Tutorial: Create a host pool in Azure Virtual Desktop (classic)
Important
This content applies to Azure Virtual Desktop (classic), which doesn't support Azure Resource Manager Azure Virtual Desktop objects. If you're trying to manage Azure Resource Manager Azure Virtual Desktop objects, see this article.
In this tutorial, you'll learn how to create a host pool within an Azure Virtual Desktop tenant by using a Microsoft Azure Marketplace offering.
Host pools are a collection of one or more identical virtual machines within Azure Virtual Desktop tenant environments. Each host pool can contain an application group that users can interact with as they would on a physical desktop.
The tasks in this tutorial include:
- Create a host pool in Azure Virtual Desktop.
- Create a resource group with VMs in an Azure subscription.
- Join the VMs to the Active Directory domain.
- Register the VMs with Azure Virtual Desktop.
Prerequisites
- A tenant in Virtual Desktop. A previous tutorial creates a tenant.
- Azure Virtual Desktop PowerShell module.
Once you have this module, run the following cmdlet to sign in to your account:
Add-RdsAccount -DeploymentUrl "https://rdbroker.wvd.microsoft.com"
Sign in to Azure
Sign in to the Azure portal.
Run the Azure Marketplace offering to provision a new host pool
To run the Azure Marketplace offering to provision a new host pool:
- On the Azure portal menu or from the Home page, select Create a resource.
- Enter Azure Virtual Desktop in the Marketplace search window.
- Select Azure Virtual Desktop - Provision a host pool, and then select Create.
After that, follow the instructions in the next section to enter the information for the appropriate tabs.
Basics
Here's what you do for the Basics tab:
Select a Subscription.
For Resource group, select Create new and provide a name for the new resource group.
Select a Region.
Enter a name for the host pool that's unique within the Azure Virtual Desktop tenant.
Select Desktop type. If you select Personal, each user that connects to this host pool is permanently assigned to a virtual machine.
Enter users who can sign in to the Azure Virtual Desktop clients and access a desktop. Use a comma-separated list. For example, if you want to assign
user1@contoso.com
anduser2@contoso.com
access, enteruser1@contoso.com,user2@contoso.com
For Service metadata location, select the same location as the virtual network that has connectivity to the Active Directory server.
Important
If you're using a pure Microsoft Entra Domain Services and Microsoft Entra solution, make sure to deploy your host pool in the same region as your Microsoft Entra Domain Services to avoid domain-join and credential errors.
Select Next: Configure virtual machines.
Configure virtual machines
For the Configure virtual machines tab:
Either accept the defaults or customize the number and size of the virtual machines.
Note
If the specific virtual machine size you're looking for doesn't appear in the size selector, that's because we haven't onboarded it to the Azure Marketplace tool yet.
Enter a prefix for the names of the virtual machines. For example, if you enter prefix, the virtual machines will be called prefix-0, prefix-1, and so on.
Select Next: Virtual machine settings.
Virtual machine settings
For the Virtual machine settings tab:
For Image source, select the source and enter the appropriate information for how to find it and how to store it. Your options differ for Blob storage, Managed image, and Gallery.
If you choose not to use managed disks, select the storage account that contains the .vhd file.
Enter the user principal name and password. This account must be the domain account that will join the virtual machines to the Active Directory domain. This same username and password will be created on the virtual machines as a local account. You can reset these local accounts later.
Note
If you're joining your virtual machines to a Microsoft Entra Domain Services environment, ensure that your domain join user is a member of the AAD DC Administrators group.
The account must also be part of the Microsoft Entra Domain Services managed domain or Microsoft Entra tenant. Accounts from external directories associated with your Microsoft Entra tenant can't correctly authenticate during the domain-join process.
Select the Virtual network that has connectivity to the Active Directory server, and then choose a subnet to host the virtual machines.
Select Next: Azure Virtual Desktop information.
Azure Virtual Desktop tenant information
For the Azure Virtual Desktop tenant information tab:
For Azure Virtual Desktop tenant group name, enter the name for the tenant group that contains your tenant. Leave it as the default unless you were provided a specific tenant group name.
For Azure Virtual Desktop tenant name, enter the name of the tenant where you'll be creating this host pool.
Specify the type of credentials that you want to use to authenticate as the Azure Virtual Desktop tenant RDS Owner. Enter the UPN or Service principal and a password.
If you completed the Create service principals and role assignments with PowerShell tutorial, select Service principal.
For Service principal, for Microsoft Entra tenant ID, enter the tenant admin account for the Microsoft Entra instance that contains the service principal. Only service principals with a password credential are supported.
Select Next: Review + create.
Complete setup and create the virtual machine
In Review and Create, review the setup information. If you need to change something, go back and make changes. When you're ready, select Create to deploy your host pool.
Depending on how many virtual machines you're creating, this process can take 30 minutes or more to complete.
Important
To help secure your Azure Virtual Desktop environment in Azure, we recommend you don't open inbound port 3389 on your virtual machines. Azure Virtual Desktop doesn't require an open inbound port 3389 for users to access the host pool's virtual machines.
If you must open port 3389 for troubleshooting purposes, we recommend you use just-in-time access. For more information, see Secure your management ports with just-in-time access.
(Optional) Assign additional users to the desktop application group
After Azure Marketplace finishes creating the pool, you can assign more users to the desktop application group. If you don't want to add more, skip this section.
To assign users to the desktop application group:
Open a PowerShell window.
Run the following command to sign in to the Azure Virtual Desktop environment:
Add-RdsAccount -DeploymentUrl "https://rdbroker.wvd.microsoft.com"
Add users to the desktop application group by using this command:
Add-RdsAppGroupUser <tenantname> <hostpoolname> "Desktop Application Group" -UserPrincipalName <userupn>
The user's UPN should match the user's identity in Microsoft Entra ID, for example, user1@contoso.com. If you want to add multiple users, run the command for each user.
Users you add to the desktop application group can sign in to Azure Virtual Desktop with supported Remote Desktop clients and see a resource for a session desktop.
Here are the current supported clients:
Next steps
You've made a host pool and assigned users to access its desktop. You can populate your host pool with RemoteApp programs. To learn more about how to manage apps in Azure Virtual Desktop, see this tutorial: