Tuesday, August 20, 2019

Working with Windows Virtual Desktop Diagnostic information in a Web UI


Recently the diagnostics tool for Windows Virtual Desktop was introduced. These diagnostic tools provide easier access to the diagnostic information of a WVD tenant. In particular it allows you to:
  • Look up diagnostic activities (management, connection, or feed)
  • Gather session host information for connection activities
  • Review virtual machine (VM) performance details
  • See which users are signed in to the session host, send messages and sign off users

Without the diagnostics tool if you wanted to dive into diagnostic settings, PowerShell was needed. The example below shows how to query the diagnostic service using Get-RdsDiagnosticActivities

Allthough there are many advantages to using PowerShell for such troubleshooting activities, also having a UI available for example for your helpdesk can be really benefitial. After installing diagnostics tool for Windows Virtual Desktop we can get that same information, but now in an easy accessible web UI.

From this UI we can also interact with the user sessions by sending messages and initiating a user log off.
The perfmon counters configured as part of the Diagnostic tool deployment will also start to show in the UI as shown below.

This includes the relatively new counter that measures User Input Delay

For a step-by-step guide on how to add the Diagnostic tool to you existing Windows Virtual Desktop tenant visit Deploy the diagnostics tool


Thursday, August 8, 2019

Windows Virtual Desktop: users to customize display settings and new client install types!


The latest version of the Windows Virtual Desktop Client (1.2.241) for Windows comes with a couple of great new features!

Upon installation you can now decide if you want to do a per-user of per-device installation! Which means the WVD Client can now also be installed by a user without local admin privileges.

Users are now able to customize the display settings they want from within the client! This includes settings related to multiple monitors, dynamic resolution and setting a specific resolution. These settings are stored on a per Published Desktop level, so you can also configure different settings for various published desktops you might have.

Also, since these settings are stored in the local registry it allows users to configure different settings on different devices they might own. The settings are stored in HKEY_CURRENT_USER\SOFTWARE\Microsoft\RdClientRadc\Feeds

You might know that the display settings, including various other .RDP properties, can also be configured on a per HostPool level by a Windows Virtual Desktop admin. For example, the command to disable multi-mon is:

Set-RdsHostPool -TenantName $tenantname -HostPoolName $hostpoolname -CustomRdpProperty "use multimon:i:0"

If display settings are configured on both a HostPool level by an admin as well as User Specified, the User Specified settings supersede the HostPool settings. In case both are not in place, the client default properties will be used.

Version 1.2.241 of the Windows Virtual Desktop Client is expected to become available to all users on August 13.

Tuesday, August 6, 2019

Using FIDO2 security keys with Windows Virtual Desktop!

A couple of weeks ago Microsoft introduced the public preview of FIDO2 security keys support in Azure Active Directory. More info on that announcement here:
Announcing the public preview of Azure AD support for FIDO2-based passwordless sign-in



Since Windows Virtual Desktop is based on Azure Active Directory for authentication, FIDO2 security keys can also be used to secure applications and desktops hosted on Windows Virtual Desktop (Preview).

I have configured this for my WVD lab environment, and I’m sharing the results in this blog post.

Setting up support for FIDO2 security keys for Azure Active Directory as an administrator is relatively easy. Go to the Azure Portal, browse to Azure Active Directory and under Security you will find the Authentication Methods blade.


Here you can enable FIDO2 security Key support.


A user can browse to myprofile.microsoft.com where he is able to add a security key.

 I my case I added a Yubikey 5 NFC, which is a USB key with gesture support.

When I now logon to Windows Virtual Desktop (in this case using the Windows Client) I have the option to select Sign In with Windows Hello or security key.

 It first asks me to enter my associated pin

And after that allows me to provide my gesture.


Upon doing that, the Windows Virtual Desktop client logs on and I have my applications and desktops available!


The same is obviously true for the HTML5 (Web) client that WVD also provides. The screenshot below shows the logging on to the Web Client with the same security key.
This concludes my first test of Windows Virtual Desktop secured by a FIDO2 security key. More to come!