Deploy Virtual Desktop host pools and hosts by using Azure Resource Manager templates

You need to automate deployment of Azure Virtual Desktop host pools and hosts by using Azure Resource Manager templates.

Objectives

After completing this lab, you will be able to:

• Deploy Azure Virtual Desktop host pools and hosts by using Azure Resource Manager templates

Prerequisites for this labs : Azure Account / Download Labs Files here

• An Azure subscription you will be using in this lab.
• A Microsoft account or an Azure AD account with the Owner or Contributor role in the Azure subscription you will be using in this lab and with the Global Administrator role in the Azure AD tenant associated with that Azure subscription.
• The completed lab Prepare for deployment of Azure Virtual Desktop (AD DS)
• The completed lab Deploy host pools and session hosts by using the Azure portal (AD DS)

Lab 1: Deploy Azure Virtual Desktop host pools and hosts by using Azure Resource Manager templates

The main tasks for this Lab are as follows:

• Prepare for deployment of an Azure Virtual Desktop host pool by using an Azure Resource Manager template
• Deploy an Azure Virtual Desktop host pool and hosts by using an Azure Resource Manager template
• Verify deployment of the Azure Virtual Desktop host pool and hosts
• Prepare for adding of hosts to the existing Azure Virtual Desktop host pool by using an Azure Resource Manager template
• Add hosts to the existing Azure Virtual Desktop host pool by using an Azure Resource Manager template
• Verify changes to the Azure Virtual Desktop host pool
• Manage personal desktop assignments in the Azure Virtual Desktop host pool

Task 1: Prepare for deployment of an Azure Virtual Desktop host pool by using an Azure Resource Manager template

• From your lab computer, start a web browser, navigate to the Azure portal, and sign in by providing credentials of a user account with the Owner role in the subscription you will be using in this lab.
• In the Azure portal, search for and select Virtual machines and, from the Virtual machines blade, select exceed-dc-vm11.
• On the exceed-dc-vm11 blade, select Connect, in the drop-down menu, select Bastion, on the Bastion tab of the exceed-dc-vm11 | Connect blade, select Use Bastion.
• When prompted, provide the following credentials and select Connect:

Setting	Value
User Name	Student
Password	Pa55w.rd1234

• Within the Remote Desktop session to exceed-dc-vm11, start Windows PowerShell ISE as administrator.
• Within the Remote Desktop session to exceed-dc-vm11, from the Administrator: Windows PowerShell ISE console, run the following to identify the distinguished name of the organizational unit named WVDInfra that will host the computer objects of the Azure Virtual Desktop pool hosts:

(Get-ADOrganizationalUnit -Filter "Name -eq 'WVDInfra'").distinguishedName

Within the Remote Desktop session to exceed-dc-vm11, from the Administrator: Windows PowerShell ISE script pane, run the following to identify the user principal name attribute of the ADATUM\Student account that you will use to join the Azure Virtual Desktop hosts to the AD DS domain (student@adatum.com):

(Get-ADUser -Filter "sAMAccountName -eq 'student'").userPrincipalName

Within the Remote Desktop session to exceed-dc-vm11, from the Administrator: Windows PowerShell ISE script pane, run the following to identify the user principal name of the ADATUM\aduser7 and ADATUM\aduser8 accounts that you will use to test personal desktop assignments later in this lab:

(Get-ADUser -Filter "sAMAccountName -eq 'aduser7'").userPrincipalName
(Get-ADUser -Filter "sAMAccountName -eq 'aduser8'").userPrincipalName

Note: Record all user principal name values you identified. You will need them later in this lab.

• Within the Remote Desktop session to exceed-dc-vm11, from the Administrator: Windows PowerShell ISE script pane, run the following to calculate the token expiration time necessary to perform a template-based deployment:

$((get-date).ToUniversalTime().AddDays(1).ToString('yyyy-MM-ddTHH:mm:ss.fffffffZ'))

Note: The value should resemble the format 2020-12-27T00:51:28.3008055Z. Record it since you will need it in the next task.

Note: A registration token is required to authorize a host to join the pool. The value of token’s expiration date must be between one hour and one month from the current date and time.

• Within the Remote Desktop session to exceed-dc-vm11, start Microsoft Edge and navigate to the Azure portal. If prompted, sign in by using the Azure AD credentials of the user account with the Owner role in the subscription you are using in this lab.
• Within the Remote Desktop session to exceed-dc-vm11, in the Azure portal, use the Search resources, services, and docs text box at the top of the Azure portal page to search for and navigate to Virtual networks and, on the Virtual networks blade, select Exceed-adds-vnet11.

• On the Exceed-adds-vnet11 blade, select Subnets, on the Subnets blade, select + Subnet, on the Add subnet blade, specify the following settings (leave all other settings with their default values) and click Save:

Setting	Value
Name	hp2-Subnet
Subnet address range	10.0.2.0/24

• Within the Remote Desktop session to exceed-dc-vm11, in the Azure portal, use the Search resources, services, and docs text box at the top of the Azure portal page to search for and navigate to Network security groups and, on the Network security groups blade, select the network security group in the exceed140-11-RG  resource group.
• On the network security group blade, in the vertical menu on the left, in the Settings section, click Properties.
• On the Properties blade, click the Copy to clipboard icon on the right side of the Resource ID textbox.

Note: The value should resemble the format /subscriptions/de8279a3-0675-40e6-91e2-5c3728792cb5/resourceGroups/exceed140-11-RG /providers/Microsoft.Network/networkSecurityGroups/exceed140-cl-vm11-nsg, although the subscription ID will differ. Record it since you will need it in the next task.

Task 2: Deploy an Azure Virtual Desktop host pool and hosts by using an Azure Resource Manager template

• From your lab computer, start a web browser, navigate to the Azure portal, and sign in by providing credentials of a user account with the Owner role in the subscription you will be using in this lab.
• From your lab computer, in the same web browser window, open another web browser tab and navigate to the GitHub Azure RDS templates repository page ARM Template to Create and provision new Azure Virtual Desktop hostpool.
• On the ARM Template to Create and provision new Azure Virtual Desktop hostpool page, select Deploy to Azure. This will automatically redirect the browser to the Custom deployment blade in the Azure portal.

• On the Custom deployment blade, select Edit parameters.
• On the Edit parameters blade, select Load file, in the Open dialog box, select \\Your Folder\exceed140-23_azuredeployhp23.parameters.json, select Open, and then select Save.

• Back on the Custom deployment blade, specify the following settings (leave others with their existing values):

Setting	Value
Subscription	the name of the Azure subscription you are using in this lab
Resource Group	the name of a new resource group exceed140-23-RG
Region	the name of the Azure region into which you deployed Azure VMs hosting AD DS domain controllers in the lab Prepare for deployment of Azure Virtual Desktop (AD DS)
Location	the name of the same Azure region as the one set as the value of the Region parameters
Workspace location	the name of the same Azure region as the one set as the value of the Region parameters
Workspace Resource Group	none, since, if null, its value will be automatically set to match the deployment target resource group
All Application Group Reference	none, since there are no existing application groups in the target workspace (there is no workspace)
Vm location	the name of the same Azure region as the one set as the value of the Location parameters
Create Network Security Group	false
Network Security Group Id	the value of the resourceID parameter of the existing network security group you identified in the previous task
Token Expiration Time	the value of the token expiration time you calculated in the previous task

• Note: The deployment provisions a pool with personal desktop assignment type.

• On the Custom deployment blade, select Review + create and select Create.

Note: Wait for the deployment to complete before you proceed to the next task. This might take about 15 minutes.

Task 3: Verify deployment of the Azure Virtual Desktop host pool and hosts

• From your lab computer, in the web browser displaying the Azure portal, search for and select Azure Virtual Desktop, on the Azure Virtual Desktop blade, select Host pools and, on the Azure Virtual Desktop | Host pools blade, select the entry exceed140-23-hp2  representing the newly deployed pool.

• On the exceed140-23-hp2  blade, in the vertical menu on the left side, in the Manage section, click Session hosts.
• On the exceed140-23-hp2  | Session hosts blade, verify that the deployment consists of two hosts.

On the exceed140-23-hp2  | Session hosts blade, in the vertical menu on the left side, in the Manage section, click Application groups.

• On the exceed140-23-hp2  | Application groups blade, verify that the deployment includes the Default Desktop application group named exceed140-23-hp2 -DAG.

Task 4: Prepare for adding of hosts to the existing Azure Virtual Desktop host pool by using an Azure Resource Manager template

• From your lab computer, switch to the Remote Desktop session to exceed-dc-vm11.
• Within the Remote Desktop session to exceed-dc-vm11, from the Administrator: Windows PowerShell ISE console, run the following to generate the token necessary to join new hosts to the pool you provisioned earlier in this Lab:

$registrationInfo = New-AzWvdRegistrationInfo -ResourceGroupName 'exceed140-23-RG' -HostPoolName 'exceed140-23-hp2 ' -ExpirationTime $((get-date).ToUniversalTime().AddDays(1).ToString('yyyy-MM-ddTHH:mm:ss.fffffffZ'))

Within the Remote Desktop session to exceed-dc-vm11, from the Administrator: Windows PowerShell ISE console, run the following to retrieve the value of the token and paste it into Clipboard:

$registrationInfo.Token | clip

Note: Record the value copied into Clipboard (for example, by launching Notepad and pressing the Ctrl+V key combination to paste the content of the Clipboard into Notepad) the content of the since you will need it in the next task. Make sure to that the value you are using includes a single line of text, without any line breaks.

Note: A registration token is required to authorize a host to join the pool. The value of token’s expiration date must be between one hour and one month from the current date and time.

Task 5: Add hosts to the existing Azure Virtual Desktop host pool by using an Azure Resource Manager template

• From your lab computer, in the same web browser window, open another web browser tab and navigate to the GitHub Azure RDS templates repository page ARM Template to Add sessionhosts to an existing Azure Virtual Desktop hostpool.
• On the ARM Template to Add sessionhosts to an existing Azure Virtual Desktop hostpool page, select Deploy to Azure. This will automatically redirect the browser to the Custom deployment blade in the Azure portal.

• On the Custom deployment blade, select Edit parameters.
• On the Edit parameters blade, select Load file, in the Open dialog box, select \\Your Folder\exceed140-23_azuremodifyhp23.parameters.json, select Open, and then select Save.
• Back on the Custom deployment blade, specify the following settings (leave others with their existing values):

Setting	Value
Subscription	the name of the Azure subscription you are using in this lab
Resource Group	exceed140-23-RG
Hostpool Token	the value of the token you generated in the previous task
Hostpool Location	the name of the Azure region into which you deployed the hostpool earlier in this lab
Vm Administrator Account Username	student Do not use @adatum.com
Vm Administrator Account Password	Pa55w.rd1234
Vm location	the name of the same Azure region as the one set as the value of the Hostpool Location parameters
Create Network Security Group	false
Network Security Group Id	the value of the resourceID parameter of the existing network security group you identified in the previous task

• On the Custom deployment blade, select Review + create and select Create.

Note: Wait for the deployment to complete before you proceed to the next task. This might take about 5 minutes.

Task 6: Verify changes to the Azure Virtual Desktop host pool

• From your lab computer, in the web browser displaying the Azure portal, search for and select Virtual machines and, on the Virtual machines blade, note that the list includes an additional virtual machine named exceed-23-p2-2.

• From your lab computer, switch to the Remote Desktop session to exceed-dc-vm11.
• Within the Remote Desktop session to exceed-dc-vm11, from the Administrator: Windows PowerShell ISE console, run the following to verify that the third host was successfully joined to the adatum.com AD DS domain:

Get-ADComputer -Filter "sAMAccountName -eq 'exceed-23-p2-2$'"

• Switch back to your lab computer, in the web browser displaying the Azure portal, search for and select Azure Virtual Desktop, on the Azure Virtual Desktop blade, select Host pools and, on the Azure Virtual Desktop | Host pools blade, select the entry exceed140-23-hp2  representing the newly modified pool.
• On the exceed140-23-hp2  blade, review the Essentials section and verify that the Host pool type is set to Personal with the Assignment type set to Automatic.

On the exceed140-23-hp2  blade, in the vertical menu on the left side, in the Manage section, click Session hosts.

• On the exceed140-23-hp2  | Session hosts blade, verify that the deployment consists of three hosts.

Task 7: Manage personal desktop assignments in the Azure Virtual Desktop host pool

• On your lab computer, in the web browser displaying the Azure portal, on the exceed140-23-hp2  | Session hosts blade, in the vertical menu on the left side, in the Manage section, select Application groups.
• On the exceed140-23-hp2  | Application groups blade, in the list of application groups select exceed140-23-hp2 -DAG.

• On the exceed140-23-hp2 -DAG blade, in the vertical menu on the left, select Assignments.
• On the exceed140-23-hp2 -DAG | Assignments blade, select + Add.
• On the Select Azure AD users or user groups blade, select exceed140-wvd-personal and click Select.

Note: Now let’s review the experience of a user connecting to the Azure Virtual Desktop host pool.

• From your lab computer, in the browser window displaying the Azure portal, search for and select Virtual machines and, on the Virtual machines blade, select the exceed-cl-vm11 entry.
• On the exceed-cl-vm11 blade, select Connect, in the drop-down menu, select Bastion, on the Bastion tab of the exceed-cl-vm11 | Connect blade, select Use Bastion.
• When prompted, provide the following credentials and select Connect:

Setting	Value
User Name	Student@adatum.com
Password	Pa55w.rd1234

• Within the Remote Desktop session to exceed-cl-vm11, click Start and, in the Start menu, select the Remote Desktop client app.

In the Remote Desktop window, click the ellipsis icon in the upper right corner, in the dropdown menu, click Unsubscribe, and, when prompted for confirmation, click Continue.

Within the Remote Desktop session to exceed-cl-vm11, in the Remote Desktop window, on the Let’s get started page, click Subscribe.

In the Remote Desktop client window, select Subscribe and, when prompted, sign in with the aduser7 credentials, by providing its userPrincipalName and Pa55w.rd1234 as its password.

Note: Alternatively, in the Remote Desktop client window, select Subscribe with URL, in the Subscribe to a Workspace pane, in the Email or Workspace URL, type https://rdweb.wvd.microsoft.com/api/arm/feeddiscovery, select Next, and, once prompted, sign in with the aduser7 credentials (using its userPrincipalName attribute as the user name and the password you set when creating this account).

• On the Remote Desktop page, double-click the SessionDesktop icon, when prompted for credentials, type the same password again, select the Remember me checkbox, and click OK.

• In the Stay signed in to all your apps window, clear the checkbox Allow my organization to manage my device checkbox and select No, sign in to this app only.
• Verify that aduser7 successfully signed in via Remote Desktop to a host.

• Within the Remote Desktop session to one of the hosts as aduser7, right-click Start, in the right-click menu, select Shut down or sign out and, in the cascading menu, click Sign out.

Note: Now let’s switch the personal desktop assignment from the direct mode to automatic.

• Switch to your lab computer, to the web browser displaying the Azure portal, on the exceed140-23-hp2 -DAG | Assignments blade, in the informational bar directly above the list of assignments, click the Assign VM link. This will redirect you to the exceed140-23-hp2  | Session hosts blade.

On the exceed140-23-hp2  | Session hosts blade, verify that one of the hosts has aduser7 listed in the Assigned User column.

Note: This is expected since the host pool is configured for automatic assignment.

• On your lab computer, in the web browser window displaying the Azure portal, open the PowerShell shell session within the Cloud Shell pane.
• From the PowerShell session in the Cloud Shell pane, run the following to switch to the direct assignment mode:

Update-AzWvdHostPool -ResourceGroupName 'exceed140-23-RG' -Name 'exceed140-23-hp2 ' -PersonalDesktopAssignmentType Direct

On your lab computer, in the web browser window displaying the Azure portal, navigate to the exceed140-23-hp2  host pool blade, review the Essentials section and verify that the Host pool type is set to Personal with the Assignment type set to Direct.

Switch back to the Remote Desktop session to exceed-cl-vm11, in the Remote Desktop window, click the ellipsis icon in the upper right corner, in the dropdown menu, click Unsubscribe, and, when prompted for confirmation, click Continue.

• Within the Remote Desktop session to exceed-cl-vm11, in the Remote Desktop window, on the Let’s get started page, click Subscribe.
• When prompted to sign in, on the Pick an account pane, click Use another account, and, when prompted, sign in by using the user principal name of the aduser8 user account with the password you set when creating this account.

• In the Stay signed in to all your apps window, clear the checkbox Allow my organization to manage my device checkbox and select No, sign in to this app only.
• On the Remote Desktop page, double-click the SessionDesktop icon, verify that you receive an error message stating We couldn’t connect because there are currently no available resources. Try again later or contact tech support for help if this keeps happening, and click OK.

Note: This is expected since the host pool is configured for direct assignment and aduser8 has not been assigned a host.

• Switch to your lab computer, to the web browser displaying the Azure portal and, on the exceed140-23-hp2  | Session hosts blade, select the (Assign) link in the Assigned User column next to one of the two remaining unassigned hosts.

On the Assign a user, select aduser8, click Select and, when prompted for confirmation, click OK.

Switch back to the Remote Desktop session to exceed-cl-vm11, in the Remote Desktop window, double-click the SessionDesktop icon, when prompted for the password, type the password you set when creating this user account, click OK, and verify that you can successfully sign in to the assigned host.

Lab 2: Stop and deallocate Azure VMs provisioned in the lab

The main tasks for this Lab are as follows:

• Stop and deallocate Azure VMs provisioned in the lab

Note: In this Lab, you will deallocate the Azure VMs provisioned in this lab to minimize the corresponding compute charges

Task 1: Deallocate Azure VMs provisioned in the lab

• Switch to the lab computer and, in the web browser window displaying the Azure portal, open the PowerShell shell session within the Cloud Shell pane.
• From the PowerShell session in the Cloud Shell pane, run the following to list all Azure VMs created in this lab:

Get-AzVM -ResourceGroup 'exceed140-23-RG'

From the PowerShell session in the Cloud Shell pane, run the following to stop and deallocate all Azure VMs you created in this lab:

Get-AzVM -ResourceGroup 'exceed140-23-RG' | Stop-AzVM -NoWait -Force

Note: The command executes asynchronously (as determined by the -NoWait parameter), so while you will be able to run another PowerShell command immediately afterwards within the same PowerShell session, it will take a few minutes before the Azure VMs are actually stopped and deallocated.

Congratulations, you are now able to automate deployment of Azure Virtual Desktop host pools and hosts by using Azure Resource Manager templates.

Reminder: Don’t forget to delete or shutdown all unused Azure resources after your labs for cost saving