Author: rzomerman

B2B USERS & INTERNAL APPS – MIM deployment

In many of my previous posts I talked about B2B users being replicated to your own AD for guest users to be able to login to your backend (Kerberos) applications. This adding of guest users to your AD can be done using my PowerShell script, the MIM guide from Microsoft – although it seems to […]

Read more

F5 – AAD – HEADER BASED – EXTERNAL ATTRIBUTES

In earlier posts I talked about my favorite authentication protocol ‘Kerberos’, but obviously there are many more authentication protocols such as HEADER based authentication. While we won’t be sending the password of users straight to the backend webserver we can send additional information. Azure AD App Proxy in combination with Ping Access can already do […]

Read more

F5 – AAD – VPN with MFA

In earlier posts I talked about using F5 as a reverse proxy to Kerberos based resources using Azure AD authentication. This post takes it a step further. Creating an SSL VPN based on Azure AD identities with Conditional Access (if needed). So, the architecture: As you might have seen, there is no Active directory in […]

Read more

Windows Virtual Desktop – Tips and Tricks – Publishing RDP

When you have your pool up and running, you might want to do some special stuff. For example, you might want to enable Mic + WebCam redirection: Set-RdsHostPool -TenantName <tenantName> -Name <hostpoolName> -CustomRdpProperty “audiocapturemode:i:1;camerastoredirect:s:*;” And there are a lot more options you can enable / disable check: https://docs.microsoft.com/en-gb/windows-server/remote/remote-desktop-services/clients/rdp-files?context=/azure/virtual-desktop/context/context For example, disabling Copy/Paste and Printers, so […]

Read more

Windows Virtual Desktop – Firewalls

When you deploy a new Pool, the VM’s in that pool will need access to some URLs and internal IP’s for the deployment to complete. First, the VM’s will be joined to your domain, meaning they will need the standard ports open to the domain controllers and DNS servers. Secondly, an agent is deployed that […]

Read more

Windows Virtual Desktop – SSO

One the of most annoying things is passwords. And as you might know, Microsoft is on a quest to remove them: which includes you users access to WVD. But unfortunately this is only possible in certain architectures where you have your users authenticate to AAD using ADFS, have a backend (Windows 2008 or higher) PKI […]

Read more

Windows Virtual Desktop – Expanding and renewing

Once you have your running WVD environment based on a template, you might run into the issue where you either need to expand your pool, or you need to update the running VM’s with new software based on a new or improved template. We’ve already discussed how to bring back your pre-Sysprepped image so you […]

Read more

Windows Virtual Desktop – AutoDeploy FSLogix

When you want to use the default images without too much alterations (because you only need to publish simple applications or just a desktop/browser/etc), you still might want to use the FSLogix profile manager. This post describes the installation of the agent in an automated way so quick deployment of marketplace images is now possible. […]

Read more

Windows VIRTUAL DESKTOP – OVERVIEW

I’ve written a few posts already on WVD. This post is to make sure that all of them are in a single overview for you to view, and to give you a short description of which article you need: If you are new to WVD and you would like to deploy it in a simple […]

Read more

Windows Virtual Desktop – Profile Management with Azure files & FSLogix

When we deployed our WVD VM’s, these VM’s are basically Windows 10 VM’s that allow multiple users to login. When users login to pooled VM’s they can be redirected to any of the available VM’s in a pool, and ideally we want to ensure that the users’ profile is the same on all of those. […]

Read more