How to quickly deploy Windows Virtual Desktop (WVD) – Step by Step

Looking for an overview of Windows Virtual Desktop? Take a look at the following YouTube video by Microsoft Mechanics or the overview docs. For this post we’ll be diving straight into the configuration!

Before we get started, you’re going to need the following:

  • Azure AD
    • Syncing with AD via Connect or AAD DS
  • An Azure subscription
    • With a virtual network containing or connected to an AD server
  • Windows 10 Enterprise licensing (though E3, E5, M365 E3/E5) or licensing for the OS you are looking to deploy (Win7 and Server also supported)

The reason AD is required is because WVD machines must be domain or hybrid joined. There’s also a list of url requirements which you can find here.

Allow Windows Virtual Desktop to access your Azure AD tenant

Go to: https://rdweb.wvd.microsoft.com/ and log in with your Global Admin account. Select Server App and consent to WVD access and provide the Azure AD Tenant ID (Azure AD -> Properties -> Directory ID).

WVD Consent Page
Directory ID location

Then, navigate back to https://rdweb.wvd.microsoft.com and select Client App, and resubmit the same permissions.

Application confirmation

Back in the Azure Portal, open up Azure Active Directory and select Enterprise Applications. Under all applications, you’ll now see:

Enterprise Applications for WVD

Select Windows Virtual Desktop > Users and groups > +Add user. Here, we need a user with Global Admin rights who will “create” the WVD tenant. They will have the TenantCreator role.

Global Admin WVD user

Create the WVD tenant!

This will require PowerShell (Windows PowerShell, not Core), so make sure you have the Az and Microsoft.RDInfra.RDPowerShell modules installed. Once you have those modules installed, run the following commands:

Import-Module -Name Az
Import-Module -Name Microsoft.RDInfra.RDPowerShell
$brokerurl = "https://rdbroker.wvd.microsoft.com"
$aadTenantId = "same tenant ID used to consent"
$azureSubscriptionId = "subscription for deployment"
Initializing the WVD PowerShell commands

Then we’ll need to sign-in with the TenantCreator role accoutn:

Add-RdsAccount -DeploymentUrl $brokerurl

And then we create the tenant:

New-RdsTenant -Name "yourWVDTenantNamehere" -AadTenantId $aadTenantId -AzureSubscriptionId $azureSubscriptionId

Add the Azure AD Global Admin and your AD Domain Admin to the WVD RDS Owners Group using the following command:

New-RdsRoleAssignment -SignInName "myaccount@MyAADdomain.onmicrosoft.com" -RoleDefinitionName "RDS Contributor" -TenantName "TenantNameFromAbove" -AadTenantId $aadTenantId

New-RdsRoleAssignment -SignInName "domainAdmin@MyADDomain.com" -RoleDefinitionName "RDS Contributor" -TenantName "TenantNameFromAbove" -AadTenantId $aadTenantId

Great!

Now that we have a tenant, we need a Host Pool

In the Azure portal, select Create a Resource and search for Windows Virtual Desktop – Provision a host pool.

Select it and press Create. Select the settings you’d like to use for your WVD environment.

Host pool basics
VM size

For this post we’ll be using a Marketing place image. In an upcoming blog post, we’ll describe how to use a managed or custom image.

Important settings: For AD domain join UPN we’ll need an account that has rights to join devices to your Active Directory domain (not required to be synced up to Azure AD). The virtual network will also need line of site to your domain controller to complete the domain join.

VM settings

Important settings: for Windows Virtual Desktop details, use the “tenant group name” and “tenant name” from the PowerShell output from before. The UPN here should be the TenantCreator role.


Great! That will kick off our host pool creation:

Now you’ve made your first WVD tenant!

WVD deployment completed

How do I access WVD?

You can use either the mobile clients, Windows 10 client, or go straight to any HTML5 browser: http://aka.ms/wvdweb. Once you log in with a user in a host pool, you’ll see the desktop:

HTML 5 WVD log in

You may also like...

Leave a Reply

Your email address will not be published. Required fields are marked *