Workspace 365 with Azure Virtual Desktop

Table of Contents

 

About Azure Virtual Desktop (AVD)

In this article we describe how you can use Azure Virtual Desktop, previously known as Windows Virtual Desktop, directly from Workspace 365. We created a direct integration with AVD and Workspace 365, this means that you can start AVD apps directly from your digital workplace.

When clicking on the AVD app from your Workspace, a .rdp(w) file will be downloaded. You can open this file to get started with your AVD application. Remember, it is a setting in your browser to open these files automatically.

If using the local AVD client is not a possibility, you can also use the browser version of Azure Virtual Desktop. This does not use our AVD integration, but can be configured by creating a Shortcut app with the AVD web URL.

 

Configuration

Step 1. Grant API permissions

You'll need to add an additional oAuth2 permission to the Workspace 365 Single Sign-On application in Microsoft Entra ID (previously called Azure AD). You can do this by following these steps:

  1. Go to Azure with the admin account.
  2. Go to Microsoft Entra ID.
  3. Go to App Registrations.
  4. Select the Workspace 365 Single Sign-On app.
  5. Go to API Permissions.
  6. Click Add a permission.
  7. Select API's my organization uses.

    mceclip1.png

  8. Search for Azure Virtual Desktop.
  9. Select the API -> Delegated permissions.
  10. Add one of the following API permissions (depends on what is available to you):
    • User_impersonation (Spring 2019 version)
    • User.Access (ARM 2020 version)
    • Click here for more detailed information.
  11. Click Add permissions.
  12. When that's done click the Grant admin consent for ****

When the API permission is added, you can continue with step 2 and add the AVD app(s) to the Workspace 365 environment.

Don't forget to grant admin consent for the correct API permission in Microsoft Entra ID. Otherwise you won't have sufficient permissions to open the AVD app in Workspace.

Back to top

 

Step 2. Configure AVD in Workspace 365

  1. Go to the App store (or click on "+ Add tiles").
  2. Make sure Manage apps is selected.
  3. Click on Add new app
  4. Select Azure Virtual Desktop.
  5. Click on Add.

    ExampleApp.png

  6. Fill in the following information, all fields are mandatory:
    • App name: this is the name how the app is represented in the Workspace.
    • Azure Virtual Desktop version: select which version you use.
    • Azure Virtual Desktop app name: fill in the Display name of the app as shown in Azure.
      • Important: make sure to remove any spaces before or after the app name.
    • Select the Remote Desktop Client you want to use
      Do not use the remote desktop client from the Microsoft Store, this will not work
    • We recommend .rdpw (newest client). It will detect if the WVD app is rendered on a Mac or Windows device. You can download the client for Windows and Mac.
    • When choosing .rdpw, you can still opt-in for MacOS users to use the .rdp client using the checkbox that appears.
  7. Click Save.
  8. Add the app from the App store to your Workspace (either to a Personal or Shared group of your choice) and publish it to the desired users.

Be sure that the user is signed in into the new Microsoft Remote Client.

Back to top

Opening .rdpw file (application) from an external AVD

Option 1:

  1. Place the .rdpw file on a SharePoint site.
  2. Create a tile with a shortcut to the .rdpw file.
  3. For first time use, choose to open .rdpw files in Edge Chromium (this can be enforced using a policy to always open the remote client).
  4. Log in.


Option 2:

  1. Place the .rdpw file on a SharePoint site or network share. 
  2. In the instruction.xml file from the local app launcher, configure the location of the .rdpw file (according to the already existing manual, however the location differs).
  3. Add the app to the Workspace.
  4. For first time use, choose to open .rdpw files in Edge Chromium (this can be enforced using a policy to always open the remote client).
  5. Log in.

In order for this to work, the user needs access/permissions to the .rdpw location. 

Back to top

 

Microsoft Remote Desktop Client with .rdp (old client)

When opening an app from the Workspace 365 the client PC must be connected to the Azure Virtual Desktop environment. This can be done in two different ways.


Manual:

  1. Navigate to Control Panel\All Control Panel Items\RemoteApp and Desktop Connections.
  2. Then Click on the 'Access RemoteApp and desktops'.
  3. Add the following Azure Virtual Desktop Feed: URL: https://rdweb.wvd.microsoft.com/api/feeddiscovery/webfeeddiscovery.aspx
  4. Click 'Next'.
  5. Sign in with the account which has access to the AVD environment.


Automating the feed via GPO:

  1. Open the Group Policy Management Editor on the domain controller.
  2. Create a new GPO.
  3. Go to User Configuration -> Policies -> Administrative Templates -> Windows Components -> Remote Desktop Services -> RemoteApp and Desktop Connections.
  4. Double click the Specify default connection URL key and enable it.
  5. Enter the feed URL in the Default 'Connection URL' field.
  6. Click OK.
  7. Roll out your new GPO to your domain.

After configuring the GPO "Specify default connection URL", the first time use the user needs to fill in their AVD credentials. Then, they can check the "Remember me" option and users are able to open the application directly from the Workspace 365

Back to top