Windows Virtual Desktop Management Web App

Author by Mitchell Grande

Update: Since posting this blog, the Microsoft Docs have been updated to include information about this management service.  You can read more here.

Windows Virtual Desktop entered public preview on March 21, 2019.  Currently, the only official way to manage Windows Virtual Desktop is via the PowerShell module.  Although support in the Azure Portal is coming, there is no public ETA.  In the meantime, there is an Azure Web App that you can deploy and host yourself to manage your WVD tenant.

Background

Buried in the official Azure/RDS-Templates GitHub repo is a web app for managing a Windows Virtual Desktop tenant and its resources.  With it, you can manage host pools, hosts, and app groups.

The web app is called the "WVD Management UX" and is available at https://github.com/Azure/RDS-Templates/tree/master/wvd-templates/wvd-management-ux/.  To set up the app, you deploy the ARM template from this folder, which creates the App Service Plan and 2 web apps.  In addition, a temporary automation account is spun up which runs a one-time runbook to configure the web app for your tenant.

Deployment Process

To deploy the app, you need the following:

  • WVD already deployed for your Azure AD tenant (via PowerShell)
  • A resource group to deploy the app service plan and 2 app services into
  • Credentials to use during the deployment that have contributor access to the resource group
    • These credentials are used by the automation account to configure the web app.  I recommend creating a temporary user that you can delete or reset the password of after the deployment is done.

Let's take a look at the deployment steps:

  1. I'm going to create a new resource group to contain the app.  This is optional but I recommend it for organization purposes.
    wvd-1.png
  2. To be secure, I'm going to create a temporary Azure AD user and grant it contributor access to this RG.  This isn't technically necessary, but I don't like putting my own credentials in during the deployment.
    1. In Azure AD, create the new user and note the password
      wvd-2.png
    2. I then grant that user Contributor access on the resource group I created earlier
      wvd-3.png
    3. Finally, I open a separate browser (or use incognito mode) and login with that user account at https://portal.azure.com/ to set a permanent password.  Azure AD users are required to change their password on first logon which can cause issue with scripts unless you change the password first.  I also check that I can see the new RG I created while logged in as that user.  Once it's all set, I close out this new browser and go back to my main admin account.
      wvd-4.png
      wvd-5-(1).png
       
  3. Visit the GitHub page for the deployment script: https://github.com/Azure/RDS-Templates/tree/master/wvd-templates/wvd-management-ux/deploy and click the Deploy to Azure button
    wvd-6.png
  4. This will redirect you to the Azure Portal's custom template deployment page.  Fill in the information and parameters to match your environment
    1. Subscription: Choose the subscription that will contain the Azure web app resources
    2. Resource Group: Choose the RG that you created earlier.  This will contain the Azure web app resources
    3. Location: Choose the location where the Azure web app resources will be deployed
    4. RD Broker URL: Leave default
    5. Resource URL: Leave default
    6. Azure AD User Principal Name: enter the full UPN of the user for the deployment.  If you created a separate user for this earlier, use that account.
    7. Azure Login Password: enter the password for the account
    8. Application Name: enter the name you want the Azure web app to have
    9. Check the "I agree to the terms and conditions" box
      wvd-7.png
  5. Press Purchase to deploy the resources
    1. Note that this will spin up an App Service Plan at the S1 price level which is about $75/month.  You can scale this down later if you want.
  6. When the deployment kicks off, click the Deployment in Progress link to track it
    wvd-8.png
  7. Wait for the deployment to complete
    wvd-9.png
  8. Go to your resource groups, and find the resource group you deployed to.  Within the resource group, find and click the web app
    wvd-10.png
  9. Click the URL to launch the site
    wvd-11.png
  10. It'll take a minute to load the first time.  Once it does, you'll be redirected to the MS login page.  Here, login with a user who has access to manage the RDS tenant.  If you created a user for the deployment earlier like I did, do not use that user account here.  You must login with a user who's been granted access to manage WVD.
  11. After entering a username and password, you'll be prompted to grant the app permission to access your information.  This is required for it to get access to WVD in your tenant so press accept.
    wvd-12.png
  12. After pressing Accept, you'll be redirected to the actual application.  Before you can do anything, you must choose the tenant group on the right side.  For most people, this will be "Default Tenant Group".
    wvd-13.png
  13. You're now in the WVD Admin App!  You can click around and see the existing resources, modify them, etc.
  14. Optional: you can scale the App Service Plan to a lower level to save a little money.  I turned mine down to Free and didn't have any issues with the web app.
    1. In the portal, find your web app
    2. Click Scale up (App Service Plan)
    3. Choose Dev / Test at the top, then F1
    4. Press Apply

Limitations

Although this app is really handy for configuring the environment, I did find the following limitations:

  • No ability to manage user sessions, like logging off users or sending messages
  • Cannot create new tenants in the tenant group

Additionally, it's not clear how supported this app is by Microsoft.  It is in the official repo, but it isn't yet documented anywhere.

 

Author

Mitchell Grande

Systems Engineer