IT Connect
Your connection to information technology at the UW

Azure Virtual Desktop

Azure Virtual Desktop is a Microsoft-provided cloud-based Virtual Desktop Infrastructure (VDI) offering. You get the benefits of a virtual workspace without the complexity of buying and managing a VDI. Note: This product used to be named Windows Virtual Desktop.

Background

The Azure Virtual Desktop solution provides simplified management, multi-session Windows 10, and optimizations for Office 365 ProPlus. You can deploy and scale your Windows desktops and apps and get built-in security and compliance features. A Microsoft marketing page is available at: https://azure.microsoft.com/en-us/services/virtual-desktop/. Technical information is available at: https://docs.microsoft.com/en-us/azure/virtual-desktop/.

There are two versions of Azure Virtual Desktop:

  • Classic: More setup required, with UW-IT involvement. Fewer management capabilities.
  • Modern: Less setup required. Can use Azure Portal or Azure Resource Manager to manage.

UW-IT recommends you choose the modern AVD.

Getting Started

Licensing for Azure Virtual Desktop (AVD) is covered for UW employees and students.

Costs to run AVD are:

  • storage costs to store the VM disks in Azure
  • Azure VM runtime costs (you can minimize those if you shut them down for inactive periods)
  • ExpressRoute or some other site-to-site VPN

ExpressRoute is a site-to-site VPN. This means it is an always-on network connection between two network sites. So if you have one to the UW network, it is as if that Azure VNET is on the UW network. In other words, you can access resources on the UW network, like a NETID domain controller.

Modern AVD Setup

Microsoft’s setup documentation starts here: https://docs.microsoft.com/en-us/azure/virtual-desktop/create-host-pools-azure-marketplace?tabs=azure-portal.

To proceed, you’ll need the following:

  1. Azure subscription. If you don’t have one, see here: https://uw.service-now.com/sp?id=sc_entry&sys_id=ed4f54b5db567748d6a77a8eaf961940
  2. Azure ExpressRoute. This is a site to site VPN which provides the network connectivity from Azure to the UW network to allow your WVD VMs to join the NETID AD and interact with any data sources on-premises. See: https://uw.service-now.com/sp?id=sc_entry&sys_id=8ab2e8b9dbd67748d6a77a8eaf96190f

Classic AVD Setup

Microsoft’s setup documentation starts here: https://docs.microsoft.com/en-us/azure/virtual-desktop/virtual-desktop-fall-2019/create-host-pools-azure-marketplace-2019

To proceed, you’ll need the following to use Azure Virtual Desktop (AVD):

  1. Azure subscription. If you don’t have one, see here: https://uw.service-now.com/sp?id=sc_entry&sys_id=ed4f54b5db567748d6a77a8eaf961940
  2. Azure ExpressRoute. This is a site to site VPN which provides the network connectivity from Azure to the UW network to allow your WVD VMs to join the NETID AD and interact with any data sources on-premises. See: https://uw.service-now.com/sp?id=sc_entry&sys_id=8ab2e8b9dbd67748d6a77a8eaf96190f
  3. An Azure AD service principal. You can create one yourself. See https://docs.microsoft.com/en-us/azure/virtual-desktop/virtual-desktop-fall-2019/create-service-principal-role-powershell#create-a-service-principal-in-azure-active-directory for the steps to do so. Because there are many units which use WVD, we ask that you prepend the displayName argument with your unit name, e.g. “-DisplayName “Pottery – Windows Virtual Desktop Svc Principal”
  4. An Azure Virtual Desktop tenant. This is something UW-IT must provision for you. Send email to help@uw.edu with subject “Azure Virtual Desktop”. You will need the following:
    1. Azure subscription ID. Reference https://docs.microsoft.com/en-us/azure/virtual-desktop/tenant-setup-azure-active-directory#assign-the-tenantcreator-application-role and search for “To find your Azure subscription ID” for help on how to determine this.
    2. The service principal’s application id. This is in one of the steps for #3 above in the Microsoft doc for that step.
  5. Once you have the AVD tenant, you’ll be using the service principal to manage it, generally following the Microsoft documentation.
  6. The Azure AD service principal will require occasional maintenance attention. The service principal secret will expire and it is best practice to have more than one owner assigned. See https://itconnect.uw.edu/wares/msinf/aad/apps/creds/ for help on this.

Running Azure Virtual Desktop

You are responsible for managing your AVD. If you’d like UW-IT to do that for you, please contact the Managed Workstation service via help@uw.edu with a subject line of “Managed Azure Virtual Desktop”.

Last reviewed November 12, 2021