- Azure AD without on-prem Windows Active Directory? - Mon, Oct 25 2021
- An overview of Azure security - Mon, Mar 29 2021
- An introduction to Azure AD administrative units - Wed, Jan 6 2021
There are two ways to connect to the WVD service: the web client or the Remote Desktop application. Below are the details of each, as well as instructions for enabling email feed discovery. Email feed discovery makes connecting to the service with the Remote Desktop application easier for end users.
The web client is a convenient way for users to quickly connect to WVD and interact with remote desktops and remote applications. It is also a good option for remote users with personally owned computers on which they may not want to install the client software.
The web client works with most web browsers that support HTML5. Officially, Microsoft supports the following web browsers for the WVD web client:
|Internet Explorer V11+||Windows|
|Mozilla Firefox V55+||Windows, macOS, Linux|
|Google Chrome||Windows, macOS, Linux, Chrome OS|
The URL to access the web client is https://rdweb.wvd.microsoft.com/arm/webclient. This link requires the user to sign in to Azure AD with their enterprise account. Once logged into Azure AD, the user has access to the resources that are assigned to them. When the user opens a resource, they will get an Active Directory login prompt to sign in to the domain resource.
The double sign-in is necessary, as the user signs into two systems. The first sign-in is to Azure AD and the second is to the Active Directory domain. Credentials can be cached in the web browser to minimize user sign-in.
Client WVD Feed and email discovery
There are two options available for the clients to locate the WVD service. The first is by entering the feed URL into the client. The feed URL is:
Locating WVD resources by the feed URL is a viable option, but users may find it cumbersome. URLs are complicated to type, and some devices don't allow copying and pasting between applications.
The second option is to enable email feed discovery. This is an easier method for end users that uses a host record added to DNS to facilitate WVD feed discovery. The host record is added to the user's email domain, and the corresponding DNS entry for the domain directs the client to the WVD feed URL. For example, if the user's email address ends with @contoso.com, a DNS entry for the WVD is added to the contoso.com domain. Below is an overview of the steps for adding email feed discovery to DNS.
Add email discovery WVD feed to DNS
Log in to the DNS service with an account that has rights to modify DNS.
Add the following host and associated values as a new text record in the domain:
Host:_msradc Text: https://rdweb.wvd.microsoft.com/api/arm/feeddiscovery TTL:300
All DNS services are different, but the end result should look similar to the image below. Keep in mind that it can take some time for DNS to update. In most cases, it takes just a few minutes, but some systems could take hours.
It is common for organizations to separate internal and external DNS. In that case, it's necessary to add the same details to both the internal and external DNS servers. Below is the same value added to a Windows DNS server.
Once the DNS entry is added and replicated, end users can access published resources by entering their email address instead of a URL. The following client configuration information includes instructions for both options.
Windows comes with a Remote Desktop Connection client (MSTSC). This client has been used with RDS environments for quite some time. Unfortunately, that client will not work with WVD. WVD is a PaaS offering with a shared URL for client access that requires Azure AD authentication. Users are directed to resources based on the credentials they supply when logging in.
Microsoft provides a new Remote Desktop client (MSRDC) for use with WVD. This client supports modern Azure authentication and runs on Windows 7, Windows 10, and Windows 10 IoT. The client is available as an MSI package for distribution and management in an enterprise environment and installs without the need for an administrator account.
Download the most up-to-date client from the link below. Note that there is another Microsoft Remote Desktop client available at the Windows Store. The Windows Store version has a blue icon and, at the time of writing, is not compatible with WVD. Support for WVD with the Windows Store Client is coming. The Insider build, Version 10.2.1519, has added support for WVD.
The Remote Desktop client has an orange icon and will work with WVD.
Once installed, open the Remote Desktop client and click Subscribe to add a remote resource by email address or Subscribe with URL to add a remote resource by URL:
Either option will open a login screen. Enter the account information for the user with access to the WVD environment.
Once finished, the resources for the WVD Workspace are displayed in the Remote Desktop application.
Windows client settings
Connecting to the Remote Desktop will open a remote desktop session with the default settings. By default, the client will use all available displays when connected to WVD. Display setting behavior is changed in the Remote Desktop client by right-clicking the resource and selecting Settings.
Set the Use default settings option to Off to modify how the remote session is displayed on the local computer.
Under Display settings, change the display configuration to use all monitors, a single monitor, or the selected monitor. The option Single display when windowed allows you to set a windowed Remote Desktop to use a single display or display all desktops within a single window. The last option, Fit session to window, resizes the Remote Desktop resolution to fit the window or leave it with the native resolution if set to Off.
The Android Remote Desktop client is available by downloading the Microsoft Remote Desktop client from the Google Play store. Search for Remote Desktop from the Google Play store and install the application.
Once installed, add a remote resource feed by clicking the plus symbol in the top right corner and selecting Add Workspace. The workspace is added by entering an email address if email discovery is enabled, or by adding the following URL:
Once the user is signed in, the resources assigned to them are available in the client.
The client for Mac works with MacOS version 10.12 or above. The Microsoft Remote Desktop client is available from the Mac App Store. Search for Remote Desktop in the App Store and open Microsoft Remote Desktop. Click Install to install the Remote Desktop Client.
Once it is installed, go to the launchpad and open Microsoft Remote Desktop. At the top of the screen, select Workspaces to add a new Workspace.
Enter the email address of a user with access to WVD if email discovery is enabled or enter the URL below to add the workspace. Sign in when prompted.
Once the workspace is added, double-click the resource to open a connection to WVD.
The iOS Remote Desktop client works on devices running iOS 13.0 or newer. Download the iOS from the app store by searching for Remote Desktop.
Once it is installed, add a workspace by clicking the plus symbol in the top right corner and selecting Add Workspace.
Enter an email address of a user with access to the WVD environment if email discovery is enabled or add the URL below to the Email or Workspace URL.
Sign in with an account that has access to the WVD environment. The user's workspace will be displayed in the app along with the resources available to the user.
At this time, the only option for Linux to connect to WVD is through an HTML5-compliant web browser. There is no Remote Desktop client available for Linux from Microsoft. IGEL, a Microsoft partner, has a WVD client available for Linux devices. Microsoft also has an SDK in development to provide support for Linux clients.
Client Remote Desktop protocol settings
The Remote Desktop Protocol (RDP) has options available that allow administrators to customize the user's experience when the user interacts with a host pool. For example, there may be situations in which the user interacts with sensitive or regulated information when logged in to WVD. The default behavior for WVD allows the user to print to a local printer and copy/paste between the WVD and the local computer. Some environments need to disable these features to prevent data leaks. Modify the default behavior of the WVD session by customizing the RDP properties on the host pool.
The values used to modify the default behavior are published at the link below. Not all values in this list are supported options for WVD. Support for WVD is indicated in the Windows Virtual Desktop support column in the table. The table lists each setting, its description, and its available values.
Configure RDP settings in the portal
Configure custom RDP settings with the Azure portal by following the steps below. The following example will disable clipboard and printer redirection.
- Log in to the portal and go to Windows Virtual Desktop.
- Go to Host Pools and select the Host Pool to modify.
- Go to Settings > Properties for the Host Pool. At the bottom of the Properties window is a text box to add RDP property settings.
Modify the RDP settings by adding RDP settings and values. Use a semicolon (;) to separate multiple RDP settings. The settings to disable clipboard and printer redirection are:
In both examples, the value 0 disables redirection, the value 1 enables redirection, and the default value is 1.
Add the settings to the RDP properties. The result should look like the image below.
To remove any or all of the settings, simply remove the value from the RDP Properties text box and click save.
Configure RDP settings with PowerShell
PowerShell provides another option to modify WVD settings, including RDP settings. Adding and removing RDP settings requires the az.desktopvirtualization module and to be logged into Azure with an account that has rights to change settings in WVD.
Run the following command to view the current RDP settings in the host pool:
Get-AzWvdHostPool -ResourceGroupName <WVD\_ResourceGroup> -Name <WVD\_HostPool> | Format-list Name, CustomRdpProperty
The host pool name and RDP settings are displayed, similar to the list below. Notice there are no settings for CustomRdpProperty.
Next, add a single property with the Update-AzWvdHostPool command, as shown below.
Update-AzWvdHostPool -ResourceGroupName <WVD\_ResourceGroup> -Name <WVD\_HostPoo -CustomRdpProperty redirectclipboard:i:0
Run the Get-AzWvdHostPool command again to view the new settings.
You may want to remove the RDP settings and go back to the default configuration. The command below will remove all settings from the host pool.
Update-AzWvdHostPool -ResourceGroupName <WVD\_ResourceGroup> -Name <WVD\_HostPool> -CustomRdpProperty ""
The problem with the method above is that adding a new setting will overwrite the previously added setting. Most administrators need to add multiple settings, similar to blocking the printer and clipboard redirect as we did in the Azure portal example. Below, we walk through the steps of adding multiple RDP settings to the host pool.
Start by creating a list of settings and assign the list to one variable. Note that each value is separated by a semicolon in the list.
$properties = "redirectclipboard:i:0;redirectprinters:i:0"
Next, run the Update-AzWvdHostPool command with the $properties variable assigned to the -CustomRdpProperty setting, as shown below.
Update-AzWvdHostPool -ResourceGroupName <WVD\_ResourceGroup> -Name <WVD\_HostPool> -CustomRdpProperty $properties
When you are finished, use the Get-AzWvdHostPool command to see the new value. The image below shows the steps for adding the $properties variable, running the update command, and displaying the output.
As working remotely becomes more mainstream, it's important to support the multiple ways users interact with WVD. Windows Virtual Desktop supports a variety of clients, including Windows, Android, iOS, and Mac, as well as web browsers that support HTML5.
Subscribe to 4sysops newsletter!
Just as important is the ability to secure the sessions and safeguard the data that users may interact with through the remote desktop session. Windows Virtual Desktop has an extensive list of configuration options that can customize users' experience as they work remotely.