Based on the Microsoft 365 roadmap, at the end of July, the update called Spring Update 2020 for the Windows Virtual Desktop (WVD) solution was released in General Availability. With the introduction of this update, Microsoft has drastically improved the experience of managing the WVD environment by integrating it within the Azure portal.
In this article, we will see what are the differences between the previous solution (Fall 2019) and the current solution; some new features recently introduced in Windows Virtual Desktop will also be mentioned.
In the Fall 2019 version, Windows Virtual Desktop is not an Azure Resource Manager (ARM) service, therefore all the objects present in the infrastructure are attested within a separate database. Azure Resource Manager is the dividing line between the user and the Fabric subsystem and is also responsible for provisioning and managing all Azure services.
With the latest update, all Windows Virtual Desktop objects are ARM resources as a result fully integrated within the Azure portal.
Some components related to the structure on which the Windows Virtual Desktop service is based have also been revised; we report below the fundamental components:
Collection of virtual machines on Azure that register in the environment as Session Host when the Windows Virtual Desktop agent is running.
As reported in the previous article, all Session Hosts are generated from the same image (from Marketplace or custom) in order to provide the same User Experience to the end user.
It is a logical group that allows you to make applications and/or the desktop available to users. One of the most important features introduced in this update is the ability to assign (assignments) an app group to Azure AD groups (previously it was only possible to associate Azure AD users).
It is a logical group of Application Groups present on Windows Virtual Desktop; each App Groups must be associated with a workspace to allow users to view published apps or desktops.
As previously mentioned, the Spring 2020 version of Windows Virtual Desktop is fully integrated within the Azure portal; all the User Interface for the management of the solution is replaced by the new section on the administration portal. It is therefore possible to authorize access to WVD resources, perform maintenance activities (eg: logoff, logoff, send messages) and modify the RDP settings directly from the Azure portal.
It is also possible to perform all these activities through the specific Powershell commands integrated in the AZ module; for example, to view the Session Hosts present within a Host Pool, you need to use the new Get-AzWvdSessionHost command.
In terms of security and authorization on accesses for the administrative part, it is possible to use Azure RBAC to provide granular rights on resources/objects based on the following model:
To fulfill the legal obligations on data compliance, Microsoft has added the possibility of placing metadata on various regions; in the previous version, metadata can only be saved in the United States.
In the image below, we summarize the substantial differences between the two versions:
Within the Spring 2020 update, further improvements have been introduced regarding the management of custom images for the creation of the Windows Virtual Desktop environment. As previously reported, each Session Host is generated based on a Master Image in order to provide the same User Experience to the various users.
One of the most important features is the full integration of Azure Shared Image Gallery during the process of a new Host Pool creation.
Azure Shared Image Gallery is a service that allows you to manage and simplify the sharing of custom images within the organization; this service provides:
- Global replication of images;
- Versioning and grouping of images ;
- Highly available images with Zone Redundant Storage (ZRS) accounts in regions that support Availability Zones;
- Premium storage support (Premium_LRS);
- Sharing across subscriptions, and even between Active Directory (AD) tenants, using RBAC;
- Scaling your deployments with image replicas in each region;
Also regarding image management, Microsoft has released a new service called Azure Image Builder in Public Preview. Through this service, you can create and update your custom image in an automated way; it is also possible to define where to save the images: whether on Azure Share Image Gallery or as Azure Managed Image.
This process is very useful for automating the process of creating new master images after installing the security fixes released monthly by Microsoft.
Now these are the areas of support of the service:
- East US
- East US 2
- West Central US
- West US
- West US 2
- North Europe
- West Europe
- Ubuntu 18.04
- Ubuntu 16.04
- RHEL 7.6, 7.7
- CentOS 7.6, 7.7
- SLES 12 SP4
- SLES 15, SLES 15 SP1
- Windows 10 RS5 Enterprise/Enterprise multi-session/Professional
- Windows 2016
- Windows 2019
Given the high demand, Microsoft is continuously introducing new features to make the Windows Virtual Desktop solution as optimal as possible and ensure that it is similar to a real workstation.
In fact, a new version of Microsoft Teams was released that allows the audio/video channel optimization; starting with this version of Microsoft Teams, it will therefore be possible to have high performance when streaming peer-to-peer through the WebRTC standard.
This version requires Windows Desktop client 1.2.1026.0 or later build.
With the 2004 build of Windows 10 Enterprise (single or multi-session), the MSIX-related APIs have been integrated into the operating system.
The MSIX App Attach feature is based on some technologies that combined together allow you to connect an MSIX application present in a centralized repository. Through this mechanism, applications are not installed directly on the operating system and can be made available or removed as needed.
Once the application is connected, the “look and feel” is the same as if the application were installed locally.
For storing profiles and applications in the Windows Virtual Desktop environment, you can use Azure Files as repository. Azure Files is a service that allows you to expose SMB shares present on the cloud.
In addition, Active Directory Domain Services can be used as an authentication method; this allows you to access the exposed shares using the AD credentials with the same resource access experience present in the on-premises environment. AD domain-joined systems are able to mount Azure File shares using their own credentials.
Here are some useful references to the official Microsoft documentation:
- Set up the PowerShell module for Windows Virtual Desktop
- Use Microsoft Teams on Windows Virtual desktop
- What is MSIX?
- Active Directory Domain Services authentication over SMB for Azure file shares
This article reported the major innovations introduced on Windows Virtual Desktop. The continuing need on the part of companies to facilitate smart-working and allow users to work as if they were in the company makes Windows Virtual Desktop one of the most important and constantly evolving Microsoft services of this last period.