Adding a new user to a WVD app is really easy. Start by establishing a connection with the WVD tenant:
If you get User is not authorized to query the management service when running Add-RdsAppGroupUser then get an RDS owner on the tenant to run the following command:
New-RdsRoleAssignment -RoleDefinitionName "RDS Owner" -SignInName "[user-name]" -TenantGroupName "Default Tenant Group" -TenantName "[tenant-name]"
This will provide access to all host-pools / app-groups on the tenant.
If you are unable to run the Add-RdsAccount command successfully, it could mean you need to be added as a TenantCreator or that you need to install and import the libraries you need to run this. To do this run the following commands before the Add-RdsAccount command:
See https://docs.microsoft.com/en-gb/powershell/windows-virtual-desktop/overview for more details.
Sometimes you need to use Powershell to manipulate Exchange Online. When MFA is enabled, you may get something like the following error:
New-PSSession : [ps.outlook.com] Connecting to remote server ps.outlook.com failed with the following error message :Access is denied.
To fix this situation, you'll need to setup EXO V2 on your local PC. To do this:
When working with Exchange Online, sometimes you'll come across issues in sharing calendars with others. As an administrator, you can use the following steps to check calendar permissions and to update them as you need.
This will then list out all of the accounts that have been granted access, including groups.
We normally have a group called All Staff of which all staff are a member. Then default permissions for calendars are defined for this group (normally Reviewer - so that anyone can see calendar items of others but can't change them). Elevated permissions (if needed) can be granted specifically for people or groups on top of this default.
If say user-A doesn't have access to user-B's calendar and needs Reviewer access, run the command: Add-MailboxFolderPermission -Identity [user-B]:\Calendar -User [user-A] -AccessRights Reviewer
Alternatively, if say user-A had AvailabilityOnly access to user-B's calendar and needs Reviewer access then run: Set-MailboxFolderPermission -Identity [user-B]:\Calendar -User [user-A] -AccessRights Reviewer
To remove permissions one-by-one, you can use: Remove-MailboxFolderPermission -Identity [user-B]:\Calendar -User [user-A] -AccessRights Reviewer
Alternatively, use the following to remove permissions in bulk for a specific user calendar (and leaving Default or Anonymous permissions):
Get-MailboxFolderPermission [user-B]:\Calendar `
| ? {$_.User -notmatch "^(Default|Anonymous)$"} `
| % { Remove-MailboxFolderPermission -Identity $_.Identity -User $_.User.DisplayName -Confirm:$false }
More details can be found at: https://www.michev.info/Blog/Post/2500/how-to-reset-mailbox-folder-permissions
There are a few things you need to do before you can access a Windows Virtual Desktop app for the first time. The following are instructions for users. [Will soon provide pre-requisites that IT need to rollout before the steps below can be done]
As a preliminary step before moving to IRIS in the cloud, everyone that needs access will need to reset their Office 365 password. Once self-service password reset is turned on for the tenant, this is a really simple thing a user can do themselves. The added bonus is that they can use this feature to reset their password anytime you may need to (like if they have forgotten it or they want to change it for some other reason).
To use self-service password reset, you'll need to register. To do this go to https://aka.ms/ssprsetup and follow the instructions.
Then, to reset your password, there are 2 ways of doing this:
1) If you are logged in to your PC, go to https://account.activedirectory.windowsazure.com/ChangePassword.aspx and follow the instructions.
2) If you are not logged in, start up your PC and you'll notice a new link underneath the PIN entry box that says I forgot my PIN. Click on this to continue the process to reset your password.
All users will need to compete the above before they can access the WVD app.
Perform the following steps:
Deploying a new app on Windows Virtual Desktop (WVD) consists essentially of three steps: 1) Install the app on the VM that hosts the master WVD image, 2) publish the app, 3) assign users to the app.
To publish a remote app to a user, run the following Powershell command. This can be done on any PC connected to the internet: Add-RdsAppGroupUser [tenant-name] [host-group] [app-group] -UserPrincipalName [username]