📖 About this Domain
This domain covers securing the Azure Virtual Desktop infrastructure. You will manage user access with Role-Based Access Control and implement security controls for session hosts and network traffic.
🎓 What You Will Learn
- You will learn to configure and assign built-in Azure Virtual Desktop RBAC roles to users and administrative groups.
- You will learn to implement Azure AD security features like Conditional Access policies and multi-factor authentication (MFA) for AVD.
- You will learn to use Microsoft Defender for Cloud to monitor session host security posture and apply security baselines.
- You will learn to manage security for FSLogix profile containers by configuring storage permissions.
🛠️ Skills You Will Build
- Assigning AVD-specific RBAC roles like Desktop Virtualization User and Desktop Virtualization Host Pool Contributor.
- Creating and applying Conditional Access policies that require MFA for connections to the AVD service.
- Configuring security alerts and vulnerability assessments for session hosts within Microsoft Defender for Cloud.
- Implementing Just-in-Time (JIT) VM access to secure administrative access to session host VMs.
💡 Top Tips to Prepare
- Practice assigning least-privilege RBAC roles for different AVD administrative scenarios in the Azure portal.
- Build and test Conditional Access policies targeting the Azure Virtual Desktop cloud apps to understand sign-in flow.
- Review the security recommendations for AVD session hosts in Microsoft Defender for Cloud to understand common vulnerabilities.
- Master the permissions required on storage accounts or file shares for FSLogix Profile Containers to function securely.
📖 About this Domain
This domain covers the operational aspects of an Azure Virtual Desktop (AVD) environment. It focuses on using Azure native tools to monitor the health and performance of the infrastructure. You will learn to proactively manage and maintain session hosts, host pools, and user sessions.
🎓 What You Will Learn
- You will learn to configure and use Azure Monitor for AVD to collect and analyze diagnostic data from session hosts and services.
- You will learn to implement alerting rules based on performance counters and event logs to proactively identify issues.
- You will learn to manage session host availability, including patching and updates using Azure Automation Update Management.
- You will learn to monitor user experience metrics and troubleshoot issues related to FSLogix profile containers and session connectivity.
🛠️ Skills You Will Build
- You will build skills in deploying and configuring Log Analytics workspaces to centralize AVD diagnostic logs.
- You will build the ability to write Kusto Query Language (KQL) queries to investigate performance and connection issues.
- You will build proficiency in automating routine maintenance tasks for session hosts, such as image updates and scaling.
- You will build the capability to diagnose and resolve common AVD problems by analyzing metrics and logs.
💡 Top Tips to Prepare
- Gain hands-on experience by deploying the Azure Monitor for AVD workbook and exploring its various tabs and visualizations.
- Practice writing and running KQL queries against AVD diagnostic tables like WVDConnections and WVDCheckpoints in a lab environment.
- Implement an Azure Automation account to configure Update Management for a test host pool to understand the patching process.
- Review official Microsoft documentation on troubleshooting common FSLogix issues, such as profile lockouts and storage performance.
📖 About this Domain
This domain covers the creation and configuration of core Azure Virtual Desktop components. You will deploy host pools, configure networking, and provision session hosts. It establishes the foundational infrastructure for AVD.
🎓 What You Will Learn
- You will learn to create and manage host pools, including type, load-balancing algorithm, and RDP properties.
- You will learn to implement networking for AVD, including VNet creation, subnet configuration, and NSG rules.
- You will learn to configure storage for FSLogix profile containers using Azure Files or Azure NetApp Files.
- You will learn to deploy session hosts using Azure Marketplace images, custom images, and ARM templates for automation.
🛠️ Skills You Will Build
- You will build skills to deploy AVD infrastructure using Azure Resource Manager (ARM) templates and Bicep.
- You will build proficiency in automating AVD tasks using PowerShell modules and Azure CLI commands.
- You will build the ability to create and manage golden images for session hosts using the Azure Compute Gallery.
- You will build skills in configuring network security groups and Azure DNS to secure and resolve AVD resources.
💡 Top Tips to Prepare
- Gain hands-on experience by deploying a host pool, session hosts, and a workspace using the Azure portal.
- Practice creating session hosts from a custom image stored in an Azure Compute Gallery.
- Master the configuration of FSLogix profile containers on an Azure Files share with Active Directory authentication.
- Study ARM template syntax for AVD resources to understand automated deployment processes.
📖 About this Domain
This domain covers the design principles for an Azure Virtual Desktop infrastructure. You will focus on planning for user identities, virtual networks, and host pool configurations. It emphasizes assessing existing environments and requirements to build a scalable AVD solution.
🎓 What You Will Learn
- Learn to design the AVD architecture, including control plane components and host pool configurations.
- Understand how to plan for user identities using Azure AD and manage user profiles with FSLogix.
- Discover how to design network connectivity for AVD session hosts, including hub-spoke models and Azure Firewall integration.
- Grasp the design of a business continuity and disaster recovery (BCDR) strategy for AVD components.
🛠️ Skills You Will Build
- You will build the skill to assess on-premises VDI environments for migration to AVD.
- You will be able to recommend appropriate AVD host pool types, like personal or pooled, based on user requirements.
- You will develop the ability to design FSLogix profile container solutions on Azure Files or Azure NetApp Files.
- You will gain proficiency in planning network security using Network Security Groups (NSGs) and Azure Firewall for AVD traffic.
💡 Top Tips to Prepare
- Master the differences between personal and pooled host pools and their respective load-balancing algorithms.
- Focus on understanding FSLogix architecture, including Cloud Cache and profile container storage options.
- Study Azure AD integration, including conditional access policies and multi-factor authentication (MFA) for AVD.
- Review the Azure Virtual Desktop landing zone accelerator to understand Microsoft's recommended architecture patterns.
📖 About this Domain
This domain covers the configuration of user profiles and application delivery in Azure Virtual Desktop. You will manage user settings using FSLogix Profile Containers and deploy applications using MSIX app attach. Core tasks involve configuring storage for user profiles and managing RemoteApp application groups.
🎓 What You Will Learn
- You will learn to implement and manage FSLogix components like Profile Containers, Office Containers, and Cloud Cache.
- You will learn to configure user experience settings using Group Policy Objects (GPOs) and Microsoft Intune policies.
- You will learn to install and configure applications on a session host image for a host pool.
- You will learn to create and manage MSIX packages and configure MSIX app attach for dynamic application delivery.
🛠️ Skills You Will Build
- You will build skills to deploy and troubleshoot FSLogix Profile Containers on Azure Files or Azure NetApp Files shares.
- You will build skills to create RemoteApp application groups and publish applications to AVD users.
- You will build skills to package applications using the MSIX Packaging Tool and stage them for app attach.
- You will build skills to configure Universal Print to provide print services for AVD session hosts.
💡 Top Tips to Prepare
- Gain hands-on experience configuring FSLogix registry settings, such as VHDLocations and Redirections.xml.
- Practice the end-to-end MSIX app attach process, from packaging an app to assigning it to an application group.
- Understand the specific NTFS and Share-Level Permissions required for FSLogix profile shares to function correctly.
- Review how to configure session timeouts and other user experience settings via GPOs or Intune configuration profiles.
