Azure Virtual Desktop Azure landing zone review

Before you implement Azure Virtual Desktop, the environment needs an Azure landing zone capable of hosting desktops and any supporting workloads. The following checklist can help the team evaluate the landing zone for compatibility. Guidance in the Ready methodology of this framework can help the team build a compatible Azure landing zone, if one has not been provided.

Evaluate compatibility

• Resource organization plan: The landing zone should include references to the subscription or subscriptions to be used, guidance on resource group usage, and the tagging and naming standards to be used when the team deploys resources.
• Microsoft Entra ID: A Microsoft Entra instance or a Microsoft Entra tenant should be provided for end-user authentication. In addition, users must be synchronized from Active Directory Domain Services (AD DS) or Microsoft Entra Domain Services to Microsoft Entra ID.
• Network: Any required network configuration should be established in the landing zone prior to migration.
• VPN or ExpressRoute: Additionally, any landing zone that supports virtual desktops will need a network connection so that end users can connect to the landing zone and hosted assets. If an existing set of endpoints is configured for virtual desktops, end users can still be routed through those on-premises devices via a VPN or Azure ExpressRoute connection. If a connection doesn't already exist, you might want to review the guidance on configuring network connectivity options in the Ready methodology.
• Governance, users, and identity: For consistent enforcement, any requirements to govern access from virtual desktops and to govern users and their identities should be configured as Azure policies and applied to the landing zone.
• Security: The security team has reviewed the landing zone configurations and approved each landing zone for its intended use, including landing zones for the external connection and landing zones for any mission-critical applications or sensitive data.
• Azure Virtual Desktop: Azure Virtual Desktop platform as a service has been enabled.

Any landing zone that the team develops by using the best practices in the Ready methodology and that can meet the previously mentioned specialized requirements would qualify as a landing zone for this migration.

To understand how to architect Azure Virtual Desktop, review the Azure Virtual Desktop requirements.

Next steps

For guidance on specific elements of the cloud adoption journey, see:

• Review Azure Virtual Desktop landing zone accelerator design areas
• Complete an Azure Virtual Desktop proof of concept
• Assess for Azure Virtual Desktop migration or deployment
• Deploy or migrate Azure Virtual Desktop instances
• Release your Azure Virtual Desktop deployment to production