Friday, March 11, 2016

HTML5 updates & improvements for Azure RemoteApp

On January 13, the HTML5 client for Azure RemoteApp became available in public preview. I wrote a blog post on the user experience with this initial version here: HTML5 for Azure RemoteApp available in public preview!

Yesterday, the next major update to HTML5 has been made available! The most important changes in this release are:

1. Support for Dynamic resolution
The session is no longer fixed to a specific remote resolution, the session now automatically adjusts resolution if you change your browser size

Here is the Azure RemoteApp HTML5 client at full Windows Size
 

Here is de browser resize in action, this takes about ~2 seconds


And here is the end result:


2. Audio redirection is now supported!
It's hard to demonstrate this in a blog post, but I can assure you it's working :) The audio service in your Azure RemoteApp RDSH must obviously be running for this to work



3. Mouse cursor updates
This really helps for the overall user experience. Previously, mouse cursus updates were not visible which made it really hard to e.g. resize application windows etc. See the example below. Mouse cursus updates are now coming through.


4. Support for browsers without WebGL support
Previously there were some issues with browsers without WebGL support which caused crashes of the browser and session disconnected errors. This has been resolved.


5. Support for cloud only deployments
In the first release of the HTML5 client, only Hybrid Collections (domain joined collections) were supported. With the lastest release Cloud Deployments (non-domain joined collections) are also supported!

This latest HTML5 should be deployed to all Azure regions by now!



Wednesday, March 9, 2016

Build a Proof-of-Concept RDS Azure IaaS Environment with FSLogix Apps

RDSGurus.com created a guide that walks you through the steps required to install a Proof-of-Concept (POC) environment for RDSH Full Desktop with FSLogix Apps. FSLogix Apps is a software agent that enables virtual desktop administrators to eliminate some of their biggest problems in VDI and RDSH. FSLogix Apps 2.1 allows admins to massively reduce the number of Windows Gold images, easily manage per-user applications, and optimize license costs while assuring compliance.

PoC environments created according to this install guide can be used to test applications controlled by FSLogix Apps in a reproducible way.

The IaaS RDSH environment is built entirely in Azure and includes the supporting network and domain infrastructure.  We build the environment in the cloud in order to minimize costs associated with required hardware, and to streamline the build process.
Get the guide here: http://info.fslogix.com/rdsgurus-lab-installation-and-poc-guide-for-fslogix

The diagram below shows the outcome of the PoC environment.

Friday, March 4, 2016

Publish applications to specific users in Azure RemoteApp

What is this about?

This is a feature many have been waiting for! What is it all about? Consider the following scenario. You have created an Azure RemoteApp collection housing several applications. You provide access to this Azure RemoteApp collection to your users. These users could be working in several departments, and based on their role or persona require different sets of applications. An important caveat to realize is that currently all users who have been granted access to an Azure RemoteApp collection will see all application published in that collection! And of course this does not mean that you cannot prevent users from actually opening that application. Using technologies like i.e. AppLocker you would be able to prevent users from starting an application. However, users will still see all the applications in their Azure RemoteApp client and, all of the applications will be placed in the users local Start Menu (for Windows clients). Not an easy task to explain this to your end users.

Microsoft has listened to this feedback, functionality is in private preview now to publish specific RemoteApp application to specific users within a single Azure RemoteApp collection!

How does it work?

Currently the feature can only be configured using PowerShell, the functionality is not available in the Azure Portal yet. I'm guessing we'll see this after Azure RemoteApp will become available in the new Azure Portal.

Open Azure PowerShell and connect to you Azure subscription. If you have not performed this before, check out this guide.Use Windows PowerShell cmdlets with Azure RemoteApp

Run the following command Get-AzureRemoteAppCollection <collectioname>. This command outputs the current configuration of your collection. The Aclevel parameter shows the current mode of the Azure RemoteApp collection.

A collection can be set into one of two modes:
  • The mode “collection mode”, is the mode where all users in a collection can see all published applications. This is the default setting
  • The mode “application mode”, ”, is the mode where users only see applications that have been explicitly assigned to them. This is the new mode that is blog post is about.




Switching modes to application mode is easy. Run the command
Set-AzureRemoteAppCollection -CollectionName <collection> -AclLevel Application




After running this command, initially all users will see all of the original published apps. Let's now start to assign a specific application to specific users. The first step is to get the currently published applications. This can be achieved by running the command
Get-AzureRemoteAppProgram -CollectionName <collection> | ft alias,name




Now, to remove a specific application for a specific user we run the command Remove-AzureRemoteAppUser -CollectionName <collection> -UserUpn <UPN> -Type OrgId -Alias <App Alias>


That's it! In this example we now have removed Outlook 2016 for the user rdstest. This happens instantly. If the user refreshed the Azure RemoteApp client, the changes are reflected immediately.

Before the command
 

After running the command:



And of course, if we check out the Azure Portal we'll still see Outlook 2016, it will still be visible for all other users.


To check what other users still do have access to this application, use the command
Get-AzureRemoteAppUser -CollectionName <collection> -Alias <App Alias>




Again, do realize that is not in any way a security mechanism. It does not prevent users to start the application in another way. To accomplish this use technologies like i.e. Microsoft AppLocker.

The approach of these PowerShell commands, removing users from seeing a certain application, is of course slightly different to a more common approach where you assign specific users (or a specific group) to an application in stead of assigning the application to all users and remove access for specific users. For the end user the result is the same of course, and, with some PowerShell scripting you should be able to configure assignments based on group membership. These new PowerShell commands however are a great first step!

This new functionality also opens doors for vendors like Unidesk and FSLogix that provide application layering. If you combine this new functionality with Application Layering you can remove certain applications from Azure RemoteApp and also completely prevent users from launching that application using other ways.

Being able to show users only the application they need is a heavily requested feature. The feature is currently available as a “private preview” to selected customers who have opted in. If you are interested in trying it out early, please let Microsoft know via this survey.