Manage Azure Virtual Desktop with Endpoint Manager (Intune)

Microsoft Endpoint Manager (Intune) currently supports Windows 10 personal (1:1) desktops and not Windows 10 multi-session, arguably, Azure Virtual Desktops most important weapon. Windows 10 multi-session is a much more cost-effective approach to hosting virtual desktops, and at least for our customers, the most common deployment approach.

Thankfully, soon you will be able to Manage Azure Virtual Desktop with Endpoint Manager (Intune) and Windows 10 multi-session. Currently the feature is in Public Preview so you can start testing right away.

Eventually Microsoft Endpoint Manager will provide a single pain of glass to manage all your physical and virtual desktops, thus simplifying management.

A quick side note on Windows 10 Enterprise multi-session

Windows 10 Enterprise multi-session is a new Remote Desktop Session Host exclusive to Azure Virtual Desktop on Azure. It provides the following benefits:

• Allows multiple concurrent user sessions
• Gives users a familiar Windows 10 experience
• Supports the use of existing per-user Microsoft 365 licensing

Manage Azure Virtual Desktop with Endpoint Manager: Generally Available

Manage Azure Virtual Desktop with Endpoint Manager where you have VM’s that are:

• Running Windows 10 Enterprise, version 1809 or later
• Hybrid Azure AD-joined
• Set up as personal (1:1) remote desktops in Azure (no support for Windows 10 multi-session)
• Enrolled in Intune in one of the following methods:
  • Auto enrolment through hybrid Azure AD
  • Configuration Manager co-management
  • User self-enrolment via Azure AD Join

Intune treats Azure Virtual Desktop personal VM’s the same as Windows 10 Enterprise physical desktops. Therefore, you can use your existing configurations.

Manage Azure Virtual Desktop with Endpoint Manager: Public Preview

Manage Azure Virtual Desktop with Endpoint Manager and Windows 10 Enterprise multi-session VM’s. At the time of writing, these are the requirements:

• Windows 10 Enterprise multi-session, version 1903 or later
• Hybrid Azure AD-joined – see Active Directory Options Demystified
• Set up as virtual desktops in pooled host pools in Azure
• Azure Virtual Desktop agent version of 2944.1400 or later
• Enrolled in Microsoft Endpoint Manager using one of the following methods:
  • Configured with Active Directory group policy, set to use Device credentials, and set to automatically enrol devices that are Hybrid Azure AD-joined. The preview only supports enrolment via group policy if you’re using a single MDM provider
  • Configuration Manager co-management

Windows 10 multi-session VM’s are treated as a separate OS edition and some existing Windows 10 Enterprise configurations are not supported. When managing Windows 10 multi-session VM’s you must use device-based configurations (user-less enrolments). This means only policies defined in the OS scope and apps configured to install in the system context can be applied to Windows Virtual Desktop multi-session VM’s. Additionally, all multi-session configurations must be targeted to devices or device groups. User scope policies are not supported at this time.

For more information see Microsoft’s documentation.

General Issues when managing Azure Virtual Desktop with Microsoft Endpoint Manager (Intune)

• If you are using non-persistent desktops this regularly will leave orphaned device records in Intune that need to be cleaned up

Related Articles

• Azure Virtual Desktop Review
• Active Directory Options Demystified
• Azure Virtual Desktop Domain Join Options
• Azure Virtual Desktop Classic vs ARM
• Azure Virtual Desktop & Windows 365 Licencing Requirements