Prerequisites

The below highlights the prerequisites required to use Azure Virtual Desktop and configuration in Parallels RAS environment.

Microsoft Azure subscription

You need a Microsoft Azure subscription, including:

  • An Azure Tenant ID.
  • An Azure subscription with sufficient credit.

Azure Virtual Desktop user license entitlement

Customers with the licenses listed below are entitled to use Azure Virtual Desktop at no additional charge apart from Azure compute, storage, and network usage billing.

To run Windows 10 and Windows 11 with Azure Virtual Desktop you need to have one of the following per user license:

  • Microsoft 365 F3, E3, E5, A3, A5, Student Use Benefits or Business Premium
  • Windows 10 Enterprise E3, E5
  • Windows 10 Education A3, A5
  • Windows 10 VDA per user

To run Windows Server 2012 R2, 2016, 2019, 2022:

  • Per user or per device Remote Desktop Services (RDS) Client Access License (CAL) with active Software Assurance (SA).

For further information, please refer to Microsoft licensing requirements at https://docs.microsoft.com/en-us/azure/virtual-desktop/overview.

Permissions and Azure resource providers

The below highlights permissions and resource providers to be registered in the subscription:

  • Permissions to enable resource providers on your Azure subscription and create virtual machines (VMs).
  • The necessary Microsoft Azure resource providers (Azure Portal > Subscription > Resource Providers) must be enabled, including Microsoft.ResourceGraph, Microsoft.Resources, Microsoft.Compute, Microsoft.Network, Microsoft.DesktopVirtualization.

Microsoft Entra ID application

For a detailed information about creating an Microsoft Entra ID application, please see Create a Microsoft Entra ID application.

Once an Microsoft Entra ID Application is created, give the application the following API permissions in the Microsoft Azure Portal (Microsoft Entra ID > App Registrations > API permissions > Add a permissions > Microsoft.Graph > Application permission):

  • Group > Group.Read.All
  • User > User.Read.All

Give the application read and write access to resources:

  • The Microsoft Entra ID application that you created must have read and write access to Azure resources as described in Create a Microsoft Entra ID application. Look for "Give the application read and write access to resources".

Roles and permissions for the application should include:

  • "User Access Administrator" role for the application from Subscription > Access Control (IAM).
  • "Contributor" role at the Resource group level from Resource group > Access Control (IAM).

If a resource group creation is required, also assign contributor role at the subscription level Subscription > Access Control (IAM).

Active Directory

  • A Server Active Directory environment or Azure Active Directory Domain Services (AADDS). See https://azure.microsoft.com/services/active-directory-ds/.
  • Azure AD Connect — AD must be in sync with your Microsoft Entra ID, so users can be associated between the two.
  • The user must be sourced from the same Active Directory that's connected to Microsoft Entra ID. Azure Virtual Desktop does not support B2B or MSA accounts.
  • The user configured in the Parallels client with access to Azure Virtual Desktop resources must exist in the Active Directory domain the session host it is joined to.

Other

  • Azure Virtual Network providing session hosts connection to the domain.
  • Session hosts must be domain-joined to Active Directory.
  • (optional) Site-to-site VPN or ExpressRoute is required if hybrid Parallels RAS deployment is used.
  • (optional) Shared network location to be used for FSLogix Profile Containers which may run on Azure Files or Azure NetApp Files.

Additional notes

Please also note the following Provider and Azure Application requirements for different RAS Farm and RAS Site scenarios:

  • Same RAS Farm, same RAS Site: The same Farm, Site, and Application ID is possible to be used for both VDI and Azure Virtual Desktop. Build the guest VM list with Azure Virtual Desktop tags for Azure Virtual Desktop provider and guest VMs with VDI tags (or no tags) for Azure Provider.
  • Same RAS Farm, same RAS Site: It is recommended to use different Azure Applications for multiple providers of the same type. For example, multiple Azure Virtual Desktop or multiple Providers but not mixed.
  • Same RAS Farm, different RAS Sites or different RAS Farms: The point above applies. Alternatively, different RAS Farms or Sites can (and must in this case) reside in different virtual networks with no communication to common set of VMs.
Was this topic helpful?