This time we will take a look at Windows Virtual Desktop in Azure.
We will connect this cloud solution to our own infrastructure so that we can use on-premises services as well.
In order to make this work we already have a Site-to-Site VPN gateway connection setup to connect our on-premises network to an Azure virtual network, this post will not cover setup of the VPN gateway.
At the same time our Active Directory is connected to Azure AD with Azure AD connect, this part is also not covered by this post.
This post will be part one of a longer series, so hold on
Let’s get started.
The first thing we need is to grant Azure Active Directory permissions to the Windows Virtual Desktop server app, you can do this by going to the following link:
Grant permissions to the server app
Login with your global administrator account.
Accept the permissions requested.
After accepting the permissions you will get this confirmation page.
Now do the same for the Windows virtual desktop client app, on this link
Grant permissions to the client app
Login with your global administrator account.
Accept the permissions requested.
Again you will get this confirmation page.
Go to the Azure portal and Enterprise applications and search for Windows Virtual Desktop as shown, these to application was created when we used the two above links.
Select the the Windows Virtual Desktop
Go to Users and groups and notice that our administrator account automatically has been granted the Default Access role assigned. This is not enough so we need to grant it the TenantCreator role, we will continue to use the same global administrator account for this this, click on Add User.
Click on Users and groups.
Select the desired user and then Select.
Then click Assign.
Our global administrator account has now been granted the TenantCreator role.
Now we need to create the Windows Virtual Desktop tenant, in order to do this we must use the Windows Virtual Desktop PowerShell module, you can always see the latest version available here https://www.powershellgallery.com/packages/Microsoft.RDInfra.RDPowershell
Let install latest version with the command.
Install-Module Microsoft.RDInfra.RDPowershell
Then import the module.
Import-Module Microsoft.RDInfra.RDPowershell
Use the command Get-Module Microsoft.RDInfra.RDPowershell to see currently installed version.
Now sign in to Windows Virtual Desktop.
Add-RdsAccount -DeploymentUrl https://rdbroker.wvd.microsoft.com
Use your account with the TenantCreator role.
In next step we create a new Windows Virtual Desktop tenant and associate it with our Azure Active Directory tenant.
New-RdsTenant -Name <TenantName> -AadTenantId <DirectoryID> -AzureSubscriptionId <SubscriptionID>
You can get your Azure AD DirectoryID if you go to the Azure Portal – Azure Active Directory and properties.
Your subscriptionID can also be found in the Azure portal – Subscriptions and find the SubscriptionID on the Overview page of the subscription you want to use.
Then choose a name for the tenant and insert the correct values, we will use the name MindcoreLab for the tenant.
New-RdsTenant -Name MindcoreLab -AadTenantId 11111111-1111-1111-1111-1111111111111 -AzureSubscriptionId 22222222-2222-2222-2222-222222222222
We are now ready to create a service principal in Azure Active Directory and assign it a Windows Virtual Desktop role, so stay tuned for part 2.
