Hi ,
Welcome to the Support Portal. How can we help?
Follow

Workspace 365 with Azure Virtual Desktop

Quick reference:
Settings -> App store

Table of Contents

 

Overview

In this article we describe how you can use Azure Virtual Desktop (AVD), previously known as Windows Virtual Desktop, directly from Workspace 365. We created a direct integration with AVD and Workspace 365, this means that you can start AVD apps directly from your Workspace 365.

When clicking on the AVD app from your Workspace, a .rdp(w) file will be downloaded. You can open this file to get started with your AVD application. Remember, it is a setting in your browser to open these files automatically.

Problem with opening the .rdpw file directly? A previous version of the Remote desktop Client (RemoteDesktop_1.2.1186.0_x64) had some issues with opening the .rdpw file directly. The app was not launched as expected. Microsoft looked into this problem and it seems the issue has been resolved from the update (1.2.1755) of the client (for more information, click here).

 

Configuration

You'll need to add an additional oAuth2 permission to the Workspace 365 Single sign-on application, you can do this by following these steps:

  1. Go to https://aad.portal.azure.com with the admin account.
  2. Go to Active Directory.
  3. Go to App Registrations.
  4. Select the Workspace 365 Single Sign-On app.
  5. Go to API Permissions.
  6. Click Add a permission.
  7. Select API's my organization uses.

    mceclip1.png

  8. Search for Azure Virtual Desktop.
  9. Select the API -> Delegated permissions.
  10. Add one of the following API permissions (depends on what is available to you):
    • User_impersonation (Spring 2019 version)
    • User.Access (ARM 2020 version)
      (Click here for more detailed information)
  11. Click Add permissions.
  12. When that's done click the Grant admin consent for ****

When the API permission is added, you can add the Azure Virtual Desktop app(s) to the Workspace 365 environment. 

Be aware to grant admin consent for the correct API permission in Azure. Otherwise you won't have sufficient permissions to open the AVD app in Workspace.

 

Activate the app

  1. Go to the App store (or click on "+ Add tiles").
  2. Make sure Manage apps is selected.

    manage_apps.PNG

  3. Click on Add new app and select Azure Virtual Desktop. Click on Add.

    AVD.PNG

    AVD2.PNG

  4. Fill in the following information:
    • App name; this is the name how the app is represented in the Workspace.
    • AzureVirtual Desktop version; select which version you use.
    • Azure Virtual Desktop app name; this should be the exact name like the app name in Azure Virtual Desktop.
    • Select the Microsoft remote desktop client; we recommend .rdpw (newest client), which can be downloaden here. It will detect when the WVD app in rendered on a Mac or Windows device. When choosing .rdpw, you can still opt-in for MacOS users to use the .rdp client.
    • Click Save to add the app to Workspace and publish it to the desired users.
  5. Once everything has been filled in correctly, the app can be added from the App store to your Workspace (either to a Personal or Shared group of your choice). 

    add_to_workspace.PNG

TIP: Be sure that the user is singed in in the new Microsoft Remote Client.

Back to top

AVD and MFA

It's possible to configure MFA for AVD. This can be done via a Conditional Access policy in Azure. Under Cloud apps or actions, include the following apps:

  • Workspace SSO App registration
  • AVD app

You can always exclude certain apps from this Conditional Access policy, or assign specific users or groups to the policy. 

CA_azure_MFA.PNG

Under 'Conditions', select Client apps. Make sure 'Browser' and 'Mobile apps and desktop clients' are selected and click Done

client_apps.PNG

 Under Grant, select Require multi-factor authentication.

grant_MFA.PNG

You may configure the 'Sign-in frequency', this defines the time period before a user is asked to sign in again when attempting to access a resource. When you're done defining this policy, enable it by choosing 'On' and click Create

Back to top

 

Opening .rdpw file (application) from an external AVD

Option 1

  1. Place the .rdpw file on a SharePoint site.
  2. Create a tile with a shortcut to the .rdpw file.
  3. For first time use, choose to open .rdpw files in Edge Chromium (this can be enforced using a policy to always open the remote client).
  4. Log in.

Option 2

  1. Place the .rdpw file on a SharePoint site or network share. 
  2. In the instruction.xml file from the local app launcher, configure the location of the .rdpw file (according to the already existing manual, however the location differs).
  3. Add the app to the Workspace.
  4. For first time use, choose to open .rdpw files in Edge Chromium (this can be enforced using a policy to always open the remote client).
  5. Log in.

In order for this to work, the user needs access/permissions to the .rdpw location. 

Back to top

 

Microsoft Remote Desktop Client with .rdp (old client)

When opening an app from the Workspace 365 the client PC must be connected to the Azure Virtual Desktop environment. 

This can be done in two different ways:

Manual

  1. Navigate to:
    1. Control Panel\All Control Panel Items\RemoteApp and Desktop Connections. Then Click on the Access RemoteApp and desktops.
  2. Add the following Azure Virtual Desktop Feed: URL: https://rdweb.wvd.microsoft.com/api/feeddiscovery/webfeeddiscovery.aspx
  3. Click Next and sign in with the account which has access to the Azure Virtual Desktop environment.


Automating the feed via GPO

  1. Open the Group Policy Management Editor on the domain controller and create a new GPO.
  2. Go to User Configuration -> Policies -> Administrative Templates -> Windows Components -> Remote Desktop Services -> RemoteApp and Desktop Connections.
  3. Double click the Specify default connection URL key and enable it. Enter the feed URL in the Default Connection URL field.
  4. Click OK.
  5. Roll out your new GPO to your domain.

After configuring the GPO "Specify default connection URL", the first time use the user needs to fill in their Azure Virtual Desktop credentials. Then, they can check the "Remember me" option and users are able to open the application directly from the Workspace 365

Back to top