How Azure Virtual Desktop is supercharging remote working
In today’s working world, many businesses have adapted to a remote working model. This means that the need for more robust security measures has greatly increased, as disparate co-workers are more vulnerable – particularly when connecting via an unsecure network, or using personal devices without proper protections in place.
Azure Virtual Desktop (AVD), a desktop and application virtualisation service running in the Azure Cloud, empowers employees to work from anywhere, without losing access to the crucial business resources they need to maintain productivity.
Alongside flexibility and agility, however, one of the primary benefits of Azure Virtual Desktop is its enhanced security capabilities. AVD benefits from the advanced security infrastructure of Azure. This is supported by Microsoft’s ongoing cyber security research, which they invest $1 billion into annually.
Which Azure Virtual Desktop Security Features Should Your Business be Utilising?
As AVD is a service that runs on Azure, to optimise your Azure Virtual Desktop security, you need to ensure that your surrounding Azure infrastructure and management plane are properly protected. Many of the built-in Azure security features will also help to secure your AVD deployment.
Azure Security Centre
Azure Security Centre is a set of tools that enables the management of the security of virtual machines and Cloud computing resources within Azure. Azure’s Security Centre can provide feedback on your current security setup in Azure Virtual Desktop, highlighting vulnerabilities and suggesting remedies for any gaps in policies and processes.
You need to protect the data stored in Azure Virtual Desktop in case a disaster should occur. Azure Backup allows you to back up everything in your Azure environment, including databases and virtual machines. You can use Azure’s native disaster recovery service, Azure Site Recovery, to ensure that your applications are kept up and running even during outages. With Azure Service Health, you will receive notifications about Azure service incidents and planned maintenance so you can mitigate downtime.
Microsoft-Managed Gateway Servers
The Remote Connection Gateway service is solely managed by Microsoft. It connects remote users to Azure Virtual Desktop applications and desktops from any internet-connected device with the ability to run an Azure Virtual Desktop client. The client connects to a gateway, which orchestrates a connection from a VM back to the same gateway. This offers a more secure setup because, as there is no need for Public IP addresses, open inbound ports or SSL certificates, there are no public-facing exposures or attack vectors.
Introducing multi-factor authentication (MFA) as a requirement for all users and administrators in Azure Virtual Desktop will improve the security of your entire deployment. Through integration with Azure Active Directory, enabling multi-factor authentication for AVD is seamless. Furthermore, enabling Conditional Access will let you mitigate threats before you grant users access to your AVD environment. Conditional Access can be used with MFA to secure both the Web and Windows Desktop Client and allows you to consider how users are signing in and what devices they are using as well as who the user is.
Role-Based Access Control
Azure Virtual Desktop uses Azure role-based access control (RBAC) to allow you to designate permissions. You can manage who has access to areas and resources, and what these users can do with those resources. The built-in roles for Azure are Owner, Contributor and Reader. However, with AVD you can designate additional roles, separating management roles for host pools, application groups and workspaces. This not only facilitates more granular control over administrative tasks but enhances Azure Virtual Desktop security.
To learn more about Azure Virtual Desktop and how its features compare to legacy severs, download our free AVD Battlecard.
Kickstart your Azure Virtual Desktop journey with HTG
As a Microsoft Solutions Partner, we deliver secure and incredible AVD working environments for customers across the globe. We also offer an optional, end to end managed service which is delivered by our certified solutions experts, who design and build a bespoke solution based on your business needs.
If you’d like to partner with us to transform your hybrid workforce with AVD, simply get in touch.