This repository contains the information needed to describe the main topics on a wvd architecture design and implementation.
-
Virtual Machine Guidance:
6.1. Virtual machine sizing guidelines
6.2. Multi-session recommendations
6.3. Single-session recommendations
6.4. General virtual machine recommendations -
FSLogix:
8.1. FSLogix for enterprise
8.2. Storage options for FSLogix profile containers
8.3. Azure Files Best practices
8.4. Azure NetApp Files Best Practices
-
Deploy Azure infrastructure and AD DS:
3.1. Virtual Network
3.2. Subnet
3.3. NSG (Permits AD Traffic, RDP incoming traffic, restricts DMZ access)
3.4. DNS configured to point to the domain controller
3.5. Virtual Machine:
3.5.1. Active Directory Domain Services installed and configured
3.5.2. Azure AD Connect installed and ready for configuration -
Configure Azure AD Connect with AD DS:
4.1. What is Azure AD Connect
4.2. Azure AD connect and Azure AD Connect Health installation -
Create a Master Image for WVD:
8.1. Create a Master Image for WVD
8.1.2. Install Office on a master VHD image
8.1.3. Install Microsoft Teams on a WVD
8.1.4. Azure Academy - Teams AV Redirect
8.1.5. Download and install FSLogix
8.1.6. OS Settings | Prepare and customize a master VHD image
8.1.7. OS Settings | Prepare a Windows VHD or VHDX to upload to Azure
8.1.8. OS Settings | Run Disk Cleanup
8.1.9. Virtual Desktop Optimization Tool -
Image Management:
11.1. Azure Academy - Image Management
12.1.2. Azure Academy - Shared Image Gallery
13.1.3. Image Management : How to manage and deploy custom images (including versioning) with the Azure Shared Image Gallery (SIG) (robinhobo.com) -
Define a strategy to store FSLogix profiles containers:
15.1. Storage options for FSLogix Profile containers
16.1.1. Azure Files and Active Directory Domain Services
17.1.1.1. How to implement FSLogix Profile container using Azure Files and Active Directory authentication for Windows Virtual Desktop
18.1.2. Azure NetApp Files
19.1.3. Windows File Server
20.1.4. Azure Files and Azure Active Directory Domain Services -
FSLogix General Configuration:
22.1. Use FSLogix Group Policy Template Files
23.2. Profile Container registry configuration reference
24.3. Antivirus exclusions -
FSLogix Reference Links:
26.1. Azure Academy - FSLogix with Azure Fileshare
27.2. Azure Academy - NetApp -
GPO Recommendations:
29.1. Enabled *** - Mandatory
30.2. VHD Location *** - Mandatory
31.3. Initiate definition update on start up
32.4. Specify interval to check for definition updates
33.5. Define number of days before virus definitions are considered out of date
34.6. Define the number of days before spyware definitions are considered out of date
35.7. Define the number of days before a catchup day is required
36.8. Check for latest virus and spyware definitions on startup
37.9. Allow real time definition updates on report to microsoft MAPS
38.10. Allow definition updates from microsoft update
39.11. Dynamic VHDX allocation
40.12. Extension Exclusions
41.14. SID directory name matching string
42.15. SID directory name pattern string
43.16. Swap directory name components
44.17. Virtual disk type should be VHDX
45.18. Size in Mbs
46.19. Delete local profile when FsLogix Profile should apply - Optional*
47.20. Prevent Login with failure - Optional*
48.21. Prevent login with temp profile -Optional -
Using MSIX app attach:
50.1. What is MSIX app attach
51.2. Set up MSIX app attach
52.3. MSIX app attach FAQ -
Create a Host Pool for Pooled Remote Apps:
55.1. Publish built-in apps in Windows Virtual Desktop
56.2. Manage app groups with the Azure portal -
Configure host pool settings:
58.1. RDP Properties
59.2. Configure device redirections (Mic, Speaker, Camera, Printer, Clipboard, USB, Local Drive, Plug and Play Devices)
60.3. Host pool load-balancing methods
61.4. Configure the Windows Virtual Desktop load-balancing method
62.5. Personal desktop assignment type -
Connect WVD with clients:
64.1. Windows Desktop Client
65.2. HTML5 Web Client
66.3. Android Client
67.4. macOS Client
68.5. iOS Client -
Setup Monitoring for WVD:
71.1. Azure Log Analytics and Azure Monitor
72.2. Sepago Solution
73.3. Azure Academy - Monitoring Workbook
74.4. Use Azure Monitor for Windows Virtual Desktop to monitor your deployment -
Setup the WVD Scaling Tool:
76.1. Azure Automation
77.2. Azure Academy - Scaling Automation -
WVD Security:
79.1. Enabling MFA to WVD
80.2. Azure Academy - Session Host Security
81.3. Security Best practices for WVD
82.4. Safe URL List
83.5. Use Azure Firewall to protect WVD -
Configuring automatic updates using Endpoint Configuration Manager
-
WVD BCDR:
86.1. Setup BCDR Plan
87.2. Disaster recovery considerations
88.3. Backup and restore considerations -
GPO Suggestions:
90.1. Computer Configuration > Policies > Administrative Templates > Windows Components > Remote Desktop Services > Remote Desktop Session Host > Session Time Limits:
91.1.1. Set time limit for active but idle Remote Desktop Services sessions: Enabled (e.g., 6 hours)
92.1.2. Set time limit for disconnected sessions: Enabled (e.g., 8 hours)
93.1.3. Set time limit for logoff of RemoteApp sessions: Enabled (e.g., 6 hours)
94.2. User Configuration > Policies > Administrative Templates > Control Panel > Personalization:
95.2.1. Force specific screen saver: Enabled (e.g., %winDir%\System32\ssText3d.scr)
96.2.2. Password protect the screen saver: Enabled
97.2.3. Prevent changing screen saver: Enabled
98.2.4. Screen saver timeout: Enabled (e.g., 80s)