How to create an Azure Service Principal for use with Windows Virtual Desktop AND Azure ARM Templates, like the ARM Template to Update an existing Windows Virtual Desktop hostpool
Some time ago, I wrote a blog about How to provision a Windows Virtual Desktop (WVD) Host Pool with Service Principal in the case that MFA is enabled for (every) user/admin in the Azure environment and you cannot provision a Windows Virtual Desktop hostpool. And this was working fine when provisioning a new Windows Virtual Desktop host pool via the “Windows Virtual Desktop – Provision a host pool” wizard in the Microsoft Azure Portal . But soon I was running into failed deployments when running the ARM Template to Update an exisiting Windows Virtual Desktop hostpool , and I was not the only one, I got a lot of mails from people with the same problem.
After troubleshooting without success, I decided to open a case on Github . Also there were people that are saying they have the same problem, even for months. Recently the “Microsoft Windows Virtual Desktop team” (Including Tom Hickling , Christian Montoya , Mohit Nakrani and more) starts helping me on this case, and they ware able to found out that the problem is “related to not having the right permission to authenticate with Azure resource manager to be able to delete/deallocate old VMs.” So first a big shootout to Tom Hickling , Christian Montoya , Mohit Nakrani and the rest of this awesome team for finding the cause of this problem!
In this blog I will show you step-by-step how you can create a Service Principal that you can use to provision a new Windows Virtual Desktop Host pool via the “Windows Virtual Desktop – Provision a host pool” wizard within the Microsoft Azure Portal, AND the ARM Template to Update an existing Windows Virtual Desktop hostpool. I will do this in the following steps:
Create an App Registration
Add a role assignment to your Azure Subscription
Add the RDS Owner role to the Service Principal
Provisioning a new WVD Hostpool
Running the ARM Template to Update an existing Windows Virtual Desktop hostpool
Lets get started…
Step 1) Create an App Registration
For the next steps login to the Microsoft Azure Portal .
Navigate to: Azure Active Directory > App registrations and click the + New registration button.
Give this application a name, in this case I will give it the name Windows Virtual Desktop SP . Select Accounts in this organizational directory only . Leave Redirect URI (optional) empty and click Register
Open the Certificates & secrets blade and click + New client secret
Give the client secret a name, in this case I will use WVD as name . Select an expire period and click Add
Copy the Value to a save place, this is the Service Principal “password” and this is the only moment you can see this value.
Open the Overview blade and copy the Application ID to the same save place as the client secret, this is the Service Principal “Username” and you need...