How to quickly deploy Windows Virtual Desktop (WVD) – Step by Step
Looking for an overview of Windows Virtual Desktop? Take a look at the following YouTube video by Microsoft Mechanics or the overview docs. For this post we’ll be diving straight into the configuration!
Before we get started, you’re going to need the following:
- Azure AD
- Syncing with AD via Connect or AAD DS
- An Azure subscription
- With a virtual network containing or connected to an AD server
- Windows 10 Enterprise licensing (though E3, E5, M365 E3/E5) or licensing for the OS you are looking to deploy (Win7 and Server also supported)
The reason AD is required is because WVD machines must be domain or hybrid joined. There’s also a list of url requirements which you can find here.
Allow Windows Virtual Desktop to access your Azure AD tenant
Go to: https://rdweb.wvd.microsoft.com/ and log in with your Global Admin account. Select Server App and consent to WVD access and provide the Azure AD Tenant ID (Azure AD -> Properties -> Directory ID).
Then, navigate back to https://rdweb.wvd.microsoft.com and select Client App, and resubmit the same permissions.
Back in the Azure Portal, open up Azure Active Directory and select Enterprise Applications. Under all applications, you’ll now see:
Select Windows Virtual Desktop > Users and groups > +Add user. Here, we need a user with Global Admin rights who will “create” the WVD tenant. They will have the TenantCreator role.
Create the WVD tenant!
This will require PowerShell (Windows PowerShell, not Core), so make sure you have the Az and Microsoft.RDInfra.RDPowerShell modules installed. Once you have those modules installed, run the following commands:
Import-Module -Name Az Import-Module -Name Microsoft.RDInfra.RDPowerShell $brokerurl = "https://rdbroker.wvd.microsoft.com" $aadTenantId = "same tenant ID used to consent" $azureSubscriptionId = "subscription for deployment"
Then we’ll need to sign-in with the TenantCreator role accoutn:
Add-RdsAccount -DeploymentUrl $brokerurl
And then we create the tenant:
New-RdsTenant -Name "yourWVDTenantNamehere" -AadTenantId $aadTenantId -AzureSubscriptionId $azureSubscriptionId
Add the Azure AD Global Admin and your AD Domain Admin to the WVD RDS Owners Group using the following command:
New-RdsRoleAssignment -SignInName "myaccount@MyAADdomain.onmicrosoft.com" -RoleDefinitionName "RDS Contributor" -TenantName "TenantNameFromAbove" -AadTenantId $aadTenantId New-RdsRoleAssignment -SignInName "domainAdmin@MyADDomain.com" -RoleDefinitionName "RDS Contributor" -TenantName "TenantNameFromAbove" -AadTenantId $aadTenantId
Now that we have a tenant, we need a Host Pool
In the Azure portal, select Create a Resource and search for Windows Virtual Desktop – Provision a host pool.
Select it and press Create. Select the settings you’d like to use for your WVD environment.
For this post we’ll be using a Marketing place image. In an upcoming blog post, we’ll describe how to use a managed or custom image.
Important settings: For AD domain join UPN we’ll need an account that has rights to join devices to your Active Directory domain (not required to be synced up to Azure AD). The virtual network will also need line of site to your domain controller to complete the domain join.
Important settings: for Windows Virtual Desktop details, use the “tenant group name” and “tenant name” from the PowerShell output from before. The UPN here should be the TenantCreator role.
Great! That will kick off our host pool creation:
Now you’ve made your first WVD tenant!