Microsoft has declared general availability of Azure Virtual Desktop with VMs joined to Azure AD rather than Active Directory, but the initial release has many limitations.
Azure Virtual Desktop (AVD), formerly known as Windows Virtual Desktop, is Microsoft’s proprietary Virtual Desktop Infrastructure (VDI) solution.
Although hosted in the cloud, Azure Virtual Desktop is (or was) based on Microsoft’s Remote Desktop Services technology which required domain joined PCs and therefore a full Windows Active Directory (AD) connection, either under In the form of an on-premises AD over a VPN, or through Azure Active Directory Domain Services (AAD DS) which is a Microsoft-managed AD server automatically linked to Azure AD. In the event that on-premises AD is used, AD Connect is also required, which introduces additional complexity.
Microsoft has now stated that Azure AD joined virtual machines are generally available for AVD. “This new configuration allows you to provide access to cloud-only users (created in Azure AD and not synced from an on-premises directory), which was not possible previously,” said David Belanger, program manager senior.
One key difference is that Windows 365 isn’t elastic – it’s billed per user / month regardless of usage. Using AVD, the administrator controls virtual machines and they can be scaled for more efficient concurrent use, or even shut down when not needed, although there may be have availability issues if the Azure region was overloaded and a deallocated VM could not be restarted.
Another difference is that AVD supports pooled desktops and is the only scenario where multi-user Windows 10 is allowed. A quick play with Microsoft’s Azure Price Calculator shows that the price per user could be less than $ 10 per month with a shared host, compared to Windows 365 which starts at $ 24 per month because it only supports ‘one complete virtual machine per user. AVD also has additional features, including remote applications, rather than full desktops. The license for AVD is also relatively generous as many Microsoft 365 plans come with entitlements included, starting with Microsoft 365 Business Premium.
“Azure Virtual Desktop virtual machines (VMs) are billed at the Linux compute rate for Windows 10 single-session, Windows 10 multisession, and Windows Server,” Microsoft says.
Join a pool of AVD (collection of virtual machines) hosts to Azure AD
The downside is that AVD is more complex than Windows 365 to configure and administer. AD addiction has been one factor in this situation. The ability to do without it and just use Azure AD Join for virtual machines is a big plus, especially for small-scale deployments or businesses. The service (with Azure AD join) has been in preview since July, but there are a number of limitations.
The most important of these is that only local user profiles are supported. Microsoft has a solution for storing user profiles on Azure Files, for scalability and the ability for users to roam between host calls – FSLogix (a technology purchased through an acquisition in November 2018). Still, “Azure AD joined virtual machines cannot access Azure Files for FSLogix or MSIX app attach file shares,” the documents inform us. This also means that there is only limited support for clustered desktops, one of AVD’s main attractions. Microsoft provides as a supported configuration “desktops or grouped applications where users do not need to save data to the virtual machine. For example, for applications that save data online or connect to a database remote data “. There may be ways around this devised by ingenious administrators, but it is a severe constraint.
Some users have also found FSLogix problematic, especially with updated versions from Microsoft since acquisition. One problem was “random days when the frxsvc.exe process will delete files and folders from C: drive. Based on what gets deleted, I suspect it is actually trying to delete everything but cannot do them. things in use, ”one user reported. This would have been fixed in a recent update.
An inherent problem with FSLogix is that, by default, if the agent fails to mount the remote profile for some reason, a local profile is created, then the local profile persists and the FSLogix profile does not attach. There is a setting to automatically delete local profiles, but in this case the user may lose documents. Profile management is not trivial, and these issues may be one of the reasons behind the more manageable Windows 365 solution. ®