Understanding Azure Virtual Desktop (AVD): How It Works and Enhances Cloud-Based Virtual Environments

This article it's designed for those looking to familiarize themselves with Azure Virtual Desktop (AVD), focusing on its deployment, management, and licensing aspects within Azure. The content is educational and informative, suitable for readers who need a comprehensive understanding of how to utilize AVD effectively in their IT infrastructure.

Another common foundational service you’ll want to familiarize yourself with is Azure Virtual Desktop (AVD). Azure Virtual Desktop is a service that allows you to deliver virtualized desktop experiences to the users in the customer environments you support.

Originally named Windows Virtual Desktop (WVD), Azure Virtual Desktop (AVD) is a set of Microsoft technologies that allow you to create and deploy Windows 10 and 11 virtual desktops in Azure. The infrastructure underpinning your AVD deployment is managed by Microsoft, allowing your team to focus on daily administration within the environment, rather than spending time patching, updating, and managing the individual components of the infrastructure. Azure Virtual Desktop offers four central functions to simplify the deployment of virtual machines in your environment:

• Operating Systems are centralized on a server, allowing you to simplify management and patching from a single point of reference.
• User profiles are handled independently from the virtual machines themselves, allowing for a truly mobile user experience from any device. This functionality is enabled by deploying FSLogix, which allows you to create roaming profiles.
• Microsoft Azure features a connection broker functionality, which automates the process of assigning users to an Azure Virtual Machine when they connect.
• AVD licensing rights are included at no additional charge for several subscriptions including Microsoft 365 Business Premium, Microsoft 365 Enterprise, and Windows 10 &11 enterprise CSP subscriptions.

AVD allows you to grant users access to company resources on their virtual desktops. The benefit is that you no longer need to store potentially sensitive information on the devices themselves. Rather, users can connect to their AVD and perform their work in a more secure environment, all without a complex lift to install and configure software on their end.

How does AVD work?

Once a user authenticates, they can access their virtual desktop. If roaming profiles are configured via FSLogix, these users will be able to access all of their local resources, regardless of the device they use to log into their virtual desktop. AVD has two core components that enable this functionality. These components are the Microsoft License assigned, and the Azure Infrastructure underpinning the function of the virtual machine hosts.

Several Microsoft Licenses (M365 Business, M365 for Enterprise [E3, E5, A3, A5]) include AVD by default. If you have one of these licenses already, there is no additional cost to use AVD from a software perspective. That said, if you don’t have one of these licenses in place, you can purchase AVD as an add-on subscription for other subscription types, such as Windows 10 Enterprise E3.

Regardless of which license or subscription type you use, the AVD license covers the cost of the operating system (single-user and multi-session) and the use of the AVD management service hosted in Azure. The license also replaces the need to maintain and pay for both the RDS and Windows Server OS licenses in Azure*.

AVD licensing covers Azure virtual desktops only. This license type cannot be used to license on-premises deployments or other clouds.

Azure Infrastructure

Azure Infrastructure is the second essential component to deploying AVD in your tenant. You’ll need an identity management tool such as Microsoft Entra ID or Active Directory to create and govern user identities, which you will then allow to access the virtual machines you configure. You will also need to select three core components to start deploying virtualized resources in Azure. These are:

• Compute (CPU + RAM)
• Storage (Disks / Files)
• Network (Egress Bandwidth)

The cost of these resources ultimately comes down to the number of users accessing your virtual machines, the Compute, Storage and Network Series you select, and the applications hosted and deployed via the virtual machines.

In addition to AD DS or Microsoft Entra ID, you will also need a place to store user profile data. You can use Azure Files, or you can configure and deploy a Windows Server Virtual Machine in Azure to host Active Directory.

Remember, unlike Hyper-V and VMware, virtual desktops in Azure do not allow you to manually specify individual hardware components. Instead, you’ll define the resources through packages referred to as Series. These define the hardware for the virtual resource.

Once you’ve configured and deployed Azure Virtual Desktop, users can begin to connect to and work in the environment. The graphic below gives context to how these connections are established and maintained.

Reverse Connect Transport

To set yourself up for success when it comes to troubleshooting AVD later, you’ll want a good understanding of how Reverse Connect Transport works. You can essentially break it down into four steps:

1. A user launches the client and authenticates with their credentials. Once signed in, Microsoft Entra ID returns a token to the client.
2. Once the token is received, the client presents it to the Web Access component. Then, the Broker queries the SQL database to determine the available resources the user is authorized to access.
3. Then, the user selects the resource they want to connect to. Once they do, they are connected to the Gateway.
4. The Broker then orchestrates the connection from the host agent to the Gateway.

Once the connection is established, traffic flows between the client and the session host.

Now that you’re familiar with both Windows 365 and Azure Virtual Desktop, if you haven’t already, make sure to visit this article to delve further into the differences between the two before you select the service you’ll deploy in your environments.