AZ-140 Configuring & Operating MS Azure Virtual Desktop AVD

Learn how to use assignments, which are off Udemy simulations: start, read directions, open in a new tab, complete steps, and submit, noting certificates rely on video progress.

Set up a free Azure account to access $200 credit for 30 days and many free services for 12 months, then log in at portal.azure.com.

Convert your Azure account name to a business account by editing the user principal name in Microsoft Entra ID and sign in with the updated account.

Register a custom domain name, verify it in Azure Active Directory, and configure DNS records to use exam lab practice dot live for your Azure Virtual Desktop lab.

Set up an Active Directory domain controller as an Azure VM and promote it to a new AD DS forest named exam lab practice.live, using private DNS.

Create an organizational unit and test users, then install and configure Azure AD Connect to synchronize on premise users to Azure AD with password hash synchronization and single sign-on.

Develop essential foundational knowledge of vnets, subnets, and the Azure Firewall, plus PowerShell basics, to prepare for working with Azure Virtual Desktop.

Master PowerShell fundamentals to manage Microsoft cloud services, using the verb-noun command pattern, admin access, and both console and ISE scripting with piping, remoting, and basic scripting concepts.

Discover how to install the Azure PowerShell AZ module from the PowerShell Gallery, search for AZ commandlets with Git, handle NuGet and untrusted repository prompts, and connect to Azure.

Learn to use PowerShell with Azure AD to automate common tasks, including creating and listing users and groups, and validating results in the Azure portal.

Explore cloud shell in portal.azure.com to run PowerShell or azure CLI in the browser, manage a storage account, and switch between PowerShell and bash while running azure commands.

Understand virtual networks in Azure, including address spaces, DHCP, and VNet subnets. Explore hub-and-spoke and peering, NSGs, Azure Firewall, UDRs, and on-premises connections via VPN gateway or ExpressRoute.

Create virtual networks and multiple subnets in Azure portal, configuring address spaces like 10.1.0/16 and 10.1.1.0/24 within a hub-and-spoke setup, then review and deploy.

Plan carefully before configuring the Azure Firewall to avoid prolonged costs, as the firewall consumes Azure credits; complete the firewall steps and delete the firewall when done.

Explore azure firewall SKUs, threat intelligence, and ids/ips with signatures. Learn how firewall policies group rules—from destination net to application—managing inbound outbound traffic in a hub and spoke vnet.

Explore how azure firewall manager centralizes your firewalls, policies, and VNets in one interface, enabling a hub for virtual hubs, secure routing, and security partner integrations.

Create a route table in Azure to route traffic through the firewall, adding a 10.0.0.0/8 route via a virtual appliance and associating it with all subnets across VNets.

Clean up your Azure environment by deleting every resource group created during the foundation videos. Use portal.azure.com, select each resource group, and confirm deletion.

Windows 365 streams a cloud-hosted Windows OS to a single user, while Azure Virtual Desktop scales with host pools and central storage for broader deployments.

learn how to redo a completed assignment by navigating to the summary, returning to the assignment, and opening the instructions to access the simulation link.

Assess Azure virtual desktop capacity and RDP bandwidth needs, including heartbeats, input, file transfers, printing, and graphics to support 1080p content.

Plan Azure virtual desktop connectivity by selecting the optimal region based on client locations and latency, using the Azure virtual desktop experience estimator and Azure speed tools.

Configure a virtual network for the session host on Azure Virtual Desktop. Allow outbound access to required URLs through the firewall and test with the URLs check tool.

Enable RDP short path and quality of service for Azure Virtual Desktop by deploying administrative templates, enabling the short path policy, and applying DSCP 46 QoS tagging to RDP traffic.

Plan and implement Azure DNS name resolution for Azure Virtual Desktop by creating a DNS zone, delegating name servers, and configuring DNS (10.0.0.4) for domain controllers to enable domain join.

Learn to monitor and troubleshoot Azure network connectivity for virtual machines and Azure Virtual Desktop, using Log Analytics, Network Watcher, IP flow verify, NSGs, and diagnostics.

Explore FS logic profile containers to attach user profiles to any Azure Virtual Desktop session, enabling roaming profiles and data availability while leveraging OneDrive and Azure Active Directory domain services.

Explore how FSLogix integrates with Azure Virtual Desktop, using on-premises AD and Azure AD Connect, VHD storage in storage accounts, and a control plane to provide seamless user profile roaming.

Create and configure a storage account for Azure Virtual Desktop, choosing a unique 15-character name, premium file shares, and proper networking; verify deployment and understand soft delete options.

Create a file share in a storage account using smb to store user data with a 100 gb minimum, configure Active Directory authentication later, and delete share to avoid charges.

Explore Azure NetApp Files, an enterprise-class, cloud-hosted NAS with SMB and NFS, scalable high-throughput, low-latency, all-flash gear, multi-protocol support, automatic failover, snapshots, and strong security for large environments.

Organize Azure subscriptions with management groups and resource groups for host pool VMs. Ensure host pool VMs share the same resource group, and note that resource groups cannot nest.

Azure Virtual Desktop supports Windows 11, Windows 11 enterprise multi session, Windows 10 enterprise multi session, and Windows Server 2019, with Azure Image Gallery, manual deployment, and ARM template deployment.

Identify the right licensing model for Azure Virtual Desktop by evaluating per-user access licenses, Azure costs, and Microsoft 365 licenses (E3/E5, A3/A5, and F3), plus RDS CAL requirements for servers.

Explore host pool architecture forAzure Virtual Desktop by comparing personal and pooled pools, image consistency, and auto scaling, with app groups and Fslogix for user data.

Assess latency and RTT and evaluate user internet speeds to optimize Azure Virtual Desktop, using the Azure Virtual Desktop Experience Estimator, regions, RDP short path, QoS, VM size, and testing.

Learn to calculate Azure Virtual Desktop capacity and costs using the Azure Pricing Calculator, exploring multi-session vs pooled deployments, VM sizing, storage, and potential savings with reservations.

Create an Azure Virtual Desktop host pool and session hosts in the Azure portal, linking a VNet and DNS, joining the domain, and provisioning two Windows 11 enterprise multi-session VMs.

Explore how to automate Azure Virtual Desktop deployments using PowerShell, Azure CLI, ARM templates, and Bicep, including host pool creation, resource groups, and deployment templates.

Configure Azure virtual desktop host pool and session host settings, scaling plans with ramp up/down, RDP properties, Azure AD authentication, domain join, start VM on connect, private endpoints.

Apply Azure Virtual Desktop licenses automatically to Windows session hosts when you create host pools or deploy VMs via automation; manual licensing is only needed with PowerShell or Azure CLI.

Create a reusable golden image by building a Windows 11 enterprise multi-session VM in Azure, generalizing with sysprep, deallocating, and capturing to an Azure image gallery for Azure Virtual Desktop.

Learn to build rapid azure virtual machine images using azure image builder with powershell or azure cli, json templates, managed identity, and rbac, to streamline image deployments.

Modify a session host image by updating the golden image with local group policy changes, disabling automatic updates, and capturing a new image version for AVD deployment.

Explore lifecycle management for Azure images by adding and deleting versions, creating VMs from older versions, and managing end-of-life dates and update replication.

Create a session host from a golden image in the Azure Virtual Desktop host pool, configure the VM, assign the user, and verify via RDP.

Discover how to store and manage Azure Compute Gallery images, including image sources, definitions, and versions, plus sysprep generalization and snapshots.

Create and manage an Azure Compute Gallery to centralize Windows 11 images, capture a VM into a developer image, and publish versions with RBAC sharing for deployment.

Learn identity management for Azure Virtual Desktop, including on premise, hybrid, and cloud-only identities, Azure AD and federation, plus single sign-on and authentication methods.

Explain the requirements and methods for Azure Virtual Desktop authentication using Azure AD, including Azure AD Connect for syncing on-premises accounts and seamless single sign-on.

Explore multifactor authentication by clarifying the three factors—something you know, something you have, and something you are—and why single-factor passwords are insufficient. Pair two different factors, such as a password with a cell phone verification, a smart card with a pin, or an authenticator app, to strengthen access security for users.

Enable multi-factor authentication for Azure Virtual Desktop users by configuring per-user MFA in Azure Active Directory via portal.azure.com and enforce the policy while managing app passwords for legacy apps.

Plan conditional access policies that use signals from identities, devices, apps, and data within a zero trust framework to decide access, enforce decisions, and manage risk.

Enforce multi-factor authentication for Azure Virtual Desktop users by creating an AVD users group in Azure Active Directory. Apply a conditional access policy that requires MFA.

Explore how Azure RBAC grants rights by role, documenting privileges in JSON, and apply least privilege with restricted admin roles, including just-in-time access via PIM.

Master role-based access control in Azure Virtual Desktop by assigning contributors, readers, and operators to session hosts and application groups at the resource group or resource level.

Explore how to plan, implement, and manage security for Azure Virtual Desktop using Microsoft Defender for Cloud, including security posture, inventory, remediation steps, MFA recommendations, and compliance insights.

Attach an Azure NSG to the session host subnet and configure inbound rules for 443 and 3390 to secure Azure Virtual Desktop connections; use VPN or Azure Bastion for access.

Discover how Azure Bastion enables just-in-time administrative access to VMs via a browser, avoiding open RDP port 3389. Compare basic and standard SKUs and review pricing.

Compare WDAC and AppLocker to apply blanket or fine-grained app controls using code signing certificates, reputation, and path rules, and deploy policies via the policy wizard and GPO.