Azure Remote Desktop Server



A standard Remote Desktop Services (RDS) deployment includes various Remote Desktop role services running on Windows Server. The RDS deployment with Azure Active Directory (Azure AD) Application Proxy has a permanent outbound connection from the server running the connector service. With Azure, your runtime cost includes the Windows Server license and user CALs, you just need to add the RDS SALs for each RDS user. The same cannot be said for Windows 10 licenses. Microsoft is releasing new Windows 10 licensing mechanisms, but I have not see n a complete solution for running Windows 10 in Azure in a VDI environment.

-->

Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows Server 2012 R2

Remote Desktop Services (RDS) is the platform of choice to cost-effectively host Windows desktops and applications. You can use an Azure Marketplace offering or a quickstart template to quickly create an RDS on Azure IaaS deployment. Azure marketplace creates a test domain for you, making it a simple and easy mechanism for testing and proof-of-concepts. The quickstart templates, on the other hand, allow you to use an existing domain, making them a great tool to build out a production environment. Once set up, you can connect to the published desktops and applications from various platforms and devices, using the Microsoft Remote Desktop apps for Windows, Mac, iOS, and Android.

Basic RDS through the Azure Marketplace

Creating your deployment through the Azure Marketplace is the quickest way to get up and running. When everything is completed, your environment will look like the basic RDS architecture. The offering creates all the RDS components that you need - all you need to do is supply some information.

You'll need to supply the following information when you deploy the Marketplace offering:

  • Administrator user name and password. This is a new user that will manage the deployment.
  • DNS name and AD domain name. These are NEW resources that are created. Make sure the names are meaningful.
  • VM size. You get to choose the size of VMs to use for the RDSH endpoints. You can also manually change the sizes after the initial deployment to help you optimize the VMs for your workloads and for cost.

Use these steps to create your small-footprint RDS deployment from the Azure Marketplace:

  1. Launch the Azure Marketplace RDS deployment:
    1. Sign into the Azure portal.
    2. Click New to add your deployment.
    3. Type 'RDS' in the search field and press Enter.
    4. Click Remote Desktop Services (RDS) - Basic - Dev/Test, and then click Create.
    5. Follow the steps in the portal to create and deploy RDS. You'll add key configuration details, like the information listed above.
  2. Connect to your deployment. When the deployment finishes, check the outputs section for final steps to complete and connect to your deployment.
    1. Download and run this PowerShell script on your test device to install any certificates needed to connect to the RDS deployment.

      This step is only necessary during the testing phase. When you deploy RDS in Azure in production, make sure to follow best practices like purchasing and using a publicly trusted SSL certificate on your web servers.

    2. When prompted, sign into your Azure account. Select the Azure subscription, resource group, and public IP address created for this new deployment.

    3. When the script is finished, the RD Web page launches in your default browser. You can double-check the RD Web page by comparing the URL for the page to the DNS address you provided during deployment.

      Sign in with the admin credentials you created during deployment to see the default desktop published for you. You can also send users the RD Web site to test their desktops and applications.

      Tip

      Forget the domain name or admin user? You can go back to the new Resource Group in the portal, click Deployments, and then view the parameters you entered.

Gateway

Now that you have an RDS deployment, you can add and manage users.

Customized RDS using Quickstart templates

You can use Azure Resource Manager templates to deploy RDS in Azure. This is especially useful if you want a basic RDS deployment but have existing components (like AD) that you want to use. Unlike the Marketplace offering, you can make further customizations, such as using an existing AD on a virtual network, using a custom OS image for the RDSH VMs, and layering on high availability for RDS components. After adding on high availability to each component, your environment will look like the highly availabile RDS architecture.

Use these steps to create your small-footprint RDS deployment with an Azure RDS template:

  1. Pick your Azure Quickstart template:
    1. Go to the RDS Azure Quickstart Templates site.
    2. Choose the template that matches what you are trying to do. Make sure you meet any prerequisites for that specific template. (For example, if you are want to use a custom image for your VMs, make sure you have already uploaded that image to an Azure storage account.)
    3. Click Deploy to Azure.
    4. You'll need to provide some details (like admin user name, AD domain name) in the Azure portal. This varies based on the template you choose.
    5. Click Purchase.
  2. Connect to your deployment.
    1. Download and run this PowerShell script on your test device to install any certificates needed to connect to the RDS deployment.

      This step is only necessary during the testing phase. When you deploy RDS in Azure in production, make sure to follow best practices like purchasing and using a publicly trusted SSL certificate on your web servers.

    2. When prompted, sign into your Azure account. Select the Azure subscription, resource group, and public IP address created for this new deployment.

    3. When the script is finished, the RD Web page launches in your default browser. You can double-check the RD Web page by comparing the URL for the page to the DNS address you provided during deployment.

      Sign in with the admin credentials you created during deployment to see the default desktop published for you. You can also send users the RD Web site to test their desktops and applications.

      Tip

      Forget the domain name or admin user? You can go back to the new Resource Group in the portal, click Deployments, and then view the parameters you entered.

Now that you have an RDS deployment, you can add and manage users.

-->

A standard Remote Desktop Services (RDS) deployment includes various Remote Desktop role services running on Windows Server. The RDS deployment with Azure Active Directory (Azure AD) Application Proxy has a permanent outbound connection from the server running the connector service. Other deployments leave open inbound connections through a load balancer. This authentication pattern allows you to offer more types of applications by publishing on-premises applications through Remote Desktop Services. It also reduces the attack surface of their deployment by using Azure AD Application Proxy.

Use when

Azure remote desktop server login

You need to provide remote access and protect your Remote Desktop Services deployment with pre-authentication.

Azure Remote Desktop Server Hosting

Components of system

Azure Remote Desktop Server Windows 10

  • User: Accesses RDS served by Application Proxy.

  • Web browser: The component that the user interacts with to access the external URL of the application.

  • Azure AD: Authenticates the user.

  • Application Proxy service: Acts as reverse proxy to forward request from the user to RDS. Application Proxy can also enforce any Conditional Access policies.

  • Remote Desktop Services: Acts as a platform for individual virtualized applications, providing secure mobile and remote desktop access, and providing end users the ability to run their applications and desktops from the cloud.

Microsoft Remote Desktop Services

Implement Remote Desktop Gateway services with Azure AD