Let’s discuss AVD Auto Feed Registration Intune Policy Setup and Default Connection URL Options. I have already shared a manual way of subscribing to AVD feeds. You can read Azure Virtual Desktop RD Client Subscription Options For AVD.
Microsoft recently announced AVD auto registration policies for the insider version of RD client using Microsoft Endpoint Management (MEM) Intune policies. However, while writing this post, I couldn’t find more detailed documentation on this topic from Microsoft.
AVD ARM-based solution uses the following URL Auto Feed Registration for a subscription. This information is https://rdweb.wvd.microsoft.com/api/arm/feeddiscovery (for AVD). This is required in a particular scenario where your subscribe option is working.
NOTE! – You can learn MEM Intune from the following video series – 63 Episodes of Free Intune Training for Device Management Admins.
AVD Auto Feed Registration Intune Policy Setup
Now, it’s time to look into the actual Intune policy configuration for AVD Auto Feed Registration Intune Policy Setup and the actual policy called Default Connection URL (user).
NOTE! – I assumed you already have appropriate access rights to Endpoint Manager (Intune). Otherwise, you won’t be able to complete the following activity.
- Login to the Endpoint Manager Intune portal https://endpoint.microsoft.com/#home
- Try to navigate through Devices -> Windows -> Configuration profiles.
- Click on +Create Profile.
- Select Windows 10 and Later as platforms.
- Select Settings Catalog from Profile Type.
- Click on Create button.
Enter the Name of the policy – AVD Auto Feed Registration.
Enter the Description – Set AVD Auto Feed Registration Policy.
Click on the Next button.
NOTE! – Settings catalog – With the settings catalog, you can choose which settings you want to configure. Click on Add settings to browse or search the catalog for the settings you want to configure.
Click on the +Settings button to continue.
Enter “remote desktop” in the search field and click on the search button.
Click on RemoteApp and Desktop Connections from Browser by category.
Select the option called Specify default connection URL (user) from the Setting name.
You can see this policy is coming from Windows Components > Remote Desktop Services > RemoteApp and Desktop Connections administrative template.
Specify default connection URL (user) – Click on the toggle button to Enable the policy.
You need to AVD RDS feed in the option called – specify the Default Connection URL: (User).
NOTE! – I think these text details are coming from previous group policy settings. So, I don’t think this is very accurate in terms of AVD. This policy setting specifies the default connection URL for RemoteApp and Desktop Connections.
The default connection URL is a specific connection that can only be configured by using Group Policy. In addition to the capabilities that are common to all connections, the default connection URL allows document file types to be associated with RemoteApp programs.
NOTE! – RemoteApp programs installed through RemoteApp and Desktop Connections from an untrusted server can compromise the security of a user’s account. This setting is only available to Windows Insiders.
- Default Connection URL (Users) ->
https://rdweb.wvd.microsoft.com/api/arm/feeddiscovery
Assignment of AVD Intune Policy for Auto Feed Subscription
This is the phase where you need to decide whether this policy should go to which set of users or devices. I think it’s better to deploy this policy to the user’s group because this is a user-based policy.
Click on +Add groups and select the Azure AD user Group to deploy the Intune policy for AVD feed auto subscription. In this example, I have added TestUserGroup, as you can see in the below screenshot.
You can proceed further by clicking on Next and Next (scope page).
Click on Review + Create to complete the creation and assignment process of the AVD Auto Feed Registration Intune Policy.
AD Group Policy Details for AVD Auto Subscription
You can use AD Group Policy also for AVD Auto Subscription. The following is the AD group policy that you have to use for this. If you disable or do not configure this policy setting, the user has no default connection URL.
The Group Policy path that you want to look for is -> User Configuration -> Administrative Templates -> Windows Components -> Remote Desktop Services -> RemoteApp and Desktop Connectons.
This policy setting specifies the default connection URL for RemoteApp and Desktop Connections. The default connection URL is a specific connection that can only be configured by using Group Policy. In addition to the capabilities that are common to all connections, the default connection URL allows document file types to be associated with RemoteApp programs.
The default connection URL must be configured in the form of Users -> https://rdweb.wvd.microsoft.com/api/arm/feeddiscovery
If you enable this policy setting, the specified URL is configured as the default connection URL for the user and replaces any existing connection URL. The user cannot change the default connection URL. The user’s default login credentials are used when setting up the default connection URL.
Note: RemoteApp programs that are installed through RemoteApp and Desktop Connections from an untrusted server can compromise the security of a user’s account.
Client Side
I have not tested the client-side scenario. This scenario and policy are supported for any existing RD client versions? Have you tested this, let me know in the comments?
With the auto-subscription option, users don’t have to add a feed. Instead, they might need to add the required details when MFA is enabled.
Troubleshooting Options
The following posts might help you troubleshoot issues related to the Intune Settings catalog (and, in general, Intune troubleshooting).
- How to Start Troubleshooting Intune Issues
- Windows 10 MDM Log Checklist
- MDM Diagnostics Tool – Tips & Tricks
- Learn How to Collect Windows 10 Diagnostics Information from Intune Portal | Endpoint Manager
Author
Anoop is Microsoft MVP! He is a Solution Architect in enterprise client management with more than 20 years of experience (calculation done in 2021) in IT. He is Blogger, Speaker, and Local User Group HTMD Community leader. His main focus is on Device Management technologies like SCCM 2012, Current Branch, and Intune. He writes about ConfigMgr, Windows 11, Windows 10, Azure AD, Microsoft Intune, Windows 365, AVD, etc……………
Hello
Does it mean there is no need to add _msradc DNS record anymore following https://docs.microsoft.com/en-us/windows-server/remote/remote-desktop-services/rds-email-discovery
?
Thanks
Hello – I have seen this working (the manual way) without any DNS changes for an enterprise. But you need to use two-factor authentication if you have enabled the same. I think the referenced document is basically for RD Server components?
Adding _Msradc record gives u the possbility to have your assigned wvd resources (desktops & apps) when using your corp mail for authentication on windows remote desktop client. So i am curious if it is still needed for the scenarios described in your article
Unfortunately, I have not tested all the scenarios with this policy as I updated them in the client-side section. I will wait for the supported version of RD client to test this. But I don’t think you have to go through any of these DNS changes .. it might work directly. I think Ryan tested this option with Group policy https://ryanmangansitblog.com/2019/11/14/windows-virtual-desktop-configuring-the-rdp-feed/
Helo
What about adding _msradc record to DNS? That is still required?