I spoke at a global AVD event (Microsoft meets Community: Windows virtual Desktop virtual event 3rd XXL edition) on the 11th of Dec about the topic AVD Management with Intune. I share the details about the presentation and Windows Virtual Desktop experience with modern management tools like Intune in this post.
My session was the fourth (4th) one in the event and the session topic was “Sharing Tips and Tricks on how to Manage Windows Virtual Desktop via Intune in Microsoft Endpoint Manager“. You can download the PDF version of the presentation and you can also have a recording of the event soon.
Update -> AVD Windows 10/11 multi-session VMs are supported by Microsoft Endpoint Manager Intune. More Details -> How To Add Azure Virtual Desktop Session Host To Azure AD Join Guide AVD and Azure Virtual Desktop Azure AD Join Support With Intune Management.
I tried to set the context of the AVD management in the first slide.
- Why do you want to manage aVD with Intune?
- When should you start AVD Management with Intune?
Hybrid AAD Join & Group Policy
Let’s go through some of the technical configurations and prerequisites that we need to complete before AVD Intune management.
- Make sure the VMs are Hybrid AAD Join
- MDM Group Policy for All AVD VMs
Windows 10 Intune Enrollment using Group Policy | Automatic Enrollment | AVD https://www.anoopcnair.com/windows-10-intune-enrollment-using-group-policy-automatic-enrollment-wvd/
Azure AD Conditional Access & Groups
Modern management of AVD with Intune and Azure AD comes with some quick wins. This modern management helps to enable Multi-Factor Authentication (MFA) without any complex infra in place.
- Modern Security Parameters with Azure AD CA
- Dynamic Azure AD user/device groups
Let’s check what is the end-user experience for single session users. Microsoft is improving the enrollment experience in the coming months. Let’s wait and see.
- The AVD VM will be ready to use immediately after the Intune enrollment
- Azure AD registration of the VMs happens immediately after the VM provisioning process.
Security Policies for AVD
Let’s check how to deploy security policies in the AVD modern management world with Intune. I have seen organizations follow the CIS benchmark system to Secure Windows Desktop and laptop devices. However, Windows 10 CSPs changed the way of applying security policies.
This is the modern way of securing devices with MDM policies. As you can see in the slide, the National Cyber Security Center of the UK Govt did an excellent job to release a benchmark to secure Windows 10 devices using CSPs.
- National Cyber Security Center NCSC.gov.uk Guideline for MDM security baseline using CSPs
- Security Policies should be deployed either using
- Intune Administrative Templates (Preferred for AVD)
- Security Baselines
Let’s understand Intune application deployment options for AVD in this slide. You can deploy almost all types of applications using Intune app deployment frameworks. There are app types that are supported natively by Windows 10 MDM management tools and those types are MSIX and simple MSI etc.
- Deploy Apps using Intune
- Complex Apps need to be converted (zipped) to Intune win32 format
- Conversion Tool created by Damien Van Robaeys [MVP]
Patching & Windows 10 Upgrade
Let’s have a look into patching scenarios in the AVD modern management world with Intune. Also explained How the monthly patching and Windows 10 upgrade scenarios are handled. The big difference here with Intune management is Windows Update for Business instead of WSUS.
- Monthly Patching is managed via Windows Update for Business (WUfB) policies
- Windows 10 Upgrade policies are configured through WUfB feature update policies
Let’s download the PDF from the GitHub repository – https://github.com/AnoopCNair/WVD-Intune-Management-PDF
Indian Windows Virtual Desktop User Group #INWVDUG
Today we announced the Indian Windows Virtual Desktop User Group (#INWVDUG). Welcome Windows Virtual Desktop (AVD) enthusiasts around the world.
There are several options to connect with us online. The following are some of the options:
- Twitter ➡ https://twitter.com/inwvdug
- Meetup Group ➡ https://www.meetup.com/inwvdug-indian-wvd-user-group/
- Telegram Group ➡ https://t.me/wvdcommunity
- Linkedin Group ➡ https://www.linkedin.com/groups/10491724/
- Facebook Group ➡ https://www.facebook.com/groups/244834119748980
- Microsoft WVD Documentation on HTMD
- WVD Disable Shutdown Button for Windows 10 Devices Using Intune
- Intune WVD management related posts.
- Convert Windows 10 CSP to OMA-URI for Intune Custom Policies
Anoop is Microsoft MVP! He is a Solution Architect in enterprise client management with more than 20 years of experience (calculation done in 2021) in IT. He is a blogger, Speaker, and Local User Group HTMD Community leader. His main focus is on Device Management technologies like SCCM 2012, Current Branch, and Intune. E writes about ConfigMgr, Windows 11, Windows 10, Azure AD, Microsoft Intune, Windows 365, AVD, etc…