Big Chris's Cloud PC Chronicles

Happy New Year!

Late last year, session host update was made available in preview.  It is a great new way to refresh/update VM’s in your pooled host pool.  Session host update can deallocate or delete your existing VM’s and create new VM’s in your host pool with current or updated configurations.  Some configurations you can update are VM image, VM size, AD domain join creds, Intune enrollment, etc. 

Here are the prerequisites needed to use session host update:

• Pooled host pool with a session host configuration

• An AVD supported image from the Marketplace, Azure Compute Gallery, or a managed image

• You will need a key vault containing secrets for your local administrator account name and password, as well as the domain account and password used to join the VM to the domain, a total of 4 secrets in the key vault.  (NOTE: only AD joined, or hybrid domain joined VM’s can use session host update.)

• You need to assign the “Desktop Virtualization Virtual Machine Contributor” and the “Key Vault Secrets User” roles to the AVD service principal on the resource group with the host pool.

• The AD account used in the session host configuration will need more permissions other than just being able to join devices to the domain so the existing computer accounts can be used with the new VM’s.

NOTE: If you have KB5020276 installed on your hosts, there are more AD account requirements.

• The user account joining the session host to the domain is the creator of the existing computer account.
• The computer account was created by a member of the domain administrators security group.
• Apply the Group Policy setting “Domain controller: Allow computer account re-use during domain join” to the owner of the computer account. 

If you want to use PowerShell scripts in your session host configuration, the URL to the script needs to be accessible via the internet.

We can now schedule a session host update.  You can schedule the update with the Azure portal or PowerShell.  I’m going to explain how it can be done with the portal.

• From the portal, access the Azure Virtual Desktop service.
• Select the host pool that needs to be updated with a session host configuration.
• Select “Session hosts.”
• Select “Manage session host update.”
• The first tab is the “Basics” tab.  Complete the following information:
  • Enable saving original virtual machines after the update
  • Current host pool size (this is read only)
  • VM batch size authorized to be removed from the host pool during the update. NOTE: When the update begins, it is tested on 1 host.  If it is successful, the update continues.  If the update fails, the update stops.
  • Session hosts available during the update (this is read only)

• Next tab is “Session hosts.”  You can update the following settings in the session host configuration on this tab:
  • Security type
  • Image
  • Virtual machine size
  • OS disk type
  • Domain to join
    • Secret Key for domain account
    • Secret Key for domain account password
  • Virtual Machine Administrator account
    • Secret Key for local administrator account
    • Secret Key for local administrator account password

Big Chris Recommends: I would not make “quick” changes on this tab.  It is really easy to make a mistake here.  If there are any changes that need to be made to the session host configuration, make them in the session host area using “Manage session host configuration.”

• Next tab is “Schedule.”
  • You can select “Schedule update now,” or you can select date, time and zone up to two weeks from the current time.

Big Chris Recommends: Obviously, it is best to schedule this update during off hours or off-peak hours.

• Next is “Notifications”
  • Minutes before the users are signed out, from 0-60 minutes.
  • Sign out message

• The final tab is “Review.”  Select “Update” when you are ready to schedule the update.

Important notes!  When an update is scheduled, you cannot change the scheduled update or the session host settings.  You will need to cancel the update and create a new one.  Don’t make any VM changes on host pool when the update is taking place.  Finally, don’t change the drain mode settings during the update.

You do have the ability to pause, resume, cancel or retry a failed update from the “Manage session host update” area in session hosts.

Finally, you can monitor the status of your update from session hosts area in the portal.  A blue banner will appear that shows the status of the update.

I hope this new feature can simplify and streamline the refreshing/updating of your host pools!