Edit

Create Azure Virtual Desktop workloads

When you create an Admin VM in your enclave all resources and hosts within your enclave are reachable through the Admin VM.

For certain enclave owners, the default access pattern surrounding the Admin VM might not satisfy your requirements for various reasons. For example, enclave owners might have requirements that disallow the Azure Bastion service.

Currently, Azure Bastion is the Azure service for secure remote connections using private IP addresses. This is expected behavior for Azure Enclave. However, should enclave owners require an alternative connection method, they can manually deploy a set of Virtual Machines (called Session Hosts in Azure Virtual Desktop) to access your Enclave. This can be done using native Azure cloud networking resources and Azure Enclave.

Prerequisites

Create a community and Enclave.

Create Azure Virtual Desktop through Azure portal into an Azure Enclave workload

  1. Create a workload with any specified name (for example, wl-avd-mgmt-pool).
  2. Deploy Azure Virtual Desktop resources to the workload resource group (for example, wl-avd-mgmt-pool).
  3. Create community endpoint for necessary URL networking information.
  4. Create enclave endpoint for necessary IP/CIDR/port/protocol rule networking information.
  5. Create the enclave connection so that you can access the Azure Virtual Desktop service in Azure from specified enclaves.

References