Wednesday, November 25, 2015

Slide deck ExpertsLive 2015 event available for download

The slide decks from the sessions presented at ExpertsLive 2015 last week are available for download. Here is a direct link to the slide deck from my session called RemoteApp on Azure Iaas vs Azure RemoteApp:

Slide deck RemoteApp on Azure IaaS vs Azure RemoteApp


The last slide contained links to TechNet Gallery scripts & documentation, for easy access I pasted the URL’s here that I shared in the session:

About Azure RemoteApp

Manage users in Azure RemoteApp based on Active Directory groups

Clean Azure RemoteApp orphaned RDSH objects from Active Directory

Automatic Scaling of Remote Desktop Session Hosts in Azure Virtual Machines
RDS in IaaS ARM Template

Desktop Hosting Reference Architecture & Deployment | Azure

Vote for Azure RemoteApp improvements

Azure RemoteApp LinkedIn group

Remote Desktop Services LinkedIn group

Monday, November 23, 2015

My session on RDS / Azure RemoteApp at the ExpertsLive 2015 event

Last week was ExpertsLive, a big IT Pro community event focusing on the Microsoft Platform, held in Ede, The Netherlands. With over 40 breakout sessions divided into 7 parallel tracks with national and international speakers, and over 1200 attendees it was a great event!

IMG_7085I presented a session on RemoteApp on Azure IaaS vs Azure RemoteApp. In this demo heavy session I presented a comparison on both the administrator as well as the end user experience of both technologies.

I had a full house during the session, great turn up, good questions as well as great, more in depth, discussions afterwards. I had a fun time presenting there. Huge thanks goes out to the ExpertsLive team for putting the event together.



If you have attended ExpertsLive you should receive a downlink soon which allows you to download all slide decks of the event, including mine. My session was presented in Dutch, but I have received several requests for an English rerun of the session. I’m currently looking at options to perform a webinar covering that rerun. If you are also interested, let me know!


HTML5 client for Azure RemoteApp now on the public road map!

Many have been speculating, and as RDS MVP’s we’ve had the privilege to hear about this a while ago and have already seen some live demo’s… the HTML5 client for Azure RemoteApp! We can now talk about it and it’s on the public roadmap for January-March 2016!

Many (up until now 336) have voted for a HTML5 client for Azure RemoteApp on the User Voice Pages

The HTMl5 client for Azure RemoteApp will go into private preview very soon! The HTML5 client will expand use cases for Azure RemoteApp with support for Linux clients, Chrome OS and any device without a Azure RemoteApp client. You can expect a more detailed blog post on the HTML5 client as soon as I have more to share more on this subject! Stay tuned!


Wednesday, November 11, 2015

New Azure RemoteApp PowerShell cmdlet to remotely reboot ARA RDSH Servers

A new PowerShell cmdlet for Azure RemoteApp has been released. The command is Restart-AzureRemoteAppVM. What this command is able to do is remotely restart a RD Session Host server as part of you Azure RemoteApp Collection. For the parameters you need to provide Azure RemoteApp collection name and a UserUpn. The collection name is obvious, the UserUpn needs some explaining. The idea that Microsoft had behind this command is that you use it as sort of a last resort when you run into issues with a specific user. Using this command, you can easily restart the RD Session Host VM that the user is logged on to. To some degree I can understand the idea behind this, although since we now also have the new PowerShell cmdlet Get-AzureRemoteAppVM available to retrieve all RD Session Host servers with their logged on users, allowing to provide a hostname is stead of a UserUPN would also make sense.

Couple of things to be aware of:

- The reboot that is performed is a remotely executed reboot within the VM. By that I mean the reboot is not performed on a Hyper-V level. So in case the RD Session Host server for whatever reason is not accessiable on the network, the reboot will fail.

- The reboot is a forced reboot within the OS without any warning or a delay. This means that all other users that might be running on that VM will also lose their connection, and their work. If you need to use this command, I would advise you to first use the command Get-AzureRemoteAppVM to retrieve a list of users currently active on that specific RD Session Host server, and warn them about upcoming reboot to allow them to save their work.

- If you are running a Hybrid (Domain-Joined) deployment of Azure RemoteApp, you can also easily perform that remote reboot using Remote PowerShell because the RD Session Host servers as part of the Hybrid collection are part of the domain and thus accessible. For Cloud (non-domain joined) collections where you did not create a back door local admin account inside the Template Image, this new PowerShell cmdlet is definitely helpful.

Here is de command in action, using the Get-AzureRemoteAppOperationResult Cmdlet we’re able to track the status of the command.image

This is what the a user will see who was logged on to VM and still had a session, he will see the shutdown take place and after that this screen will close.

And here are the details on the Cmdlet.


    Restart-AzureRemoteAppVM [-CollectionName] <string> [-UserUpn] <string> [[-LogoffMessage] <string>] [[-LogoffWaitSe
    conds] <int>] [-Profile <AzureSMProfile>] [-WhatIf] [-Confirm]  [<CommonParameters>]



Tuesday, November 10, 2015

RDS Team: October updates to Azure RemoteApp

The Microsoft RDS team has released a new blog post on last months updates to Azure RemoteApp!

  • Premium and Premium Plus are two new licensing plans released, they both have a 5 user minimum limit and address needs for higher computing resources.  Read more about all our purchasing plans
  • Learn about new purchasing plans for EMS and existing RDS CAL with Software Assurance customer, you might qualify to purchase Azure RemoteApp for as low as $2 per user per.
  • We have a new webpage and includes a new Azure RemoteApp clients download webpage.
  • Azure PowerShell v0.9.9 modules were released that allow the ability to enumerate list of users assigned to a particular Azure RemoteApp instance and reboot the instance.
  • iOS client was updated to version 8.1.14 which included minor fixes for Azure RemoteApp.
  • Mac client was updated to version 8.0.23 fixed an issue that caused the RD app to crash when using Azure RemoteApp. Important notice for users on 10.7 (Lion) and 10.8 (Mountain Lion): Our application won’t offer support for these distributions in November. You’ll need to update to a later OS version to make sure you can use a fully supported and regularly updated Remote Desktop client. This announcement has been as well part of our release notes in 8.0.22.
  • Office 2016 for Office 365 is not supported in Azure RemoteApp yet, we are completing final testing with Office team and will have new images published when ready along with support statement.
  • Quick links for previous monthly updates for March, April, May, June, July, August, and September for Azure RemoteApp.

More info & source:

Monday, November 9, 2015

Azure RemoteApp without User Profile Disk (UPD)?

Azure RemoteApp is the service within Azure that allows you to publish your Win32 applications from the cloud. Part of this service is that a User Profile Disk (UPD) is created for every user logs on for the first time. This UPD is a single .VHDX file that contains the complete user profile, basically anything under C:\user\<username>. This .VHDX file file is then mounted on the fly under C:\user\<username> during logon which allows you to store settings centrally, without having to cache profile settings locally. And since it is a mount path to a .VHDX file, it’s fully transparent for users as well as applications. For more information on UPD also see Easier User Data Management with User Profile Disks in Windows Server 2012

UPD’s are not new with Azure RemoteApp, within any on premises or hosted solution of Remote Desktop Services, UPD can be configured as part of the Deployment, as shown below.


Azure RemoteApp comes with UPD out of the box. UPD is great for many scenario’s since this is easy to set up and basically captures every user setting. You do have to be careful though with allowing users to store data inside their profile (.OST files, One Drive for Business cache, or large data), since the UPD file has a maximum capacity of 50Gb. In some scenarios you might not want to use UPD, but rather use your own profile management solution like i.e. Microsoft UE-V, or a solution provided by vendors like FSLogix, AppSense, RES et cetera. When using those vendor solutions, in some cases UPD will not conflict and you can use them side by side, but in other cases you could run into compatibility issues or conflicts when you run those profile management solutions on top of UPD.

What many don’t know however is that using UPD is not mandatory in Azure RemoteApp! You can, if you want, have UPD disabled for a specific Azure Subscription. Send an e-mail to, provide your Azure Subscription ID and ask for UPD to be disabled. Do note that Microsoft currently cannot disable UPD on a Collection level, only at a Azure Subscription level. This means that is you are running multiple Azure RemoteApp Collections within your subscription, UPD can only be disabled for all Collections.

In my lab I have created a new Azure RemoteApp Hybrid Collection called hybridnoupd, connecting back to my on premises (in this case Azure IaaS) environment.


To be able to distinguish other Azure RemoteApp deployments, I provided a separate OU during the configuration of this collection. As you can see, 2 computer objects (RD Session Host servers) have been created by Azure RemoteApp in my designated OU. This also allows me to easily create separate GPO’s for these RD Session Host servers.


For this newly created Azure RemoteApp Collection I have asked Azure RemoteApp support to disable UPD for the Azure Subscription it is running in. There are various ways of confirming that UPD is in fact disabled. The most easy one is simply logged on a test user to Azure RemoteApp and launching an application. If we open an Azure RemoteApp application from the Collection where UPD is not disabled, and then connect to that RD Session Host server using our administrator account and browse to C:\user we’ll see a 50Gb the mounted UPD file for in this case a user called testuser. Or, if you did not create any policies yet to prevent access to the local C: drive of the RDSH, simply publish explorer.exe as a RemoteApp.


if we now open an Azure RemoteApp application from the Collection where UPD is disabled and connect to that RD Session Host server as an admin we’ll see a regular local profile created.


The fact that it is now a regular local profile obviously means that, without configuring anything else, no profile settings will roam across multiple RD Session Host servers as part of our Azure RemoteApp Collection. This however fully opens possibilities to start using other profile management solutions like Microsoft UE-V, FSLogix, AppSense, RES et cetera! Do note that Microsoft UE-V and RemoteApp in general are not the best mix when you want to store synchronous settings (settings that can only be stored during Logoff, and can only be applied during LogOn) like i.e. Roaming Credentials or Desktop Settings. I wrote an article on that here Caution when using User Experience Virtualization (UE-V) with Microsoft RemoteApp

To test one of the 3rd party Profile Management solutions I choose FSLogix Profile Containers. In the screenshot below you see a user logged on to Azure RemoteApp with a FSLogix Profile (similar to UPD) stored on a FileServer in Azure IaaS! I can now fully manage this profile disk running on my File Server.


I won’t explain the setup and configurations of all these profile solutions here because this is no different than using these profile solutions in an on premises or hosted RDS environment. One of the great things about the hybrid model of Azure RemoteApp is, as we have also seen in this article, the fact that RD Session Host servers that are deployed as part of your Collection will be become members servers of your domain. This means that we can manage those RD Session Host servers as if they were running on premises, leveraging the same Group Policy objects et cetera. There are many articles & how to guides out there that discuss and describe these profile solutions. Applying those should not be different for Azure RemoteApp collections with UPD disabled.

There are however 3 things you need to be aware of

  • The RD Session Host servers created as part of a Azure RemoteApp collection are provisioned & removed by Azure as needed as part of the elastic runtime. In other words, the RD Session Host servers itself are non persistent. This means that you need to install software agents for the profile solution you wish to use, inside the Azure RemoteApp Template Image, not inside each individual RD Session Host that gets deployed. You can however use GPO to configure these software agents by simply creating a new GPO and linking that to the OU where your configured Azure RemoteApp to create your RD Session Host servers.
  • If you have UPD disabled and don’t perform any additional configuration, cached copies of user profiles will be created on the OS partition of the RD Session Host servers created as part of a Azure RemoteApp collection, and they will stay there. Without configuring another profile solution or additional configuration to clean cached copies of roaming profiles using GPO, cached copies of those user profiles will pile up and could eventually cause disk space issues on the OS partition of RD Session Host servers, which could lead into unresponsive behavior. This is of course no different compared to any on premises deployment of RDS, but something to be aware, because Microsoft cannot be held responsible for this.
  • Only create a Hybrid Collection in a Azure Subscription where UPD is disabled. If you create a Cloud collection, the RD Session Host servers as part of a Azure RemoteApp collection will run in a workgroup, not in a Active Directory Domain you can manage. In those scenario's Azure RemoteApp will create a “shadow user” on the fly locally on the RD Session Host server. With UPD disabled, this will result in a TEMP profile. I would advise to only Hybrid Collections for UPD disabled Subscriptions.

UPD is not mandatory in Azure RemoteApp! Disabling User Profile Disks (UPD) on your Azure RemoteApp Collection fully opens the doors for your favorite Profile Management Suite! Whether its Microsoft UE-V, FSLogix, AppSense, RES or anything else, refer to installation guides, configurations and best practices for an on premises Microsoft RDS environment, keeping in mind the 3 implications of disabled UPD that I described above.

Thursday, November 5, 2015

Azure RemoteApp: Script to clean up orphaned RDSH computer objects in Active Directory

When using a Hybrid (domain joined) collection of Azure RemoteApp, RD Session Host servers deployed as part of the collection will become members of your on premises Active Directory Domain.

These computer objects are placed in a designated OU, which is configured during the creation of the collection. Below is an example of those computer objects.


Notice that there is a naming convention in place which consists of eight random letters followed by a number starting from 0000, so for example JWBQPQTO0000.

Also note that in the example above, two combinations of eight random letters objects are shown.If you update your custom template image, or Microsoft updates their template image and you initiate the Update sequence on the collection (as shown below), Azure RemoteApp will start a new eight random letters combination for the RD Session Host servers based on the updated template image.


What Azure RemoteApp currently does not do however, is clean up the RD Session Host Computer objects based on the previously used Template Image. This means you will end up with orphaned computer objects in your Active Directory. This is something that your Active Directory Administrator is generally not happy with. Plus, as you start doing more & more updates on your template, things could get really messy in Active Directory.

You can of course manually remove those orphaned computer objects from Active Directory. This is however not only a time consuming task, it’s also hard to tell which computer objects are still part of Azure RemoteApp and which ones are orphaned.

The good news is, there now is a new PowerShell command available that is able to retrieve the list of active RD Session Host servers for a specified collection.


    Get-AzureRemoteAppVM [-CollectionName] <string> [-Profile <AzureSMProfile>]  [<CommonParameters>]

I have used this command to create a PowerShell script that automatically deletes all RD Session Host Servers in a specified OU that are not active in the specified Azure RemoteApp Collection.

For example, this is my OU where Azure RemoteApp stores my RD Session Host servers. As you can tell by the naming, it has multiple sets so it’s likely we have orphaned computers here.


If we run the PowerShell script it will output which orphaned RDSH objects are found and they will be deleted.


These orphaned RD Session Host objects are now cleaned from Active Directory. You can use the PowerShell script to create a scheduled task to perform clean up every month or so, or decide to run this script manually as part of your Template Image update process. Two notes to the script:

- Make sure you provide the correct OU when running this script, because there is no warning before the deletion of the computer objects

- The script currently does not handle scenarios where you might have deployed multiple Azure RemoteApp Collections in the same OU. I’ll be adding that functionality later.


I have published the script on TechNet Gallery here:

There is also an additional advantage of this command. It also shows which users are logged on on which RD Session Host server! This means its now also easier to determine where a specific user is logged on and maybe offer support, do shadowing or troubleshoot a specific user session. See the example below;

Get-AzureRemoteAppVM -CollectionName Hybrid

LoggedOnUserUpns                           VirtualMachineName
----------------                                     ------------------
{}                                                      jwbqpqto0000
{}                                                      jwbqpqto0001
{}  jwbqpqto0002