We have been waiting for this one!

In April We were given a first look at a new feature of the Azure RemoteApp client. Also see Azure RemoteApp: First look at pinning Azure RemoteApp shortcuts to the Start Screen! This allows pinning a RemoteApp to your local Start Screen and means that you no longer need to constantly switch to the Azure RemoteApp client to a launch a RemoteApp. In fact, after the initial sign in, you can even close the client and still launch a RemoteApp directly from the Start Screen.

Benny Tritsch and I had also performed a demo of this feature while it was still in private beta at the BriForum 2015 Conference in London last May, during our session called “Unfolding the Azure RemoteApp Magic”

The feature is now publicly available! If you open the Azure RemoteApp client, the click once application will automatically update.

And after you log on, you will be presented with a note in the client stating “Find all your apps in the Start menu All apps list”

The RemoteApp applications are now available and ready to launch from the local Start Menu. In my case Windows10, but this is also supported for Windows 8 and Windows 7.

From here the shortcuts can be pinned to the Start Menu as desired.

(Originally posted on rdgurus.com)

Because the Azure RemoteApp client authenticates against Azure Active Directory (AAD) we are also able to leverage Conditional Access and Multi Factor Authentication (MFA) based on AAD. The RDS Product team also recently announced this in the blog post Control access to Azure RemoteApp with Azure AD Conditional Access!

In this blog post I’ll guide you through the process of setting up MFA on Azure RemoteApp.

First of all, Conditional access requires Azure AD Premium (currently in preview). You can however set this up in a 30 day trial. To do that, open the Azure Portal browse to your AAD and choose the option “TRY AZURE ACTIVE DIRECTORY PREMIUM NOW”

Confirm the agreement below

It take a few minutes to setup. Click the refresh link to be able to start using it.

Shortly followed by that, you should receive a confirmation email that the organization is ready for Azure AD Premium.

To configure MFA, reopen the Azure Portal, go to Active Directory open your AAD domain en choose Applications.

Now click on Microsoft Azure RemoteApp and go to the Configure tab. For this demo, we’ll select Enabled Access Rules, have it applied to all users, and select Require multi-factor authentication.

The next time we log on to the Azure RemoteApp client with an organization account from this AAD, we are presented with the following;

This is MFA kicking in. We click “Set it up now”. And without having to leave the Azure RemoteApp client, we’re being presented the ability to provide a phone number and verification type that we would like to use for this account. In this case I choose Phone Authentication, and provide my cell number. (we obviously only have to perform these steps once).

When we click Contact me, Azure MFA will call me on the number provided to verify the correct number.

The verification process is now completed and we are ready to use MFA for Azure RemoteApp.

When proceeding the logon in the Azure RemoteApp client we’re presented with the following screen indicating that we can expect a call to our provided phone number to perform the MFA !

And after that, we’re presented with the RemoteApps assigned to us based on the Azure RemoteApp Collection.

There are some other options in conditional Access policy worth mentioning. We can for example specify to only enforce MFA when people are connecting from outside of the corporate (trusted) locations, or even block access in those cases.

By clicking the link, we’re able to configure these trusted locations, configure whether or not we want to allow app passwords and even allow users to suspend multi factor authentication from remembered devices.

This blog post was originally posted here:
http://www.rdsgurus.com/azure-multi-factor-authentication/adding-conditional-access-mfa-to-azure-remoteapp/

One of the current limitations to Azure RemoteApp compared to a RemoteApp deployment on premises is not having the ability to assign specific RemoteApps to specific uses (fine grained assigning). If a user is a added to a App collection he will see all the applications published to that Collection. This can be confusing to users because they will generally see more applications in the Azure RemoteApp client than the use, and there will most likely also be applications that they are not even authorized to start. Although seeing the application in the Remoteapp client does not mean that can start, it’s still a current limitation you need to be aware of.

The good news? Adding this functionality is now on the road map! It’s on the roadmap for the July-September 2015 iteration! As RDS MVP’s we have been providing feedback on this and discussing this a lot with the product team, and it’s also a heavily voted request on the user voice page for Azure RemoteApp!

Looking forward to this feature, this will definitely drive adoption to Azure RemoteApp! Another big step in the continuous development.

Prior to December 11/12/2014 Azure RemoteApp supported functionality to authorize users to an Azure RemoteApp Collection based on Azure Active Directory group membership.

However, this feature was deprecated starting from 11/12/2014. Also see: As of 11/12/2014 ‘Active Directory group’ support for Azure RemoteApp will be deprecated.

The statement that Microsoft made related to this change:

“…Continuous changes to user groups' membership, especially when that group owner is different from RDS admin, make billing and usage less predictable. Because of this, we are deprecating user group support in Azure RemoteApp…”

As a result, the only way to add users in bulk is using the .CSV bulk import option. You can find more info on that here: Introducing CSV based user import

To allow for easier management I wrote a PowerShell Script that synchronizes users to a Azure RemoteApp Collection based on Active Directory Group Membership.

The script will do the following, based on a specified Active Directory group & Azure RemoteApp Collection;

- Add users to an Azure RemoteApp collection who are a member of the AD group
- Remove users from an Azure RemoteApp collection who are not a member of the AD group anymore

This will result in only allowing access to, and being billed for, users that are added to an Active Directory group.

Below is a sample output in a scenario where 4 new users were added to the group and 4 other users were removed. When finished the scripts outputs the users currently allowed access to the Collection.

If needed you could create a Scheduled Task, or maybe even better in Azure Automation and have this run periodically and include the action to add users to the AD group in your current Identify Management solution.

The Azure Portal below reflects the changes instantly.

I uploaded the PowerShell script to TechNet Gallery, get the link here:

https://gallery.technet.microsoft.com/Manage-users-in-Azure-f793aea7

The PowerShell script obviously requires the modules of both Active Directory and Azure and a Azure Publish Settings file to be able to connect to Azure for Remote Management.

2 notes of caution:

- Any user that is not a member of group specific in the script will be removed from the Azure RemoteApp Collection, without a warning. So make sure the group contains all users that need access to the collection

- You will be billed by Azure based on the number of users that have been allowed access. So make sure that the group specific in the script only contains members that actually need access.

We’ve been waiting for this one! The Azure PowerShell team has just released version 0.8.15. This version contains a new module that allows managing Azure RemoteApp using PowerShell!

Get the latest version here: http://go.microsoft.com/?linkid=9811175&clcid=0x409

The commands related to Azure RemoteApp are all in it, for example:

 

Prior to this availability, I was already able to play with it when the commands were still in beta, they were contained in a separate module. To get an overview of all the commands related to Azure RemoteApp type get-command -noun azureremoteapp*

 

The product team will also release a announcement on this soon!

The Office 365 ProPlus pre-build image for Azure RemoteApp has been updates now including several new applications.  as you may know, Azure RemoteApp Cloud deployment comes with 3 different pre-build RDSH images.

As of last week, the following has been added to the Office 365 ProPlus image;

• SQL Native client
• ODBC Driver
• SQL Server Data Mining client
• MasterDataServices client
• Microsoft Publisher
• PowerQuery
• PowerMap

To use this image, make sure you select the 28-1-2015 version of the Office 365 ProPlus image.

The Microsoft RDS team released a new blog post on the User Experience of Azure RemoteApp. In several recorded demo’s they show the Local-like Productivity, Multi-platform support and performance!

 

Source & more info: http://blogs.msdn.com/b/rds/archive/2015/02/02/exploring-the-azure-remoteapp-user-experience.aspx?wa=wsignin1.0

It’s December 11th today, which means Azure RemoteApp is now officially generally available.

If you previously signed up the the Free Preview, that preview is now automatically changes to a 30-day trial. If you open the Azure Portal and browse to your Azure RemoteApp you will be notified with the ability to activate the service.

For more info on Azure RemoteApp also see: azureremoteapp.net or join the LinkedIn group here https://www.linkedin.com/groups/Microsoft-Azure-RemoteApp-7401732

Yesterday was the announcement on the GA date of Microsoft Azure RemoteApp, December 11th, 2014. Basically, next week! :) Back in October I attended TechEd Europe in Madrid, staffing the Microsoft Desktop Virtualization booth, which was fully dedicated in Azure RemoteApp. Back then, the interest and attention for this service was already huge. Overall, the interest for the service has been growing a lot over the past few months.

The Remote Desktop Services team is running a Azure RemoteApp Series – Weekly Ask the Experts Webinar series, you can join here to attend the webinars:

https://azureinfo.microsoft.com/US-Azure-WBNR-FY15-11Nov-AzureRemoteAppAskTheExperts-Registration-Page.html

And here are some links of recordings of previous sessions:

11/19 webinar  https://wcc.on24.com/webcast/previewlobby?e=897606&k=771C3CB420F89654082297C28BC5626B

12/3 webinar https://wcc.on24.com/webcast/previewlobby?e=903716&k=2D5579C2FB7DECCB3E33B007C4F177BC

The Microsoft RDV Team released a new bog post about support for Office 365 in Azure RemoteApp (ARA). This means that you can now publish Office 365 ProPlus applications as a RemoteApp to your end-users!

As a results, you can now choose from three different Microsoft Images to create Azure RemoteApp cloud collections which are available out of the box in Azure!

Below is a description of the images currently available today!

Windows Server 2012 R2 (a.k.a. "the vanilla image")

• This image is based on Microsoft Windows Server 2012 R2 Datacenter operating system and has the following roles and features installed to meet the requirements of Azure RemoteApp template images:
  • .NET Framework 4.5, 3.5.1, 3.5
  • Desktop Experience
  • Ink and Handwriting Services
  • Media Foundation
  • Remote Desktop Session Host
  • Windows PowerShell 4.0
  • Windows PowerShell ISE
  • WoW64 Support
• This image also has the following applications installed:
  • Adobe Flash Player
  • Microsoft Silverlight
  • Microsoft System Center 2012 Endpoint Protection
  • Microsoft Windows Media Player

Microsoft Office 365 ProPlus (Office 365 Enterprise E3 or E4 subscription required)

• Office 365 is the most requested application and therefore we have provided you with a pre-created "custom" image for you to work with.
• This image is an extension of the vanilla image and has the following components of Microsoft Office 365 ProPlus installed in addition to the components described in the Windows Server 2012 R2 image:
  • Access
  • Excel
  • Lync
  • OneNote
  • OneDrive for Business
  • Outlook
  • PowerPoint
  • Project
  • Visio
  • Word
  • Microsoft Office Proofing Tools
• Full functionality of Office 365 ProPlus apps is available only for users who have Office 365 Enterprise E3 or E4 subscriptions. Please contact your Microsoft account representative for more details on Office licensing.

Microsoft Office 2013 ProPlus (trial only)

• During the preview, we thought that it would be good idea to provide a pre-created "custom" image for you to test the service with.
• This image is an extension of the vanilla image and has the following components of Microsoft Office 2013 ProPlus installed in addition to the components described in the Windows Server 2012 R2 image:
  • Access
  • Excel
  • Lync
  • OneNote
  • OneDrive for Business
  • Outlook
  • PowerPoint
  • Project
  • Visio
  • Word
  • Microsoft Office Proofing Tools
• Our legal team wanted us to emphasize: This image does not include Microsoft Office license and hence cannot be used for production. Office 2013 ProPlus is for preview only and if you want to use Office apps in Azure RemoteApp for production, please use Office 365 ProPlus image. For more details on Office licensing, please contact your Microsoft account representative.

Source and more info: http://blogs.msdn.com/b/rds/archive/2014/12/02/azure-remoteapp-now-supporting-office-365-proplus.aspx

What is Curah!
Curah! is a new curation service specifically designed for and maintained by the technical community. With curations we aim to get users where they need to go faster and more reliably with aggregated-answer data, helpful advice, and prescriptive guidance.

Why a curation on Azure RemoteApp (ARA)?
Since ARA is part of Microsoft Azure platform, it's also part of Azure’s fast and continuous update cycles. The “Everything about Microsoft Azure RemoteApp (ARA)” Curation will provide you with a consolidated view of the latest news, combined with direct links to downloads related to ARA, in an easy to navigate format. To accommodate an easy entry I created azureremoteapp.net to point to this new curation!

Happy reading!

If you are using the Azure RemoteApp (ARA) Preview you previously had the option to grant users access to ARA using Active Directory Groups (for Hybrid Scenario’s).

Note that this support will end soon: on November 30, 2014. To ensure continuity, any user group assignment you have before today will continue to work until November 30, 2014. All users in current groups will still have access , even though the groups are not shown on the User Access page.

If you have signed up for the ARA Preview, you should have been notified via e-mail on November 6th.

After this date, you will need to assign permissions per user. The reason behind this is making billing and usage simple and predictable. Microsoft has not disclosed pricing and SLA to the public yet.

To make life a little easier, you can use a CSV based import. Click the Bulk Add Users option to upload a .CSV containing a list of e-mail addresses.

Using a bulk import is of course a step back in regards to easy of management, but it apparently had to be done to be fully prepared for the upcoming billing model. Will it return as part of Azure’s fast release model?  let’s hope so! :)