Azure Virtual Desktop with Azure AD (Active Directory) only
In the case of working with Azure Virtual Desktop, you may be wondering how to keep operational expenditures low while also maintaining best security and data protection practices. The good news is that you don’t have to compromise – this article provides the steps and information you need to secure Azure virtual desktop and keep those costs down.
Note: In case you’re wondering about installing apps for AVD, check out our blog post here.
Are virtual desktops secure?
The quick answer is yes, as long as they’re properly managed. VD’s and VDI’s help with security because of the fact that these virtual environments are managed centrally. This central management means that security gets streamlined: all VD’s can be updated simultaneously, data never leaves the data center, and risks can be addressed and mitigated with much more ease and speed than having independent desktops.
While this doesn’t imply that VD’s are without risk, it does emphasize the importance of the security capabilities of your VD service. Azure Virtual Desktop has many features to enhance security, but we do recommend that you check out their article on security best practices to see how you can also secure Azure Virtual Desktop with good habits.
Before we guide you through how to secure Azure Virtual Desktop, there are a couple things to note:
- Besides an active Azure account subscription, the end user should have at least an Azure Active Directory (AD) P1 and the MS 365 Business Premium license or an external license (if you’re not familiar already, Azure Active Directory is an identity management service based in the cloud).
- You also need to have the ability to configure MFA through conditional access policies. We can disable the MFA only for accessing the AVD machines.
For complete details and the list of supported operating systems, click here.
Setting up Azure AD-joined virtual machines in Azure Virtual Desktop
To secure Azure Virtual Desktop, the first step will be deploying your Azure AD-joined virtual machines in the AVD. Take note, however, that this is recommended specifically for users that only need access to things located in the cloud or Azure AD-based authentication. Follow the instructions below to get started.
If it doesn’t already exist, create a designated resource group.
If you can’t see it on the landing page in portal.azure.com, type “Resource Group” in the search bar and click on it in the results (see image below).
- Review and create the host pool, VM, and workspace.
- When the VM is successfully deployed, you will be able to see it in the Azure AD Portal under Devices as Azure AD Joined machine.
Secure Azure Virtual Desktop Summary
With the increase of virtual desktops and remote work, ensuring that your database is secure is a necessary endeavor. Now that you’ve gotten started by creating a host pool and resource group, you should be ready to move onto part two of this article series where we’ll guide you through creating security groups, configuring permissions, and more. We hope that this article has been helpful in keeping your Azure VD secure.