Azure Virtual Desktop

SysTrack can integrate with Azure Virtual Desktop so that you can pull data into SysTrack from your devices that you manage with Azure Virtual Desktop.

To configure the integration, complete the instructions in the following sections in order.

Configure Authentication

For authentication, SysTrack requires configuration of a Principal User (Application) in Microsoft Entra ID. Follow these steps to configure the user:

  1. Go to your Azure Portal home page (https://portal.azure.com/#home), and access Microsoft Entra ID.

  2. Under the left Manage menu, select App registrations, and then select + New registration.

  3. In the Register an application dialog box, type a Principal User name in the Name field. Select Accounts in this organizational directory only. Then select Register. You can choose any name. The examples in these steps use the name WVD Principal User.

  4. On the application Overview page under the left Manage menu, click Certificates & secrets.

  5. On the Certificates & secrets page, select the Client secrets tab, and then select + New client secret.

  6. In the Add a client secret dialog box, enter a Description, select when the secret Expires, and press Enter.

  7. A new client secret is created. Copy the value and save it in an easy-to-find location. This client secret will be needed to configure the Azure Virtual Desktop integration in SysTrack Configure.

    IMPORTANT: Be sure to add the Value of your client secret to your organization's password management tool so that you do not forget it. You cannot retrieve it after this step.

  8. In addition to the client secret, make note of the Application (client) ID and Directory (tenant) ID (which you can find on the Overview page of your Principal User).

Configure Azure Virtual Desktop

To retrieve any data through the API endpoints, first configure one Log Analytics Workspace, which you will later use to configure the Diagnostic Settings on each level. You can search for Log Analytics Workspace or select its icon in the recent Azure Services list.

  1. On the Log Analytics workspaces page, see the list of workspaces that are already configured.

    NOTE: The best practice is to use the same workspace for all Diagnostic data collected by SysTrack.

  2. If no workspaces are configured or you want to use a different workspace, select + Create on the left menu to create a new workspace.

  3. Select the Resource group and enter a Name. Then select Review + Create.

    A confirmation page appears.

  4. Select Create to finalize your workspace.

You can assign roles in two areas: in the Resource Group or in the Azure Virtual Desktop. For either area, you can type the name into the search bar or select the icon in the recent Azure Services list.

If you select Resource groups, you see all available resource groups that you can configure. If you are unsure which resource group to assign roles to, you can also navigate from Host pools, Application groups, or Workspaces to the desired Resource Group.

If you select Azure Virtual Desktop, you see a Manage menu on the left with Host pools, Application groups, and Workspaces. Select any of these options to see a list of available items on the right. The following examples show each type and what will be displayed.

If you view Host pools, you see each Host pool listed with its Name, Resource group, Location, and Subscription, plus a few other columns.

If you view Application groups, you see each group listed with its Name, Resource group, Location, Subscription, Host pool, and Workspace.

If you view Workspaces, you see each workspace listed with its Name, Resource group, Location, Subscription, and the number of Application groups to which it has been assigned.

Configure Diagnostic Settings

To enable data collection, first configure the Diagnostic settings under the Monitoring menu on each level and item from which you want to collect. For example, to collect diagnostic data for a specific Host Pool, do the following:

  1. Select a Host Pool from the list. Then select Diagnostic settings on the Monitoring menu.

    NOTE: To avoid duplicate data in the tables, the best practice is to have only one diagnostic setting configured. For example, you can create one setting per type or one setting for all types, but don’t use multiple types in different settings. Also, remember to always use the same Analytic Logs Workspace.

  2. On the Diagnostics Settings page, select + Add diagnostic setting.

  3. Enter a Diagnostic setting name and select the Categories of data that you want to collect. Under Destination details, select Send to Log Analytics workspace and provide your Subscription and Log Analytics workspace names.

    The only categories SysTrack will collect are Checkpoint, Error, Management, Connection, and Feed.

  4. After you select all the check boxes you want, select Save to create the setting.

  5. Select the X in the upper right corner to close the dialog box.

    You should see your new setting in the list.

Test the Diagnostic Logs

On the left menu, select the Logs button so that you can check what data you can retrieve from the different queries.

The menu shows many different data options. The only queries SysTrack currently supports are: WVDConnections, WVDFeeds, WVDManagement, WVDCheckpoints, and WVDErrors. However, not all types are supported for each structure type. The following table shows the queries that are supported and which types are supported for each query.

Supported Queries Host pool Application groups Workspace
WVDConnections X    
WVDFeeds     X
WVDManagement X X X
WVDCheckpoints X X X
WVDErrors X X X

Configure Roles

For SysTrack to be able to retrieve any data, you must set some roles. You could choose from several different methods to set up your roles, some of which are described below.

Regardless of setup method, begin by selecting Access control (IAM) on the menu of the selected object (which can be a Resource Group, a Host Pool, an Application Group, or a Workspace). You should see a menu with options such as Overview, Activity Log, Accent Control (IAM), and Tags.

To assign roles to any object, follow these steps:

  1. Select Access control (IAM) on the object's menu.

  2. On the right side, select Role assignments to view the roles currently assigned.

  3. To add a new role, select +Add on the top left, and select Add role assignment.

  4. On the next page, select a role, and then select Next.

    From the many roles, you might want to narrow your choices by typing the name (or parts of the name) into the search field. Or you can select a Type or Category.

    See the Roles to Assign section to understand which roles to select.

  5. On the next page, select the members that you want to assign to that role. In this example, select the WVD Principal User that you created above. Click + Select members to display the Select members dialog box.

    You can use the search field to narrow down the list. After you find the user that you want to add, select the user and Select.

    The selected user appears in the Members list.

  6. Select Review + assign (or select Next) to advance to the last page and see an overview of your selections.

  7. Click Review + assign.

    The specified member will be added to the selected role and will now appear on the Role assignments page.

Roles to Assign

The following two tables list the different roles you can assign and the levels to which you should assign them.

The recommended configuration is also the easiest: Assign either the Reader role or the Log Analytics Reader role to your WVD Principal User on the Resource Group or Subscription level as shown in the first table. If you do this, you do not need to assign any roles on any other object, because they are inherited down, giving you access to retrieve the desired data.

You can also assign roles on the Host Pool, Application Group, and Workspace levels as shown in the second table.

The following table shows the assignments to make on the Resource Group level:

Role Name Description
Reader Will find the Resource Group and inherits down to host pools, application groups and workspaces and can retrieve data on each level without setting additional roles on each level.
Log Analytics Reader Same as Reader role.
Owner Same as Reader role but will grant full access to the assigned member which means the member could also be used to make changes to that resource. Not recommended.
Desktop Virtualization Reader Will find the Resource Group and inherits down to host pools, application groups and workspaces but cannot get any data if not configured on each level separately.
Desktop Virtualization Host Pool Reader Will find the Resource Group and all Host Pools assigned to this resource group only but cannot get any data if not configured on each host pool.
Desktop Virtualization Application Group Reader Will find the Resource Group and all Application Groups assigned to this resource group only but cannot get any data if not configured on each application group.
Desktop Virtualization Workspace Reader Will find the Resource Group and all workspaces assigned to this resource group only but cannot get any data if not configured on each workspace

The following table shows the assignments to make on the Host Pool, Application Group, or Workspace level:

Role Name Description
Reader Will find the Resource Group and inherits down to host pools, application groups and workspaces and can retrieve data on each level without setting additional roles on each level.
Log Analytics Reader Same as Reader role.
Owner Same as Reader role but will grant full access to the assigned member which means the member could also be used to make changes to that resource. Not recommended.

Collects the following data for use in AVD Assessment and Management DEX pack:

  • Azure Monitor

  • WVD Connections

  • WVD Management

  • WVD Feeds

  • WVD Checkpoints

  • WVD Errors

  • Microsoft Desktop Virtualization Application Groups

  • Microsoft Desktop Virtualization Host Pools

  • Microsoft Desktop Virtualization Workspaces

Configure SysTrack Options

After you complete the preceding configuration steps, you can set up Azure Virtual Desktop data collection in SysTrack Configure. Follow these steps:

  1. Make sure that you are signed in as a user with rights to modify settings in SysTrack Configure.

  2. Select Integrations from the left menu.

  3. Select the Lock icon in the upper right so that you can edit the page.

  4. Select the Other Integrations tab, and select the Edit icon next to Azure Virtual Desktop.

  5. In the Authentication fields, enter the following information:

    • Tenant ID: Enter the tenant ID that you noted in earlier steps.

    • Client ID: Enter the client ID that you noted in earlier steps.

    • Client Secret: Enter the client secret that you noted in earlier steps.

  6. In the Log Analytics Collection fields, enter the following information:

    • Subscription ID: Enter your Azure subscription ID.

    • Collect types of data: Select the check boxes for one or more data types to collect.

    • Retention Period (days): Specify how long to retain the collected data.

  7. Select OK, and then select Save Changes.

  8. Select the open Lock icon to end your editing session.