Archive | Azure Virtual Desktop RSS feed for this section

PowerShell – Create a Windows 11 Multi-session golden image for Azure Virtual Desktop using Marketplace Image

28 Nov

Do you want to deploy an Azure Virtual Desktop – Host pools quickly and want a starting point for a golden image? Look no further in this blog post. I will show you how to create a golden image using PowerShell in no more than 10 min.

I will break down the code block into smaller chunks first to explain the critical bits, and in the end, I will post the entire code block that can be run all at once. In this way, explaining block by block becomes easier than pasting one single block.

Pre-requisites

Following are the pre-requisites before you begin

  • PowerShell 5.1 and above
  • Azure Subscription
  • Permissions within the Auzre Subscription for Microsoft Compute
  • Assumption
    • You have an existing Resource Group (RG)
    • You have an existing Azure Virtual Network (VNET)
    • You have an existing workload subnet within the VNET
    • Identify the VM Size you will be using for the golden image
  • Azure PowerShell Modules

Sign to Azure

To start working with Azure PowerShell, sign in with your Azure credentials.

Connect-AzAccount

Identify the Windows 11 Multi-session (Marketplace Image)

There are many different versions of Windows 11 marketplace images from Microsoft. Let’s identify what is available within the gallery.

Get-AzVMImageSku -Location australiaeast -PublisherName MicrosoftWindowsDesktop -Offer windows-11

#Bonus Information

If you want the Multi-session gallery image with Office, than use the following command

Get-AzVMImageSku -Location australiaeast -PublisherName MicrosoftWindowsDesktop -Offer office-365

We are going to use the Windows 11 22H2 Mutli-session – win11-22h2-avd within this script

Variable Region

Delcare all the variable within this section. Lets take a look at what we are declaring within the script:

  • Existing Resource Group within the Azure Subscription (AZ104-RG)
  • A location where you are deploying this virtual machine (Australia East)
  • Name of the golden image virtual machine (VM03)
  • NIC Interface name for the virtual machine (VM03-nic)
  • RG of the VNET (In my case they are same AZ104-RG, they can be seperate too and hence a independent variable)
  • Name of the existing subnet within the vNET (AZ104-VDI-Workload-L1)
  • Name of the existing VNET (AZ104-RG-vnet)
  • Mapping of the exisitng VNET
  • Mapping of the existing subnet
  • T-shirt size of the golden image we are deploying (Standard_D2s_v3)
  • Gallery details of the image
    • Published – MicrosoftWindowsDesktop
    • Offer – windows-11
    • SKU – win11-22h2-avd
    • version – Offcourse latest
  • Get credentials – A local admin account is created on the golden image (A input box to capture the uisername and password)
# Existing Resource Group to deploy the VM
$rgName = "AZ104-RG"

# Geo Location to deploy the VM
$location = "Australia East"

# Image template name
$vmName = "VM03"

# Networking Interfance Name for the VM
$nicName = "$vmName-nic"

# Resource Group for VNET
$vnetrgName = "AZ104-RG"

# Existing Subnet Name
$Existsubnetname = "AZ104-VDI-Workload-L1"

# Existing VNET Name
$Existvnetname = "AZ104-RG-vnet"

# Existing VNET where we are deploying this Virtual Machine
$vnet = Get-AzVirtualNetwork -Name $Existvnetname -ResourceGroupName $vnetrgName

# Existing Subnet within the VNET for the this virtual machine
$subnet = Get-AzVirtualNetworkSubnetConfig -Name $Existsubnetname -VirtualNetwork $vnet

# T-shirt size of the VM
$vmSize = "Standard_D2s_v3"

# Gallery Publisher of the Image - Microsoft
$publisher = "MicrosoftWindowsDesktop"

# Version of Windows 10/11
$offer = "windows-11"

# The SKY ending with avd are the multi-session
$sku = "win11-22h2-avd"

# Choosing the latest version
$version = "latest"

# Setting up the Local Admin on the VM
$cred = Get-Credential `
   -Message "Enter a username and password for the virtual machine."

Execution block

Execution code block within this section. Lets take a look at what we are we executing within the script:

  • First its creating the network interface for the virtual machine (VM03)
  • Next, under the variable $VM all virtual machine configurations
    • Tshirt size of the virtual machine
    • Credentials for the local admin (username/password)
    • The network interface assignment along with the delete option (Note delete option is essential or/else during deletion of VM it will not delete the network interface)
    • The gallery image, sku, offer from the Microsoft Market Place gallery
    • The os disk assignment along with the delete option (Note delete option is essential or/else during deletion of VM it will not delete the disk)
    • The configuration around “Trusted Platform” and enabling of TPM and Secure Boot
    • The final command to create the virtual machine with all the above configurations
# Create New network interface for the virtual machine
$NIC = New-AzNetworkInterface -Name $nicName -ResourceGroupName $vnetrgName -Location $location -Subnet $subnet

# Creation of the new virtual machine with delete option for Disk/NIC together
$vm = New-AzVMConfig -VMName $vmName -VMSize $vmSize 

$vm = Set-AzVMOperatingSystem `
   -VM $vm -Windows `
   -ComputerName $vmName `
   -Credential $cred `
   -ProvisionVMAgent `
   -EnableAutoUpdate 

# Delete option for NIC
$vm = Add-AzVMNetworkInterface -VM $vm `
   -Id $NIC.Id `
   -DeleteOption "Delete"

$vm = Set-AzVMSourceImage -VM $vm `
   -PublisherName $publisher `
   -Offer $offer `
   -Skus $sku `
   -Version $version 

# Delete option for Disk
$vm = Set-AzVMOSDisk -VM $vm `
   -StorageAccountType "StandardSSD_LRS" `
   -CreateOption "FromImage" `
   -DeleteOption "Delete"

# The sauce around enabling the Trusted Platform
$vm = Set-AzVmSecurityProfile -VM $vm `
   -SecurityType "TrustedLaunch" 

# The sauce around enabling TPM and Secure Boot
$vm = Set-AzVmUefi -VM $vm `
   -EnableVtpm $true `
   -EnableSecureBoot $true 

New-AzVM -ResourceGroupName $rgName -Location $location -VM $vm

Final Script

Here I will paste the entire script block for seamless execution in single run. Following is the link to my Github for this script – Create Virtual Machine with Trusted Platform and Delete disk/nic options.

# Step 1: Import module
#Import-Module Az.Accounts

# Connect to the Azure Subcription
#Connect-AzAccount

# Get existing context
$currentAzContext = Get-AzContext

# Your subscription. This command gets your current subscription
$subscriptionID=$currentAzContext.Subscription.Id

# Command to get the Multi-session Image in Gallery
# Details from this command will help in filling out variables below on Gallery Image
# Get-AzVMImageSku -Location australiaeast -PublisherName MicrosoftWindowsDesktop -Offer windows-11

# Existing Resource Group to deploy the VM
$rgName = "AZ104-RG"

# Geo Location to deploy the VM
$location = "Australia East"

# Image template name
$vmName = "VM03"

# Networking Interfance Name for the VM
$nicName = "$vmName-nic"

# Resource Group for VNET
$vnetrgName = "AZ104-RG"

# Existing Subnet Name
$Existsubnetname = "AZ104-VDI-Workload-L1"

# Existing VNET Name
$Existvnetname = "AZ104-RG-vnet"

# Existing VNET where we are deploying this Virtual Machine
$vnet = Get-AzVirtualNetwork -Name $Existvnetname -ResourceGroupName $vnetrgName

# Existing Subnet within the VNET for the this virtual machine
$subnet = Get-AzVirtualNetworkSubnetConfig -Name $Existsubnetname -VirtualNetwork $vnet

# T-shirt size of the VM
$vmSize = "Standard_D2s_v3"

# Gallery Publisher of the Image - Microsoft
$publisher = "MicrosoftWindowsDesktop"

# Version of Windows 10/11
$offer = "windows-11"

# The SKY ending with avd are the multi-session
$sku = "win11-22h2-avd"

# Choosing the latest version
$version = "latest"

# Setting up the Local Admin on the VM
$cred = Get-Credential `
   -Message "Enter a username and password for the virtual machine."

# Create New network interface for the virtual machine
$NIC = New-AzNetworkInterface -Name $nicName -ResourceGroupName $vnetrgName -Location $location -Subnet $subnet

# Creation of the new virtual machine with delete option for Disk/NIC together
$vm = New-AzVMConfig -VMName $vmName -VMSize $vmSize 

$vm = Set-AzVMOperatingSystem `
   -VM $vm -Windows `
   -ComputerName $vmName `
   -Credential $cred `
   -ProvisionVMAgent `
   -EnableAutoUpdate 

# Delete option for NIC
$vm = Add-AzVMNetworkInterface -VM $vm `
   -Id $NIC.Id `
   -DeleteOption "Delete"

$vm = Set-AzVMSourceImage -VM $vm `
   -PublisherName $publisher `
   -Offer $offer `
   -Skus $sku `
   -Version $version 

# Delete option for Disk
$vm = Set-AzVMOSDisk -VM $vm `
   -StorageAccountType "StandardSSD_LRS" `
   -CreateOption "FromImage" `
   -DeleteOption "Delete"

# The sauce around enabling the Trusted Platform
$vm = Set-AzVmSecurityProfile -VM $vm `
   -SecurityType "TrustedLaunch" 

# The sauce around enabling TPM and Secure Boot
$vm = Set-AzVmUefi -VM $vm `
   -EnableVtpm $true `
   -EnableSecureBoot $true 

New-AzVM -ResourceGroupName $rgName -Location $location -VM $vm

Note – It will give you a pop-up box for entering the username and password for the local account, and in under 10 mins you will see your virtual machine within the Azure portal

Next Steps on Golden Image

Now that the virtual machine is ready following are the next steps involved:

  • Using Azure Bastion console and installing all the required applications
  • Generalize and sysprep and shutdown the image
  • Capture the image to the Azure Compute Galleries
  • Deploy within the Azure Virtual Desktop

I hope you will find this helpful information for deploying a golden image within Azure – Virtual Machine to deploy the Azure Virtual Desktop – Host Pools. If you want to see a Powershell version of the host pool activities, leave me a comment below or on my socials. Please let me know if I have missed any steps or details, and I will be happy to update the post.

Thanks,
Aresh Sarkari

Azure Virtual Desktop – Apply monthly Microsoft Security Cumulative Updates on the golden image with Azure Compute Galleries

14 Nov

We have numerous articles showcasing how to create the golden master image to deploy within the Host Pool. This blog post will showcase how to perform recurring monthly security patch updates within the golden master image and push that into your Host Pools within Azure Virtual Desktop.

  • Pre-requisites
  • Azure Compute Galleries – Create VM
  • Console to Golden Image (RDP or Azure Bastion)
  • Install the Microsoft Latest Cumulative Update (LCU)
  • Sysprep (Generalize and Shutdown)
  • Capture the Virtual Machine
  • Azure Compute Galleries – New Version
  • Drain and remove old session host vms

Feature Whishlist

If Microsoft is listening – requesting the feature of leveraging the Update Rings from Micorosft Intune can be integrated into applying the quality updates from #Intune on Microsoft Windows 10/11 Multi-session

Pre-requisites

The assumption here is that you already have a golden image and existing versions available. Below is an example from Azure Computer Galleries of a Windows 11 Multi-session and current running version 0.0.2 within my Host Pools. (Note its an already generalized image – See the OS State)

Azure Compute Galleries – Create VM

The first step here is to update the golden image with the monthly Microsoft Cumulative Security update, and we want to create a new virtual machine from the existing version of 0.0.2. (Background version 0.0.2 include the October 2022 Latest Cumulative Updates)

Now you will be presented with a Create VM wizard

Select Next – Disk Settings

Select Next – Networking Settings

Select Next – Management Settings

Select Next – Monitoring Settings

Select Tags

Select Review & Create the Virtual Machine – Golden Image.

#Tip – On the rare occasion that the creation of the virtual machine fails, in one instance, I had forgotten to perform Sysprep on the existing version in Azure Compute Galleries (e.g. 0.0.1). In such scenarios, create a virtual machine from the previous version number you know that works well.

Console to Golden Image (RDP or Azure Bastion)

We now have the newly created golden image from the existing version 0.0.2 within the Azure – Virtual Machines blade listed and status=Running.

Download the RDP file and console into the Virtual machine – Win11MSGI04 (Note, as previously mentioned, this is a bad practice in a production environment as it needs public IP for access. The best approach here is to leverage Azure Bastion and click on the Bastion option, and securely console the VM via browser)

Install the Microsoft Latest Cumulative Update (LCU)

In our scenario, we shall install the November 8, 2022—KB5019980 (OS Build 22621.819) for Windows 11 22H2 Multi-session. Note I am using the Powershell pswindowsupdate module, but you can download and offline install the Windows update (LCU, which also includes SSU)

Get-WUList -MicrosoftUpdate

Install the Update

Get-WindowsUpdate -KBArticleID KB5019980 -Install -AutoReboot | Out-File "c:\Temp\$(get-date -f yyyy-MM-dd)-WindowsUpdate.log" -force

Post the reboot validate the windowsupdate log output to determine whether the patch was installed successfully. Optionally perform Disk Clean.

Sysprep (Generalize and Shutdown)

We are onto our final step before the capture. Perform Sysprep on the image and shutdown

%WINDIR%\system32\sysprep\sysprep.exe /generalize /shutdown /oobe

#Tip – Make sure the end state of the virtual machine status = Stopped (deallocated) before following the next step of Capture. Sysprep is the most crucial step if you forget this, your provisioning will fail with an error.

Capture the Virtual Machine

We will capture this image into Azure Compute Galleries

Next Capture wizard

#Tip – As we selected “Delete” post creation, the virtual machine will not appear within the Azure – Virtual Machines. Below is the task for the deletion.

Azure Compute Galleries – New Version

We can now see the latest version showing up 0.0.3 post the capture process. This version is now ready to be added to the AVD – Host Pools

Add Session Host Virtual Machine (New security patch version 0.0.3)

After clicking on Add, it will open the “Add virtual machine to a host pool” wizard

Select Next – Virtual Machines

Next enter the tags of your choice and hit Create

Drain and remove old session host vms

Put the old session host virtual machines in the drain and remove the virtual machine. This step will depend on how much time log-off all the end-user sessions will take on the VM.

Next, if all the sessions are drained. Select the old virtual machine and select Remove.

Note – When you hit remove for the session host virtual machine within the Host Pools blade, it will only remove the virtual machine from there. You will have to go into the Azure – Virtual Machines blade and stop and delete the virtual machine from there. The good thing here is that as we had selected delete disk/network (checkbox) during creation, it will delete everything associated with the VM.

#Tip – As a precautionary step, you can delete the virtual machine after 2-3 days after production stabilizes in case you have to revert and manually add the VM’s back into the host pool

A big thanks to Mahammad Kubaib for reviewing this blog post based on his previous experience. I hope you will find this helpful information for performing monthly cumulative security updates on your Azure Virtual Desktop – Host Pools. If you want to see a Powershell version of the same activity, leave me a comment below or on my socials. Please let me know if I have missed any steps or details, and I will be happy to update the post.

Thanks,
Aresh Sarkari

Mindmap – Part 2 – Managing Azure Virtual Desktop (AVD)

21 Jan

This blog post is in continuation of my part 1 – Mindmap – Part 1 – Azure Virtual Desktop (AVD) – Quick start guide to virtual desktop/applications | AskAresh where we look at deploying the AVD solution. In this post, I want to share my learnings with you all around the management and #Day2 aspects of AVD. We shall take a look into the following topics:

  • Mind map – Managing Azure Virtual Desktop
    • Scale Out – Add extra Host (VM) to the Host Pools
    • Lifecycle – Update your Master Image – Shared Image Gallery aka Azure compute galleries
    • Drain the old Session Host VM
    • Automatically Power ON the Session host Virtual Machines
    • Monitoring Azure Virtual Desktop

Mindmap for Managing Azure Virtual Desktop (AVD)

I have managed to document all the high-level steps involved in managing the AVD on an ongoing basis. The idea here is that the mindmap acts as an excellent visual representation of what to do during ongoing maintenance activities. You can figure out in advance the requirements/steps and pre-requisites.

Disclaimer – This guide is a get you started guide, and the production management may vary. Please make sure you always reference Microsoft documentation. Here is the PDF version if you would like to download and zoom in (Don’t stress your eyes!) –

I hope you will find this helpful information on your Managing Azure Virtual Desktop journey. Please let me know if I have missed any steps in the mindmap, and I will be happy to update the post.

Thanks,
Aresh Sarkari

Mindmap – Part 1 – Azure Virtual Desktop (AVD) – Quick start guide to virtual desktop/applications

1 Nov

I have been learning Azure Virtual Desktop (AVD) from the awesome book DaaS – The Complete Guide: A Step-by-Step Guide on deploying Desktop-as-a-Service solutions from Microsoft, Nutanix, Citrix, VMware, Accops. I want to share my learnings with you all, and in this post, we shall take a look into the following topics:

  • Mind map for Azure Virtual Desktop – Getting started
    • Getting started with Azure Virtual Desktop (AVD)
    • Deployment – Pre-requisites for AVD
    • Master Images – (Windows 10 Multi-Session, Windows 10 1909 Enterprise or Windows Server 2019 DC)
    • Template and Shared Image Gallery
    • Host Pools
    • Application Groups
    • Workspaces
    • Windows Desktop Client
  • Quick Start Links

Mindmap for Azure Virtual Desktop (AVD) – Getting started

Managed to put together a mindmap on the AVD getting started from zero to a working desktop or application. The idea here is the mindmap acts as an excellent visual representation of what to do during pre-requisites, deployment and you can figure out in advance the requirements/steps and pre-requisites.

Azure Virtual Desktop

Disclaimer – This guide is a get you started guide, and the production settings and configuration might be different. Please make sure you change the settings appropriate for production workloads. Here is the PDF version if you would like to download and zoom in (Don’t stress your eyes!) –

Change log

  • The Mindmap was last updated on 21st Jan 2022 with lots of changes!

The intention here is to get you quickly started on Azure Virtual Desktop Solution:

DescriptionLinks
Azure Virtual Desktop OverviewWhat is Azure Virtual Desktop? – Azure | Microsoft Docs
Azure Virtual Desktop technical (ARM-based model) deployment walkthrough. (Christiaan Brinkhoff)Azure Virtual Desktop technical (ARM-based model) deployment walkthrough. It covers all you need to know and beyond! | christiaanbrinkhoff.com – Sharing Cloud and Virtualization Knowledge
AVD Zero to Hero (YouTube – I am IT Geek)Series 5: Episode 1 – AVD Zero to Hero Introduction – YouTube (Playlist)
AVD PowerShellAzure Virtual Desktop PowerShell – Azure | Microsoft Docs
AVD PricingAzure Virtual Desktop | Microsoft Azure

I hope you will find this helpful information on your Azure Virtual Desktop journey. Please let me know if I have missed any steps in the mindmap, or reference links, and I will be happy to update the post.

Thanks,
Aresh Sarkari