for adding
1. Deploy an Azure VM, then go to the Azure Gallery
multiple languages:
and select the current version of Windows 10
• An Azure virtual machine (VM) Enterprise multi-session you're using.
with Windows 10 Enterprise 2. After you've deployed the VM, connect to it using
multi-session. RDP as a local admin.
• The Language ISO, Feature on 3. Make sure your VM has all the latest Windows
Demand (FOD) Disk 1, and Inbox Updates.
Apps ISO of the OS version the
4. Connect to the language package, FOD, and Inbox
image uses.
Apps file share repository and mount it to a letter
• An Azure Files Share or a file drive (for example, drive E).
share on a Windows File Server
Virtual Machine

© Copyright Microsoft Corporation. All rights reserved.

Lab - Create and configure
host pools and session
hosts (Azure AD DS)
Lab prerequisites:
• A Microsoft account or an Azure AD account with the Global
Administrator role in the Azure AD tenant associated with the
Azure subscription and with the Owner or Contributor role in the
Azure subscription
• The completed lab Prepare for deployment of Azure Virtual
Desktop (Azure AD DS).

Estimated time: 60 minutes

Lab - Create and configure host pools and session hosts (Azure
AD DS).

© Copyright Microsoft Corporation. All rights reserved.

Lab - Deploy host pools and
session hosts by using the
Azure portal (AD DS)
Lab prerequisites:
• A Microsoft account or an Azure AD account with the
Owner or Contributor role in the Azure subscription
you will be using in this lab and with the Global
Administrator role in the Azure AD tenant associated
with that Azure subscription.
• The completed lab Prepare for deployment of Azure
Virtual Desktop (AD DS).

Estimated time: 45 minutes

Lab - Deploy host pools and session hosts by using the Azure
portal (AD DS)

© Copyright Microsoft Corporation. All rights reserved.

Lab - Implement and
manage storage for AVD
(Azure AD DS)
Lab prerequisites:
• A Microsoft account or an Azure AD account with the Global
Administrator role in the Azure AD tenant associated with the
Azure subscription and with the Owner or Contributor role in
the Azure subscription
• The completed lab Prepare for deployment of Azure Virtual
Desktop (Azure AD DS).

Estimated time: 30 minutes

Lab - Implement and manage storage for AVD

(Azure AD DS)

© Copyright Microsoft Corporation. All rights reserved.

Lab - Implement and
manage storage for AVD
(AD DS)
Lab prerequisites:
• A Microsoft account or an Azure AD account
with the Owner or Contributor role in the Azure
subscription you will be using in this lab and
with the Global Administrator role in the Azure
AD tenant associated with that Azure
subscription.
• The completed lab Prepare for deployment of
Azure Virtual Desktop (AD DS).

Estimated time: 30 minutes

Lab - Implement and manage storage for AVD (AD DS)

© Copyright Microsoft Corporation. All rights reserved.

Lab - Deploy host pools and
hosts by using Azure Resource
Manager templates
Lab prerequisites:
• A Microsoft account or an Azure AD account with the Owner or
Contributor role in the Azure subscription you will be using in
this lab and with the Global Administrator role in the Azure AD
tenant associated with that Azure subscription.
• The completed lab Prepare for deployment of Azure Virtual
Desktop (AD DS) or Prepare for deployment of Azure Virtual
Desktop (Azure AD DS)
• The completed lab Deploy host pools and session hosts by using
the Azure portal (AD DS) or Deploy host pools and session hosts
by using the Azure portal (Azure AD DS)

Estimated time: 45 minutes

Lab - Deploy host pools and hosts by using
Azure Resource Manager templates

© Copyright Microsoft Corporation. All rights reserved.

Lab - Deploy and manage
host pools and hosts by
using PowerShell
Lab prerequisites:
• A Microsoft account or an Azure AD account with the Owner or
Contributor role in the Azure subscription you will be using in
this lab and with the Global Administrator role in the Azure AD
tenant associated with that Azure subscription.
• The completed lab Prepare for deployment of Azure Virtual
Desktop (AD DS) or Prepare for deployment of Azure Virtual
Desktop (Azure AD DS)

Estimated time: 60 minutes

Lab - Deploy and manage host pools and hosts by using

PowerShell

© Copyright Microsoft Corporation. All rights reserved.

Lab - Create and manage
session host images (AD DS)

Lab prerequisites:
• A Microsoft account or an Azure AD account with the Owner or
Contributor role in the Azure subscription you will be using in
this lab and with the Global Administrator role in the Azure AD
tenant associated with that Azure subscription.
• The completed lab Prepare for deployment of Azure Virtual
Desktop (AD DS) or Prepare for deployment of Azure Virtual
Desktop (Azure AD DS)

Estimated time: 60 minutes

Lab - Create and manage session host images (AD DS)

© Copyright Microsoft Corporation. All rights reserved.

Module 2 Review Questions

© Copyright Microsoft Corporation. All rights reserved.

Online Role-based training resources:
Microsoft Learn
https://docs.microsoft.com/en-us/learn/

© Copyright Microsoft Corporation. All rights reserved.

Thank you.

© Copyright Microsoft Corporation. All rights reserved.

Course Outline
• Module 0: Welcome to Configuring and Operating Microsoft Azure
Virtual Desktop

• Module 1: Plan an Azure Virtual Desktop implementation

• Module 2: Implement an Azure Virtual Desktop infrastructure

• Module 3: Manage access and security

• Module 4: Manage user environments and apps

• Module 5: Monitor and maintain an Azure Virtual Desktop

infrastructure

NOTE: The module order listed above aligns with the learning objectives described on the see the AZ-140: Configuring
and Operating Microsoft Azure Virtual Desktop certification page

© Copyright Microsoft Corporation. All rights reserved.

Module 3: Manage access and security
RBAC for Azure Virtual Desktop, Conditional Access, and Azure Security Center

© Copyright Microsoft Corporation. All rights reserved.

Manage Access

Learning Manage Security

Objectives Labs

Module Review Questions

© Copyright Microsoft Corporation. All rights reserved.

Manage Access

© Copyright Microsoft Corporation. All rights reserved.

RBAC for Azure Virtual Desktop
Desktop Virtualization Contributor Application Group Reader
The Desktop Virtualization Contributor role lets you The Application Group Reader role lets you view everything in the
manage all aspects of the deployment. app group and will not allow you to make any changes.

Desktop Virtualization Reader Workspace Contributor

The Desktop Virtualization Reader role lets you view The Workspace Contributor role lets you manage all aspects of
everything in the deployment but doesn't let you make any workspaces.
changes.
Workspace Reader
Host Pool Contributor The Workspace Reader role lets you view everything in the
The Host Pool Contributor role lets you manage all aspects workspace but won't allow you to make any changes.
of host pools, including access to resources.
User Session Operator
Host Pool Reader The User Session Operator role lets you send messages,
The Host Pool Reader role lets you view everything in the disconnect sessions, and use the "logoff" function to sign sessions
host pool but won't allow you to make any changes. out of the session host.

Application Group Contributor Session Host Operator

The Application Group Contributor role lets you manage all The Session Host Contributor role lets you view and remove
aspects of app groups. session hosts, as well as change drain mode.

© Copyright Microsoft Corporation. All rights reserved.

Plan and implement Azure roles and RBAC for AVD
Security principal
• Users Scope
• User groups • Host pools
• Service principals • App groups
Role definition • Workspaces
• Built-in roles
• Custom roles

To add Azure Active Directory users to an app group, run:

New-AzRoleAssignment -SignInName <userupn> -RoleDefinitionName "Desktop Virtualization User" -ResourceName <appgroupname>

-ResourceGroupName <resourcegroupname> -ResourceType 'Microsoft.DesktopVirtualization/applicationGroups'

To add Azure Active Directory user group to an app group, run:

New-AzRoleAssignment -ObjectId <usergroupobjectid> -RoleDefinitionName "Desktop Virtualization User" -ResourceName

<appgroupname> -ResourceGroupName <resourcegroupname> -ResourceType 'Microsoft.DesktopVirtualization/applicationGroups'

© Copyright Microsoft Corporation. All rights reserved.

Using Azure Virtual Desktop with Intune
Intune handles Azure Virtual Desktop personal VMs the same as Windows 10 Enterprise physical
desktops.
• This allows use of your existing configurations and secure the VMs with compliance policy and
conditional access.
• Intune management doesn't depend on or interfere with Azure Virtual Desktop management of
the same virtual machine.
• Intune management doesn't
depend on or interfere with Azure
All VM limitations listed in Using Windows 10 Virtual Desktop management of
virtual machines also apply to Azure Virtual the same virtual machine.
Desktop VMs.
• Intune doesn't currently support
The following profiles aren't currently supported: management of Windows 10
• Domain Join Enterprise multi-session.
• Wi-Fi

© Copyright Microsoft Corporation. All rights reserved.

Manage security

© Copyright Microsoft Corporation. All rights reserved.

Plan and implement Conditional Access policies for
connections to AVD

© Copyright Microsoft Corporation. All rights reserved.

Understand Conditional Access policy components
Conditional Access policies are if-then statements.

Some common questions about assignments, access controls, and session controls:

• Users and Groups: Which users and groups will

be included in or excluded from the policy? Does • Conditions: Which device platforms will
this policy include all users, specific group of be included in or excluded from the
users, directory roles, or external users? policy? What are the organization’s
trusted locations?
• Cloud apps or actions: What application(s) will
the policy apply to? What user actions will be • Access controls: Do you want to grant
subject to this policy? access to resources by implementing
requirements such as MFA, devices
• Session controls: Do you want to control access marked as compliant, or hybrid Azure
to cloud apps by implementing requirements AD joined devices?
such as app enforced permissions or Conditional
Access App Control?

© Copyright Microsoft Corporation. All rights reserved.

Plan and implement MFA in AVD

When you first sign in, the client asks for your username,
password, and Azure multifactor authentication.
• The next time you sign in, the client will remember
your token from your Azure Active Directory (AD)
Enterprise Application.
• When you select Remember me on the prompt for
credentials for the session host, your users can sign in
after restarting the client without needing to reenter
their credentials.

NOTE: The online lab later in the module uses Azure AD-based Conditional Access for Azure Virtual Desktop (Lab -
Configure Conditional Access policies for connections to AVD (AD DS)).
© Copyright Microsoft Corporation. All rights reserved.
Manage security by using Azure Security Center
The security needs the customer isn't responsible for are handled by Microsoft.

Security Customer responsibility

Identity Yes
User devices (mobile and
Enable Azure Security Center Standard for: PC)
Yes

App security Yes

• Subscriptions
Session host OS Yes
• Virtual machines Deployment configuration Yes

• Key vaults Network controls Yes

Virtualization control plane No

• Storage accounts
Physical hosts No
Physical network No
Physical datacenter No

© Copyright Microsoft Corporation. All rights reserved.

Security posture management and threat protection
Azure Security Center provides security posture for Azure Virtual Desktop VMs in the
following ways

• Secure configuration assessment and Secure Score

• Industry-tested vulnerability assessment
• Host level detections
• Agentless cloud network micro-segmentation & detection
• File integrity monitoring
• Just-in-time VM access
• Adaptive Application Controls

© Copyright Microsoft Corporation. All rights reserved.

Microsoft Defender Antivirus for session hosts
• Works with virtual desktops running in Azure Virtual Desktop in Azure or on a physical
Windows 10 Endpoint.
• Supports Azure Virtual Desktop with up to 50 concurrent user connections for Windows 10
Enterprise multi-session.
• Single session scenarios on Windows 10 Enterprise is supported for onboarding Azure
Virtual Desktop machines into Defender for Endpoint.

© Copyright Microsoft Corporation. All rights reserved.

Lab - Configure Conditional
Access policies for connections
to AVD (AD DS)
Lab prerequisites:
• A Microsoft account or an Azure AD account with the Owner or
Contributor role in the Azure subscription you will be using in
this lab and with the Global Administrator role in the Azure AD
tenant associated with that Azure subscription.
• The completed lab Prepare for deployment of Azure Virtual
Desktop (AD DS) or Prepare for deployment of Azure Virtual
Desktop (Azure AD DS)
• The completed lab Deploy host pools and session hosts by using
the Azure portal (AD DS) or Deploy host pools and session hosts
by using the Azure portal (Azure AD DS)

Estimated time: 60 minutes

Lab - Configure Conditional Access policies for
connections to AVD (AD DS)

© Copyright Microsoft Corporation. All rights reserved.

Module 3 Review Questions

© Copyright Microsoft Corporation. All rights reserved.

Online Role-based training resources:
Microsoft Learn
https://docs.microsoft.com/en-us/learn/

© Copyright Microsoft Corporation. All rights reserved.

Thank you.

© Copyright Microsoft Corporation. All rights reserved.

Course Outline
• Module 0: Welcome to Configuring and Operating Microsoft Azure
Virtual Desktop

• Module 1: Plan an Azure Virtual Desktop implementation

• Module 2: Implement an Azure Virtual Desktop infrastructure

• Module 3: Manage access and security

• Module 4: Manage user environments and apps

• Module 5: Monitor and maintain an Azure Virtual Desktop

infrastructure

NOTE: The module order listed above aligns with the learning objectives described on the see the AZ-140: Configuring
and Operating Microsoft Azure Virtual Desktop certification page

© Copyright Microsoft Corporation. All rights reserved.

Module 4: Manage user environments and apps
FSLogix, Cloud Cache, persistent and non-persistent desktop, and redirection configuration

© Copyright Microsoft Corporation. All rights reserved.

Implement and manage FSLogix

Configure user experience settings

Learning Install and configure apps on a session host

Objectives
Labs

Module Review Questions

© Copyright Microsoft Corporation. All rights reserved.

Implement and manage FSLogix

© Copyright Microsoft Corporation. All rights reserved.

FSLogix profile containers
FSLogix is designed to roam profiles in remote computing environments, such as
Azure Virtual Desktop.

• Stores a complete user profile in a

single container.
• At sign in, this container is
dynamically attached to the
computing environment using natively
supported Virtual Hard Disk (VHD)
and Hyper-V Virtual Hard disk (VHDX).
• The user profile is immediately
available and appears in the system
exactly like a native user profile.

© Copyright Microsoft Corporation. All rights reserved.

FSLogix profile containers and Azure files

Performance: The FSLogix profile

containers are high performance
and resolve performance issues
that have historically blocked
cached exchange mode.
OneDrive: Without FSLogix
profile containers, OneDrive for
Business is not supported in non-
persistent RDSH or VDI
environments.
Additional folders: FSLogix
provides the ability to extend user
profiles to include additional
folders.

© Copyright Microsoft Corporation. All rights reserved.

Install FSLogix
Microsoft FSLogix Apps installs the core drivers and components for all FSLogix solutions.
• Any environment using FSLogix must install FSLogix Apps.
• After installation configure Profile Container before using for profile redirection.

To install FSLogix Applications:

• From the FSLogix download file, select 32 bit or
64 bit depending on your environment
• Run FSLogixAppSetup.exe
• Click Options to specify an installation folder

FSLogix is available for download here

© Copyright Microsoft Corporation. All rights reserved.

Storage options for FSLogix profile containers
Compare the storage solutions Azure Storage offers for Azure Virtual Desktop FSLogix
profile container user profiles.
Features Azure Files Azure NetApp Files Storage Spaces Direct
Ultra performance or migration from
Use case General purpose Cross-platform
NetApp on-premises
Platform service Yes, Azure-native solution Yes, Azure-native solution No, self-managed
Regional availability All regions Select regions All regions
Locally redundant/zone-redundant/geo- Locally redundant/zone-
Redundancy Locally redundant
redundant/geo-zone-redundant redundant/geo-redundant
Standard HDD: up to 500 IOPS per-
disk limits
Standard
Standard (Transaction optimized) Standard SSD: up to 4k IOPS per-disk
Premium
Premium limits
Tiers and performance Ultra
Up to max 100K IOPS per share with 10 GBps Premium SSD: up to 20k IOPS per-disk
Up to 320k (16K) IOPS with 4.5 GBps
per share at about 3 ms latency limits
per volume at about 1 ms latency
We recommend Premium disks for
Storage Spaces Direct
100 TiB per share, Up to 5 PiB per general 100 TiB per volume, up to 12.5 PiB per
Capacity Maximum 32 TiB per disk
purpose account subscription
Two VMs on Azure IaaS (+ Cloud
Minimum capacity pool 4 TiB, min
Required infrastructure Minimum share size 1 GiB Witness) or at least three VMs without
volume size 100 GiB
and costs for disks
Protocols SMB 3.0/2.1, NFSv4.1 (preview), REST NFSv3, NFSv4.1 (preview), SMB 3.x/2.x NFSv3, NFSv4.1, SMB 3.1
© Copyright Microsoft Corporation. All rights reserved.
Profile Container vs Office Container

Profile Container Office Container

• Profile Container is used to redirect the full • Office Container is designed to improve the
user profile. performance of Microsoft Office in non-persistent
• Profile Container is used in non-persistent, environments.
virtual environments, such as Virtual Desktops. • As opposed to Profile Container, Office Container
• When using Profile Container, the entire user redirects only the local user files for Microsoft
profile, except for data that is excluded using Office.
the redirections.xml, is included in the profile • When configuring Office Container, each Office
container. component is independently included based on
• For users familiar with managing profiles in the selected settings to include data for specific
non-persistent environments, the function of office components.
Profile Container may be compared to • When Office Container is used with other profile
Microsoft User Profile Disk, Microsoft Roaming solutions, it's that those solutions are configured
Profiles, or Citrix UPM. to exclude certain data.

© Copyright Microsoft Corporation. All rights reserved.

Configure Cloud Cache
Cloud Cache is an optional add-on to Profile Container and Office Container.
Configure Cloud Cache for SMB (Profile Container)
All settings are applied to HKLM\SOFTWARE\FSLogix\Profiles.
Registry Value Type Value
CCDLocations REG_SZ / MULTI_SZ type=smb,connectionString=<\Location1\Folder1>;type=smb,connectionString=<\Location2\folder2>
Enabled DWORD 1

Configuring Cloud Cache for Office Container

All settings are applied to HKLM\SOFTWARE\FSLogix\ODFC
Registry Value Type Value
CCDLocations REG_SZ / MULTI_SZ type=smb,connectionString=<\Location1\Folder1>;type=smb,connectionString=<\Location2\folder2>
Enabled DWORD 1

Configuring Cloud Cache for Profile Container

Registry Value Type Value
CCDLocations REG_SZ / MULTI_SZ type=azure,connectionString="DefaultEndpointsProtocol=https;AccountName=;AccountKey=;EndpointSuffix="
Enabled DWORD 1

Configure Profile Containers
Profile Container is a full remote profile solution for non-persistent environments.

• Profile Container redirects the entire user

profile to a remote location.
• Profile Container configuration defines how
and where the profile is redirected.
• Profile Container is inclusive of the benefits
found in Office Container.
• When using Profile Container, both
applications and users see the profile as if it's
located on the local drive.

Manage Rule Sets and application masking
Application Masking manages access to Applications, Fonts, and other items based on criteria.

The Application Rules Editor is used to Describe the item, such as application, to be managed.

Things you can do with the Apps Rules FSlogix supports four rule types:
Editor: • Hiding Rule - hides the specified items
using specified criteria
• Create new Rule Sets
• Redirect Rule - causes the specified item
• Edit existing Rule Sets to be redirected as defined
• Manage the user and group • App Container Rule - redirects the
assignments for Rule Sets specified content into a VHD
• Temporarily test rule-sets • Specify Value Rule - assigns a value for
the specified item

Configure user experience settings

Virtual desktop optimization principles
Minimize graphic redraws, effects, and background activities that have no major benefit to the
virtual desktop environment and reduce running processes to the bare minimum.

Use a "base" operating system image as Use a VM to build a VM:

the basis for the desktops: • State can be saved
• Persistent: preserves changes to the • Checkpoints can be set
virtual desktop operating system • Backups can be performed
from one session to the next.
• A default OS installation is performed to the base
• Non-persistent: does not preserve VM
changes to the virtual desktop
• VM is then optimized by removing unneeded
operating system from one session to
apps
the next.
• Install Windows updates, delete temporary files,
applying settings, etc...

Configure persistent and non-persistent desktop environments

Persistent virtual desktop is a device that A non-persistent virtual desktop

saves operating system state in between implementation is based on a base or "gold"
reboots. image.
• Traditional VMs, where the VM has its • The base image is read-only.
own virtual disk file, starts up normally, • When started, a copy of the base image is
and saves changes from one session to streamed to the VM.
the next.
• All activity until the next reboot is
• Image-based persistent VMs, a redirected to a temporary location.
base/gold image on one or more host
• Users are provided network locations to
servers.
store their data.
• Master/gold image, where updates are
applied.

Configure user settings through group policies
Setting area Setting Recommended value
Background Intelligent
Transfer Service (BITS)
Do not allow the BITS client to use Windows Branch Cache Enabled
Do not allow the computer to act as a BITS Peercaching client Enabled
Do not allow the computer to act as a BITS Peercaching server Enabled
Allow BITS Peercaching Disabled
BranchCache
Turn on BranchCache Disabled
Hotspot Authentication
Enable Hotspot Authentication Disabled
Microsoft Peer-to-Peer
Networking Services
Turn off Microsoft Peer-to-Peer Networking Services Enabled
Offline Files
Allow or Disallow use of the Offline Files feature Disabled

Configure user settings through Endpoint Manager policies
Enroll Azure Virtual Desktop VMs that are hybrid Azure AD joined with Microsoft Intune and
manage them in the Microsoft Endpoint Manager admin center as you would physical devices.

Endpoint Manager integration is generally available for Windows 10 Enterprise desktops.

Configure session timeout properties
Signing users out when they're inactive preserves resources and prevents access by
unauthorized users.

The timeout options for RDP is set on the servers

in the Local Group Policy:
• Set time limit for disconnected sessions
• Set time limit for active but idle Remote
Desktop Services sessions
• Set time limit for active Remote Desktop
Services sessions
• End Session when time limits are reached

Configure device redirections
Configuring device redirections for your Azure Virtual Desktop environment allows you to
use printers, USB devices, microphones and other peripheral devices in the remote session.

Clipboard redirection
redirectclipboard:i:1 enables clipboard redirection
redirectclipboard:i:0 disables clipboard redirection

COM port redirections

redirectcomports:i:1 enables COM port redirection
redirectcomports:i:0 disables COM port redirection

USB redirection
usbdevicestoredirect:s:* enables USB device
redirection
usbdevicestoredirect:s: disables USB device
redirection

Configure Universal Print
Universal Print manages print infrastructure through cloud services from Microsoft.

• Universal Print runs entirely on Microsoft Azure.

• With Universal Print–compatible printers, it doesn't
require on-premises infrastructure.
• A Microsoft 365 subscription-based service that
centralizes print management through the Universal
Print portal.
• Integrated with Azure Active Directory and supports
single sign-on scenarios.
• Can be deployed with non-compatible printers by
using Universal Print connector software.

Troubleshoot user profile issues
To report issues or suggest features for Azure Virtual Desktop with Azure Resource Manager
integration, visit the Azure Virtual Desktop Tech Community.

• Use the Tech Community to discuss best

practices or suggest and vote for new
features.
• When you make a post asking for help
or propose a new feature, make sure
you describe your topic in as much
detail as possible.

Troubleshoot AVD clients
Remote Desktop client for Windows 10 stops responding or cannot be opened
You can reset the user data from the About page or using a command.
Use the following command to remove your user data, restore default settings and unsubscribe from all Workspaces.
msrdcw.exe /reset [/f]

Web client won't open

First, test your internet connection by opening another website in your browser.
Use nslookup to confirm DNS can resolve the FQDN:
nslookup rdweb.AVD.microsoft.com
Try connecting with another client (eg, Remote Desktop client for Windows 10) to see if you can open the web client.

Web client keeps prompting for credentials

If the Web client keeps prompting for credentials, follow these instructions:
1. Confirm the web client URL is correct.
2. Confirm that the credentials you're using are for the Azure Virtual Desktop environment tied to the URL.
3. Clear browser cookies.
4. Clear browser cache.
5. Open your browser in Private mode.
© Copyright Microsoft Corporation. All rights reserved.
Install and configure apps on a session host

MSIX app attach
The MSIX package format preserves the functionality of existing app packages and/or install
files in addition to enabling new, modern packaging and deployment features to Win32, WPF,
and Windows Forms apps.

• MSIX app attach is a way to deliver MSIX applications to both physical and virtual machines.
• MSIX app attach is different from regular MSIX because it's made especially for Azure Virtual
Desktop.

In an Azure Virtual Desktop deployment, MSIX app attach can:

• Create separation between user data, the OS, and apps by using MSIX
containers.
• Remove the need for repackaging when delivering applications dynamically.
• Reduce the time it takes for a user to sign in.

How MSIX app attach works
1. From the Azure Virtual Desktop client,
you sign in and select the host pool for
which you have access.
2. You're assigned a virtual machine
within the host pool, on which a
RemoteApp or Remote Desktop
session is created.
3. If the user profile is configured, the
FSLogix agent on the session host
provides the user profile from the file
share.
4. Applications that are assigned to you
are read from Azure Virtual Desktop.
5. MSIX app attach applications are
registered to the virtual machine for
you, from the attached MSIX virtual
disk.

Set up a file share for MSIX app attach
To optimize MSIX app attach performance:
• The storage for MSIX app attach should be in the same datacenter location as the session hosts.
• To prevent bottlnects, exclude the following VHD, VHDX, and CIM files from antivirus scans:
• <MSIXAppAttachFileShare>*.VHD
• <MSIXAppAttachFileShare>*.VHDX
• \storageaccount.file.core.windows.net \share**.VHD
• \storageaccount.file.core.windows.net \share**.VHDX
• .CIM
• \storageaccount.file.core.windows.net \share**.CIM
• Separate the storage fabric for MSIX app attach from FSLogix profile containers.
• All VM system accounts and user accounts must have read-only permissions to the file share.
• Disaster recovery plans must include replicating the MSIX app attach file share in your secondary
failover location.

Configure dynamic application delivery using MSIX App Attach

• Install Certificates
• Enable Microsoft Hyper-V
• Stage a PowerShell script
• Register a PowerShell script
• Destage PowerShell scripts

Each phase creates a PowerShell script.

Configure session timeout properties
Application Masking manages access to Applications, Fonts, and other items based on criteria.

• The Application Rules Editor is used

to Describe the item, such as
application, to be managed.
• Use Application Masking to manage
user access of installed
components.
• Application Masking may be used in
both physical and virtual
environments.
• Application Masking is most often
applied to manage non-persistent,
virtual environments, such as Virtual
Desktops.

Demonstration - Configure apps for users
In this demonstration you see how to create a RemoteApp application group to share an
application to a different user in the organization.

Step 1: Create a RemoteApp application group

Step 2: Add Azure AD users or user groups
Step 3: Add applications
Step 4: Register and create an application group
Step 5: Verify access to application

Using the OneDrive sync app on virtual desktops

The OneDrive sync per machine

app provides:
• Automatic transitioning from
the previous OneDrive for
Business sync app
• Automatic conversion from
per-user to per-machine
• Automatic updates when a
new version is available

Using Microsoft Teams on Azure Virtual desktop
Media optimization for Microsoft Teams is only available for the Windows Desktop
client on Windows 10 machines.

• Microsoft Teams on Azure Virtual Desktop supports chat and collaboration.

• With media optimizations, it also supports calling and meeting functionality.
• With media optimization for Microsoft Teams, the Windows Desktop client handles
audio and video locally for Teams calls and meetings.
• You can still use Microsoft Teams on Azure Virtual Desktop with other clients
without optimized calling and meetings.
• Teams chat and collaboration features are supported on all platforms.

Publish built-in apps in Azure Virtual Desktop

To publish a built-in app:

1. Connect to one of the virtual machines in your host pool.
2. Get the PackageFamilyName of the app you want to publish by following the
instructions in this article .
3. Run the following cmdlet with `<PackageFamilyName> replaced by
the PackageFamilyName you found in the previous step:

New-AzAVDApplication -Name <applicationname> -ResourceGroupName <resourcegroupname> -

ApplicationGroupName <appgroupname> -FilePath "shell:appsFolder\<PackageFamilyName>!App" -
CommandLineSetting <Allow|Require|DoNotAllow> -IconIndex 0 -IconPath <iconpath> -ShowInPortal:$true

Azure Virtual Desktop only supports publishing apps with install locations that begin with C:\Program
Files\WindowsApps.
© Copyright Microsoft Corporation. All rights reserved.
Troubleshoot application issues related to AVD using
User Input Delay
The User Input Delay counter can help identify the root cause for bad end user RDP experiences.

• The counter measures how long

any user input remains in the
queue before it is picked up by a
process.

• The User Input Delay counter

measures the max delta between
the input being queued and
when it's picked up by the app in
a message loop.

Lab - Implement and manage
Azure Virtual Desktop profiles
(Azure AD DS)

Lab Dependencies:
• A Microsoft account or an Azure AD account with the Global
Administrator role in the Azure AD tenant associated with the
Azure subscription and with the Owner or Contributor role in
the Azure subscription
• An Azure Virtual Desktop environment provisioned in the
lab Introduction to Azure Virtual Desktop (Azure AD DS)

Estimated time: 30 minutes

Lab - Implement and manage Azure Virtual Desktop profiles
(Azure AD DS)

Lab - Package Azure Virtual
Desktop applications (AD
DS)
Lab Dependencies:
• A Microsoft account or an Azure AD account with the Global
Administrator role in the Azure AD tenant associated with the
Azure subscription and with the Owner or Contributor role in
the Azure subscription
• The completed lab Prepare for deployment of Azure Virtual
Desktop (AD DS) or Prepare for deployment of Azure Virtual
Desktop (Azure AD DS)
• The completed lab Azure Virtual Desktop profile management
(AD DS) or Azure Virtual Desktop profile management (Azure
AD DS)

Estimated time: 90 minutes

Lab - Package Azure Virtual Desktop applications (AD DS).

Module 4 Review Questions

Online Role-based training resources:
Microsoft Learn
https://docs.microsoft.com/en-us/learn/

Thank you.

Course Outline
• Module 0: Welcome to Configuring and Operating Microsoft Azure
Virtual Desktop

• Module 1: Plan an Azure Virtual Desktop implementation

• Module 2: Implement an Azure Virtual Desktop infrastructure

• Module 3: Manage access and security

• Module 4: Manage user environments and apps

• Module 5: Monitor and maintain an Azure Virtual Desktop

infrastructure

NOTE: The module order listed above aligns with the learning objectives described on the see the AZ-140: Configuring
and Operating Microsoft Azure Virtual Desktop certification page

Module 5: Monitor and maintain an Azure Virtual Desktop
infrastructure
FSLogix configuration, Azure Automation, and Azure Monitor

Plan and implement business continuity and disaster recovery

Learning
Objectives
Automate AVD management tasks

Monitor and manage performance and health

Labs

Module Review Questions

Plan and implement business continuity
and disaster recovery

Business continuity and disaster recovery
1. Replicate the VMs in a secondary location.
2. If you're using profile containers, set up data replication in the secondary location.
3. Identities you set up in the primary location should be available in the secondary location.
4. Make sure any LOB apps relying on data in the primary location are failed over to the secondary.

VM replication
First, you'll need to replicate your VMs to the secondary location.

Options depend on how your VMs are configured:

• You can configure all VMs for both pooled and personal host pools with Azure Site Recovery.
You'll only need to set up one host pool and its related app groups and workspaces.

• You can create a new host pool in the failover region while keeping all resources in your
failover location turned off.

• You need to set up new app groups and workspaces in the failover region, then use an Azure
Site Recovery plan to turn host pools on.

• You can create a host pool that's populated by VMs built in both the primary and failover
regions while keeping the VMs in the failover region turned off.

Virtual networks, user identities, and data

User identities User and app data

Ensure that the domain controller is If you're using profile containers, the next step
available at the secondary location: is to set up data replication in the secondary
• Have Active Directory Domain Controller location. You have five options to store FSLogix
at secondary location profiles:

• Use an on-premises Active Directory • Storage Spaces Direct (S2D)

Domain Controller • Network drives (VM with extra drives)
• Replicate Active Directory Domain • Azure Files
Controller using Azure Site Recovery • Azure NetApp Files
• Cloud Cache for replication

FSLogix configuration
The FSLogix agent can support multiple profile locations if you configure the registry
entries for FSLogix.

Configure Recovery Services vault for FSLogix user profiles,
personal desktops, and images

Configure backup from the Recovery Services vault

Configure backup for multiple file

shares from the Recovery Services
vault pane:
• In the Azure portal, open the
Recovery Services vault you
want to use for configuring
backup for the file share.
• In the Recovery Services
vault pane, select
the Backup from the menu on
the top.

Automate AVD management tasks

Scale session hosts using Azure Automation

Create or update an Azure Automation account
To download the script for creating the Azure Automation account, run:
New-Item -ItemType Directory -Path "C:\Temp" -Force
Set-Location -Path "C:\Temp"
$Uri = "https://raw.githubusercontent.com/Azure/RDS-Templates/master/AVD-templates/AVD-scaling-script/CreateOrUpdateAzAutoAccount.ps1"
# Download the script
Invoke-WebRequest -Uri $Uri -OutFile ".\CreateOrUpdateAzAutoAccount.ps1"

To execute the script and create the Azure Automation account, run:
$Params = @{
"AADTenantId" = "<Azure_Active_Directory_tenant_ID>" # Optional. If not specified, it will use the current Azure context
"SubscriptionId" = "<Azure_subscription_ID>" # Optional. If not specified, it will use the current Azure context
"UseARMAPI" = $true
"ResourceGroupName" = "<Resource_group_name>" # Optional. Default: "AVDAutoScaleResourceGroup"
"AutomationAccountName" = "<Automation_account_name>" # Optional. Default: "AVDAutoScaleAutomationAccount"
"Location" = "<Azure_region_for_deployment>"
"WorkspaceName" = "<Log_analytics_workspace_name>" # Optional. If specified, Log Analytics will be used to configure the custom
log table that the runbook PowerShell script can send logs to
}
.\CreateOrUpdateAzAutoAccount.ps1 @Params

Note: To setup a standalone automation account and Run As account using the Azure portal, see Create a standalone Azure Automation account.
© Copyright Microsoft Corporation All rights reserved
Create an Azure Automation account and Run As account
An Azure Automation Run As account provides authentication for
managing resources in Azure with Azure cmdlets.

• When you create a Run As account, it creates a new service

principal user in Azure Active Directory and assigns the
Contributor role to the service principal user at the
subscription level.
• An Azure Run As account allows you to authenticate securely
with certificates and a service principal name without
needing to store a username and password in a credential
object.

Create the Azure Logic App and execution schedule
Create the Azure Logic App and set up an execution schedule for your new scaling tool.

1. To create the Azure Logic App and execution schedule for

a host pool using PowerShell, run the script located at Create
the Azure Logic App and execution schedule.

2. To make changes to the execution schedule, open the

Logic App and use the Logic Apps Designer.

Monitor and manage performance and health

Monitor Azure Virtual Desktop by using Azure Monitor

You can open Azure Monitor for Azure Virtual Desktop by doing the following:

• Go to the Azure portal.

• Search for and select Monitor from the
Azure portal. Select Insights
Hub under Insights, then select Azure
Virtual Desktop.
• Once you have the page open, enter
the Subscription, Resource group, Host
pool, and Time range of the environment
you want to monitor.

Log Analytics workspace for Azure Monitor
To set up host pool diagnostics using the resource diagnostic settings section in the
configuration workbook:

You need to enable the following supported

diagnostic tables:
• Checkpoint
• Error
• Management
• Connection
• HostRegistration
• AgentHealthStatus

Monitor Azure Virtual Desktop by using Azure
Advisor

When you open Azure Advisor,

you'll see five categories:
• Cost
• Security
• Reliability
• Operational Excellence
• Performance

How to resolve Azure Advisor recommendations

Recommendations to be resolved
can include:
• No validation environment
enabled
• Not enough production (non-
validation) environments enabled
• Not enough links are unblocked to
successfully implement your VM

Diagnose graphics performance issues

Graphics-related performance issues There are three types of Frames

fall into four categories: Skipped/Second counters:
• Low frame rate • Frames Skipped/Second
(Insufficient Server Resources)
• Random stalls
• Frames Skipped/Second
• High input latency
(Insufficient Network Resources)
• Poor frame quality
• Frames Skipped/Second
(Insufficient Client Resources)

Lab - Implement
autoscaling in host pools
(AD DS)
• A Microsoft account or an Azure AD account with the
Owner or Contributor role in the Azure subscription
you will be using in this lab and with the Global
Administrator role in the Azure AD tenant associated
with that Azure subscription.
• The completed lab Prepare for deployment of Azure
Virtual Desktop (AD DS)
• The completed lab Deploy host pools and session
hosts by using the Azure portal (AD DS)

Estimated time: 60 minutes

Lab - Implement autoscaling in host pools (AD DS).

Module 5 Review Questions

Online Role-based training resources:
Microsoft Learn
https://docs microsoft com/en-us/learn/

Thank you

AZ 140T00A ENU TrainerPrepGuide
No ratings yet
AZ 140T00A ENU TrainerPrepGuide
7 pages
Azure Virtual Desktop Overview
No ratings yet
Azure Virtual Desktop Overview
2 pages
Azure Administrator Trainer Guide AZ-104
No ratings yet
Azure Administrator Trainer Guide AZ-104
6 pages
AZ 305T00A ENU PowerPoint - 02
No ratings yet
AZ 305T00A ENU PowerPoint - 02
37 pages
AZ 104T00A ENU PowerPoint - 02
No ratings yet
AZ 104T00A ENU PowerPoint - 02
36 pages
MD 102T00 ENU PowerPoint 07
No ratings yet
MD 102T00 ENU PowerPoint 07
30 pages
AZ 104T00A ENU PowerPoint - 04
No ratings yet
AZ 104T00A ENU PowerPoint - 04
35 pages
Az 303t00a Enu Powerpoint 00
0% (1)
Az 303t00a Enu Powerpoint 00
14 pages
AZ 140T00A ENU Powerpoint 05
No ratings yet
AZ 140T00A ENU Powerpoint 05
16 pages
AZ 104T00A ENU PowerPoint - 04
No ratings yet
AZ 104T00A ENU PowerPoint - 04
42 pages
AZ 104T00A ENU PowerPoint - 03
No ratings yet
AZ 104T00A ENU PowerPoint - 03
24 pages
AZ 305T00A ENU PowerPoint - 03
No ratings yet
AZ 305T00A ENU PowerPoint - 03
28 pages
AZ 104T00A ENU PowerPoint - 05
No ratings yet
AZ 104T00A ENU PowerPoint - 05
35 pages
Az 104t00a Enu Powerpoint 08
No ratings yet
Az 104t00a Enu Powerpoint 08
39 pages
AZ 104T00A ENU PowerPoint - 08
No ratings yet
AZ 104T00A ENU PowerPoint - 08
36 pages
AZ 104T00A ENU PowerPoint - 01
No ratings yet
AZ 104T00A ENU PowerPoint - 01
21 pages
AZ 104T00A ENU PowerPoint - 07
No ratings yet
AZ 104T00A ENU PowerPoint - 07
49 pages
SC 300T00A ENU PowerPoint 01
No ratings yet
SC 300T00A ENU PowerPoint 01
50 pages
SC 200t00a Enu Powerpoint 00
No ratings yet
SC 200t00a Enu Powerpoint 00
11 pages
AZ 305T00A ENU TrainerPrepGuide
No ratings yet
AZ 305T00A ENU TrainerPrepGuide
8 pages
MD 102T00 ENU PowerPoint - 02
No ratings yet
MD 102T00 ENU PowerPoint - 02
33 pages
MD 102T00 ENU PowerPoint - 05
No ratings yet
MD 102T00 ENU PowerPoint - 05
36 pages
Az 104t00a Enu Powerpoint 05
No ratings yet
Az 104t00a Enu Powerpoint 05
36 pages
MD 101T00 ENU PowerPoint - 06
No ratings yet
MD 101T00 ENU PowerPoint - 06
26 pages
AZ 104T00A ENU PowerPoint - 01
No ratings yet
AZ 104T00A ENU PowerPoint - 01
22 pages
MD 102T00 ENU PowerPoint - 01
100% (1)
MD 102T00 ENU PowerPoint - 01
36 pages
SC 100t00a Enu Powerpoint 01
No ratings yet
SC 100t00a Enu Powerpoint 01
60 pages
AZ 700T00A ENU PowerPoint - 04
No ratings yet
AZ 700T00A ENU PowerPoint - 04
42 pages
AZ 104T00A ENU PowerPoint - 06
100% (1)
AZ 104T00A ENU PowerPoint - 06
37 pages
SC 100t00a Enu Powerpoint 03
No ratings yet
SC 100t00a Enu Powerpoint 03
73 pages
AZ 305T00A ENU Powerpoint - 01
No ratings yet
AZ 305T00A ENU Powerpoint - 01
26 pages
Az 104t00a Enu Powerpoint 06
No ratings yet
Az 104t00a Enu Powerpoint 06
33 pages
MD 102T00 ENU PowerPoint 08
No ratings yet
MD 102T00 ENU PowerPoint 08
55 pages
Azure Virtual Networks: Design & Implementation Guide
100% (1)
Azure Virtual Networks: Design & Implementation Guide
150 pages
AZ 305+Official+Course+Study+Guide
No ratings yet
AZ 305+Official+Course+Study+Guide
14 pages
AZ 104T00A ENU PowerPoint - 11
No ratings yet
AZ 104T00A ENU PowerPoint - 11
42 pages
WS-011 Windows Server 2019 Administration
No ratings yet
WS-011 Windows Server 2019 Administration
65 pages
AZ 104T00A ENU PowerPoint - 02
No ratings yet
AZ 104T00A ENU PowerPoint - 02
39 pages
AZ-104T00A Intersite Connectivity
100% (2)
AZ-104T00A Intersite Connectivity
31 pages
Azure Firewall and Networking Overview
100% (1)
Azure Firewall and Networking Overview
36 pages
AZ 700T00A ENU PowerPoint - 05
No ratings yet
AZ 700T00A ENU PowerPoint - 05
37 pages
AZ 104T00A ENU PowerPoint - 09
No ratings yet
AZ 104T00A ENU PowerPoint - 09
47 pages
20533D 11
No ratings yet
20533D 11
33 pages
Az 700t00a Enu Powerpoint 01
No ratings yet
Az 700t00a Enu Powerpoint 01
65 pages
AZ-104 Azure Administrator Exam Guide
No ratings yet
AZ-104 Azure Administrator Exam Guide
13 pages
Azure Virtual Desktop - User Guide - v1.2
No ratings yet
Azure Virtual Desktop - User Guide - v1.2
61 pages
AZ-104 Study Plan Template - HLD
No ratings yet
AZ-104 Study Plan Template - HLD
4 pages
Az 500
No ratings yet
Az 500
48 pages
AZ 305T00A ENU CourseOutline
No ratings yet
AZ 305T00A ENU CourseOutline
9 pages
SC 300T00A ENU PowerPoint 05
No ratings yet
SC 300T00A ENU PowerPoint 05
123 pages
AZ 104T00A ENU PowerPoint - 07
No ratings yet
AZ 104T00A ENU PowerPoint - 07
56 pages
AZ 104T00A ENU PowerPoint - 00
No ratings yet
AZ 104T00A ENU PowerPoint - 00
4 pages
AZ-104T00A Network Traffic Management
100% (1)
AZ-104T00A Network Traffic Management
34 pages
Azure Admin Guide: User & Resource Mgmt
No ratings yet
Azure Admin Guide: User & Resource Mgmt
17 pages
AZ 305T00A ENU TrainerHandbook
100% (1)
AZ 305T00A ENU TrainerHandbook
270 pages
Azure Virtual Desktop Overview & Journey
No ratings yet
Azure Virtual Desktop Overview & Journey
3 pages
Az 140 Day 1 en 1725373747059
No ratings yet
Az 140 Day 1 en 1725373747059
81 pages
AZ-140 Exam Prep: Azure Virtual Desktop
No ratings yet
AZ-140 Exam Prep: Azure Virtual Desktop
2 pages
Azure Virtual Desktop Guide
No ratings yet
Azure Virtual Desktop Guide
2 pages
Azure Virtual Desktop Exam Guide
No ratings yet
Azure Virtual Desktop Exam Guide
2 pages