Azure Virtual Desktop

The Building Blocks of Azure Virtual Desktop: A Simple Guide to Core Features and Components!

Businesses need a scalable, secure, and cost-effective virtual desktop solution.

Thomas Cowen

Thomas Cowen

7 min read
The Building Blocks of Azure Virtual Desktop: A Simple Guide to Core Features and Components!
Blog Table of Contents

Table of Contents

Introduction

With hybrid and remote work becoming the norm, businesses need a scalable, secure, and cost-effective virtual desktop solution. Azure Virtual Desktop (AVD) provides just that - allowing IT teams to streamline remote access while maintaining security and performance.

I'm still getting to grips with the content I want to produce. Essentially, for most of this year, it'll be AVD focussed.

However, I realised that I dived straight into how to configure CA policies for AVD, before actually going through the basics of what it is, and what is required.

So, let's dive in, to the basics of Azure Virtual Desktop.

Overview

AVD is built on a set of key components, or as I like to call them; "puzzle pieces". Each piece plays a crucial role in the overall jigsaw, working together to deliver a seamless and scalable virtual desktop experience.

In this guide, we'll explore the fundamental building blocks of AVD, including Host Pools, Application Groups, Workspaces and Session Hosts.

We'll also cover essential considerations like user profile management, and at the end of this guide, I'll link you to the recommended security policies for AVD, including a critical policy that you won't want to miss!

Whether you're new to AVD or looking to refine your deployment, this breakdown will give you a solid foundation to build upon.

Key Components

License Requirements

Often in technical-focussed blogs, we forget to align technical outcomes to business goals. In this section, I'll outline the licensing requirements for AVD, but firstly, I want to share my recommendation for SMB customers with less than 300 seats.

Why Microsoft 365 Business Premium is the Right Choice for SMBs:

  • Cost-Effective: Includes AVD licensing for Windows 11 multi-session, eliminating additional licensing costs.
  • Productivity & Security: Leverage tools like Word, Excel, Teams & OneDrive alongside enterprise-grade security features; bundled into one license cost.
  • Advanced Security: Includes Conditional Access & Intune, protecting sensitive data and enabling secure remote work.
  • Simplified Management: Integrated solution for both licensing and security, reducing complexity and administrative overhead.
  • Significant Savings: A comprehensive solution that optimises cost without sacrificing security or functionality.

The integrated approach makes Microsoft 365 Business Premium a powerful option for SMBs looking to optimise both cost and security - without compromise.

License Comparison

Feature Microsoft 365 Business Premium Microsoft 365 E3/E5 Windows 10/11 Enterprise + RDS CAL Microsoft 365 E3/E5 Windows 10/11 Enterprise + RDS CAL
AVD Licensing Included ✅ Yes ✅ Yes ❌ No (RDS CALs required) ✅ Yes ❌ No (RDS CALs required)
Maximum Users Up to 300 Unlimited Unlimited Unlimited Unlimited
Security Features Intune, Conditional Access, Defender for Office Advanced security (E5 includes Defender for Endpoint, DLP, and more) Basic security, requires separate tools Advanced security (E5 includes Defender for Endpoint, DLP, and more) Basic security, requires separate tools
Productivity Apps Word, Excel, Teams, OneDrive Word, Excel, Teams, Power BI (E5) Requires separate licensing Word, Excel, Teams, Power BI (E5) Requires separate licensing
Best for... SMBs wanting an all-in-one solution Enterprises needing advanced security Businesses with existing RDS infrastructure Enterprises needing advanced security Businesses with existing RDS infrastructure

Host Pools

Host Pools are a key part of an AVD environment, acting as collections of virtual machines that deliver desktops and/or applications to users. Choosing the right load-balancing mode impacts both scalability and cost-efficiency.

  • Breadth-First – Spreads users evenly across available session hosts, improving performance but requiring more active resources.
  • Depth-First – Fills up one host before moving to the next, maximising resource usage and reducing costs.

For SMB customers, auto-scaling can strike the perfect balance – ensuring performance during peak hours while reducing costs when demand is low.

Application Groups

Application Groups define how users access desktops and applications within Azure Virtual Desktop. They act as the bridge between Host Pools and Workspaces, ensuring the users get the right apps and desktops based on their assignments. There are two types:

  • Desktop Application Group (DAG) – Provides full desktop access.
  • RemoteApp Application Group (RAG) – Publishes specific applications instead of a full desktop.

From a business perspective, Application Groups enable flexibility and cost-control. By assigning only the necessary applications to users, businesses can reduce resource consumption and enhance security by limiting unnecessary access. This approach ensures users have what they need without over-provisioning, ultimately optimising licensing and Azure costs.

For example, a finance team might need only Excel and Power BI, so a RemoteApp Application Group (RAG) would be ideal - reducing resource usage and improving security. Meanwhile, a development team might require a full desktop environment, making a Desktop Application Group (DAG) the better choice.

Workspaces

Workspaces act as the front door to an AVD environment, providing users with a central hub to access assigned apps and desktops. They play a key role in access control, user experience, and security:

  • Simplifies Access Management – Workspaces link multiple Application Groups, allowing businesses to organise desktops and apps by team or role.
  • Enhances User Experience – Users can seamlessly access their desktops and applications via the AVD web client, Windows client, or mobile apps.
  • Improves Security & Compliance – Ensures users only see what they need, reducing complexity and minimising security risks.

Session Hosts

Session Hosts are the virtual machines that run user sessions, delivering desktops and applications in an Azure Virtual Desktop environment. They are the backbone of Azure Virtual Desktop performance and scalability.

  • Power AVD Workloads – Host Windows 11 Multi-Session enabling multiple users per VM.
  • Scale Based on Demand – Supports autoscaling to optimise performance and cost by adjusting VM capacity dynamically to demand.
  • Enhance User Experience – Performance depends on VM size, FSLogix for profiles, and networking to ensure smooth operation.
  • Impact Cost Efficiency – Choosing the right session-to-VM ratio reduces over-provisioning and optimises Azure spend.

A well-architected session host strategy directly impacts performance, cost efficiency, and scalability, ensuring that businesses only pay for what they need while maintaining a smooth user experience.

User Profile Management (FSLogix)

FSLogix is the recommended solution for managing user profiles in AVD, providing a consistent and seamless experience across sessions:

  • Consistent User Experience – Profiles are stored in a VHDX file and mounted instantly at login.
    • FSLogix profiles should use VHDX format by default, offering better performance, resilience, and scalability compared to VHD.
  • Faster Logins & Fewer Issues – Reduces roaming profile issues by keeping data centrally stored.
  • Optimised Performance – Supports profile containers, Microsoft 365 containers, and app masking for resource efficiency.
  • Secure Storage – Integrates with Azure File Shares, ensuring authentication and access control.

👉 Configuring FSLogix correctly can significantly improve AVD performance!

Conditional Access Policies

🔎Struggling with securing Azure Virtual Desktop? Don’t leave your AVD environment exposed - discover the must-have Conditional Access policies here!

From Frustration to Functionality: Optimising Conditional Access for AVD (and more!)
Introduction In today’s digital landscape, securing remote work environments is more critical than ever. As explained below, Azure Virtual Desktop (AVD) offers a robust solution for delivering virtual desktops and applications to users, but ensuring secure access is key. This is where Conditional Access comes into play. In this blog
Thomas CowenThomas Cowen

Conclusion

In this blog, we've explored the core components of Azure Virtual Desktop and how each element contributes to a secure, scalable, and cost-effective virtual workspace.

By implementing key building blocks - Host Pools, Application Groups, and Workspaces - you can create an optimised AVD environment that balances performance, security, and cost.

As you plan or refine your AVD deployment, keep in mind that technology alone isn’t enough - aligning your solution with your business or customer’s goals is the key to maximising ROI and long-term success.

🚀 Want to take your AVD setup even further? Check out my guide on Conditional Access for AVD to ensure your environment stays secure!

Need some help? Reach out!

Let’s Connect
Whether you’re a non-profit looking for some assistance, an IT professional looking for guidance or simply want to discuss an idea - feel free to reach out! 💬 Connect with me on LinkedIn to network, stay updated, discuss a question or to collaborate!
9to5AzureThomas Cowen

Want more Azure insights? Subscribe for expert tips & updates - no spam, just value!

Read more