Create a host pool in Azure Virtual Desktop
This article shows you how to create a host pool by using the Azure portal, Azure CLI, or Azure PowerShell. When using the Azure portal, you can optionally create session hosts, a workspace, register the default desktop application group from this host pool, and enable diagnostics settings in the same process, but you can also do this separately.
For more information on the terminology used in this article, see Azure Virtual Desktop terminology.
You can create host pools in the following Azure regions:
- Australia East
- Canada Central
- Canada East
- Central India
- Central US
- East US
- East US 2
- Japan East
- North Central US
- North Europe
- South Central US
- UK South
- UK West
- West Central US
- West Europe
- West US
- West US 2
- West US 3
This list refers to the list of regions where the metadata for the host pool will be stored. Session hosts added to a host pool can be located in any Azure region, and on-premises when using Azure Virtual Desktop on Azure Stack HCI.
Review the Prerequisites for Azure Virtual Desktop for a general idea of what's required, such as operating systems, virtual networks, and identity providers. Select the relevant tab for your scenario.
In addition, you'll need:
The Azure account you use must have the following built-in role-based access control (RBAC) roles as a minimum on a resource group or subscription to create the following resource types. If you want to assign the roles to a resource group, you'll need to create this first.
Resource type RBAC role(s) Host pool Desktop Virtualization Host Pool Contributor
Desktop Virtualization Application Group Contributor
Workspace Desktop Virtualization Workspace Contributor Application group Desktop Virtualization Application Group Contributor Session hosts Virtual Machine Contributor
Alternatively you can assign the Contributor RBAC role to create all of these resource types.
Don't disable Windows Remote Management (WinRM) when creating session hosts using the Azure portal, as it's required by PowerShell DSC.
Create a host pool
To create a host pool, select the relevant tab for your scenario and follow the steps.
Here's how to create a host pool using the Azure portal.
Sign in to the Azure portal.
In the search bar, type Azure Virtual Desktop and select the matching service entry.
Select Host pools, then select Create.
On the Basics tab, complete the following information:
Parameter Value/Description Subscription Select the subscription you want to create the host pool in from the drop-down list. Resource group Select an existing resource group or select Create new and enter a name. Host pool name Enter a name for the host pool, for example hostpool01. Location Select the Azure region where your host pool will be deployed. Validation environment Select Yes to create a host pool that is used as a validation environment.
Select No (default) to create a host pool that isn't used as a validation environment.
Preferred app group type Select the preferred application group type for this host pool from Desktop or Remote App. Host pool type Select whether your host pool will be Personal or Pooled.
If you select Personal, a new option will appear for Assignment type. Select either Automatic or Direct.
If you select Pooled, two new options will appear for Load balancing algorithm and Max session limit.
- For Load balancing algorithm, choose either breadth-first or depth-first, based on your usage pattern.
- For Max session limit, enter the maximum number of users you want load-balanced to a single session host.
Once you've completed this tab, you can continue to optionally create session hosts, a workspace, register the default desktop application group from this host pool, and enable diagnostics settings. Alternatively, if you want to create and configure these separately, select Next: Review + create and go to step 9.
Optional: If you want to add session hosts in this process, on the Virtual machines tab, complete the following information:
Parameter Value/Description Add Azure virtual machines Select Yes. This shows several new options. Resource group This automatically defaults to the resource group you chose your host pool to be in on the Basics tab, but you can also select an alternative. Name prefix Enter a name for your session hosts, for example aad-hp01-sh.
This will be used as the prefix for your session host VMs. Each session host has a suffix of a hyphen and then a sequential number added to the end, for example aad-hp01-sh-0.
This name prefix can be a maximum of 11 characters and is used in the computer name in the operating system. The prefix and the suffix combined can be a maximum of 15 characters. Session host names must be unique.
Virtual machine location Select the Azure region where your session host VMs will be deployed. This must be the same region that your virtual network is in. Availability options Select from availability zones, availability set, or No infrastructure dependency required. If you select availability zones or availability set, complete the extra parameters that appear. Security type Select from Standard, Trusted launch virtual machines, or Confidential virtual machines. Image Select the OS image you want to use from the list, or select See all images to see more, including any images you've created and stored as an Azure Compute Gallery shared image or a managed image. Virtual machine size Select a SKU. If you want to use different SKU, select Change size, then select from the list. Number of VMs Enter the number of virtual machines you want to deploy. You can deploy up to 400 session host VMs at this point if you wish (depending on your subscription quota), or you can add more later.
For more information, see Azure Virtual Desktop service limits and Virtual Machines limits.
OS disk type Select the disk type to use for your session hosts. We recommend only Premium SSD is used for production workloads. Boot Diagnostics Select whether you want to enable boot diagnostics. Network and security Virtual network Select your virtual network. An option to select a subnet will appear. Subnet Select a subnet from your virtual network. Network security group Select whether you want to use a network security group (NSG).
- None won't create a new NSG.
- Basic will create a new NSG for the VM NIC.
- Advanced enables you to select an existing NSG.
We recommend that you don't create an NSG here, but create an NSG on the subnet instead.
Public inbound ports You can select a port to allow from the list. Azure Virtual Desktop doesn't require public inbound ports, so we recommend you select No. Domain to join Select which directory you would like to join Select from Azure Active Directory or Active Directory and complete the relevant parameters for the option you select. Virtual Machine Administrator account Username Enter a name to use as the local administrator account for the new session host VMs. Password Enter a password for the local administrator account. Confirm password Re-enter the password. Custom configuration ARM template file URL If you want to use an extra ARM template during deployment you can enter the URL here. ARM template parameter file URL Enter the URL to the parameters file for the ARM template.
Once you've completed this tab, select Next: Workspace.
Optional: If you want to create a workspace and register the default desktop application group from this host pool in this process, on the Workspace tab, complete the following information:
Parameter Value/Description Register desktop app group Select Yes. This registers the default desktop application group to the selected workspace. To this workspace Select an existing workspace from the list, or select Create new and enter a name, for example aad-ws01.
Once you've completed this tab, select Next: Advanced.
Optional: If you want to enable diagnostics settings in this process, on the Advanced tab, complete the following information:
Parameter Value/Description Enable diagnostics settings Check the box. Choosing destination details to send logs to Select one of the following:
- Send to Log Analytics workspace
- Archive to storage account
- Stream to an event hub
Once you've completed this tab, select Next: Tags.
Optional: On the Tags tab, you can enter any name/value pairs you need, then select Next: Review + create.
On the Review + create tab, ensure validation passes and review the information that will be used during deployment.
Select Create to create the host pool.
Once the host pool has been created, select Go to resource to go to the overview of your new host pool, then select Properties to view its properties.
Optional: Post deployment
If you also added session hosts to your host pool, there's some extra configuration you may need to do, which is covered in the following sections.
To ensure your session hosts have licenses applied correctly, you'll need to do the following tasks:
If you have the correct licenses to run Azure Virtual Desktop workloads, you can apply a Windows or Windows Server license to your session hosts as part of Azure Virtual Desktop and run them without paying for a separate license. This is automatically applied when creating session hosts with the Azure Virtual Desktop service, but you may have to apply the license separately if you create session hosts outside of Azure Virtual Desktop. For more information, see Apply a Windows license to session host virtual machines.
If your session hosts are running a Windows Server OS, you'll also need to issue them a Remote Desktop Services (RDS) Client Access License (CAL) from a Remote Desktop Licensing Server. For more information, see License your RDS deployment with client access licenses (CALs).
Azure AD-joined session hosts
If your users are going to connect to session hosts joined to Azure Active Directory, you'll need to do the following tasks:
If your users are going to connect to session hosts joined to Azure Active Directory, you must assign them the Virtual Machine User Login or Virtual Machine Administrator Login RBAC role either on each virtual machine, the resource group containing the virtual machines, or the subscription. We recommend you assign the Virtual Machine User Login RBAC role on the resource group containing your session hosts to the same user group as you assign to the application group. For more information, see Log in to a Windows virtual machine in Azure by using Azure AD.
For users connecting from Windows devices that aren't joined to Azure AD or non-Windows devices, add the custom RDP property
targetisaadjoined:i:1to the host pool's RDP properties. These connections are restricted to entering user name and password credentials when signing in to a session host. For more information, see Customize RDP properties for a host pool.
For more information about using session hosts joined to Azure AD, see Azure AD-joined session hosts.
If you didn't complete the optional sections when creating a host pool, you'll still need to do the following tasks separately:
Submit and view feedback for