--- title: "Azure Virtual Desktop" slug: "azure-virtual-desktop" updated: 2026-02-24T11:31:48Z published: 2026-02-24T11:31:48Z --- > ## Documentation Index > Fetch the complete documentation index at: https://documentation.lakesidesoftware.com/llms.txt > Use this file to discover all available pages before exploring further. # Operating System SysTrack can integrate with Azure Virtual Desktop so that you can pull data into SysTrack from your devices that you manage with Azure Virtual Desktop. To configure the integration, complete the instructions in the following sections in order. ## Configure Authentication For authentication, SysTrack requires configuration of a Principal User (Application) in Microsoft Entra ID. Follow these steps to configure the user: 1. Go to your Azure Portal home page ([https://portal.azure.com/#home](https://portal.azure.com/#home)), and access **Microsoft Entra ID**. 2. Under the left **Manage** menu, select **App registrations**, and then select **+ New registration**. ![](https://cdn.document360.io/87d11426-6b1f-4b19-b593-b71e55a81af3/Images/Documentation/AVD_AppReg(1).png) 3. In the **Register an application** dialog box, type a Principal User name in the **Name** field. Select **Accounts in this organizational directory only**. Then select **Register**. You can choose any name. The examples in these steps use the name **WVD Principal User**. ![](https://cdn.document360.io/87d11426-6b1f-4b19-b593-b71e55a81af3/Images/Documentation/AVD_AppRegName(1).png) 4. On the application **Overview** page under the left **Manage** menu, click **Certificates & secrets**. ![](https://cdn.document360.io/87d11426-6b1f-4b19-b593-b71e55a81af3/Images/Documentation/WVD_PrincipalUserOverview(1).png) 5. On the **Certificates & secrets** page, select the **Client secrets** tab, and then select **+ New client secret**. ![](https://cdn.document360.io/87d11426-6b1f-4b19-b593-b71e55a81af3/Images/Documentation/WVD_PrincipalUserCertificateSecret(1).png) 6. In the **Add a client secret** dialog box, enter a **Description**, select when the secret **Expires**, and press **Enter**. ![](https://cdn.document360.io/87d11426-6b1f-4b19-b593-b71e55a81af3/Images/Documentation/WVD_PrincipalUserClientSecret(1).png) 7. A new client secret is created. Copy the value and save it in an easy-to-find location. This client secret will be needed to configure the Azure Virtual Desktop integration in SysTrack Configure. ![](https://cdn.document360.io/87d11426-6b1f-4b19-b593-b71e55a81af3/Images/Documentation/WVD_PrincipalUserStoreSecret(1).png) > [!WARNING] > **IMPORTANT**: Be sure to add the **Value** of your client secret to your organization's password management tool so that you do not forget it. You cannot retrieve it after this step. 8. In addition to the client secret, make note of the **Application (client) ID** and **Directory (tenant) ID** (which you can find on the **Overview** page of your Principal User). ![](https://cdn.document360.io/87d11426-6b1f-4b19-b593-b71e55a81af3/Images/Documentation/WVD_PrincipalUserAppIDTenantID(1).png) ## Configure Azure Virtual Desktop To retrieve any data through the API endpoints, first configure one **Log Analytics Workspace**, which you will later use to configure the Diagnostic Settings on each level. You can search for Log Analytics Workspace or select its icon in the recent **Azure Services** list. ![](https://cdn.document360.io/87d11426-6b1f-4b19-b593-b71e55a81af3/Images/Documentation/AVD_LogAnalyticsIcon(1).png) 1. On the **Log Analytics workspaces** page, see the list of workspaces that are already configured. ![](https://cdn.document360.io/87d11426-6b1f-4b19-b593-b71e55a81af3/Images/Documentation/AVD_LogAnalyticsWorkspaces(1).png) > [!NOTE] > **NOTE**: The best practice is to use the same workspace for all Diagnostic data collected by SysTrack. 2. If no workspaces are configured or you want to use a different workspace, select **+ Create** on the left menu to create a new workspace. ![](https://cdn.document360.io/87d11426-6b1f-4b19-b593-b71e55a81af3/Images/Documentation/AVD_CreateLogAnalytics(1).png) 3. Select the **Resource group** and enter a **Name**. Then select **Review + Create**. A confirmation page appears. ![](https://cdn.document360.io/87d11426-6b1f-4b19-b593-b71e55a81af3/Images/Documentation/AVD_CreateLogAnalyticsValidate(1).png) 4. Select **Create** to finalize your workspace. ## Navigate to Azure Virtual Desktop You can assign roles in two areas: in the **Resource Group** or in the **Azure Virtual Desktop**. For either area, you can type the name into the search bar or select the icon in the recent **Azure Services** list. ![](https://cdn.document360.io/87d11426-6b1f-4b19-b593-b71e55a81af3/Images/Documentation/AVD_ResGrpsAVDicons(1).png) If you select **Resource groups**, you see all available resource groups that you can configure. If you are unsure which resource group to assign roles to, you can also navigate from **Host pools**, **Application groups**, or **Workspaces** to the desired Resource Group. If you select **Azure Virtual Desktop**, you see a **Manage** menu on the left with **Host pools**, **Application groups**, and **Workspaces**. Select any of these options to see a list of available items on the right. The following examples show each type and what will be displayed. If you view Host pools, you see each Host pool listed with its **Name**, **Resource group**, **Location**, and **Subscription**, plus a few other columns. ![](https://cdn.document360.io/87d11426-6b1f-4b19-b593-b71e55a81af3/Images/Documentation/AVD_HostPools(1).png) If you view Application groups, you see each group listed with its **Name**, **Resource group**, **Location**, **Subscription**, **Host pool**, and **Workspace**. ![](https://cdn.document360.io/87d11426-6b1f-4b19-b593-b71e55a81af3/Images/Documentation/AVD_ApplicationGroups(1).png) If you view Workspaces, you see each workspace listed with its **Name**, **Resource group**, **Location**, **Subscription**, and the number of **Application groups** to which it has been assigned. ![](https://cdn.document360.io/87d11426-6b1f-4b19-b593-b71e55a81af3/Images/Documentation/AVD_Workspaces(1).png) ## Configure Diagnostic Settings To enable data collection, first configure the **Diagnostic settings** under the **Monitoring** menu on each level and item from which you want to collect. For example, to collect diagnostic data for a specific Host Pool, do the following: 1. Select a Host Pool from the list. Then select **Diagnostic settings** on the **Monitoring** menu. ![](https://cdn.document360.io/87d11426-6b1f-4b19-b593-b71e55a81af3/Images/Documentation/AVD_HostPoolMonMenu(1).png) > [!NOTE] > **NOTE**: To avoid duplicate data in the tables, the best practice is to have only one diagnostic setting configured. For example, you can create one setting per type or one setting for all types, but don’t use multiple types in different settings. Also, remember to always use the same Analytic Logs Workspace. 2. On the **Diagnostics Settings** page, select **+ Add diagnostic setting**. ![](https://cdn.document360.io/87d11426-6b1f-4b19-b593-b71e55a81af3/Images/Documentation/AVD_HostPoolAddDiagnostics(1).png) 3. Enter a **Diagnostic setting name** and select the **Categories** of data that you want to collect. Under **Destination details**, select **Send to Log Analytics workspace** and provide your **Subscription** and **Log Analytics workspace** names. The only categories SysTrack will collect are **Checkpoint**, **Error**, **Management**, **Connection**, and **Feed**. ![](https://cdn.document360.io/87d11426-6b1f-4b19-b593-b71e55a81af3/Images/Documentation/AVD_HostPoolDiagnosticsDetails(1).png) 4. After you select all the check boxes you want, select **Save** to create the setting. 5. Select the **X** in the upper right corner to close the dialog box. You should see your new setting in the list. ![](https://cdn.document360.io/87d11426-6b1f-4b19-b593-b71e55a81af3/Images/Documentation/AVD_HostPoolDiagnosticsAdded(1).png) ## Test the Diagnostic Logs On the left menu, select the **Logs** button so that you can check what data you can retrieve from the different queries. ![](https://cdn.document360.io/87d11426-6b1f-4b19-b593-b71e55a81af3/Images/Documentation/AVD_HostPoolDevLogs(1).png) The menu shows many different data options. The only queries SysTrack currently supports are: WVDConnections, WVDFeeds, WVDManagement, WVDCheckpoints, and WVDErrors. However, not all types are supported for each structure type. The following table shows the queries that are supported and which types are supported for each query. | Supported Queries | Host pool | Application groups | Workspace | | --- | --- | --- | --- | | WVDConnections | X | | | | WVDFeeds | | | X | | WVDManagement | X | X | X | | WVDCheckpoints | X | X | X | | WVDErrors | X | X | X | ## Configure Roles For SysTrack to be able to retrieve any data, you must set some roles. You could choose from several different methods to set up your roles, some of which are described below. Regardless of setup method, begin by selecting **Access control (IAM)** on the menu of the selected object (which can be a Resource Group, a Host Pool, an Application Group, or a Workspace). You should see a menu with options such as Overview, Activity Log, Accent Control (IAM), and Tags. ![](https://cdn.document360.io/87d11426-6b1f-4b19-b593-b71e55a81af3/Images/Documentation/AVD_IAMfromMenu(1).png) To assign roles to any object, follow these steps: 1. Select **Access control (IAM)** on the object's menu. 2. On the right side, select **Role assignments** to view the roles currently assigned. 3. To add a new role, select **+Add** on the top left, and select **Add role assignment**. ![](https://cdn.document360.io/87d11426-6b1f-4b19-b593-b71e55a81af3/Images/Documentation/AVD_AddHostAssignment(1).png) 4. On the next page, select a role, and then select **Next**. From the many roles, you might want to narrow your choices by typing the name (or parts of the name) into the search field. Or you can select a **Type** or **Category**. See the [Roles to Assign](/documentation/docs/azure-virtual-desktop#roles-to-assign) section to understand which roles to select. ![](https://cdn.document360.io/87d11426-6b1f-4b19-b593-b71e55a81af3/Images/Documentation/AVD_AddRoles(1).png) 5. On the next page, select the members that you want to assign to that role. In this example, select the **WVD Principal User** that you created above. Click **+ Select members** to display the **Select members** dialog box. You can use the search field to narrow down the list. After you find the user that you want to add, select the user and **Select**. ![](https://cdn.document360.io/87d11426-6b1f-4b19-b593-b71e55a81af3/Images/Documentation/AVD_RolesSelectMembers(1).png) The selected user appears in the **Members** list. 6. Select **Review + assign** (or select **Next**) to advance to the last page and see an overview of your selections. ![](https://cdn.document360.io/87d11426-6b1f-4b19-b593-b71e55a81af3/Images/Documentation/AVD_RolesMembersList(1).png) 7. Click **Review + assign**. The specified member will be added to the selected role and will now appear on the **Role assignments** page. ![](https://cdn.document360.io/87d11426-6b1f-4b19-b593-b71e55a81af3/Images/Documentation/AVD_RoleAssignments(1).png) ## Roles to Assign The following two tables list the different roles you can assign and the levels to which you should assign them. The recommended configuration is also the easiest: Assign either the Reader role or the **Log Analytics Reader** role to your WVD Principal User on the Resource Group or Subscription level as shown in the first table. If you do this, you do not need to assign any roles on any other object, because they are inherited down, giving you access to retrieve the desired data. You can also assign roles on the Host Pool, Application Group, and Workspace levels as shown in the second table. The following table shows the assignments to make on the Resource Group level: | Role Name | Description | | --- | --- | | Reader | Will find the Resource Group and inherits down to host pools, application groups and workspaces and can retrieve data on each level without setting additional roles on each level. | | Log Analytics Reader | Same as Reader role. | | Owner | Same as Reader role but will grant full access to the assigned member which means the member could also be used to make changes to that resource. Not recommended. | | Desktop Virtualization Reader | Will find the Resource Group and inherits down to host pools, application groups and workspaces but cannot get any data if not configured on each level separately. | | Desktop Virtualization Host Pool Reader | Will find the Resource Group and all Host Pools assigned to this resource group only but cannot get any data if not configured on each host pool. | | Desktop Virtualization Application Group Reader | Will find the Resource Group and all Application Groups assigned to this resource group only but cannot get any data if not configured on each application group. | | Desktop Virtualization Workspace Reader | Will find the Resource Group and all workspaces assigned to this resource group only but cannot get any data if not configured on each workspace | The following table shows the assignments to make on the Host Pool, Application Group, or Workspace level: | Role Name | Description | | --- | --- | | Reader | Will find the Resource Group and inherits down to host pools, application groups and workspaces and can retrieve data on each level without setting additional roles on each level. | | Log Analytics Reader | Same as Reader role. | | Owner | Same as Reader role but will grant full access to the assigned member which means the member could also be used to make changes to that resource. Not recommended. | Collects the following data for use in [AVD Assessment and Management](/documentation/docs/avd-assessment-and-management-user-guide) DEX pack: - Azure Monitor - WVD Connections - WVD Management - WVD Feeds - WVD Checkpoints - WVD Errors - Microsoft Desktop Virtualization Application Groups - Microsoft Desktop Virtualization Host Pools - Microsoft Desktop Virtualization Workspaces ## Configure SysTrack Options After you complete the preceding configuration steps, you can set up Azure Virtual Desktop data collection in SysTrack Configure. Follow these steps: 1. Make sure that you are signed in as a user with rights to modify settings in SysTrack Configure. 2. Select **Integrations** from the left menu. 3. Select the Lock icon in the upper right so that you can edit the page. 4. Select the **Other Integrations** tab, and select the Edit icon next to **Azure Virtual Desktop.** ![](https://cdn.document360.io/87d11426-6b1f-4b19-b593-b71e55a81af3/Images/Documentation/integrations_AVD(1).png) 5. In the **Authentication** fields, enter the following information: - **Tenant ID:** Enter the tenant ID that you noted in earlier steps. - **Client ID:** Enter the client ID that you noted in earlier steps. - **Client Secret:** Enter the client secret that you noted in earlier steps. 6. In the **Log Analytics Collection** fields, enter the following information: - **Subscription ID:** Enter your Azure subscription ID. - **Collect types of data:** Select the check boxes for one or more data types to collect. - **Retention Period (days):** Specify how long to retain the collected data. 7. Select **OK**, and then select **Save Changes**. 8. Select the open Lock icon to end your editing session.