How to Access Azure Virtual Desktop (AVD) / Remote Desktop
Preface
AGE leverages Azure Virtual Desktop (AVD) for a number of use cases including consultant access, developer access, and student training. As the name implies, AVD relies on Microsoft Azure, which means you'll need to leverage your Entra ID (formerly Azure Active Directory and also known as your "Microsoft 365" account) to access your AVD instance. Some users may have multiple Entra ID accounts in the same tenant or across multiple tenants. For example, many AGE employees have a Navy, DISA, or DLA account as well. Those unique identities are important to consider and will be discussed in more detail below. AVD instances may be dedicated to an individual or shared with other users, but ultimately each user's data remains isolated. One of the major benefits of AVD is the flexibility in accessing the virtual desktop from virtually anywhere on any device. This includes access through a web browser or dedicated client application. The web browser option is ideal for users that are unable to install any software on their systems, whereas the dedicated client applications may provide enhanced functionality, specifically for users that need to leverage certificate authentication for websites within the AVD environment (i.e. CAC authenticated endpoints) and for optimized audio/video performance (i.e. Teams).
The thick client is available on DoDNet endpoints for all DISA employees, though you may have to install it through the Software Center.
Your device does NOT need to be enrolled in BYOD to access AVD.
Web Client Access
The simplest method of accessing AVD is via a web browser. As an AGE employee, consultant, or subcontractor, an app for logging into AVD will be available on your MyApps portal 
, otherwise the below links should work depending on where your Microsoft 365 tenant resides:
- Azure Cloud
- Azure for US Government and DoD (this is the one AGE uses)
You'll need to ensure you authenticate with the appropriate Entra ID (Microsoft 365) identity. Keep in mind, if you are already authenticated with an identity, these links will default to using that same identity. For example, if you're logged into the DoD365-J tenant for webmail or Teams and you attempt to access AVD for AGES, your DoD365-J credentials will be presented and your access attempt will be blocked. In such cases, you'll need to either use a separate browser profile (recommended if you routinely access multiple tenants), private mode, a separate browser, or logout of your existing tenant and restart the browser. Many organizations sign-in the default browser to their organizations tenant, meaning you will not be able to use that browser profile for access to other tenant resources. You'll need to use private mode, a separate browser, or a new profile. See our KBA for more help with using Browser Profiles.
After authentication, you'll see a page with each virtual machine you have access to within the tenant. By clicking on the virtual machine, a connection will be made through your browser using HTTPS (TCP port 443) which is generally not blocked by most organizations. You'll be prompted to select which components you would like the VM to have access to. You are not required to allow any of these; however it is highly recommended that you allow all to ensure maximum functionality.
Thick Client Access
Microsoft provides the Windows App as the supported client for accessing Azure Virtual Desktop (AVD). The legacy “Remote Desktop” client is being phased out and should no longer be used for new installations.
The Windows App provides the following benefits over browser-based access:
- Native identity isolation (access multiple M365 tenants simultaneously)
- Optimized multi-monitor display support
- Optimized Microsoft Teams audio/video redirection
- Enhanced CAC/PIV passthrough for DoD resource access
- Improved integration with organizational authentication policies
Installation
AGE Managed Devices
- AGE employees may install the Windows App from the Company Portal.
Personal / Non-AGE Devices
- Users may download the Windows App directly from Microsoft via the Microsoft Store or the appropriate operating system app store.
- At this time, AGE has not conducted extensive validation testing on iOS and Android versions of the Windows App. Mobile installations are permitted but are used at the user’s discretion. AGE does not currently provide technical support for mobile BYOD configurations.
- Non-AGE personnel should follow their organization’s internal software installation policies when installing the Windows App.
The "Windows App" application is the preferred way to access AVDs at this time and should not be confused with the legacy "Remote Desktop" application. The application is not available for install on an AVD virtual machine itself.
Accessing AVD Resources
After installing the application, you can launch and sign in to your organizational account. The assigned AVD resources will automatically populate.
In most cases, manual workspace subscription is no longer required, but if prompted for a workspace URL please use the appropriate feed:
Azure Cloud - https://rdweb.wvd.microsoft.comAzure for US Government - https://rdweb.wvd.azure.us/api/arm/feeddiscovery (this is the one AGE uses)
Ensure you are authenticating with the correct identity for the intended tenant. The Windows App supports connecting to multiple tenants by signing in with the appropriate credentials for each environment.
AGE Solutions, and many other organizations, leverage automated shutdown for virtual machines to reduce costs. If your virtual machine is shutdown, the first login of the day may take a few minutes as the VM will need to boot up. No additional action is required by the user.
Related Articles
How to work with multiple Microsoft 365 Identities Using Browser Profiles
Introducing Microsoft 365 Identities The Microsoft 365 (M365), and Azure, ecosystem relies on an identity solution called Entra ID, formerly known as Azure Active Directory. These identities are leveraged by users to access Microsoft 365 services, ...How to Log in with Username and Password if Windows Hello (PIN, Face, or Fingerprint) is Unavailable
Purpose: To guide users on how to log into their Windows 11 devices using their username and password when Windows Hello (PIN, face recognition, or fingerprint) is unavailable. Steps to Log in with Username and Password: Start on the Login Screen: ...How to Setup a New AGE Computer
Preface First things first, Microsoft loves to change the Windows first run process so these instructions may not be exactly inline with your experience. Nevertheless, do your best and push forward. The key is to get the device enrolled using your ...Enroll Apple iOS device in BYOD
Introduction As part of our Bring Your Own Device (BYOD) program, AGE supports the use of personal mobile devices (Android and iOS based only) for accessing AGE resources. Personal mobile devices must be enrolled in AGE mobile device management in ...Enroll Android device in BYOD
Introduction AGE supports the use of personal mobile devices (Android and iOS based only) for accessing AGE resources. Personal mobile devices must be enrolled in AGE mobile device management in order to use mobile applications to access AGE ...