Windows Virtual Desktop Application Group Creation

Reading Time: 3 minutes

In this blog post, i will create a WVD application group within the Azure Portal. Application groups are a collection of remote applications that you can present to a user or group of users. Please note that this applies to a pooled host pool.

In an earlier post i deployed a WVD solution. See Deploying Windows Virtual Desktop in Microsoft Azure

1. Login to the Azure Portal
2. Click Windows Virtual Desktop
3. Click Application Groups

4. Click + Add

5. Input details (See example below). Ensure you use the same resource group as your host pool location

6. Click next to move on to the applications section

7. Click + Add Applications

8. Add your applications as required. Options available are to add an application from start menu, file path or an MSIX App.

For the purpose of this demo, I have added the apps below

9. Click Next to move onto Assignments

10. Click + Add Azure AD users or groups

11. For the purpose of this demo, i am adding a single user cloud build user 1 synced to Azure AD via Azure AD Connect

12. Click next to move onto the workspace section

13. Click Yes

14. Add tags as required and click next
15. Review and click create once validation passes. The process takes about a minute

Let’s test by logging in with user cloud build 1 which was the only user that I assigned to the application group.

The applications are visible as show below

Deploying Windows Virtual Desktop in Microsoft Azure

Reading Time: 8 minutes

In this blog post, I will be creating a new Windows Virtual Desktop (WVD) platform using a Windows 10 image from the Azure Gallery. I will be covering the deployment and opimisation of a base WVD image in a further blog post. The purpose of this blog post is to allow you to get an idea of how a WVD platform is deployed.

What is Windows Virtual Desktop?

Windows Virtual Desktop is a desktop and app virtualisation service that runs in Microsoft Azure.

Here’s what you can do when you run Windows Virtual Desktop in Azure:

  • Set up a multi-session Windows 10 deployment that delivers a full Windows 10 with scalability
  • Virtualise Microsoft 365 Apps for enterprise and optimize it to run in multi-user virtual scenarios
  • Provide Windows 7 virtual desktops with free Extended Security Updates
  • Bring your existing Remote Desktop Services (RDS) and Windows Server desktops and apps to any computer
  • Virtualise both desktops and apps
  • Manage Windows 10, Windows Server, and Windows 7 desktops and apps with a unified management experience

If you’re just getting started, below are a few links that may be useful to you before you get started with deploying Window Virtual Desktop (WVD)

  1. Add and verify custom domain in Azure AD
  2. Create a virtual network
  3. Configure Azure Bastion (If you require secure access to your VM’s from within the Azure Portal). For this demo, I have enabled RDP access but I recommend to give Bastion. It’s a great feature
  4. Build a server in Azure (Low spec server for a domain controller is sufficient for this lab)
  5. Configure Active Directory
  6. Configure Azure AD Connect Sync
  7. Assign your domain controller a static IP address in Azure

Before you get started, create a Security Group within your Active Directory domain controller, along with a couple of user accounts.

For this demo, I have created:

Group: WVD Users
Domain user: Cloudbuilduser1 and CloudBuilduser2 (both users are members of the WVD Users group)

By default, Azure AD Connect syncs every 30 minutes so your new group and accounts will have sync’d to Azure AD by the time we get to testing the WVD platform. You could also force a sync by running the following command on your ADConnect server Start-ADSyncSyncCycle.

Let’s get started

Create a Workspace (Windows Virtual Desktop)

A workspace is a logical grouping of application groups in Windows Virtual Desktop. Each Windows Virtual Desktop application group must be associated with a workspace for users to see the remote apps and desktops published to them. You will also get the opportunity to create the workspace later in this blog post. For this demo, I will be creating a workspace first.

(1) Log in to the Azure Portal

Power on your domain controller if you have not already done so and don’t forget to enable auto shutdown of your domain controller (Lab Only) to save on costs. You don’t want to be doing this in a production environment!!

(2) Search for Windows Virtual Desktop and click

(3) Click on Workspaces located in the left pane

(4) Click + Add

(5) Complete the details, see the example below. I have created a new resource group. Click Next

(6) I don’t currently have any Application Groups, so for now I’ll click next, create tags as required and click review and create.

(7) Validation passed, click create

Deploy a Windows Virtual Desktop Host Pool

(8) Click Windows Virtual Desktop
(9) Click Create a Host Pool

(10) Input details, see the example below. I have created a new Resource Group. Note that the location needs to be the same as the location of your Workspace Resource Group. For this demo I have selected the options below:

Location: At the moment the only locations available for Meta Data are US regions. Don’t worry, nothing important is stored there apart from MetaData.

Validation Environment
Azure will deploy WVD updates to the Validation Environment to ensure there are no issues as a result of updates.

Host pool types:
Pooled desktops: Multiple users on the same virtual machine.
Personal desktops: One user per desktop VM

Max session limit
The maximum number of users that have concurrent sessions on a session host. For this demo, I’m leaving this empty.

Load balancing algorithm – Breadth-First and Depth-First
Breath-First load balancing
will distribute new user sessions across all available session hosts in the host pool
Depth-first load balancing distributes new user sessions to an available session host with the highest number of connections but has not reached its maximum session limit threshold.

More info can be located at WVD Pooled vs Personal Desktops

As mentioned above, the only locations for Meta Data storage at the time of writing this blog post were US based.

(11) Click next to move on to Virtual Machines

(12) Click Yes to Add Virtual Machines. These will become the session hosts that users will connect to.

(13) Input details

  1. – Leave the resource group as is
    – Set the location. This is the location of the VM. I’m setting UK South. The location will need to be the same as where your VNETS are located. The location does not need to be the same as the MetaData location. In this demo, I only have the one VNET.
  2. For this demo, I am selecting a B2s with 2 vcpu’s and 4gb RAM (Update: note that if you’re using an Azure free trial account, select a machine with 1vcpu. There are limits when setting up a WvD platform using the Azure Trial account).
  3. I’m using standard HDD disks for this demo but Microsoft recommend using premium SSD for all session hosts
  4. Network Security Group, I am leaving as basic
  5. AD Join – Use a dedicated account for this task. It’s an important task that would cause major issues with VM deployment in the event the account was disabled or deleted. See post How to allow domain users to add computers to the domain

Note: you could also create a base image. For the purpose of this demo, i’m using a windows 10 image without any additional apps installed. The following post covers creating and optimising a base image for WVD. Click Create and Optimise a Windows Virtual Desktop Image

(14) Click next to move onto Workspace

(15) Click Yes to register the desktop app group and select the workspace created as part of the earlier step. If you decided not to create a workspace in the beginning of this blog post, you can create one now using the ‘Create New’ link

(16) Click next and add tags as required
(17) Click review

(18) Click create after validation passes. This process may take a few minutes.

Common issues:

– Incorrect domain credentials
– Is the account you’re using to add session hosts to the domain sync’d to Azure AD
– Is the domain controller up and running
– Is the VNET DNS set to the IP of the domain controller

If you decided to select a virtual machine size including 2 vCpu’s, you may come across an error similar to the one below:

Errors The template deployment ‘0000000000000000′ is not valid according to the validation procedure. The tracking id is ‘123456789-1234-1cc9-b42d-1a1b11f01fcf’. See inner errors for details.

As mentioned earlier, there are limits on what you can configure when using an Azure Trial account. One to keep in mind. When changing the virtual machine size to DS1 v2 (1vcpu), the validation process should succeed.

(19) ok, so validation succeeded

(20) Click Create. The process can take up to 10 minutes. My deployment took 9 minutes

(21) Deployment succeeded

Set App Group Permissions

(22) Click Windows Virtual Desktop

(23) Let’s add some user permissions – click Windows Virtual Desktop

(24) Click application groups

(25) Click on the application group name

(26) Click Assignments

(27) Click Add, and then select the WVD Users Group you created on your Active Directory domain controller and sync’d to Azure AD. If you recall, we added two test user accounts to the group. Clouduserbuild1 and clouduserbuild2

(28) Add and click select

And we’re done. Let’s move on to testing

(29) From a browser, visit:

(30) Sign in with a user account which is a member of the WVD user group

I’ll be logging in with cloudbuilduser2 for this demo

(31) Skip MFA or setup. For this demo, I will skip MFA.

(32) and we’re in

(33) Launch the Default Desktop and click allow

(34) Login again

(35) Our newly built desktop launches successfully.

(36) Here are the two virtual machines

That’s your basic WVD solution deployed

Additional notes:

– There are limits when using an Azure Free trial account. I successfully deployed 2 sessions hosts with 1 VCPU and 3.5gb of Ram

– A host pool includes session hosts (Session hosts the VM’s)

– A host pool can only include one desktop application group. As seen in the lab, the desktop application is created by default when I deployed a host pool

– A host pool can host multiple Remoteapp application groups (This is a collection of remote applications).

– A user can be assigned to one or more application groups in a host pool.

– An application group has to be added to a workspace. Users communicate with the workspace when connecting to WVD

– Applications groups can only be added to one workspace within a host pool

– If a user requires access to both a published desktop and a published application, users can not launch both published desktop and published app at the same time (At the time of writing this blog post). It’s understandable that there may be requirements to publish the app separately due to compatibility issues. To get around this, you will need to create a separate host pool.

Windows Virtual Desktop Pooled vs Personal

Reading Time: 2 minutes

What is the difference between a Pooled and Personal host pool in Windows Virtual Desktop?

Both options are visible when connecting to the Azure Portal, clicking Windows Virtual Desktop and clicking the option to create a new Host Pool. See screenshot below:

Personal desktops also known as persistent desktops are where each user is allocated a desktop. Users can modify their desktop to meet personal preferences and can save files in their own desktop environment.

When configuring personal desktops within the Azure Portal, there are two further options as shown below:

Automatic: The service will select an available host and assign to the user
Direct: This allows admins to select a specific host to assign to users

Pooled desktops, also known as non persistent desktops, assign users to whichever session host is available at the time. This depends on the configured load balancing algorithm which I have documented below. Because the users don’t always return to the same session host each time they connect to the Windows Virtual Desktop (WVD) solution, the users have limited ability to customise the desktop environment.

When selecting a pooled configuration within WVD located in the Microsoft Azure Portal, further options become visible as shown below:

  • Breath First load balancing will distribute new user sessions across all available session hosts in the host pool
  • Depth first load balancing distributes new user sessions to an available session host with the highest number of connections but has not reached its maximum session limit threshold.

What is Windows 10 Enterprise multi session?

I know this is off topic to what the post title describes, but I thought it would be a good idea to document some information about Windows 10 multi session.

Windows 10 Enterprise multi session, previously known as Windows 10 Enterprise for virtual desktops, allows multiple concurrent interactive sessions. This was previously only an option with Windows Server.

Windows 10 Enterprise multi session provides multi session functionality exclusively for Windows Virtual Desktop which is a Microsoft Azure Service. Windows 10 Enterprise multi session has been tested, optimised, and supported exclusively on Microsoft Azure only. Microsoft does not support Windows 10 Enterprise multi session on non Azure deployments.

When planning your deployment, it’s important to check your application compatibility and contact application vendors if required. You may find that some applications don’t support certain configurations such as multi session.

You may also be interested in the posts below:

Deploying Windows Virtual Desktop
Windows Virtual Desktop Application Group Creation