How to Access Azure Virtual Desktop (AVD)
Preface
AGE leverages Azure Virtual Desktop (AVD) for a number of use cases including consultant access, developer access, and student training. As the name implies, AVD relies on Microsoft Azure, which means you'll need to leverage your Entra ID (formerly Azure Active Directory and also known as your "Microsoft 365" account) to access your AVD instance. Some users may have multiple Entra ID accounts in the same tenant or across multiple tenants. For example, many AGE employees have a Navy, DISA, or DLA account as well. Those unique identities are important to consider and will be discussed in more detail below. AVD instances may be dedicated to an individual or shared with other users, but ultimately each user's data remains isolated. One of the major benefits of AVD is the flexibility in accessing the virtual desktop from virtually anywhere on any device. This includes access through a web browser or dedicated client application. The web browser option is ideal for users that are unable to install any software on their systems, whereas the dedicated client applications may provide enhanced functionality, specifically for users that need to leverage certificate authentication for websites within the AVD environment (i.e. CAC authenticated endpoints) and for optimized audio/video performance (i.e. Teams).
The thick client is available on DoDNet endpoints for all DISA employees, though you may have to install it through the Software Center.
Your device does NOT need to be enrolled in BYOD to access AVD.
Web Client Access
The simplest method of accessing AVD is via a web browser. As an AGE employee, consultant, or subcontractor, an app for logging into AVD will be available on your MyApps portal 
, otherwise the below links should work depending on where your Microsoft 365 tenant resides:
- Azure Cloud
- Azure for US Government and DoD (this is the one AGE uses)
You'll need to ensure you authenticate with the appropriate Entra ID (Microsoft 365) identity. Keep in mind, if you are already authenticated with an identity, these links will default to using that same identity. For example, if you're logged into the DoD365-J tenant for webmail or Teams and you attempt to access AVD for AGES, your DoD365-J credentials will be presented and your access attempt will be blocked. In such cases, you'll need to either use a separate browser profile (recommended if you routinely access multiple tenants), private mode, a separate browser, or logout of your existing tenant and restart the browser. Many organizations sign-in the default browser to their organizations tenant, meaning you will not be able to use that browser profile for access to other tenant resources. You'll need to use private mode, a separate browser, or a new profile. See our KBA for more help with using Browser Profiles.
After authentication, you'll see a page with each virtual machine you have access to within the tenant. By clicking on the virtual machine, a connection will be made through your browser using HTTPS (TCP port 443) which is generally not blocked by most organizations. You'll be prompted to select which components you would like the VM to have access to. You are not required to allow any of these; however it is highly recommended that you allow all to ensure maximum functionality.
Thick Client Access
Microsoft also offers a dedicated client application for accessing AVD. As mentioned above, the thick client has a few added benefits including the ability to natively isolate identities (so you can access AVD in multiple M365 tenants without any additional effort), optimized display settings for multiple screens, optimized Teams audio/video delivery, and enhanced CAC/PIV passthrough to the VM (enabling you to fully access DoD resources that may not work in the browser based AVD access).
AGE employees can install this application on their AGE managed laptops via the Company Portal. Folks with non-AGE computers can download and install it from here. At present time, AGE has not conducted extensive testing of the iOS and Android applications and therefore has not published this app for BYOD devices. Users may install it on their iOS/Android devices via the appropriate App store and use at their own risk, AGE does not currently provide technical support for this. If you prefer to access AVD from a personal laptop, you may optionally install the application following Microsoft guidance. For all non-employees, follow your organizations guidance and processes for installing the "Remote Desktop" application that has an icon similar to the below (varies by operating system).
The "Remote Desktop" application is utilized exclusively for AVD at this time and should not be confused with the legacy "Remote Desktop Connection" application that is installed by default on Windows. The application is not available for install on an AVD virtual machine itself.
After installing the application, you can launch and follow the on-screen instructions to "Subscribe" or "Add" your virtual desktop(s) and/or workspaces. The specific instructions vary slightly based on the operating system and have been changing frequently with each version and are therefore not explicitly defined in this knowledge base article. The following workspace URLs may be required:
Azure Cloud - https://rdweb.wvd.microsoft.comAzure for US Government - https://rdweb.wvd.azure.us/api/arm/feeddiscovery (this is the one AGE uses)
During the process you will be prompted for your credentials, ensure you are using the appropriate identity for the desired tenant. As mentioned above, you can subscribe/add AVD instances from multiple different tenants by simply repeating this process and entering the appropriate credentials for each tenant.
AGE Solutions, and many other organizations, leverage automated shutdown for virtual machines to reduce costs. If your virtual machine is shutdown, the first login of the day may take a few minutes as the VM will need to boot up. No additional action is required by the user.
Related Articles
How to work with multiple Microsoft 365 Identities Using Browser Profiles
Introducing Microsoft 365 Identities The Microsoft 365 (M365), and Azure, ecosystem relies on an identity solution called Entra ID, formerly known as Azure Active Directory. These identities are leveraged by users to access Microsoft 365 services, ...How to Log in with Username and Password if Windows Hello (PIN, Face, or Fingerprint) is Unavailable
Purpose: To guide users on how to log into their Windows 11 devices using their username and password when Windows Hello (PIN, face recognition, or fingerprint) is unavailable. Steps to Log in with Username and Password: Start on the Login Screen: ...How to Setup a New AGE Computer
Preface First things first, Microsoft loves to change the Windows first run process so these instructions may not be exactly inline with your experience. Nevertheless, do your best and push forward. The key is to get the device enrolled using your ...Enroll Android device in BYOD
Introduction AGE supports the use of personal mobile devices (Android and iOS based only) for accessing AGE resources. Personal mobile devices must be enrolled in AGE mobile device management in order to use mobile applications to access AGE ...Enroll Apple iOS device in BYOD
Introduction As part of our Bring Your Own Device (BYOD) program, AGE supports the use of personal mobile devices (Android and iOS based only) for accessing AGE resources. Personal mobile devices must be enrolled in AGE mobile device management in ...