# AZ-140 Lab Tips **Tip 1 : Register the Microsoft.DesktopVirtualization** Before using AVD make sure to register it. In the PowerShell session in the Azure Cloud Shell pane, run the following command to register the **Microsoft.DesktopVirtualization** resource provider: ```powershell Register-AzResourceProvider -ProviderNamespace Microsoft.DesktopVirtualization ``` **New Azure tenants don’t have all providers registered by default** – Some resource providers are automatically registered when you create a related resource, but others (like AVD) require manual registration. **When do you need to run the command?** • **Before setting up Azure Virtual Desktop** for the first time • **If AVD deployment fails** with a missing resource provider error • **When migrating AVD resources** between subscriptions that might not have the provider registered --- **Tip 2: The core concept of AVD is:** ![](https://cdn.hashnode.com/res/hashnode/image/upload/v1739562108071/d492e6a0-ca22-4a0a-bc3b-6ab2c1295aae.png align="center") 1. \*\*Prepare Azure Subscription: (\*\*Register Microsoft.DesktopVirtualization, Create a vNet and subnet) 2. \*\*Deploy AVD Host Pool:(\*\*Create a host pool with a **Pooled** type, Deploy session hosts(VMs) in the Subnet) 3. **Assign the user or user group** to the default desktop application group. 4. **Create AVD Workspace:** Register application group in the workspace. 5. **Grant Access to AVD Host Pool:** Assign Virtual Machine User Login role to AVD-DAG. --- \*\*Tip 3:\*\*To log in to an **Azure Virtual Desktop (AVD) VM**, a user needs the following permissions and configurations: **1\. Role Assignments in Azure** Users must have appropriate **Azure RBAC (Role-Based Access Control) roles** assigned at the **VM**, **resource group**, or **subscription** level: • **Virtual Machine User Login** – Allows users to log in to the VM via RDP(ResourceGroup level through IAM). • **Virtual Machine Administrator Login** (if admin access is needed). (If the user is assigned the **Virtual Machine User Login** or **Virtual Machine Administrator Login** role at the **VM**, **resource group**, or **subscription** level, Azure automatically grants remote access without requiring manual group membership.) **2\. AVD-Specific Role Assignments** Users must be assigned to the appropriate AVD resources: • **Host Pool** – The VM must be part of a configured AVD host pool. • **Application Group** – The user (or a group the user is in) must be assigned to an app group that provides access to the desktop or apps. • **Workspace** – The app group should be associated with a workspace that the user can subscribe to. **3\. VM-Level Access Permissions** • The user must be part of the **Remote Desktop Users** group on the VM (or have admin privileges). • Network security rules and NSGs must allow inbound **RDP (port 3389)** or necessary connections for AVD. **4\. Conditional Access & MFA (If Enabled)** • If **Conditional Access Policies** or **Multi-Factor Authentication (MFA)** are enforced, the user must comply with those security requirements. Tip : When using the **Breadth-first** load balancing algorithm, the **max session** limit parameter is **optional**. **TIP 3: Azure Local Virtual Machine:** **Azure Local VMs**: Run on-premises (local hardware) but can be managed through Azure’s services like **Azure Arc** or **Azure Stack HCI**. **Note:** When using Microsoft Entra-joined session hosts, you must assign the appropriate Azure role-based access control (RBAC) roles to Azure Virtual Desktop users and administrators. Specifically: • The **Virtual Machine User Login** role is required for users to sign in to session hosts. • The **Virtual Machine Administrator Login** role is required for local administrative privileges. ![](https://cdn.hashnode.com/res/hashnode/image/upload/v1739316747346/bb86d32a-b11f-428e-89b7-ad1d9e7ecc3a.png align="center") **Tip 4:** While you can change the image and VM name prefix when adding session hosts to an existing pool, it’s generally not recommended unless you intend to replace all VMs in the pool for consistency. **Tip 5:** On a host pool the “**Start VM on Connect**” feature helps reduce costs by powering on session host VMs only when needed. For personal host pools, it powers on a VM assigned to a user. For pooled host pools, it powers on a VM only when none are running and additional VMs are powered on when the first reaches its session limit. (To use the “Start VM on Connect” feature, the Desktop Virtualization Power On Contributor RBAC role must be assigned to the Azure Virtual Desktop service principal at the subscription level.) 1. ```powershell $subId = (Get-AzSubscription).Id ``` 2. ```powershell $parameters = @{ RoleDefinitionName = "Desktop Virtualization Power On Contributor" ApplicationId = "9cdead84-a844-4324-93f2-b2e6bb768d07" Scope = "/subscriptions/$subId" } ``` 3. ```powershell New-AzRoleAssignment @parameters ``` **Tip 6:** The Scheduled Agent Updates feature in host pool setting allows you to set up to two maintenance windows for updating the Azure Virtual Desktop agent, side-by-side stack, and Geneva Monitoring agent, ensuring updates occur outside of business hours. **Tip 7**: Set Microsoft Entra SSO in RDP Properties of a host pool to set to use SSO which is equal to the string below on advanced tab then Read [this](https://learn.microsoft.com/en-us/azure/virtual-desktop/configure-single-sign-on) `enablerdsaadauth:i:value` **Tip 8:** KQL code for maximum number of concurent sessions ```graphql WVDConnections //Simultaneous Sessions with Details | where TimeGenerated > ago(30d) // time range | extend PacificTime = TimeGenerated - 8h // Convert UTC to Pacific Standard Time (PST) | summarize ActiveSessions = dcount(SessionHostSessionId), Users = make_set(UserName), Hosts = make_set(SessionHostName) by bin(PacificTime, 5m) | top 1 by ActiveSessions desc // Get the peak time ``` ![](https://cdn.hashnode.com/res/hashnode/image/upload/v1741734883819/f008f79c-e6c4-4129-afe7-ca2a5ce989a5.png align="center") **Tip 9:** Maximum number of session in each session hosts in a graph(KQL Query): ```graphql WVDConnections | extend PacificTime = TimeGenerated - 8h // Convert UTC to PST | make-series ActiveSessions = dcount(SessionHostSessionId) default=0 on PacificTime from datetime(2024-01-22 19:10:00) to datetime(2024-01-25 20:20:00) step 5m by SessionHostName | render areachart ``` **Tip 10:** Number of sessions overal in last month ```graphql WVDConnections | where TimeGenerated > ago(30d) | summarize TotalSessions = count() ``` or during specific time: ```graphql WVDConnections | where TimeGenerated between (datetime(2025-02-12 00:00:00) .. datetime(2025-02-28 23:59:59)) | summarize TotalSessions = count() ``` ### Some Acronyms: AVD: Azure Virtual Desktop DAG: Desktop Application Group