Tutorial: Deploy a management tool
The management tool provides a user interface (UI) for managing Microsoft Virtual Desktop resources. In this tutorial, you'll learn how to deploy and connect to the management tool.
These instructions are for a Windows Virtual Desktop-specific configuration that can be used with your organization's existing processes.
Since the app requires consent to interact with Windows Virtual Desktop, this tool doesn't support Business-to-Business (B2B) scenarios. Each Azure Active Directory (AAD) tenant's subscription will need its own separate deployment of the management tool.
This management tool is a sample. Microsoft will provide important security and quality updates. The source code is available in GitHub. Customers and partners are encouraged to customize the tool to fit their business needs.
To following browsers are compatible with the management tool:
- Google Chrome 68 or later
- Microsoft Edge 40.15063 or later
- Mozilla Firefox 52.0 or later
- Safari 10 or later (macOS only)
What you need to run the Azure Resource Manager template
Before deploying the Azure Resource Manager template, you'll need an Azure Active Directory user to deploy the management UI. This user must:
- Have Azure Multi-Factor Authentication (MFA) disabled
- Have permission to create resources in your Azure subscription
- Have permission to create an Azure AD application. Follow these steps to check if your user has the required permissions.
After deploying the Azure Resource Manager template, you'll want to launch the management UI to validate. This user must:
- Have a role assignment to view or edit your Windows Virtual Desktop tenant
Run the Azure Resource Manager template to provision the management UI
Before you start, ensure the server and client apps have consent by visiting the Windows Virtual Desktop Consent Page for the Azure Active Directory (AAD) represented.
Follow these instructions to deploy the Azure Resource Management template:
- Go to the GitHub Azure RDS-Templates page.
- Deploy the template to Azure.
- If you're deploying in an Enterprise subscription, scroll down and select Deploy to Azure. See Guidance for template parameters.
- If you're deploying in a Cloud Solution Provider subscription, follow these instructions to deploy to Azure:
- Scroll down and right-click Deploy to Azure, then select Copy Link Location.
- Open a text editor like Notepad and paste the link there.
- Right after https://portal.azure.com/ and before the hashtag (#), enter an at sign (@) followed by the tenant domain name. Here's an example of the format: https://portal.azure.com/@Contoso.onmicrosoft.com#create/.
- Sign in to the Azure portal as a user with Admin/Contributor permissions to the Cloud Solution Provider subscription.
- Paste the link you copied to the text editor into the address bar.
Guidance for template parameters
Here's how to enter parameters for configuring the tool:
- This is the RD broker URL: https://rdbroker.wvd.microsoft.com/
- This is the resource URL: https://mrs-prod.ame.gbl/mrs-RDInfra-prod
- Use your AAD credentials with MFA disabled to sign in to Azure. See What you need to run the Azure Resource Manager template.
- Use a unique name for the application that will be registered in your Azure Active Directory for the management tool; for example, Apr3UX.
Provide consent for the management tool
After the GitHub Azure Resource Manager template completes, you'll find a resource group containing two app services along with one app service plan in the Azure portal.
Before you sign in and use the management tool, you'll need to provide consent for the new Azure Active Directory application that is associated with the management tool. By providing consent, you are allowing the management tool to make Windows Virtual Desktop management calls on behalf of the user who's signed into the tool.
To determine which user you can use to sign in to the tool, go to your Azure Active Directory user settings page and take note of the value for Users can consent to apps accessing company data on their behalf.
- If the value is set to Yes, you can sign in with any user account in the Azure Active Directory and provide consent for that user only. However, if you sign in to the management tool with a different user later, you must perform the same consent again.
- If the value is set to No, you must sign in as a Global Administrator in the Azure Active Directory and provide admin consent for all users in the directory. No other users will face a consent prompt.
Once you decide which user you will use to provide consent, follow these instructions to provide consent to the tool:
Go to your Azure resources, select the Azure App Services resource with the name you provided in the template (for example, Apr3UX) and navigate to the URL associated with it; for example, https://rdmimgmtweb-210520190304.azurewebsites.net.
Sign in using the appropriate Azure Active Directory user account.
If you authenticated with a Global Administrator, you can now select the checkbox to Consent on behalf of your organization. Select Accept to provide consent.
This will now take you to the management tool.
Use the management tool
After providing consent for the organization or for a specified user, you can access the management tool at any time.
Follow these instructions to launch the tool:
- Select the Azure App Services resource with the name you provided in the template (for example, Apr3UX) and navigate to the URL associated with it; for example, https://rdmimgmtweb-210520190304.azurewebsites.net.
- Sign in using your Windows Virtual Desktop credentials.
- When prompted to choose a Tenant Group, select Default Tenant Group from the drop-down list.
If you have a custom Tenant Group, enter the name manually instead of choosing from the drop-down list.
Now that you've learned how to deploy and connect to the management tool, you can learn how to use Azure Service Health to monitor service issues and health advisories.