Does Azure Virtual Desktop App Streaming support serving independent users with no organizational affiliation?

Andrew Vardeman 1 Reputation point
2022-11-16T20:11:00.25+00:00

I've just gone through the setup of Azure Virtual Desktop Remote App Streaming using a free Azure trial, and from what I've seen it is geared toward serving one organization per Azure subscription/Azure Active Directory tenant.

My company has a desktop application that it would like to make available via something like App Streaming to individual customers (farmers) who have no shared organizational affiliation. We imagined that we could somehow "put [our app] in the cloud" and perhaps do some minimal user management, charging individual customers a monthly fee for access.

The setup I ended up doing was Active Directory-heavy, joining VMs to domains to create hybrid identities between AAD and AAD DS, and Microsoft's recommendation seems to be that companies go through this sort of setup for each customer "organization." As most of our customers are their own "organization," this model is cost prohibitive, not to mention labor intensive.

Am I missing something? Is there a (reasonable, secure) way, with Azure Virtual Desktop, to just "put an app in the cloud" once for all your individual customers and scale to potentially hundreds or thousands of users with the same host pool and cloud-hosted profiles? Or is this just not what App Streaming is made for?

Azure Virtual Desktop
Azure Virtual Desktop
A Microsoft desktop and app virtualization service that runs on Azure. Previously known as Windows Virtual Desktop.
1,449 questions
0 comments No comments
{count} votes

3 answers

Sort by: Most helpful
  1. Michael Durkan 12,196 Reputation points MVP
    2022-11-18T19:01:43.383+00:00

    Hi Andrew

    from looking at the description you've given, I'm going to assume that the App you are trying to provide to your customer base is currently hosted in an On-Premises environment. I'm also going to assume that its hosted on AD-joined servers and is dependent on AD DS for authentication.

    The question I have is about the App itself and its structure? Is it an off-the-shelf that was supplied by a vendor or did you develop it in-house. What code is it written in, and could it move to the like of a scalable Azure App Service?

    Then you have the data side of the app - is its data hosted in a database? Could it move to a SQL Managed Instance in Azure, or alternatively Cosmos? With that, you suddenly open options of having a secure Web-based frontend and a tiered app that has more security around it (I'm not questioning your security here btw).

    You are correct in saying that Azure AD is geared towards a single organization. You can set up Azure B2C partnerships, but you seem to have a large amount of customers to handle. With the App Service approach I've mentioned, you can use different identity providers for your App, and are not just tied to Azure AD:

    https://learn.microsoft.com/en-us/azure/app-service/overview-authentication-authorization

    With the AVD model, its more designed for orgs who have some external users, not the multiple you are trying to facilitate. The issue you will have with this is that external users need to have a license for VDA Usage rights as this is not included for external users as part of AVD:

    https://learn.microsoft.com/en-us/azure/virtual-desktop/remote-app-streaming/licensing#comparing-licensing-options

    I'm not sure if this is of any help, but its an alternative way of how to approach this. I would advise talking to an Azure Specialist Partner for options on this.

    Hope this helps,

    Thanks

    Michael Durkan

    • If the reply was helpful please upvote and/or accept as answer as this helps others in the community with similar questions. Thanks!
    0 comments No comments

  2. Andrew Vardeman 1 Reputation point
    2022-11-18T19:20:26.277+00:00

    @Michael Durkan , thanks for your response.

    The application is a C++ MFC Windows application developed over the last 20 years, and while we do have an Azure web application that exposes a tiny subset of its functionality, development of that webapp is comparatively slow, and it is not likely to catch up feature-wise for another decade or more. Our goal was to make the full power of the desktop app available today via some sort of app streaming service.

    The application stores its data on the filesystem primarily in the Access .mdb format and interacts with the database via Microsoft's Access Redistributable.

    0 comments No comments

  3. Michael Durkan 12,196 Reputation points MVP
    2022-11-18T19:30:37.483+00:00

    Hi Andrew

    no problem - the only other option I can think of would be something like Azure App Proxy, but you would need to utilize Azure AD for this and not sure re compatibility.

    https://learn.microsoft.com/en-us/azure/active-directory/app-proxy/application-proxy

    I understand the need for the App to remain in its current state - but as far as I'm aware (and I'm open to correction from other experts on these forums) these would be your best options for this.

    Thanks

    Michael

    • If the reply was helpful please upvote and/or accept as answer as this helps others in the community with similar questions. Thanks!
    0 comments No comments