I have had a chance to present a session about Azure Virtual Desktop AVD End-User Experience Journey with Intune Management in Ghana’s Microsoft user group.
My presentation focused more on Windows single session (persistent) session host enrollment journey.
Let me share the AVD (a.k.a WVD) journey with modern management (Single Session/Persistent VMs) without Autopilot/WhiteGlove.
If you are wondering whether you can get a free training course on modern device management and security technology like MEM Intune, refer to 63 Episodes of Free Intune Training for Device Management Admins.
I know most AVD customers use Azure Virtual desktop with Configuration Manager. My journey is a bit different because it’s a new journey with AVD and MEM Intune.
The Azure Virtual Desktop (previously known as Windows Virtual Desktop) Journey started back in 2019.
Azure VDI (a.k.a AVD) vs Traditional VDI
I have seen many conversations where the expectation of AVD is similar to legacy VDI. Many organizations are trying to replicate the processes from the traditional VDI world.
My take on this (AVD) is a bit different, and that is – to take this as an opportunity to move to modern management MEM Intune and try to manage virtual and physical devices in the same way (wherever possible).
Azure Virtual Desktop is a modern VDI solution built from the ground up for the cloud with all native cloud architecture in mind. However, traditional VDI/hybrid solutions are still based on conventional on-prem technology architecture, but some are hosted in the cloud.
We can reduce the dependency on on-prem technologies when moving towards AVD management with Azure AD join scenarios instead of Hybrid Azure AD whenever available. Another important strategy is about using custom images or Azure gallery images.
You need to choose carefully and understand whether it’s worth creating and managing custom images for single session VDIs and multi-session scenarios. This is important for Azure Virtual Desktop End-User Experience Journey with Intune Management.
AVD Enrollment Experience Journey with Modern Management Intune
My AVD enrollment experience journey started back in 2019. I never tried to manage the AVD session host with Configuration Manager. So all my AVD enrollment experience is with MEM Intune. I see this as a journey because AVD and MEM integration are improving quickly.
What is Enrollment Experience? AVD End-User Experience Journey with Intune Management
The enrollment experience mainly depends on the group policy configuration that you select. The end-user enrollment experience is when the end-user logins to the session host for the first time, how much time it will take to complete the enrollment process.
The enrollment process includes three stages, and all these three stages are important for Azure Virtual Desktop End-User Experience Journey with Intune Management.
- Intune Registration of session host using MDM Group policy.
- Device-based applications and policies deployment.
- User-based applications and policies deployment.
2019 – 100 Minutes – AVD Enrollment Experience
In 2019, the enrollment experience with modern management used to take 100+ minutes. The only working configuration of the MDM enrollment group policy was based on user credentials. So the Intune enrollment/registration of session host starts only after the user first login.
The following section of the post helps to improve the Azure Virtual Desktop End-User Experience Journey with Intune Management.
- Intune registration starts only after the user’s first login. Hence no pre-provisioning of apps/policies.
- All the application and policy deployment starts only after users the first login.
- Intune Win32 application deployment using Intune Management Extension(IME) took more than 60 minutes to start. This is because IME policy refresh/sync starts only after 60 minutes of Intune enrollment.
2020 – 40 Minutes – AVD Enrollment Experience
In 2020, the AVD enrollment experience with modern management used to take 40+ minutes. The easy way to improve the enrollment experience was to work on IME. As you can see in the above section, the IME service waited to reinitiate/sync the policies for the first 60 minutes.
The way to work around the above issue was to create an MSI application to restart the Intune Management Extension service. So we were able to save 60 minutes in the enrollment process.
More enhancements in Azure Virtual Desktop End-User Experience Journey with Intune Management are explained below.
- Intune registration starts only after the user’s first login. Hence no pre-provisioning of apps/policies.
- All the application and policy deployment starts only after users the first login.
- Intune Win32 application deployment using Intune Management Extension(IME) starts immediately after the restart of IME service, as mentioned above.
Under 10 Minutes – AVD Enrollment Experience
Now, you can use the Device credentials option from the MDM Group policy. This helps to pre-provision Intune enrollment, application, and policy deployments before users log in. The application and policy deployment pre-provision happens only when you deploy apps and policies to Azure AD device groups.
Because of the session host pre-provision option as explained above, we could reduce end-to-end AVD enrollment time significantly. The end-to-end enrollment experience is also improved considerably.
NOTE! – With the device credentials option, you can produce an Autopilot/whiteglove experience with the enrollment status page in the future for Azure Virtual Desktop session host (single session).
- Intune registration starts before the user’s first login.
- Device-based application and policy deployment happens before the user’s first login.
- User-based application and policy deployment happens only after the user first login.
Download Presentation
You can download the presentation from GitHub.
Resources
- MUGG MEM-AVD Bootcamp – Session Recording.
- Using Azure Virtual Desktop with Intune https://docs.microsoft.com/en-us/mem/intune/fundamentals/azure-virtual-desktop
- AVD Management with Intune | Azure Virtual Desktop | AVD | Windows Virtual Desktop
Author
Anoop C Nair is Microsoft MVP! He is a Device Management Admin with more than 20 years of experience (calculation done in 2021) in IT. He is Blogger, Speaker, and Local User Group HTMD Community leader. His main focus is on Device Management technologies like SCCM 2012, Current Branch, and Intune. He writes about ConfigMgr, Windows 11, Windows 10, Azure AD, Microsoft Intune, Windows 365, AVD, etc.
Hi Anoop,
Thanks for the nice article. Got lot of information. I am facing issue with AVD Host pool creation issue, the deployments are failing when I select Intune enrolment. The error message states ” the AAD domain join has failed”. I am using a free Azure subscription and followed all the prerequisites you mentioned, Am i missing anything here in terms of Intune license or any other? Please suggest.
-Sandeep
I think this should be because of Domain Join account privileges or connectivity issues. You can have a quick look at the VM to check the details of the error.
Hi Anoop. Two questions
#1 is universal Print supported on AVD.
#2 with respect to local printers on an intune managed workstation what policy settings impact the ability to configure a local printer. I don’t see any but am unable to add a local printer I’d like to know how to enable and disable that ability for a user.