Azure Virtual Desktop Ecosystem

We architect, automate and deploy the entire Azure Virtual Desktop ecosystem securely and rapidly using CloudSecure's tried and tested design pattern

Illustration of the full Windows Virtual Desktop Ecosystem.

Service and Features

CloudSecure's Azure Virtual Desktop design pattern leverages a broad set of tooling to create an ecosystem that incorporates the services and features in Azure used to secure, monitor and manage the solution

Desktop Security

  • W10 GPO NCSC Security Clamps (enable AppLocker, Windows Defender Anti-virus and Exploit Guard)

  • Microsoft Defender Advanced Threat Protection (DATP)

  • Data Exfiltration Controls (Screen Capture Protection, Disable Copy/Paste and client drive redirection)

Identity & Access Control

  • Azure Active Directory Domain Services (DNS/GPO)

  • Multi Factor Authentication

  • Conditional Access

  • Azure AD Authentication

  • Azure Privileged Identity Management

  • Self-service Password Reset

Monitoring

  • Azure Sentinel (SIEM)

  • Azure Log Analytics Workspace

  • Azure Dependency Agent

  • Azure Monitor

  • Microsoft Monitoring Agent

Compute

  • Azure Virtual Desktop

  • Standard/Premium SSD Storage

  • Ephemeral Disks (Cost savings, lower latency and faster)

  • Install Custom Script Extensions (Dependency Agent, MMA, AntiMalware)

Resilience

  • Bespoke Terraform solution to spread VMs across Availability Zones

  • Azure Backups

Networking

  • Azure Virtual WAN

  • Azure VPN Gateways

  • Azure ExpressRoute

  • Azure Firewall

Image Management

  • Azure Image Builder

  • Chocolately for automated application deployment

  • Azure Shared Image Gallery

  • VDI Image Optimisation

User Profile

  • FSLogix Profile Management

  • Azure Files (IAM/NTFS)

  • Azure Private Endpoints

  • Bespoke Automated FSLogix Shrink Profile Solution

Patching

  • Use Azure Image Builder to redeploy VMs

  • Treat VMs as cattle and not pets

  • Azure Update Management for Servers

Management

  • Privileged Access Workstation

  • Azure Bastion

  • Azure Policy

  • Azure Management Groups

Automation

  • Infrastructure as Code (Terraform/ARM)

  • Pipeline Deployment using Concourse or Azure DevOps

  • Powershell

  • Azure Automation Runbooks

  • Azure Functions

Autoscaling

  • CI/CD Pipeline to destroy and provision VMs on schedule

  • Azure Automation and Azure Logic Apps to automatically autoscale session hosts VMs