Tim D'Annecy

AVD

#Windows #Azure #AVD

Recently, a company I work with requested a way for users to access a web app that they were hosting on-premises, but didn't want to open up connections to the app to the internet. The app is out of support from the vendor and can't be opened outside of their secure network.

We planned to allow access to the app by instructing users to connect over a VPN, but we found this would be a hassle for users, as they would need to install the VPN client, connect to the VPN, and then launch a browser to access the app. In this case, the site also requires IE11 with a custom extension to be installed. These requirements just to access a single site really made it a headache for users and the Helpdesk received regular tickets from staff who had issues accessing the site.

Instead of the VPN approach, we deployed a Microsoft Edge shortcut in Azure Virtual Desktop. This approach has advantages because it allows users to launch a browser window and jump onto the network that the Host Pool is connected to. If you have your networking configured correctly in Azure, you can access internal sites and apps without going over the internet directly from the client PC. This also allows you to control the browser version and other settings that are configured in the Host Pool. If paired with Intune policies, you can define the browser settings and extensions that are available to users and require certain sites to open in Internet Explorer Compatibility Mode. This could be helpful if you have a legacy app that only works in IE11 and requires a specific extension to be installed.

In this post, I'll show you how to deploy a Microsoft Edge shortcut in Azure Virtual Desktop.

To start, you must have an existing Azure Virtual Desktop deployment set up with Host Pools and a Workspace. You'll also need at least Contributor access to the Resource Group you're working in.

Create a new Application Group in Azure Virtual Desktop.

On the Basics tab, make the following changes:

  • Subscription and Resource group – Set for your AVD environment.
  • Host Pool – Select the Host Pool you want to deploy the shortcut to.
  • Application group type – Remote App (RAIL)
  • Application Group name – Something like BrowserShortcuts

Screenshot of Azure Application Group creation wizard, Basics tab

On the Applications tab, click the “Add applications” button and set the following properties:

  • Application source: File path
  • Application path: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  • Application name: Your shortcut name
  • Display name: Your shortcut name
  • Icon path: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  • Icon index: 0
  • Description:
  • Require command line: Yes
  • Command line: http://google.com/

Screenshot of Azure Application Group creation wizard, Applications tab

If you want multiple tabs to open, separate the URLs with a space. For example, http://google.com/ http://bing.com/

Screenshot of the Application Group settings

On the Assignments tab, select your user or group:

Screenshot of the Application Group settings

On the Workspace tab, change the “Register application group” to “Yes” and you should already have an application group assigned.

Screenshot of the Application Group settings

You can leave the Advanced and Tags tabs as default.

After saving the Application Group, you should see the shortcut in the Azure Virtual Desktop client in a few minutes. You may need to click the Refresh button to force it to update:

Screenshot of Azure Virtual Desktop, showing the new shortcut

These steps allow you to deploy secure web apps inside your AVD deployment. Whether you're connecting to a legacy web app that you're hosting on prem or you have specific application or environment requirements that you need to meet, this is a great way to provide access to your users without having to jump through hoops.

If you combine this Edge shortcut with Intune policies that require Edge to open certain sites in Internet Explorer Compatibility Mode, you can ensure your users can easily access apps and sites quickly without compromising your secure internal network.

Discuss...

#Windows #Azure #AVD #Intune

I recently had an issue with an Azure AD Joined host pool in Azure Virtual Desktop where users could not successfully login using their Azure AD credentials.

In our environment, both the client computer and the Azure Virtual Desktop host computer are Azure AD Joined. The user was able to log in to their Azure AD Joined computer, but when they tried to log in to the Azure Virtual Desktop host computer, they would get an error message:

Couldn't connect. Something went wrong when we tried to connect. If this keeps happening, ask your admin or tech support for help. Error code: 0x9735 Extended error code: 0x0 Activity ID: {e194ae11-b2ed-4d33-9520-c1d5ed140000}

Screenshot of error message

The error message the users received came after a loop of unsuccessful logins using a combo of azuread\user or user@domain.com that would say “Establishing Connection”, “Configuring Gateway”, “Securing connection to remote PC” and then fail with the following error: “The username and password used to connect to the remote resource didn't work. Enter a different account and try again.”

Screenshot of error message

As a note: Connections to Host Pools in a different AVD environment that are joined to Active Directory work fine. The issue seems to occur when the client computer and the AVD host computer are Azure AD Joined.

Currently, as of February 2023, the official Microsoft package for the Remote Desktop app in the Microsoft Store installs an old version of 10.2.3000.0 that has bugs connecting to Azure AD Joined Azure Virtual Desktop Host Pools. This buggy version impacted our organization because we deploy the Microsoft Remote Desktop app using an Application Deployment in Intune. We've tested this issue using the Microsoft Store for Business, Microsoft Store (Legacy), and the new Microsoft Store (WinGet) deployments and all of them have the same issue and run the same version:

Screenshot of Microsoft Store, Microsoft Remote Desktop app page

The workaround for this error is to uninstall the Microsoft Store version of the application and install the latest version of the Remote Desktop app from the Microsoft website at this link: https://learn.microsoft.com/en-us/azure/virtual-desktop/whats-new-client-windows

I manually installed Public Release version 1.2.3918.0 and it fixed my connectivity issues. To get this rolled out to your Intune devices, you will need to package the MSI file from the Microsoft website and deploy it using an Application Deployment in Intune.

Screenshot of Microsoft Remote Desktop app version 1.2.3918.0

I hope this helps someone else who is having this issue. Microsoft should really update the Microsoft Store version of the Remote Desktop app to the latest version to avoid this issue.

References

Footer image

Discuss...