How To Make A Virtual Desktop Template

Some time ago, I wrote a weblog almost How to provision a Windows Virtual Desktop (WVD) Host Pool with Service Primary in the case that MFA is enabled for (every) user/admin in the Azure environment and you lot cannot provision a Windows Virtual Desktop hostpool. And this was working fine when provisioning a new Windows Virtual Desktop host puddle via the "Windows Virtual Desktop – Provision a host pool" magician in the Microsoft Azure Portal. Merely soon I was running into failed deployments when running the ARM Template to Update an exisiting Windows Virtual Desktop hostpool, and I was non the simply one, I got a lot of mails from people with the same problem.

After troubleshooting without success, I decided to open a case on Github. Also there were people that are maxim they have the same trouble, fifty-fifty for months. Recently the "Microsoft Windows Virtual Desktop team" (Including Tom Hickling, Christian Montoya, Mohit Nakrani and more) starts helping me on this case, and they ware able to found out that the problem is "related to not having the right permission to authenticate with Azure resource manager to be able to delete/deallocate old VMs." And so first a large shootout to Tom Hickling, Christian Montoya, Mohit Nakrani and the residue of this awesome team for finding the crusade of this problem!

In this web log I will show yous pace-past-step how you can create a Service Primary that you tin use to provision a new Windows Virtual Desktop Host pool via the "Windows Virtual Desktop – Provision a host pool" magician within the Microsoft Azure Portal, AND the ARM Template to Update an existing Windows Virtual Desktop hostpool. I will do this in the following steps:

Create an App Registration
Add a office consignment to your Azure Subscription
Add together the RDS Owner role to the Service Principal
Provisioning a new WVD Hostpool
Running the ARM Template to Update an existing Windows Virtual Desktop hostpool

Lets get started…

Footstep 1) Create an App Registration

For the next steps login to the Microsoft Azure Portal.

Navigate to: Azure Active Directory > App registrations and click the + New registration button.

Give this application a name, in this case I will give information technology the name Windows Virtual Desktop SP. Select Accounts in this organizational directory just. Leave Redirect URI (optional) empty and click Register

Open the Certificates & secrets bract and click + New customer secret

Requite the client hush-hush a name, in this case I will utilize WVD as name. Select an elapse period and click Add together

Copy theValue to a save identify, this is the Service Principal "password" and this is the only moment you lot can come across this value.

Open theOverview blade and copy theApplication ID to the same save place as the client secret, this is the Service Principal "Username" and you lot demand this together with the customer cloak-and-dagger when enrolling a new Windows Virtual Desktop Host pool or update an existing one.

Footstep ii) Add a role assignment to your Azure Subscription

Within the Azure portal, navigate to Subscriptions

Open yourSubscriptionand go to theAccess control (IAM) blade. In theAdd a part assignment dialog, click Add

Select Contributor as role and search for the Service Principal created in footstep ane of this blog, select it and click Save

Step 3) Add the RDS Owner office to the Service Master

Open thePowerShell in an elevated prompt.

If y'all not already done this, install theMicrosoft RDinfraPowerShell module past running the following control:

Install-Module -Name Microsoft.RDInfra.RDPowerShell

Import the module with the following control:

Import-Module -Proper noun Microsoft.RDInfra.RDPowerShell

Run the following command and login with a Windows Virtual Desktop RDS Possessor role

Add-RdsAccount -DeploymentUrl https://rdbroker.wvd.microsoft.com

The following output volition be displayed.

Run the following command. (supersede hobo.cloud with your Windows Virtual Desktop tenant name)

$myTenantName = "your tenant proper noun"

Run the post-obit command to add the RDS Possessor part to the Service Primary. Replace "<Service Principal App ID>" with the App ID of the Service Chief created in step i of this blog.

New-RdsRoleAssignment -RoleDefinitionName "RDS Owner" -ApplicationId <Service Master App ID> -TenantName $myTenantName

Stride iv) Provisioning a new WVD Hostpool

Lets see if nosotros can create a new Windows Virtual Desktop Hostpool with this Servcice Principal. For the adjacent steps you lot need to go back to the Microsoft Azure Portal.

In the Microsoft Azure Portal, click the+ Create a resourcesbutton.

Search forWindows Virtual Desktop – Provision a host puddle and clickCreate

Select yourSubscription, aResources group (or create a new one, similar I practise in this case). Select yourRegion and fill in a name for this new WVD Hostpool (in my caseSP-TEST). Select theDesktop type(in my case Pooled) and fill in theDefault desktop users. ClickNext : Configure virtual machines

Configure the virtual machines, in my instance I will create two D4s v3 VM's. ClickNext

Configure the Image source (for now I volition keep it with a Gallery image) and fill all the other requested data in. ClickNext : Windows Virtual Desktop data

Fill in the Windows Virtual Desktop information. SetWindows Virtual Desktop tenant RDS OwnertoService principal. Fill in theApplication IDand the Password(client undercover). Fill in yourAzure Advert tenant ID and clickNext : Review + create

ClickCreate

After a few minutesYour deployment is consummate

Step 5) Running the ARM Template to Update an existing Windows Virtual Desktop hostpool

Now that the Service Principle is working for the "Windows Virtual Desktop – Provision a host puddle"wizards. Let's run into how information technology's working for the ARM Template.

Open the ARM Template to Update an exisiting Windows Virtual Desktop hostpool and clickDeploy to Azure

Fill in the following fields:

Subscription : Select your Azure Subscription
Resource grouping : Select the current Resource Grouping used for the host puddle or create a new ane
Rdsh Image Source: Select the type of Image you want to utilise (in my instance this will be a custom image)
Vm Image Vhd Uri : Enter the URL of the VHD file (if using a custom prototype)
Rdsh Name Prefix: Enter a Computer name Prefix for the new VM'due south (other then electric current)
Rdsh Number Of Instances : Fill in the number of VM's that needs to be created
Rdsh VM Disk Type : Select the disk type you want to apply for this new VM's

Roll a little down

Make full in the following fields:

Rdsh Vm Size : Select your VM size
Domain To Join: Fill in your local domain name
Existing Domain UPN : The user business relationship to join the VM's to the domain
Existing Doamin Password : The countersign of the user
Ou Path : Optionally the OU were the figurer accounts needs to put in
Existing Vnet Proper name : The name of the Network yous want to apply for your VM's
Existing Subnet Proper name : Enter the name of the subnet you desire to utilize (VM'south needs to be able connect to the local DC's or Azure AD DS)
Virtual Network Resource Group Proper noun: The Resource group name of the Vnet
Existing Tenant Name: The name of your WVD Tenant
Existing Hostpool Proper noun : The name of the WVD Hostpool

Scroll a little downward

Make full in the following:

Tenant Admin Upn Or Application Id : The Application ID of the Service Main created in pace i of this blog
Tenant Admin Countersign : The customer secret of the Service Master created in step one of this blog
Is Service Main : true
Aad Tenant Id : Your Azure ID
Action on Previous Virtual Machines : Delete or deallocate
User Logoff Delay In Minutes : The amount of minutes you prefer

SelectI hold to the terms and weather stated aboveand clickPurchase

After a few minutesYour deployment is consummate

When looking in the management panel, you lot see that the old two VM's are removed from the Hostpool, and the four new ones are added.