（含图）

You create a recovery services vault named Vault1.

You connect to a Remote Desktop session on Pool1 and discover an issue with the frequency of screen updates.

You need to identify whether the issue relates to insufficient server, network, or client resources. The solution must minimize how long it takes to identify the resource type.

* Name:VNet1

* Address space: 10.10.0.0/16

* Subnet name: Subnet1

* Subnet1 address range: 10.10.0.0/16

You deploy an Azure Virtual Desktop host pool that contains 10 session hosts to Subnets.

You plan to deploy a VPN gateway to VNet1 and provide the session hosts with access to the on-premises network.

You need to ensure that you can deploy the VPN gateway.

You have a hybrid Azure Active Directory (Azure AD) tenant. WVDusers syncs to Azure AD.

You have a Windows Virtual Desktop host pool that contains four Windows 10 Enterprise multisession hosts.

You need to ensure that only the members of WVDusers can establish Windows Virtual Desktop sessions to the host pool.

Overview

Litware, Inc. is a pharmaceutical company that has a main office in Boston, United States, and a remote office in Chennai, India.

Existing Environment. Identity Environment

The network contains an on-premises Active Directory domain named litware.com that syncs to an Azure Active Directory (Azure AD) tenant named litware.com.

The Azure AD tenant contains the users shown in the following table.

（含图）

All users are registered for Azure Multi-Factor Authentication (MFA).

Existing Environment. Cloud Services

Litware has a Microsoft 365 E5 subscription associated to the Azure AD tenant. All users are assigned Microsoft 365 Enterprise E5 licenses.

Litware has an Azure subscription associated to the Azure AD tenant. The subscription contains the resources shown in the following table.

（含图）

Litware uses custom virtual machine images and custom scripts to automatically provision Azure virtual machines and join the virtual machines to the on-premises Active Directory domain.

Network and DNS

The offices connect to each other by using a WAN link. Each office connects directly to the internet.

All DNS queries for internet hosts are resolved by using DNS servers in the Boston office, which point to root servers on the internet. The Chennai office has caching-only DNS servers that forward queries to the DNS servers in the Boston office.

Requirements. Planned Changes

Litware plans to implement the following changes:

Deploy Windows Virtual Desktop environments to the East US Azure region for the users in the Boston office and to the South India Azure region for the users in the Chennai office.

Implement FSLogix profile containers.

Optimize the custom virtual machine images for the Windows Virtual Desktop session hosts.

Use PowerShell to automate the addition of virtual machines to the Windows Virtual Desktop host pools.

Requirements. Performance Requirements

Litware identifies the following performance requirements:

Minimize network latency of the Windows Virtual Desktop connections from the Boston and Chennai offices.

Minimize latency of the Windows Virtual Desktop host authentication in each Azure region.

Minimize how long it takes to sign in to the Windows Virtual Desktop session hosts.

Requirements. Authentication Requirements

Litware identifies the following authentication requirements:

Enforce Azure MFA when accessing Windows Virtual Desktop apps.

Force users to reauthenticate if their Windows Virtual Desktop session lasts more than eight hours.

Requirements. Security Requirements

Litware identifies the following security requirements:

Explicitly allow traffic between the Windows Virtual Desktop session hosts and Microsoft 365.

Explicitly allow traffic between the Windows Virtual Desktop session hosts and the Windows Virtual Desktop infrastructure.

Use built-in groups for delegation.

Delegate the management of app groups to CloudAdmin1, including the ability to publish app groups to users and user groups.

Grant Admin1 permissions to manage workspaces, including listing which apps are assigned to the app groups.

Minimize administrative effort to manage network security.

Use the principle of least privilege.

Requirements. Deployment Requirements

Litware identifies the following deployment requirements:

Use PowerShell to generate the token used to add the virtual machines as session hosts to a Windows Virtual Desktop host pool.

Minimize how long it takes to provision the Windows Virtual Desktop session hosts based on the custom virtual machine images.

Whenever possible, preinstall agents and apps in the custom virtual machine images.

You need to modify the custom virtual machine images to meet the deployment requirements.

You deploy an Azure Virtual Desktop solution that contains Windows 10 multi-session hosts and streams a custom remote app named App1.

You need to ensure that the users are licensed to stream App1. The solution must minimize costs.

recently.

Contoso has an Azure subscription and uses Microsoft 365.

Existing Infrastructure. Active Directory

The network contains an on-premises Active Directory domain named contoso.com and an Azure Active Directory (Azure AD) tenant. One of

the domain controllers runs as an Azure virtual machine and connects to a virtual network named VNET1. All internal name resolution is

provided by DNS server that run on the domain controllers.

The on-premises Active Directory domain contains the organizational units (OUs) shown in the following table.

（含图）

The on-premises Active Directory domain contains the users shown in the following table.

（含图）

The Azure AD tenant contains the cloud-only users shown in the following table.

（含图）

Existing Infrastructure. Network Infrastructure

All the Azure virtual networks are peered. The on-premises network connects to the virtual networks.

A virtual network named VNET4 was recently created are peered to the other virtual networks. VNET4 does NOT contain any AVD virtual

machines.

All servers run Windows Server 2019. All laptops and desktop computers run Windows 10 Enterprise.

Since users often work on con􀂬dential documents, all the users use their computer as a client for connecting to Remote Desktop Services

(RDS).

In the West US Azure region, you have the storage accounts shown in the following table.

（含图）

Existing Infrastructure. Remote Desktop Infrastructure

Contoso has a Remote Desktop infrastructure shown in the following table.

Contoso plans

（含图）

Requirements. Planned Changes -

Contoso plans to implement the following changes:

• Implement FSLogix pro􀂬le containers for the Paris o􀂮ces.

• Deploy an Azure Virtual Desktop host pool named Pool4.

• Migrate the RDS deployment in the Seattle o􀂮ce to Azure Virtual Desktop in the West US Azure region.

Requirements. Pool4 Con􀂬guration

Pool4 will have the following settings:

• Host pool type: Pooled

• Max session limit: 7

• Load balancing algorithm: Depth-􀂬rst

• Images: Windows 10 Enterprise multi-session

• Virtual machine size: Standard D2s v3

• Name pre􀂬x: Pool4

• Number of VMs: 5

• Virtual network: VNET4

Requirements. Technical Requirements

Contoso identi􀂬es the following technical requirements:

• Before migrating the RDS deployment in the Seattle o􀂮ce, obtain the recommended deployment con􀂬guration based on the current RDS

utilization.

• For the Azure Virtual Desktop deployment in the Montreal o􀂮ce, disable audio output in the device redirection settings.

• For the Azure Virtual Desktop deployment in the Seattle o􀂮ce, store the FSLogix pro􀂬le containers in Azure Storage.

• Enable Operator2 to modify the RDP Properties of the Azure Virtual Desktop deployment in the Montreal o􀂮ce.

• From a server named Server1, convert the user pro􀂬le disks to the FSLogix pro􀂬le containers.

• Ensure that the Pool1 virtual machines only run during business hours.

• Use the principle of least privilege.

You need to con􀂬gure the virtual machines that have the Pool1 pre􀂬x. The solution must meet the technical requirements.

You deploy and configure Azure Virtual Desktop in a secondary location.

You plan to perform a test failover to the secondary location, but discover existing user sessions to the primary location.

You need to sign out users from the session hosts in the primary location.

You plan to deploy Azure Virtual Desktop.

You need to recommend a storage solution for the FSLogix pro􀂬le containers. The solution must provide the highest possible IOPS and the

lowest latency desktop experience.

You plan to configure scaling for Pool1 by using Azure Automation runbooks.

You need to authorize the runbooks to manage the scaling of Pool1. The solution must minimize administrative effort.

You need to provide external users with access to the deployment. The external users have computers that run Windows 10 Pro and Windows 10 Enterprise. The users do not have the ability to install applications.

You need to ensure that administrators can initiate an RDP session to the session hosts by using the Azure portal.

（含图）

You need to create an image that will be used to deploy an Azure Virtual Desktop session host.

You create a virtual machine named Image1 to use as the master image. You install applications and apply configuration changes to Image1.

You need to ensure that the new session host virtual machines created based on Image1 have unique names and security identifiers.

that has the following settings:

• Host pool name- Pool 1

• Host pool type: Personal

• Number of VMs: 3

The session hosts have the following configurations:

• Image used to create the virtual machines: Windows 10 Enterprise

• Virtual machines domain-Joined to: On-premises conroso.com domain