Scribd Logo
Upload

Welcome to Scribd!

  • 182 views

    Azure WVD Prerequistes Dependencies Checklist v2.0

    Uploaded by

    Paul_Pedroza
    This document provides a checklist of prerequisites and dependencies for deploying Azure Windows Virtual Desktop (WVD). It includes requirements such as having an Azure subscription, Active Directory, networking components, licensing, security tools, monitoring solutions, backup processes, and more. Completing each item is necessary before standing up the full WVD environment.

    Copyright:

    © All Rights Reserved
    Download as XLSX, PDF, TXT or read online from Scribd

    Azure WVD Prerequistes Dependencies Checklist v2.0

    Uploaded by

    Paul_Pedroza
    182 views20 pages
    This document provides a checklist of prerequisites and dependencies for deploying Azure Windows Virtual Desktop (WVD). It includes requirements such as having an Azure subscription, Active Directory, networking components, licensing, security tools, monitoring solutions, backup processes, and more. Completing each item is necessary before standing up the full WVD environment.

    Original Description:

    .

    Copyright

    © © All Rights Reserved

    Available Formats

    XLSX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    This document provides a checklist of prerequisites and dependencies for deploying Azure Windows Virtual Desktop (WVD). It includes requirements such as having an Azure subscription, Active Directory, networking components, licensing, security tools, monitoring solutions, backup processes, and more. Completing each item is necessary before standing up the full WVD environment.

    Copyright:

    © All Rights Reserved
    Download as XLSX, PDF, TXT or read online from Scribd
    Download as xlsx, pdf, or txt
    182 views20 pages

    Azure WVD Prerequistes Dependencies Checklist v2.0

    Uploaded by

    Paul_Pedroza
    This document provides a checklist of prerequisites and dependencies for deploying Azure Windows Virtual Desktop (WVD). It includes requirements such as having an Azure subscription, Active Directory, networking components, licensing, security tools, monitoring solutions, backup processes, and more. Completing each item is necessary before standing up the full WVD environment.

    Copyright:

    © All Rights Reserved
    Download as XLSX, PDF, TXT or read online from Scribd
    Download as xlsx, pdf, or txt
    of 20

    Azure WVD Prerequistes & Dependencies C

    Item
    Azure Subscription

    Windows 10 Enterprise Licensing for WVD

    Azure Active Directory (AAD) Tenant


    & Active Directory
    Azure Region
    On Premises connectity

    WVD Implementation Team ID creation & group

    Permissions on Azure subscription


    Remote Access to Infrastructure
    Network

    AD OU Creation

    AD Delegated Access

    Internet Access

    Azure Governance doument

    Service Account Creation

    # Sensitivity: Internal Restricted


    Test user accounts creation

    New vnet addition to AD Sites & Subnets

    VDI /Server OS/RDS Licensing

    Antivirus Agents

    User Profile Solution

    User profile storage & user data drive

    Storage Accounts

    Permissions on Azure storage

    NetApp File Storage requirment

    Image Management
    Monitoring Tools

    Backup

    Security

    Network

    Windows Virtual Desktop Client


    (End points)

    # Sensitivity: Internal Restricted


    Windows Virtual Desktop Client
    (End points)

    Users Information

    Line of Business(LOB) applications list

    # Sensitivity: Internal Restricted


    Azure WVD Prerequistes & Dependencies Checklist
    Description Prerequistes/Dependencies Status
    An Azure subscription (needed to host resources) Prerequiste
    To avail WVD Service,, customer should have Win 10 Enterprise
    license - Refer License sheet for more details Prerequiste

    An Active Directory to which you can join your VMs


    A Windows Server Active Directory in sync with Azure Active
    Directory. Prerequiste
    Auzre region information to deploy WVD Session hosts Information
    Azure Express Route or VPN Information

    User ID and group creation for WVD Implementation team Prerequiste

    Owner - Prefered access


    or
    Builtin Contributor access , User Access Admin role to assign
    users in WVD and assign permissions for Azure Files (Storage
    File Data SMB Share Contributor) Prerequiste
    Jump Server or Bastion Service to access Azure VM's Prerequiste
    Vnets and Subnets to use for WVD Prerequiste

    Need dedicated OU structure -Wipro provides structure


    Test OU - With block inheritance - This is temporary till project
    completion

    To create,Modify& Delete OU's, Computer Accounts,


    DomainJoin
    Permissions to create/Modify Group Policy Objects on VDI OU's
    Delegated permission on implementation team user id's or
    Delegate above permissions to service account Prerequisite
    Internet access at WVD subnet level to create Host pool
    creation. (recommended option)
    or allow safe URL list as per MS
    Prerequisite

    Governance doument required to follow policies, naming and


    compliance standards to deploy azure resources Prerequisite

    Service Account creation for all WVD build activities


    ( Ex: Virtuadesk monitor schedule tasks, admin schedule tasks
    & Domain Join)
    Note: MFA should not enable for Admin /Service accounts Dependency

    # Sensitivity: Internal Restricted


    Need minimum of 2 user accounts for end to end VDI testing Dependency
    It is required to add new WVD Vnet's to AD Sites & Subnets for
    authentication Dependency

    Windows VDI OS
    Windows Server OS - As applicable
    RDS License - As applicable
    Refer License sheet for more details Dependency

    Information on AV agents(Symantec/Mac Afee/Trend


    Micro/Sentinel/Crowd strike/MS Defender) to deploy on
    images Dependency
    AD Native Roaming or RES or App Sense or Fslogix etc.. Information

    User profile storage (Azure Files or Netapp Files)


    Data drive -One Drive or same as profile storage or home
    drives Information
    Azure Storage
    Azure Monitro Diagnostics Information

    Storage File Data SMB Share Elevated Contributor to Admin


    Group & Storage File Data SMB Share Contributor to all user
    Group
    All Groups should synch to Azure AD
    Dedicated subnet
    Includes Patches & applications
    Deployment method to use: SCCM or Azure Gallery Information
    Azure Monitor/SCOM or any other 3rd party tools Information
    Backup tool (Azure Backup or any other 3rd party) to take
    backup for Profile/Persistent & Golden Images Information
    Windows OS hardening Dependency
    Multi Factor Authentication details (Azure MFA/OKTAor any
    other) Information
    Azure Security Center Information
    Network Security Groups(NSG's) to restrict traffic Information

    Azure Firewall for internet access or to use onprem proxy Information


    Any customer specific security Agents like DLP or any other
    tools Information
    Public IP's ( if applicable)
    JumpServer or Bastion uses public ip Dependency

    Communication with all enterprise services as applicable Dependency

    Install the Windows Virtual Desktop Client on client devices Dependency

    # Sensitivity: Internal Restricted


    Allow MS safe list of URL's to access wvd Dependency
    Pilot Users Dependency
    Migration phase list (as applicable) Dependency
    Production Users Dependency
    Web application list with URL details Dependency
    Applications(thick) Exe's to install on Golden Image Dependency
    Communication from WVD to application servers Dependency
    Point of contact for application installation Dependency

    # Sensitivity: Internal Restricted


    Remarks

    https://docs.microsoft.com/en-
    us/azure/virtual-desktop/faq

    DSC ext:
    https://docs.microsoft.com/en-
    us/azure/virtual-
    machines/extensions/dsc-windows
    Safe URL:
    https://docs.microsoft.com/en-
    us/azure/virtual-desktop/safe-url-list

    https://docs.microsoft.com/en-us/azure/cloud-adoption-framework/ready/azure-best-practices/naming-and-tagging

    https://docs.microsoft.com/en-us/azure/virtual-desktop/expand-existing-host-pool

    # Sensitivity: Internal Restricted


    https://docs.microsoft.com/en-
    us/azure/virtual-
    machines/windows/hybrid-use-
    benefit-licensing?WT.mc_id=Portal-
    Microsoft_Azure_Compute

    # Sensitivity: Internal Restricted


    https://docs.microsoft.com/en-us/azure/virtual-desktop/safe-url-list

    # Sensitivity: Internal Restricted


    Server OS

    VDI OS

    # Sensitivity: Internal Restricted


    # Sensitivity: Internal Restricted
    You are eligible to access Windows 10 multi-session, Windows 10, or Windows 7 with Windows Virtual
    Desktop if you have one of the following per user licenses
    Microsoft 365 F1, E3, E5, A3, A5, Business
    Windows 10 Enterprise E3, E5
    Windows 10 Education A3, A5
    Windows 10 VDA per user

    You are eligible to access Windows Server 2012 R2/2016/2019 and newer desktops and apps if you have a
    per-user or per-device RDS CAL license with active Software Assurance (SA).
    Remote Desktop Services (RDS) Client Access License (CAL) with active Software Assurance (SA)

    FSLogix
    Microsoft 365 F1, E3, E5, A3, A5, Business
    Windows 10 Enterprise E3, E5
    Windows 10 Education A3, A5
    Windows 10 VDA per user
    Remote Desktop Services (RDS) Client Access License (CAL) with active Software Assurance (SA)

    For customers with Software Assurance, Azure Hybrid Benefit for Windows Server allows you to use your
    on-premises Windows Server licenses and run Windows virtual machines on Azure at a reduced cost. You
    can use Azure Hybrid Benefit for Windows Server to deploy new virtual machines with Windows OS

    For customers with Windows 10 Enterprise E3/E5 per user or Windows Virtual Desktop Access per user
    (User Subscription Licenses or Add-on User Subscription Licenses), Multitenant Hosting Rights for Windows
    10 allows you to bring your Windows 10 Licenses to the cloud and run Windows 10 Virtual Machines on
    Azure without paying for another license

    Windows 10 Sinle -Custom Image

    # Sensitivity: Internal Restricted


    Windows 10 Multi Session

    Windows Server

    # Sensitivity: Internal Restricted


    https://azure.microsoft.com/en-us/pricing/details/virtual-desktop/

    https://docs.microsoft.com/en-us/azure/virtual-machines/windows/hybrid-
    use-benefit-licensing
    https://azure.microsoft.com/en-us/pricing/hybrid-benefit/

    https://www.microsoft.com/en-us/CloudandHosting/licensing_sca.aspx

    # Sensitivity: Internal Restricted


    # Sensitivity: Internal Restricted
    1. Resource Group - Contributor role at Resource Group Level
    2. Virtual networks - Contributor role at Virtual Network Level
    3. Virtual Machines/Images/AV Set - Contributor role at Virtual Machine Level
    4. Storage Accounts - Contributor role at Storage accounts Level
    5. Azure Monitor- Monitoring contributor role at Subscription level.
    6. Azure Advisor - Contributor role at resource group level.
    8. Security Center - "Contributor / Security Admin" role at Subscription Level
    9. Key Vault - "Contributor" Role at Resource Group Level.
    10. Network Security Group - "Contributor" role at Resource Group Level.
    14.Log Analytics workspace require Contributor Role at subscription Level
    Contributor rights to register Resource Providers
    Azure Image Builder/Azure Shared Image Gallery- Contributor Access
    IAM Roles required :
    Storage File Data SMB Share Contributor
    Storage File Data SMB Share Elevated Contributor (NTFS configurations)

    # Sensitivity: Internal Restricted


    Virtual machines
    The virtual machines you create for Windows Virtual Desktop must have access to

    Address Outbound TCP port

    *.wvd.microsoft.com 443

    gcs.prod.monitoring.core.windows.net 443

    production.diagnostics.monitoring.core.wi 443
    ndows.net
    *xt.blob.core.windows.net 443
    *eh.servicebus.windows.net 443
    *xt.table.core.windows.net 443
    catalogartifact.azureedge.net 443
    kms.core.windows.net 1688
    mrsglobalsteus2prod.blob.core.windows.n 443
    et
    wvdportalstorageblob.blob.core.windows. 443
    net
    169.254.169.254 80

    168.63.129.16 80
    *.microsoftonline.com 443

    *.events.data.microsoft.com 443
    www.msftconnecttest.com 443

    *.prod.do.dsp.mp.microsoft.com 443
    login.windows.net 443

    *.sfx.ms 443

    *.digicert.com 443

    Remote Desktop clients


    Any Remote Desktop clients you use must have access to the follow

    Address Outbound TCP port


    *.wvd.microsoft.com 443

    *.servicebus.windows.net 443

    go.microsoft.com 443
    aka.ms 443
    docs.microsoft.com 443
    privacy.microsoft.com 443
    query.prod.cms.rt.microsoft.com 443

    # Sensitivity: Internal Restricted


    Virtual machines
    indows Virtual Desktop must have access to the following URLs in Azure

    Purpose Service Tag Remarks

    Service traffic WindowsVirtualDesktop Mandatory

    Agent traffic AzureCloud Mandatory

    Agent traffic AzureCloud Mandatory

    Agent traffic AzureCloud Mandatory


    Agent traffic AzureCloud Mandatory
    Agent traffic AzureCloud Mandatory
    Azure Marketplace AzureCloud Mandatory
    Windows activation Internet Mandatory
    Agent and SXS stack updates AzureCloud Mandatory

    Azure portal support AzureCloud Mandatory

    Azure Instance Metadata service endpoint


    N/A Mandatory

    Session host health monitoring N/A Mandatory


    Authentication to Microsoft Online login.microsoftonline.us Optional
    Services
    Telemetry Service None Optional
    Detects if the OS is connected to None Optional
    the internet
    Windows Update None Optional
    Sign in to Microsoft Online Services, login.microsoftonline.us Optional
    Microsoft 365
    Updates for OneDrive client oneclient.sfx.ms Optional
    software
    Certificate revocation check None Optional

    Remote Desktop clients


    op clients you use must have access to the following URLs:

    Purpose Clients Azuregov


    Service traffic All *.wvd.micros
    oft.us
    Troubleshooting data All *.servicebus.
    usgovcloudap
    i.net
    Microsoft FWLinks All None
    Microsoft URL shortener All None
    Documentation All None
    Privacy statement All None
    Client updates All None

    # Sensitivity: Internal Restricted


    WVD Safe URL List

    Office 365 URLs and IP address ranges

    # Sensitivity: Internal Restricted


    https://docs.microsoft.com/en-us/azure/virtual-desktop/safe-url-list

    https://docs.microsoft.com/en-us/microsoft-365/enterprise/urls-and-ip-address-ranges?view=o365-worldwide

    # Sensitivity: Internal Restricted

    You might also like

    pFad - Phonifier reborn

    Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

    Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


    Alternative Proxies:

    Alternative Proxy

    pFad Proxy

    pFad v3 Proxy

    pFad v4 Proxy