Search This Blog

Monday, November 11, 2019

Windows Virtual Desktop - Part 1

This time we will take a look at Windows Virtual Desktop in Azure.

We will connect this cloud solution to our own infrastructure so that we can use on-premises services as well.

In order to make this work we already have a Site-to-Site VPN gateway connection setup to connect our on-premises network to an Azure virtual network, this post will not cover setup of the VPN gateway.

At the same time our Active Directory is connected to Azure AD with Azure AD connect, this part is also not covered by this post.

This post will be part one of a longer series, so hold on  Smile

Let’s get started.

The first thing we need is to grant Azure Active Directory permissions to the Windows Virtual Desktop server app, you can do this by going to the following link:

Grant permissions to the server app

Login with your global administrator account.

image

Accept the permissions requested.

image

After accepting the permissions you will get this confirmation page.

image

Now do the same for the Windows virtual desktop client app, on this link

Grant permissions to the client app

Login with your global administrator account.

image

Accept the permissions requested.

image

Again you will get this confirmation page.

image

Go to the Azure portal and Enterprise applications and search for Windows Virtual Desktop as shown, these to application was created when we used the two above links.

image

Select the the Windows Virtual Desktop

image

Go to Users and groups and notice that our administrator account automatically has been granted the Default Access role assigned. This is not enough so we need to grant it the TenantCreator role, we will continue to use the same global administrator account for this this, click on Add User.

image

Click on Users and groups.

image

Select the desired user and then Select.

image

Then click Assign.

image

Our global administrator account has now been granted the TenantCreator role.

image

Now we need to create the Windows Virtual Desktop tenant, in order to do this we must use the Windows Virtual Desktop PowerShell module, you can always see the latest version available here https://www.powershellgallery.com/packages/Microsoft.RDInfra.RDPowershell

image

Let install latest version with the command.

Install-Module Microsoft.RDInfra.RDPowershell

image

Then import the module.

Import-Module Microsoft.RDInfra.RDPowershell

image

Use the command Get-Module Microsoft.RDInfra.RDPowershell to see currently installed version.

image

Now sign in to Windows Virtual Desktop.

Add-RdsAccount -DeploymentUrl https://rdbroker.wvd.microsoft.com

2019-10-09 09_43_53-Window

Use your account with the TenantCreator role.

image

image

In next step we create a new Windows Virtual Desktop tenant and associate it with our Azure Active Directory tenant.

New-RdsTenant -Name <TenantName> -AadTenantId <DirectoryID> -AzureSubscriptionId <SubscriptionID>

2019-10-09 09_45_46-Window

You can get your Azure AD DirectoryID if you go to the Azure Portal – Azure Active Directory and properties.

image

Your subscriptionID can also be found in the Azure portalSubscriptions and find the SubscriptionID on the Overview page of the subscription you want to use.

image

Then choose a name for the tenant and insert the correct values, we will use the name MindcoreLab for the tenant.

New-RdsTenant -Name MindcoreLab -AadTenantId 11111111-1111-1111-1111-1111111111111 -AzureSubscriptionId 22222222-2222-2222-2222-222222222222

image

We are now ready to create a service principal in Azure Active Directory and assign it a Windows Virtual Desktop role, so stay tuned for part 2.

No comments:

Post a Comment