Ash Roberts
SwitchITUp

SwitchITUp

How to Connect to Azure Virtual Desktop Session

How to Connect to Azure Virtual Desktop Session

Ash Roberts's photo
Ash Roberts
·Sep 5, 2022·

5 min read

Table of contents

  • Background
  • Introduction
  • Remote Desktop Client
  • Web Client
  • Administer User Connections
  • Summary

Background

In the previous article we built an Azure Virtual Desktop lab that consisted of cloud only infrastructure. We deployed Storage accounts ready for FSLogix profile containers and we created an instance of Azure Active Directory Services (AADDS) so we can use domain join/NTFS and other benefits we would get if we had synced an on premise domain via AD Connect.

We then deployed a host pool with a session host via the "create a host pool" wizard

If you missed that article or need a reference of what's been deployed or refresher you can check the link out below!

switchitup.tech/setting-up-an-azure-virtual..

Introduction

For this article, we are going to cover how we connect our users to the deployment so they can log into the workspace and then login to a pooled desktop machine.

There are two main methods you can use to get your workforce into AVD and working:

  • Remote Desktop Client

  • Web Client

Lets look at each in depth.

Remote Desktop Client

Simply install. You will need to select install for yourself or per-machine. Per-machine would be required for a thin terminal shared by a number of users, so bear that in mind.

remote desktop client - 1.jpg

remote desktop client - 2.jpg

remote desktop client - 3.jpg

remote desktop client - 4.jpg

After installation, you will be greeted with the "Getting Started" page where you will need to subscribe to a workplace.

rdc - get started .jpg

You can subscribe with the workspace URL or sign in with your user account. In this instance I will use testuser1 who we created back in the lab setup. For reference you can find the workspace URLs below, most will use "Azure virtual Desktop" link.

![workspace urls.jpg] (cdn.hashnode.com/res/hashnode/image/upload/.. align="left")

Remember: testuser1 is a member of FSLogix-Profiles and AVD_USERS group

After using the Workspace link for "Azure Virtual Desktop" you will be prompted to sign in. Once signed in notice we have no resources assigned for access.

no assigned workspace.jpg

lets fix this now.

Assign User Permissions

  • Firstly we need to add AVD_USERS to our hostpool1-DAG (Application Group)

  • Give AVD_USERS "Virtual Machine User Login" permissions to our session host VMs

For point 1 navigate to:

RG_VirtualDesktop > Hostpool1-DAG > Assignments > +Add

hostpool1dag-assignusers.jpg

hostpool1-assignment2.jpg

The second point needs a bit more thought. We can obviously add the permissions to each session host (ok when we have 1) but if your in an environment with a large number of session hosts this will be easier to apply the permissions at the resource group level. Why? Because it will allow access to all sessionhosts in our resource group, and our users in a busy environment may be spread across a number of different hosts so it's vital permissions are set correctly at the correct level.
We will do this here. Navigate to the following:

RG_VirtualDesktop > Access Control (IAM)

You want to create a "Role Assignment" and assign AVD_USERS to "Virtual Machine User Login" role.

virtualmachineuserlogin.jpg

Navigate back to your Remote desktop Client and we are going to refresh the workspace.

refresh-rdc-workspace.jpg

And magically you will now see the desktop session available for logon:

desktopsession-rdc.jpg

Double Click this to connect to your AVD session.

testuser1 - verification.jpg

Web Client

The following HTML5 capable browsers are supported. Note there is currently NO mobile support for web client.

supported browsers.jpg

Navigate to the following URL:

client.wvd.microsoft.com/arm/webclient/inde..

You will be prompted to login. If you followed the instructions for the Remote Desktop Client and already setup the user permissions and role assignments you will be greeted with the Session host on the workspace.

remote web client sign in.jpg

If your Workspace is blank and you skipped the "Remote Desktop Client" section above go back and review the "Assign User Permissions" section then try again.

Administer User Connections

The following lets you view current sessions and disconnected sessions on your session host. Navigate to the following for an overview:

RG_VirtualDesktop > Hostpool1

The image below was after I disconnected from the session Host.

hostpool1-sessions.jpg

Alternatively navigate to the following for a full list of user connections

Here I have an active connection to the session host.

RG_VirtualDesktop > Hostpool1 > Session Host > Select your Session host > Select "Users" tab

sessionhost - verifyusers 1.jpg

sessionhost- verify users 2.jpg

From this screen you have a number of options:

  • Notify users, This will allow you to write a message to session host users that will display in the session. e.g Planned maintenance.

notify users.jpg

session host - notify user verification.jpg

  • Log Off/Force Log Off Users - remove a session or by force.

force logoff.jpg

  • Drain Mode, You may want to prepare the session host for maintenance, you send out a notification for current users and you don't want new users to connect. Drain mode is for you. Don't forget to turn it back off after Maintenance or no new sessions can occur.

Remember - To have control of these functions with "least privilege" in mind you need to allocate:

  • Desktop Virtualization User Session Operator = Send notifications/Sign off/Disconnect sessions

  • Desktop Virtualization Session Host Operator = Use Drain Mode/ Add + Remove Session Hosts

Summary

We have covered how to connect users to AVD sessions by using both the Remote Desktop Client, the Web Client and how to administrate user connections from the Azure Portal.

Next Article we will look at locking Azure Virtual Desktop connections down using Conditional Access Policies.

Don't forget to turn off any running session hosts or decommission your environment to save on costs.

 
Share this