Create a Tenant in Windows Virtual Desktop
The first step in setting Windows Virtual Desktop up is to create a tenant. However, you should first examine your environment to ensure it meets the requirements outlined in the previous post.
Verify your requirements
Let’s begin with the infrastructure requirements.
An Azure Active Directory
You are good to go if you already have an Azure subscription. Register for a free trial if you don’t have an Azure subscription. An Azure subscription includes a default directory.
I will use the ITProTVDemo directory.
A Windows Server Active Directory that syncs with Azure Active Directory. This can be configured with one of these: Azure AD Connect (for hybrid organisations)
Azure AD Domain Services (for hybrid and cloud organizations)
I have a hybrid configuration with an on-premises Windows Server Active Directory Domain. Azure AD Connect is configured to sync Windows Server AD with Azure AD.
Azure subscription that includes a virtual network that either contains the Windows Server Active Directory or is connected to it
I have a site to-site VPN between my Azure domain and my on-premises domain. This will allow virtual machines to connect to the domain controller and join it.
My subnet on-premises is 10.0.100.0/24, and my Azure virtual network is 10.1.1.0/24. You must ensure that there is no overlap or routing between them will fail.
Another thing to remember is to ensure that the VPN is working. Initial setup of the S2S VPN was as a demand-dial connection. I experienced failures in deploying a new host pool and realized that the VMs were not able to join the domain. Everything worked after I switched the S2S VPN from persistent to active. A demand-dial connection could work. You would only need to initiate the connection and ensure it doesn’t disconnect prior to the host pool configuration finishes.
Next, confirm that the licensing requirements have been met. I am using [email protected] for this demonstration, and I have assigned an appropriate license. Each user who will be able to access Windows Virtual Desktop will require a license.
Once you have confirmed that your environment meets all requirements, you can start creating tenants.
Permissions granted to Windows Virtual Desktop
The Windows Virtual Desktop service can query Azure Active Directory to perform administrative and end-user tasks by granting permissions. Open a browser and navigate to https://rdweb.wvd.microsoft.com.
Select Server App from the consent option drop-down menu.
Your AAD Tenant GUID and Name.
Click Submit.
Authenticate using a Global administrator Account.
Click Accept to review the permissions required.
You will receive a confirmation if permissions were granted successfully. If permissions were granted successfully, you will receive a confirmation.
Continue the process but this time select Client App from Consent option drop-down.
To ensure that Azure propagates the changes, make sure you wait for 30 seconds between consenting to “Server” or “Client” apps.
Assign the role of TenantCreator Application Role
To create a Windows Virtual Desktop tenant you will need to assign the TenantCreator role to a user. This role does not need to be assigned to a Global administrator account. However, even a Global administrator must be assigned it.
Login to Azure Portal using your global administrator account.
Search for Enterprise apps and choose Enterprise applications under Services.
Search for Windows Virtual Desktop in Enterprise applications and choose Windows Virtual Desktop (not Windows Virtual Desktop Client).
Select Users and Groups
Select Add user.
Select Users and Groups on the Add Assignment blade
Find a user account to create your Windows Virtual Desktop tenant.
Select the user account and click Select.
Click assign.
Create a Windows Virtual Desktop tenant
You will need the following items to create your Windows Virtual Desktop tenant:
Your Your Azure Active Directory tenant ID or Directory ID
Your Azure subscription ID
To find your Azure AD tenant ID (also known as Directory ID), please click here
Navigate to Azure Active Directory in the Azure portal.
The overview pane displays the tenant ID.
Click the Copy to Clipboard button and copy the tenant ID into an Excel file. This will be your AadTenantID.
To find your Azure subscription ID:
Search for subscriptions in the Azure portal.
Select Subscriptions
If you have more than one subscription, select the appropriate subscription. The subscription ID can be seen in the list. However, it is easier to copy it from the next screen.
Click the Copy to Clipboard button and copy the subscription ID into an Excel file. This will make it usable