Use the quickstart to create a sample infrastructure
Artikkeli
You can quickly deploy Azure Virtual Desktop with the quickstart in the Azure portal. This can be used in smaller scenarios with a few users and apps, or you can use it to evaluate Azure Virtual Desktop in larger enterprise scenarios. It works with existing Active Directory Domain Services (AD DS) or Microsoft Entra Domain Services deployments, or it can deploy Microsoft Entra Domain Services for you. Once you've finished, a user will be able to sign in to a full virtual desktop session, consisting of one host pool (with one or more session hosts), one application group, and one user. To learn about the terminology used in Azure Virtual Desktop, see Azure Virtual Desktop terminology.
Joining session hosts to Microsoft Entra ID with the quickstart is not supported. If you want to join session hosts to Microsoft Entra ID, follow the tutorial to create a host pool.
Please review the Prerequisites for Azure Virtual Desktop to start for a general idea of what's required, however there are some differences when using the quickstart that you'll need to meet. Select a tab below to show instructions that are most relevant to your scenario.
Tip
If you don't already have other Azure resources, we recommend you select the New Microsoft Entra Domain Services tab. This scenario will deploy everything you need to be ready to connect to a full virtual desktop session. If you already have AD DS or Microsoft Entra Domain Services, select the relevant tab for your scenario instead.
No existing Microsoft Entra Domain Services domain deployed in your Azure tenant.
User names you choose must not include any keywords that the username guideline list doesn't allow, and you must use a unique user name that's not already in your Microsoft Entra subscription.
The user name for AD Domain join UPN should be a unique one that doesn't already exist in Microsoft Entra ID. The quickstart doesn't support using existing Microsoft Entra user names when also deploying Microsoft Entra Domain Services.
An AD DS domain controller deployed in Azure in the same subscription as the one you choose to use with the quickstart. Using multiple subscriptions isn't supported. Make sure you know the fully qualified domain name (FQDN).
Domain admin credentials for your existing AD DS domain
You must configure Microsoft Entra Connect on your subscription and make sure the Users container is syncing with Microsoft Entra ID. A security group called AVDValidationUsers will be created during deployment in the Users container by default. You can also pre-create the AVDValidationUsers security group in a different organization unit in your existing AD DS domain. You must make sure this group is then synchronized to Microsoft Entra ID.
A virtual network in the same Azure region you want to deploy Azure Virtual Desktop to. We recommend that you create a new virtual network for Azure Virtual Desktop and use virtual network peering to peer it with the virtual network for AD DS or Microsoft Entra Domain Services. You also need to make sure you can resolve your AD DS or Microsoft Entra Domain Services domain name from this new virtual network.
Internet access is required from your domain controller VM to download PowerShell DSC configuration from https://wvdportalstorageblob.blob.core.windows.net/galleryartifacts/.
Note
The PowerShell Desired State Configuration (DSC) extension will be added to your domain controller VM. A configuration will be added called AddADDSUser that contains PowerShell scripts to create the security group and test user, and to populate the security group with any users you choose to add during deployment.
Microsoft Entra Domain Services deployed in the same tenant and subscription. Peered subscriptions aren't supported. Make sure you know the fully qualified domain name (FQDN).
Your domain admin user needs to have the same UPN suffix in Microsoft Entra ID and Microsoft Entra Domain Services. This means your Microsoft Entra Domain Services name is the same as your .onmicrosoft.com tenant name or you've added the domain name used for Microsoft Entra Domain Services as a verified custom domain name to Microsoft Entra ID.
A Microsoft Entra account that is a member of AAD DC Administrators group in Microsoft Entra ID.
The forest type for Microsoft Entra Domain Services must be User.
A virtual network in the same Azure region you want to deploy Azure Virtual Desktop to. We recommend that you create a new virtual network for Azure Virtual Desktop and use virtual network peering to peer it with the virtual network or Microsoft Entra Domain Services. You also need to make sure you configure DNS servers to resolve your Microsoft Entra Domain Services domain name from this virtual network for Azure Virtual Desktop.
Important
The quickstart doesn't currently support accounts that use multi-factor authentication. It also does not support personal Microsoft accounts (MSA) or Microsoft Entra B2B collaboration users (either member or guest accounts).
In the search bar, type Azure Virtual Desktop and select the matching service entry.
Select Quickstart to open the landing page for the quickstart, then select Start.
On the Basics tab, complete the following information, then select Next: Virtual Machines >:
Parameter
Value/Description
Subscription
The subscription you want to use from the drop-down list.
Identity provider
No identity provider.
Identity service type
Microsoft Entra Domain Services.
Resource group
Enter a name. This will be used as the prefix for the resource groups that are deployed.
Location
The Azure region where your Azure Virtual Desktop resources will be deployed.
Azure admin user name
The user principal name (UPN) of the account with the global administrator Microsoft Entra role assigned on the Azure tenant and the owner role on the subscription that you selected.
Make sure this account meets the requirements noted in the prerequisites.
Azure admin password
The password for the Azure admin account.
Domain admin user name
The user principal name (UPN) for a new Microsoft Entra account that will be added to a new AAD DC Administrators group and used to manage your Microsoft Entra Domain Services domain. The UPN suffix will be used as the Microsoft Entra Domain Services domain name.
Make sure this user name meets the requirements noted in the prerequisites.
Domain admin password
The password for the domain admin account.
On the Virtual machines tab, complete the following information, then select Next: Assignments >:
Parameter
Value/Description
Users per virtual machine
Select Multiple users or One user at a time depending on whether you want users to share a session host or assign a session host to an individual user. Learn more about host pool types. Selecting Multiple users will also create an Azure Files storage account joined to the same Microsoft Entra Domain Services domain.
Image type
Select Gallery to choose from a predefined list, or storage blob to enter a URI to the image.
Image
If you chose Gallery for image type, select the operating system image you want to use from the drop-down list. You can also select See all images to choose an image from the Azure Compute Gallery.
If you chose Storage blob for image type, enter the URI of the image.
The name prefix for your session host(s). Each session host will have a hyphen and then a number added to the end, for example avd-sh-1. This name prefix can be a maximum of 11 characters and will also be used as the device name in the operating system.
Number of virtual machines
The number of session hosts you want to deploy at this time. You can add more later.
Link Azure template
Tick the box if you want to link a separate ARM template for custom configuration on your session host(s) during deployment. You can specify inline deployment script, desired state configuration, and custom script extension. Provisioning other Azure resources in the template isn't supported.
Untick the box if you don't want to link a separate ARM template during deployment.
ARM template file URL
The URL of the ARM template file you want to use. This could be stored in a storage account.
ARM template parameter file URL
The URL of the ARM template parameter file you want to use. This could be stored in a storage account.
On the Assignments tab, complete the following information, then select Next: Review + create >:
Parameter
Value/Description
Create test user account
Tick the box if you want a new user account created during deployment for testing purposes.
Test user name
The user principal name (UPN) of the test account you want to be created, for example testuser@contoso.com. This user will be created in your new Microsoft Entra tenant, synchronized to Microsoft Entra Domain Services, and made a member of the AVDValidationUsers security group that is also created during deployment. It must contain a valid UPN suffix for your domain that is also added as a verified custom domain name in Microsoft Entra ID.
Make sure this user name meets the requirements noted in the prerequisites.
Test password
The password to be used for the test account.
Confirm password
Confirmation of the password to be used for the test account.
On the Review + create tab, ensure validation passes and review the information that will be used during deployment.
Select Create.
Here's how to deploy Azure Virtual Desktop using the quickstart where you already have AD DS available:
In the search bar, type Azure Virtual Desktop and select the matching service entry.
Select Quickstart to open the landing page for the quickstart, then select Start.
On the Basics tab, complete the following information, then select Next: Virtual Machines >:
Parameter
Value/Description
Subscription
The subscription you want to use from the drop-down list.
Identity provider
Existing Active Directory.
Identity service type
Active Directory.
Resource group
Enter a name. This will be used as the prefix for the resource groups that are deployed.
Location
The Azure region where your Azure Virtual Desktop resources will be deployed.
Virtual network
The virtual network in the same Azure region you want to connect your Azure Virtual Desktop resources to. This must have connectivity to your AD DS domain controller in Azure and be able to resolve its FQDN.
Subnet
The subnet of the virtual network you want to connect your Azure Virtual Desktop resources to.
Azure admin user name
The user principal name (UPN) of the account with the global administrator Microsoft Entra role assigned on the Azure tenant and the owner role on the subscription that you selected.
Make sure this account meets the requirements noted in the prerequisites.
Azure admin password
The password for the Azure admin account.
Domain admin user name
The user principal name (UPN) of the domain admin account in your AD DS domain. The UPN suffix doesn't need to be added as a custom domain in Azure AD.
Make sure this account meets the requirements noted in the prerequisites.
Domain admin password
The password for the domain admin account.
On the Virtual machines tab, complete the following information, then select Next: Assignments >:
Parameter
Value/Description
Users per virtual machine
Select Multiple users or One user at a time depending on whether you want users to share a session host or assign a session host to an individual user. Learn more about host pool types. Selecting Multiple users will also create an Azure Files storage account joined to the same AD DS domain.
Image type
Select Gallery to choose from a predefined list, or storage blob to enter a URI to the image.
Image
If you chose Gallery for image type, select the operating system image you want to use from the drop-down list. You can also select See all images to choose an image from the Azure Compute Gallery.
If you chose Storage blob for image type, enter the URI of the image.
The name prefix for your session host(s). Each session host will have a hyphen and then a number added to the end, for example avd-sh-1. This name prefix can be a maximum of 11 characters and will also be used as the device name in the operating system.
Number of virtual machines
The number of session hosts you want to deploy at this time. You can add more later.
Specify domain or unit
Select Yes if:
The FQDN of your domain is different to the UPN suffix of the domain admin user in the previous step.
You want to create the computer account in a specific Organizational Unit (OU).
If you select Yes and you only want to specify an OU, you must enter a value for Domain to join, even if that is the same as the UPN suffix of the domain admin user in the previous step. Organizational Unit path is optional and if it's left empty, the computer account will be placed in the Users container.
Select No to use the suffix of the Active Directory domain join UPN as the FQDN. For example, the user vmjoiner@contoso.com has a UPN suffix of contoso.com. The computer account will be placed in the Users container.
Domain controller resource group
The resource group that contains your domain controller virtual machine from the drop-down list. The resource group must be in the same subscription you selected earlier.
Domain controller virtual machine
Your domain controller virtual machine from the drop-down list. This is required for creating or assigning the initial user and group.
Link Azure template
Tick the box if you want to link a separate ARM template for custom configuration on your session host(s) during deployment. You can specify inline deployment script, desired state configuration, and custom script extension. Provisioning other Azure resources in the template isn't supported.
Untick the box if you don't want to link a separate ARM template during deployment.
ARM template file URL
The URL of the ARM template file you want to use. This could be stored in a storage account.
ARM template parameter file URL
The URL of the ARM template parameter file you want to use. This could be stored in a storage account.
On the Assignments tab, complete the following information, then select Next: Review + create >:
Parameter
Value/Description
Create test user account
Tick the box if you want a new user account created during deployment for testing purposes.
Test user name
The user principal name (UPN) of the test account you want to be created, for example testuser@contoso.com. This user will be created in your AD DS domain, synchronized to Microsoft Entra ID, and made a member of the AVDValidationUsers security group that is also created during deployment. It must contain a valid UPN suffix for your domain that is also added as a verified custom domain name in Microsoft Entra ID.
Make sure this user name meets the requirements noted in the prerequisites.
Test password
The password to be used for the test account.
Confirm password
Confirmation of the password to be used for the test account.
Assign existing users or groups
You can select existing users or groups by ticking the box and selecting Add Microsoft Entra users or user groups. Select Microsoft Entra users or user groups, then select Select. These users and groups must be hybrid identities, which means the user account is synchronized between your AD DS domain and Microsoft Entra ID. Admin accounts aren’t able to sign in to the virtual desktop.
On the Review + create tab, ensure validation passes and review the information that will be used during deployment.
Select Create.
Here's how to deploy Azure Virtual Desktop using the quickstart where you already have Microsoft Entra Domain Services available:
In the search bar, type Azure Virtual Desktop and select the matching service entry.
Select Quickstart to open the landing page for the quickstart, then select Start.
On the Basics tab, complete the following information, then select Next: Virtual Machines >:
Parameter
Value/Description
Subscription
The subscription you want to use from the drop-down list.
Identity provider
Existing Active Directory.
Identity service type
Microsoft Entra Domain Services.
Resource group
Enter a name. This will be used as the prefix for the resource groups that are deployed.
Location
The Azure region where your Azure Virtual Desktop resources will be deployed.
Virtual network
The virtual network in the same Azure region you want to connect your Azure Virtual Desktop resources to. This must have connectivity to your Microsoft Entra Domain Services domain and be able to resolve its FQDN.
Subnet
The subnet of the virtual network you want to connect your Azure Virtual Desktop resources to.
Azure admin user name
The user principal name (UPN) of the account with the global administrator Microsoft Entra role assigned on the Azure tenant and the owner role on the subscription that you selected.
Make sure this account meets the requirements noted in the prerequisites.
Azure admin password
The password for the Azure admin account.
Domain admin user name
The user principal name (UPN) of the admin account to manage your Microsoft Entra Domain Services domain. The UPN suffix of the user in Microsoft Entra ID must match the Microsoft Entra Domain Services domain name.
Make sure this account meets the requirements noted in the prerequisites.
Domain admin password
The password for the domain admin account.
On the Virtual machines tab, complete the following information, then select Next: Assignments >:
Parameter
Value/Description
Users per virtual machine
Select Multiple users or One user at a time depending on whether you want users to share a session host or assign a session host to an individual user. Learn more about host pool types. Selecting Multiple users will also create an Azure Files storage account joined to the same Microsoft Entra Domain Services domain.
Image type
Select Gallery to choose from a predefined list, or storage blob to enter a URI to the image.
Image
If you chose Gallery for image type, select the operating system image you want to use from the drop-down list. You can also select See all images to choose an image from the Azure Compute Gallery.
If you chose Storage blob for image type, enter the URI of the image.
The name prefix for your session host(s). Each session host will have a hyphen and then a number added to the end, for example avd-sh-1. This name prefix can be a maximum of 11 characters and will also be used as the device name in the operating system.
Number of virtual machines
The number of session hosts you want to deploy at this time. You can add more later.
Link Azure template
Tick the box if you want to link a separate ARM template for custom configuration on your session host(s) during deployment. You can specify inline deployment script, desired state configuration, and custom script extension. Provisioning other Azure resources in the template isn't supported.
Untick the box if you don't want to link a separate ARM template during deployment.
ARM template file URL
The URL of the ARM template file you want to use. This could be stored in a storage account.
ARM template parameter file URL
The URL of the ARM template parameter file you want to use. This could be stored in a storage account.
On the Assignments tab, complete the following information, then select Next: Review + create >:
Parameter
Value/Description
Create test user account
Tick the box if you want a new user account created during deployment for testing purposes.
Test user name
The user principal name (UPN) of the test account you want to be created, for example testuser@contoso.com. This user will be created in your Microsoft Entra tenant, synchronized to Microsoft Entra Domain Services, and made a member of the AVDValidationUsers security group that is also created during deployment. It must contain a valid UPN suffix for your domain that is also added as a verified custom domain name in Microsoft Entra ID.
Make sure this user name meets the requirements noted in the prerequisites.
Test password
The password to be used for the test account.
Confirm password
Confirmation of the password to be used for the test account.
Assign existing users or groups
You can select existing users or groups by ticking the box and selecting Add Microsoft Entra users or user groups. Select Microsoft Entra users or user groups, then select Select. These users and groups must be in the synchronization scope configured for Microsoft Entra Domain Services. Admin accounts aren’t able to sign in to the virtual desktop.
On the Review + create tab, ensure validation passes and review the information that will be used during deployment.
Select Create.
Connect to the desktop
Once the deployment has completed successfully, if you created a test account or assigned an existing user during deployment, you can connect to it following the steps for one of the supported Remote Desktop clients. For example, you can follow the steps to Connect with the Windows Desktop client.
If you didn't create a test account or assigned an existing user during deployment, you'll need to add users to the AVDValidationUsers security group before you can connect.
Only created if Multiple users is selected for Users per virtual machine. This is a predefined name.
Host pool
EB-AVD-HP
your prefix-avd
This is a predefined name.
Application group
EB-AVD-HP-DAG
your prefix-avd
This is a predefined name.
Workspace
EB-AVD-WS
your prefix-avd
This is a predefined name.
Storage account
ebrandom string
your prefix-avd
This is a predefined name.
Virtual machine
your prefix-number
your prefix-avd
This is a predefined name.
Virtual network
avdVnet
your prefix-prerequisite
The address space used is 10.0.0.0/16. The address space and name are predefined.
Network interface
virtual machine name-nic
your prefix-avd
This is a predefined name.
Network interface
aadds-random string-nic
your prefix-prerequisite
This is a predefined name.
Network interface
aadds-random string-nic
your prefix-prerequisite
This is a predefined name.
Disk
virtual machine name_OsDisk_1_random string
your prefix-avd
This is a predefined name.
Load balancer
aadds-random string-lb
your prefix-prerequisite
This is a predefined name.
Public IP address
aadds-random string-pip
your prefix-prerequisite
This is a predefined name.
Network security group
avdVnet-nsg
your prefix-prerequisite
This is a predefined name.
Group
AVDValidationUsers
N/A
Created in your new Microsoft Entra tenant and synchronized to Microsoft Entra Domain Services. It contains a new test user (if created) and users you selected. This is a predefined name.
User
your test user
N/A
If you select to create a test user, it will be created in your new Microsoft Entra tenant, synchronized to Microsoft Entra Domain Services, and made a member of the AVDValidationUsers security group.
Only created if Multiple users is selected for Users per virtual machine. This is a predefined name.
Host pool
EB-AVD-HP
your prefix-avd
This is a predefined name.
Application group
EB-AVD-HP-DAG
your prefix-avd
This is a predefined name.
Workspace
EB-AVD-WS
your prefix-avd
This is a predefined name.
Storage account
ebrandom string
your prefix-avd
This is a predefined name.
Virtual machine
your prefix-number
your prefix-avd
This is a predefined name.
Network interface
virtual machine name-nic
your prefix-avd
This is a predefined name.
Disk
virtual machine name_OsDisk_1_random string
your prefix-avd
This is a predefined name.
Group
AVDValidationUsers
N/A
Created in your AD DS domain and synchronized to Microsoft Entra ID. It contains a new test user (if created) and users you selected. This is a predefined name.
User
your test user
N/A
If you select to create a test user, it will be created in your AD DS domain, synchronized to Microsoft Entra ID, and made a member of the AVDValidationUsers security group.
Only created if Multiple users is selected for Users per virtual machine. This is a predefined name.
Host pool
EB-AVD-HP
your prefix-avd
This is a predefined name.
Application group
EB-AVD-HP-DAG
your prefix-avd
This is a predefined name.
Workspace
EB-AVD-WS
your prefix-avd
This is a predefined name.
Storage account
ebrandom string
your prefix-avd
This is a predefined name.
Virtual machine
your prefix-number
your prefix-avd
This is a predefined name.
Network interface
virtual machine name-nic
your prefix-avd
This is a predefined name.
Disk
virtual machine name_OsDisk_1_random string
your prefix-avd
This is a predefined name.
Group
AVDValidationUsers
N/A
Created in your Microsoft Entra tenant and synchronized to Microsoft Entra Domain Services. It contains a new test user (if created) and users you selected. This is a predefined name.
User
your test user
N/A
If you select to create a test user, it will be created in your Microsoft Entra tenant, synchronized to Microsoft Entra Domain Services, and made a member of the AVDValidationUsers security group.
Clean up resources
If you want to remove Azure Virtual Desktop resources from your environment, you can safely remove them by deleting the resource groups that were deployed. These are:
your-prefix-deployment
your-prefix-avd
your-prefix-prerequisite (only if you deployed the quickstart with a new Microsoft Entra Domain Services domain)
If you'd like to learn how to deploy Azure Virtual Desktop in a more in-depth way, with less permission required, or programmatically, check out our series of tutorials, starting with Create a host pool with the Azure portal.