(bright music) - Welcome to Azure Virtual
Desktop Essentials. If your organization's
looking for a more efficient and flexible approach to
desktop virtualization, without compromising control, in the next few minutes, I'll walk you through
Azure Virtual Desktop, Microsoft's Cloud VDI solution with centralized security, management, and scalability built-in. By design, it works across
your devices and apps with full featured experiences for Windows, Mac, iOS, and Android. Also, the web client allows you to access your remote desktops and apps from almost any modern browser, keeping your user
productive from anywhere. So let's dig into the top things Azure Virtual Desktop brings you. First and foremost, it helps remove much of
the expense and complexity of building and managing your
own desktop infrastructure, and you only pay for what you use. It comprises the roles that you would've previously
had to manage yourself, such as your gateway, broker, diagnostics, load balancing, and more, but as a scalable
managed service on Azure. And you can provision the compute and configure user experiences
to meet your needs. Because it runs on Azure, you benefit from Azure's
expansive global footprint, and its mission critical infrastructure can be configured for
increased resiliency. For example, for any single instance VM, Or you can use Availability Zones to host redundant VMs across
physically separate locations in the same region that comprise
one or more data centers to guarantee 99.99% availability. You still maintain full control over service configuration and management with lots of options
for deploying services, implementing identity and file storage. Azure Virtual Desktop really is flexible and configurable to your needs. You can choose from hundreds of VM size and performance options, and vary the density of users on your VMs based on the workload. And you can configure remote
app experiences as you need to, allowing users to access
app windows individually without exposing the entire desktop. There are other unique benefits too, such as being able to
distribute users across your VMs for greater efficiency, something only previously
offered with Windows Server. You can have multiple users
simultaneously logged in to a single VM with
multi-session capabilities, exclusive to Azure Virtual Desktop. And this works with both
Windows 11 and Windows 10. Also, because you're running
on a Windows Client OS compared to Windows Server, you've got more flexibility to run a broader set
of apps for your users. Speaking of which, let's talk more about the user experience and how Azure Virtual
Desktop can be configured to protect your users as they work. For users, there are no compromises between their virtual desktop
experience and a physical PC. On Windows, remote apps
can be fully integrated into the start menu and you can pin them to the task bar. It's also easy to multitask, and if your policy permits it, copy and paste between app Windows, as you're seeing here with Windows 11. And as mentioned, Azure
Virtual Desktop can be accessed from virtually any device
platform or modern browser. And even though Azure Virtual Desktop can be set up using using shared VMs, whereas a user, you might access a different
VM each time you log in, you shouldn't feel it, because with FSLogix profile
containers configured, it will connect VMs to your
personal profile and app data with each log on. It just works like your local PC. For example, when you open Outlook, you'll see your inbox
and calendar right away without having to wait for
the mailbox to populate. This makes the experience of
working with stateful apps, as you move between shared VMs, pain-free. You can also use device
peripherals like webcams or other attached USB devices, and Universal Print allows you to use network
connected printers. And of course, by configuring optional information protection policies, you can ensure that data
never goes to the local device used to access your virtual desktops. In fact, Azure Virtual Desktop offers unparalleled configuration
and management options to let you maintain full control. From the Azure Portal, your experience starts
with deploying a collection of virtual machines, or host pools, that your users will have access to. Here, you've got the option of assigning personal
VMs to individual users or pooled VMs that are
shared with multiple users. Again, you control the
size, performance level, as well as the OS image used for each VM. You also control whether
users can access full desktops or individual applications. And to ensure that your VMs meet your desired user experience, Azure Virtual Desktop
provides real-time views of service insights, and it's fully integrated
with Azure Monitor. You can get full diagnostics for your host pools and workspaces to ensure it meets the bar for
performance and connectivity. And by monitoring VM utilization, you can make informed scaling decisions. That said, how you configure and integrate your identity services is the key to how users
will securely access their virtual desktops. Azure Active Directory unlocks a secure, consistent sign-on experience. You can require
multifactor authentication, along with conditional access
to streamline experiences. Then, by using Azure AD
Join for your host pools, you can run all identity and
access management services in the cloud without the need for hybrid connectivity to your local directory service. And importantly, unlike a less secure open remote desktop protocol port, which waits and listens for connections, Azure Virtual Desktop uses
reverse connect transport for outbound connectivity
over an encrypted connection during a user session. Of course, once authenticated, there are a few options for
accessing data and files. For pooled or shared VMs, user profile data can be containerized in a separate virtual disk, which will attach in
real-time to any session, on any VM, right as you login. If you're using OneDrive, your on-demand files are always available and will launch right away. And if you're using on-prem file shares, now Azure File Sync lets you
replicate them in Azure Files, so that your virtual desktops
up can access them seamlessly. There are also broader Zero Trust and intelligent controls
available to you too. So to protect against rootkit
and bootkit based attacks for Windows 11, Trusted Launch with virtual TPMs enable secure boot protections to make sure that
nothing has been modified before launching the VM. Azure Virtual Desktop also has several platform-specific
encryption options, which will work with your
key management service such as Azure Key Vault. And you have the option to
use Azure Confidential VMs, where all data and memory is encrypted with a hardware root of trust, requiring attestation to
protect data and code in use. As a domain joined, or
Azure AD joined machine, as you'd expect, you can implement granular
controls using group policy to enforce security
baselines in the VM itself. And by using Microsoft Defender for Cloud, the built-in intelligence
continually assesses the security of your virtual machines. These and other protections
can ensure that your VMs meet even the most stringent
security requirements. To truly take advantage of
paying for what you use, there are also lots you can do to optimize the costs and utilization. In fact, this is another area
of tremendous flexibility. Importantly, you can proactively balance performance and utilization costs by using the exclusive
multi-session experience to assign multiple users to a single VM and combining it with
load balancing controls with options for depth first
to load each VM up individually until it's close to capacity, then provision another
host for additional users, or breadth first, which evenly spreads users
across multiple available VMs. There are also built in scaling plans. These allow you to scale out the number of VMs in a host pool during peak usage time, and scale them back in, for example, during off
business hours or weekends. That was a quick overview
of Azure Virtual Desktop, Microsoft's Cloud VDI solution. There's more to come in our series with hands-on guidance on
the steps and your options to deploy and manage the service at scale. And there are useful resources
at aka.ms/AVDDocumentation. Of course, keep visiting
Microsoft Mechanics for more, subscribe if you haven't already, and thanks for watching. (bright music)