Creating Host Pools and Session Hosts

Creating your first host pool

Creating a host pool via the Azure portal

The portal wizard walks you through every setting. Here is the flow step by step:

Step 1 — Basics

Setting	What to choose	Why it matters
Host pool type	Pooled or Personal	Pooled shares VMs across users. Personal assigns one VM per user.
Load balancing	Breadth-first or Depth-first	Breadth-first spreads users evenly. Depth-first fills one VM before moving to the next.
Max session limit	A number (e.g. 10)	How many users can log in to a single session host at the same time. Only applies to pooled.
Validation environment	Yes or No	”Yes” means this pool receives AVD service updates first — use for testing, not production.

🎧 Mia’s scenario: “When Horizons Health opened a new clinic in Hamilton, I needed a quick host pool for 20 nurses. I used the portal — picked pooled, breadth-first, max 8 sessions per host, and had them connected within the hour.”

Step 2 — Virtual Machines

You configure the session hosts that will be deployed into the pool:

• Image: Choose a marketplace image (Windows 11 Enterprise multi-session with M365 Apps) or a custom image from an Azure Compute Gallery.
• VM size: Pick a size that matches the workload (e.g. D4s_v5 for general office, NV-series for GPU).
• Number of VMs: How many session hosts to deploy now.
• Name prefix: All VMs will be named with this prefix plus a number (e.g. avd-pool01-0, avd-pool01-1).
• Domain join: Choose Microsoft Entra ID join, hybrid Entra join, or Active Directory Domain Services.
• Virtual network and subnet: The network where session hosts will live.

Step 3 — Workspace

You can associate an application group (the default Desktop Application Group) with a workspace so users see their desktops in the feed. You can do this later too.

Step 4 — Review and create

Azure deploys the host pool resource, creates the VMs, installs the AVD agent, and registers them using a registration token — all automatically.

💡 Exam tip: Registration tokens

A registration token is a time-limited key that authorises a VM to join a host pool. Tokens expire after the time you set (max 27 days, default 24 hours in scripted scenarios). If a token expires, session hosts created with it won’t register — you need to generate a new token. The exam tests whether you understand that tokens are required for registration and that they expire.

How session host registration works

When a VM registers to a host pool, here is what happens behind the scenes:

1. The AVD Agent is installed on the VM (the portal does this automatically; manual installs use an MSI).
2. The agent reads the registration token and contacts the AVD service.
3. AVD verifies the token is valid and not expired.
4. The session host appears in the host pool with status Unavailable initially.
5. The Agent Boot Loader starts, and the status changes to Available.
6. The token value is cleared from the registry — the VM uses a machine token going forward.

If registration fails, check Event Viewer under Windows Logs and Application for event ID 3277 with messages like INVALID_REGISTRATION_TOKEN or EXPIRED_MACHINE_TOKEN.

Automating host pool creation

The portal is great for learning, but production environments demand automation. Here are your options.

PowerShell

Use the Az.DesktopVirtualization module:

# Create the host pool
New-AzWvdHostPool -ResourceGroupName "rg-avd-prod" `
  -Name "hp-pooled-prod" `
  -Location "australiaeast" `
  -HostPoolType "Pooled" `
  -LoadBalancerType "BreadthFirst" `
  -MaxSessionLimit 12 `
  -PreferredAppGroupType "Desktop"

# Generate a registration token (valid 24 hours)
New-AzWvdRegistrationInfo -ResourceGroupName "rg-avd-prod" `
  -HostPoolName "hp-pooled-prod" `
  -ExpirationTime $((Get-Date).ToUniversalTime().AddHours(24).ToString('yyyy-MM-ddTHH:mm:ss.fffffffZ'))

You then deploy VMs separately (using New-AzVM or ARM templates) and install the AVD agent with the registration token.

Azure CLI

# Create the host pool
az desktopvirtualization hostpool create \
  --resource-group rg-avd-prod \
  --name hp-pooled-prod \
  --location australiaeast \
  --host-pool-type Pooled \
  --load-balancer-type BreadthFirst \
  --max-session-limit 12 \
  --preferred-app-group-type Desktop

# Generate a registration token
az desktopvirtualization hostpool update \
  --resource-group rg-avd-prod \
  --name hp-pooled-prod \
  --registration-info expiration-time="2025-12-31T23:59:59Z" \
    registration-token-operation="Update"

ARM templates and Bicep

For repeatable infrastructure-as-code, use the Microsoft.DesktopVirtualization/hostPools resource type. Here is a simplified Bicep example:

resource hostPool 'Microsoft.DesktopVirtualization/hostPools@2024-04-03' = {
  name: 'hp-pooled-prod'
  location: 'australiaeast'
  properties: {
    hostPoolType: 'Pooled'
    loadBalancerType: 'BreadthFirst'
    maxSessionLimit: 12
    preferredAppGroupType: 'Desktop'
    validationEnvironment: false
  }
}

The session host VMs are separate Microsoft.Compute/virtualMachines resources with a VM extension that installs the AVD agent and passes the registration token.

🏢 Raj’s approach: “At TerraStack, we manage 8,000 desktops — there is no way I am clicking through the portal for each pool. We have a Bicep module that creates host pools, deploys session hosts from our golden image, and registers them. One pipeline, consistent every time.”

Portal vs PowerShell vs ARM/Bicep vs CLI

Aspect	Azure Portal	PowerShell	ARM / Bicep	Azure CLI
Best for	Learning, small deployments, quick one-offs	Scripted automation, ad-hoc tasks	Repeatable IaC, CI/CD pipelines	Cross-platform scripting, quick automation
Repeatability	Low — manual clicks each time	Medium — scripts can be reused	High — declarative, version-controlled	Medium — scripts can be reused
Idempotent	N/A	Partially (depends on script logic)	Yes — ARM/Bicep deploys desired state	Partially (depends on script logic)
Learning curve	Easiest	Moderate (PowerShell knowledge)	Steeper (template syntax)	Moderate (CLI knowledge)
Integration	None (manual)	Azure Automation, pipelines	GitHub Actions, Azure DevOps	GitHub Actions, Azure DevOps
Exam relevance	Know the wizard steps	Know key cmdlets	Know resource types	Know key commands

ℹ️ When to use portal vs automation

Use the portal when you are learning, prototyping, or deploying a handful of session hosts. Use automation (PowerShell, CLI, ARM/Bicep) for production environments, multi-pool deployments, disaster recovery, and anything you need to repeat. A good rule of thumb: if you will do it more than once, automate it.

Configuring host pool RDP properties

RDP properties control what devices and resources are redirected between the user’s local device and their AVD session. You configure these on the host pool, and they apply to all session hosts.

Common RDP properties include:

Property	What it controls	Example value
Clipboard redirection	Copy/paste between local and remote	redirectclipboard:i:1 (enabled)
Drive redirection	Access local drives in the session	drivestoredirect:s:* (all drives)
Printer redirection	Use local printers from the session	redirectprinters:i:1 (enabled)
Audio redirection	Where audio plays	audiomode:i:0 (play on local device)
Camera redirection	Use local webcam in the session	camerastoredirect:s:* (all cameras)

You set these in the Azure portal under Host pool then RDP Properties, or via PowerShell:

Update-AzWvdHostPool -ResourceGroupName "rg-avd-prod" `
  -Name "hp-pooled-prod" `
  -CustomRdpProperty "redirectclipboard:i:0;drivestoredirect:s:;redirectprinters:i:0"

🏛️ JC’s scenario: “At the Federal Department, Aisha (our security auditor) required clipboard and drive redirection disabled. No data leaves the session. We set those RDP properties on the host pool and every session host enforces it.”

💡 Exam tip: RDP properties and security

The exam often tests scenarios where security requirements dictate which RDP properties to enable or disable. If a question mentions “prevent data exfiltration” or “restrict file copy,” think about disabling clipboard and drive redirection. You can also enforce these through Conditional Access and Intune, but RDP properties on the host pool are the AVD-native approach.

Drain mode — graceful maintenance

When you need to patch, restart, or replace a session host, you don’t want to kick users off mid-work. Drain mode solves this:

1. Set the session host to drain mode (Allow new sessions = No).
2. The broker stops sending new users to that host.
3. Existing sessions continue until users log off naturally.
4. Once empty, perform your maintenance.

You can set drain mode in the portal (Session hosts tab, toggle Allow new sessions) or via PowerShell:

Update-AzWvdSessionHost -ResourceGroupName "rg-avd-prod" `
  -HostPoolName "hp-pooled-prod" `
  -Name "avd-pool01-0.contoso.com" `
  -AllowNewSession:$false

🎧 Mia’s tip: “I always drain session hosts before updating them. Tom on night shift can finish his charting without being disconnected. Once the host is empty, I swap it out with a fresh VM from the latest image.”

Question

What is a registration token in AVD?

Click or press Enter to reveal answer

Answer

A time-limited key that authorises a VM to register as a session host in a specific host pool. Tokens have a maximum lifetime of 27 days. Once the VM registers, the token is cleared and a machine token is used instead.

Click to flip back

Question

What PowerShell cmdlet creates a new host pool?

Click or press Enter to reveal answer

Answer

New-AzWvdHostPool from the Az.DesktopVirtualization module. Key parameters include -HostPoolType, -LoadBalancerType, and -MaxSessionLimit.

Click to flip back

Question

What does drain mode do on a session host?

Click or press Enter to reveal answer

Answer

Drain mode prevents new user sessions from being assigned to that session host. Existing sessions continue until users log off. This allows graceful maintenance without disrupting active users.

Click to flip back

Question

What is the Bicep resource type for a host pool?

Click or press Enter to reveal answer

Answer

Microsoft.DesktopVirtualization/hostPools — it is a top-level ARM resource. Session host VMs are separate Microsoft.Compute/virtualMachines resources that register via the AVD agent and a registration token.

Click to flip back

Knowledge Check

Mia needs to create a host pool for a new clinic with 20 nurses. She wants the quickest setup with minimal scripting. Which approach should she use?

AWrite an ARM template from scratchBUse the Azure portal wizardCWrite a Bicep module with CI/CD pipelineDUse Azure CLI with a bash script

Check Answer

Knowledge Check

Raj needs to prevent data exfiltration from AVD sessions at TerraStack. Which settings should he configure on the host pool?

ASet max session limit to 1BDisable clipboard and drive redirection via RDP propertiesCEnable validation environmentDChange load balancing to depth-first

Check Answer

Knowledge Check

A session host fails to register to a host pool. Event ID 3277 shows EXPIRED_MACHINE_TOKEN. What should you do first?

AReinstall Windows on the VMBGenerate a new registration token and re-register the session hostCIncrease the max session limit on the host poolDChange the host pool from pooled to personal

Check Answer

🎬 Video coming soon

Creating Host Pools and Session Hosts

---

Next up: Session Host Licensing — understand which licenses your users need for AVD, the difference between Windows client and Windows Server licensing, and how Azure Hybrid Benefit saves money.