AVD Architecture: The Big Picture
Azure Virtual Desktop is Microsoft's cloud-hosted desktop and app virtualisation service. Before diving into networking, storage, or security, let's understand the architecture, the moving parts, and how AVD compares to Windows 365.
What is Azure Virtual Desktop?
Think of AVD as a hotel for desktops.
Instead of giving every employee a powerful laptop, you put the desktops in Azure (the hotel) and let people check in from any device. The βroomsβ are virtual machines running Windows. Some rooms are private (one guest only), others are shared (multiple guests at once). The hotel manager (you) decides room layouts, who gets a key, and whatβs inside each room.
The guest only sees a screen and a keyboard β all the heavy lifting happens in the cloud.
The AVD architecture β layer by layer
AVD has two distinct planes:
| Layer | Who Manages It | What It Does |
|---|---|---|
| Control plane | Microsoft (PaaS) | Web Access, Gateway, Connection Broker, Diagnostics, load balancing |
| Data plane | You | Session host VMs, virtual networks, storage, images, user profiles |
Exam concept: You never deploy or manage the AVD gateway or broker. Microsoft runs those as a service. Your job is the data plane β VMs, networking, storage, and identity.
How a user connects
- User opens the Windows App (or web client) and authenticates via Microsoft Entra ID
- The AVD Gateway brokers the connection to the right host pool
- The Connection Broker finds an available session host in that pool
- A secure RDP connection is established (reverse connect over HTTPS, or RDP Shortpath over UDP)
- The userβs FSLogix profile attaches, and they see their desktop
Core terminology
| Term | What It Means |
|---|---|
| Host pool | A collection of Azure VMs (session hosts) that serve the same purpose |
| Session host | An Azure VM registered to a host pool β runs Windows and hosts user sessions |
| Application group | A logical grouping of apps published to users β either a full desktop or individual RemoteApps |
| Workspace | A container of application groups that users see in their feed |
| FSLogix | Profile management technology that attaches user profiles as virtual disks at sign-in |
| RDP Shortpath | A UDP-based transport that improves performance by creating a direct connection |
Exam tip: Control plane vs data plane
The exam loves testing what you manage vs what Microsoft manages. Remember: you NEVER touch the gateway, broker, or web access infrastructure. If a question asks about deploying or scaling the AVD gateway β that is managed by Microsoft automatically. Your responsibilities are session hosts, networking, storage, identity, and images.
AVD vs Windows 365 β know the difference
Students often confuse AVD with Windows 365. They serve different audiences.
| Feature | Azure Virtual Desktop | Windows 365 |
|---|---|---|
| Management model | You control everything (IaaS) | Microsoft manages the Cloud PC (SaaS) |
| Multi-session | Yes β Windows 11 Enterprise multi-session | No β single user per Cloud PC |
| Pricing | Consumption-based (pay for VMs when running) | Fixed per-user per-month |
| Customisation | Full control over networking, images, scaling | Limited β fixed VM sizes |
| Best for | Complex enterprise VDI, cost optimisation, multi-session | Predictable desktops for individual users |
| Identity | Entra ID, AD DS, or Entra Domain Services | Entra ID (hybrid optional) |
| Autoscaling | Yes β scale to zero when nobody is working | No β Cloud PCs are always provisioned |
| Exam relevance | AZ-140 (this exam) | Not tested on AZ-140 |
π’ Rajβs take: βAt TerraStack, we evaluated both. Windows 365 was simpler, but we have 8,000 users β the fixed per-user cost was way more expensive than pooled multi-session AVD with autoscaling. Plus, our Citrix migration needed custom images and GPU VMs for the CAD team. AVD was the only option.β
Host pool types β personal vs pooled
This is one of the most important architectural decisions you will make.
| Aspect | Personal | Pooled |
|---|---|---|
| User assignment | 1:1 β each user gets their own VM | Many:1 β multiple users share VMs |
| Windows edition | Windows 11 Enterprise (single-session) | Windows 11 Enterprise multi-session |
| User profiles | Stored locally on the VM | FSLogix profile containers (required) |
| Cost | Higher β VMs dedicated even when idle | Lower β VMs shared across users |
| Customisation | Users can install apps, personalise | Locked down β changes reset at logoff |
| Scaling | Start VM on Connect (user triggers) | Autoscaling based on demand |
| Best for | Developers, power users, persistent apps | Task workers, call centres, shared workloads |
| Image updates | Manual or Intune patching | Replace session hosts with new image |
π Priya at NomadTech chose pooled for most of her 200 remote workers β they use standard Microsoft 365 apps and donβt need personal VMs. But her design team (12 people running Premiere Pro and After Effects) got personal host pools with GPU-enabled NV-series VMs.
Deep dive: Breadth-first vs depth-first load balancing
Pooled host pools use one of two load-balancing algorithms:
- Breadth-first: Spreads users evenly across all session hosts. Better for consistent performance β no single VM gets overloaded. This is the default and recommended for most scenarios.
- Depth-first: Fills one session host to its max session limit before moving to the next. Better for cost optimisation with autoscaling β keeps fewer VMs running by packing users tightly.
The exam may ask you to choose between these based on a scenario. If the question mentions βcost optimisationβ or βminimise running VMs,β think depth-first. If it mentions βconsistent user experienceβ or βeven distribution,β think breadth-first.
Azure Local and AVD
For organisations with data sovereignty requirements or edge computing needs, AVD session hosts can run on Azure Local (formerly Azure Stack HCI) β your own on-premises hardware managed through Azure Arc.
ποΈ JC at the Federal Department explored this option because some classified workloads cannot leave the governmentβs own data centres. Azure Local lets him run AVD session hosts on-premises while still using the AVD control plane in Azure.
This is a planning consideration covered in more depth in the host pool architecture module.
The AVD ecosystem β what connects to what
| Component | Purpose | Where It Lives |
|---|---|---|
| Microsoft Entra ID | Authentication and Conditional Access | Microsoft cloud |
| AVD control plane | Brokering, gateway, diagnostics | Microsoft-managed PaaS |
| Session hosts | Run user desktops and apps | Your Azure subscription (or Azure Local) |
| FSLogix | User profile management | Installed on session hosts, profiles on file shares |
| Azure Monitor | Logging, metrics, AVD Insights | Your Azure subscription |
| Azure Storage / NetApp Files | Profile and data storage | Your Azure subscription |
| Microsoft Intune / Group Policy | Device and user configuration | Microsoft cloud / on-premises AD |
Raj is designing an AVD deployment for TerraStack's 500 call centre agents. They all use the same CRM application and don't need to install personal software. Which host pool type and load balancing should Raj choose?
Which of the following is managed by Microsoft as part of the AVD control plane? (Choose two)
Priya needs to provide desktops to 200 remote workers across 12 countries. She wants predictable monthly costs and minimal management overhead. Her team uses only Microsoft 365 apps. Should she choose AVD or Windows 365?
π¬ Video coming soon
AVD Architecture: The Big Picture
Next up: Network Capacity and Design β how to assess bandwidth requirements, design your network topology, and ensure session hosts can talk to everything they need.