
- March 17, 2025
- Pankaj Kumar
- 0
You have a deployment of Azure Virtual Desktop.
An estimate of the deployment’s bandwidth usage is required. Bidirectional data transfer types between a client and a session host must be included in the estimate.
Which two kinds of data ought to be incorporated into the estimate? Every right response provides a complete solution.
- file transfers
- graphics
- heartbeats
- input
- printing
Reveal Solution
The two correct answers are:
Graphics – Azure Virtual Desktop constantly transfers graphical data from the session host to the client, making it a significant factor in bandwidth utilization.
Input – User inputs (such as keyboard strokes, mouse movements, and touch inputs) are transmitted from the client to the session host, making them a bidirectional data transfer type.
You have a host pool called HS-Pool1 in your Azure Virtual Desktop deployment. Users use a VPN to connect to the session hosts in HS-Pool 1.
When trying to connect to the AVD session hosts, users encounter irregular VPN connectivity problems.
The virtual network gateway and its connections require diagnosis and troubleshooting.
What should you use?
- Azure Analysis Services
- Azure Network Watcher
- Azure Resource Explorer
- Azure Service Health
Reveal Solution
The correct answer is:
✅ Azure Network Watcher
Explanation:
Azure Network Watcher provides tools to troubleshoot and diagnose network issues, including monitoring the health of Azure Virtual Network (VNet) gateways and their connections. You can use Network Watcher’s VPN diagnostics, connection troubleshoot, and packet capture features to investigate the intermittent VPN connectivity issues.
You have a deployment of Azure Virtual Desktop.
As an AVD Administrator you must suggest a way to assess the deployment’s connection quality. The following specifications must be fulfilled by the solution:
Gather graphics and network connection information on a regular basis while a user is using Azure Virtual Desktop.
The correlation ID for the particular Azure Virtual Desktop connection should be obtained.
Keep track of the latency measurements for both TCP and UDP connections.
What needs to be suggested in the implementation?
- Azure Analysis Services
- Azure Network Watcher
- Log Analytics
- RemoteFX network performance counters
Reveal Solution
The correct answer is:
✅ Log Analytics
Explanation:
Log Analytics, as part of Azure Monitor and Azure Virtual Desktop Insights, can:
- Collect network connection and graphics performance data throughout a session.
- Store correlation IDs to track specific Azure Virtual Desktop connections.
- Measure latency for both TCP and UDP connections, helping analyze connection quality.
You have a deployment of Azure Virtual Desktop.
You intend to store FSLogix user profile containers in Azure NetApp Files.
You make an account on NetApp.
You must finish configuring Azure NetApp Files.
What needs to be created first?
- a capacity pool
- a file share
- an access key
- an NFS volume
Reveal Solution
The correct answer is:
✅ A capacity pool
Explanation:
In Azure NetApp Files, before creating an NFS volume (which will store FSLogix user profile containers), you must first create a capacity pool. The capacity pool provides the underlying storage allocation for volumes.
You have a deployment of Azure Virtual Desktop.
To store user profile data, you want to set up an Azure Storage account.
You must determine how Standard and Premium file sharing differ from one another.
Which two features separate a Premium file share?
- deployed to the FileStorage storage account type
- deployed to the general-purpose version 2 storage account type
- high latency for IO intensive workloads
- uses the pay-as-you-go billing model
- uses the provisioned billing model
Reveal Solution
The correct answers are:
✅ Deployed to the FileStorage storage account type
✅ Uses the provisioned billing model
Explanation:
Premium file shares in Azure Files offer high-performance, low-latency storage optimized for IO-intensive workloads, such as FSLogix user profiles in Azure Virtual Desktop.
Deployed to the FileStorage storage account type – ✅ Correct
- Premium file shares require a FileStorage account, which is specifically optimized for Azure Files.
- Standard file shares, on the other hand, are deployed in general-purpose v2 (GPv2) storage accounts.
Uses the provisioned billing model – ✅ Correct
- Premium file shares use a provisioned billing model, meaning you pay for the provisioned capacity regardless of actual usage.
- Standard file shares use a pay-as-you-go model, where you pay for actual usage.
You have a deployment of Azure Virtual Desktop.
FSLogix user profile containers are what you intend to use.
You make a new file share called avd-fs1 and an Azure Storage account called avd-store1.
You must confirm that avd-fs1 can be accessed using identity-based Kerberos authentication.
What needs to be set up on storage 1 first?
- a shared access signature (SAS)
- Access control (IAM)
- an identity source
- share-level permissions
Reveal Solution
The correct answer is:
✅ An identity source
Explanation:
To enable identity-based Kerberos authentication for Azure Files (which is required for FSLogix profile containers in Azure Virtual Desktop), you must first configure an identity source. This means integrating the Azure Storage account with Active Directory (AD) or Azure AD Kerberos authentication.
You have a deployment of Azure Virtual Desktop.
To store user profile data, you must first create an Azure Storage account called storage1. The following specifications must be fulfilled by the solution:
support for Azure page blobs and Azure file shares.
Set up redundancy to guard against failures at the datacenter level.
How should storage1 be set up?
- Premium performance with locally-redundant storage (LRS)
- Premium performance with zone-redundant storage (LRS)
- Standard performance with locally-redundant storage (LRS)
- Standard performance with zone-redundant storage (ZRS)
Reveal Solution
The correct answer is:
✅ Standard performance with zone-redundant storage (ZRS)
Explanation:
To meet the requirements:
Support for both Azure file shares and Azure page blobs:
- Only standard performance storage accounts (GPv2 or BlobStorage) support both Azure Files and page blobs.
- Premium performance storage accounts (FileStorage) only support Azure Files, not page blobs.
Configure redundancy to protect against datacenter-level failures:
- Zone-redundant storage (ZRS) provides redundancy across multiple availability zones, protecting against datacenter failures.
- Locally-redundant storage (LRS) only replicates data within a single datacenter, making it less resilient.
You have a host pool called Pool1 in your Azure Virtual Desktop deployment.
You have a Windows Server 2022 virtual machine in Azure called PRD-Server1.
You must confirm that PRD-Server 1 can be added to Pool 1 as a session host.
What can one to do?
- Enable RDP Shortpath for Pool1.
- Enable the Validation environment for Pool1.
- Installing the Remote Desktop Web Access (RDP) role on Server1.
- Install the Remote Desktop Session Host (RDP) role on Server1.
Reveal Solution
The correct answer is:
✅ Install the Remote Desktop Session Host role on Server1.
Explanation:
To add Server1 as a session host to Pool1 in Azure Virtual Desktop (AVD), it must have the Remote Desktop Session Host (RDSH) role installed. This role enables the server to host remote desktop sessions for multiple users, which is required for AVD session hosts.
You have the following host pools in your Azure Virtual Desktop deployment (AVD):
HostPool1
– Type: Pooled
– PreferredAppGroupType: Desktop
HostPool2
– Type: Pooled
– PreferredAppGroupType: None
HostPool3
– Type: Personal
– PreferredAppGroupType: Desktop
For the deployment, a RemoteApp application group must be added.
Can the RemoteApp Application group be added to whatever host pool?
- HostPool1 only
- HostPool1 and HostPool2
- HostPool1, HostPool2, and HostPool3
- HostPool2 only
- HostPool3 only
Reveal Solution
The correct answer is:
✅ HostPool2 only
Explanation:
- In Azure Virtual Desktop (AVD), a RemoteApp application group (RemoteApp App Group) allows publishing individual applications instead of full desktops.
- A host pool can have either a Desktop Application Group (DAG) or a RemoteApp Application Group (RAAG), but not both.
- HostPool1 and HostPool3 already have Desktop as the PreferredAppGroupType, meaning they cannot have a RemoteApp App Group.
- HostPool2 has PreferredAppGroupType: None, meaning it does not have a Desktop Application Group and is eligible for a RemoteApp App Group.
You have the following Azure Compute Gallery galleries and an Azure Virtual Desktop deployment:
Role-based access control (RBAC) sharing is used in Gallery 1.
Gallery 2: Makes use of RBAC and direct sharing
An Azure compute gallery that shares resources with all Azure customers, including those from outside your company, must be put into place. The solution must reduce expenses and administrative work.
What should you do?
- Create a new Azure compute gallery that uses RBAC + share to public community gallery sharing.
- To enable public community gallery sharing, change Gallery 1 to utilize RBAC + share.
- Change Gallery 2 to use a tag that contains the URL for the legal agreement, the Publisher URL, and the Publisher support email.
- Modify Gal to use RBAC + share to public community gallery sharing.
Reveal Solution
The correct answer is:
✅ Modify Gallery2 to use RBAC + share to public community gallery sharing.
Explanation:
To share Azure Compute Gallery images with all Azure users, including users outside your organization, you must enable public community gallery sharing.
Gallery1 (RBAC sharing):
- Limited to users or groups within your organization who have been assigned RBAC roles.
- Cannot be shared publicly.
Gallery2 (RBAC + share directly sharing):
- Allows sharing with specific external users, but not with all Azure users.
- To enable public sharing, you must modify it to use RBAC + share to public community gallery sharing.
An Azure Virtual Desktop deployment is part of your Azure subscription.
Throughout the subscription, you want to distribute unique virtual machine images to Azure Virtual Desktop administrators in various geographical locations.
What should be used to make sharing Azure virtual machines easier?
- Microsoft Entra App Gallery
- Azure Compute Gallery
- Azure Marketplace
- Container instances
- resource groups
Reveal Solution
The correct answer is:
✅ Azure Compute Gallery
Explanation:
To share custom virtual machine (VM) images across multiple regions for Azure Virtual Desktop, the best solution is Azure Compute Gallery (formerly known as Shared Image Gallery).
Why Azure Compute Gallery?
- Simplifies sharing: Allows you to share VM images with multiple Azure Virtual Desktop administrators.
- Supports multiple regions: You can replicate images across different Azure regions, improving availability.
- Efficient image management: Supports versioning and scaling for VM image deployments.
You have a Hyper-V virtual machine that runs Windows 11 and has the following configurations:
Name: VM1
- Generation: Generation 2
- Trusted Platform Module (TPM): Enabled
- Disk type: Dynamic
- Disk format: VHD
You intend to make a VM1 image, upload it to Azure, and utilize it as the foundation for Azure Virtual Desktop session hosts.
Make verify that VM1 is compatible with the Azure environment.
What should you do?
- Convert the disk format to VHDX.
- Convert the disk type to a fixed disk.
- Disable TPM.
- Reconfigure the generation to Generation 1.
Reveal Solution
The correct answer is:
✅ Convert the disk type to a fixed disk.
Explanation:
To successfully upload a Hyper-V virtual machine image to Azure and use it as a base for Azure Virtual Desktop session hosts, the VM must meet Azure’s disk requirements.
Azure only supports VHD format (not VHDX).
- VM1 already uses VHD, so no changes are needed here.
Azure does not support dynamic disks for VM images.
- The disk must be converted from dynamic to fixed before uploading to Azure.
You have a group called Group1 and an Azure Virtual Desktop deployment.
You intend to utilize Conditional Access to make sure that Group 1 members login to the Azure Virtual Desktop service using multifactor authentication (MFA).
Group1 is assigned to AVDPolicy1, a Conditional Access policy that you write.
The AVDPolicy1 configuration must be finished.
Which three settings need to be set up?
- Access controls: Grant
- Access controls: Session
- Conditions: Client apps
- Conditions: Device platforms
- Target resources
Reveal Solution
The correct answers are:
✅ Access controls: Grant
✅ Conditions: Client apps
✅ Target resources
Explanation:
To enforce multifactor authentication (MFA) for Group1 when connecting to Azure Virtual Desktop (AVD) using Conditional Access, you need to configure the following settings:
Access controls: Grant → ✅ Required
- In the Grant section, you need to configure “Require multi-factor authentication (MFA)” to enforce MFA for users connecting to AVD.
Conditions: Client apps → ✅ Required
- In the Conditions section, select Client apps and specify that the policy applies to browser and modern authentication clients (e.g., Remote Desktop client).
Target resources → ✅ Required
- You must specify Azure Virtual Desktop as the target resource so the policy applies only when users connect to AVD.
You have a deployment of Azure Virtual Desktop.
Pool1 is the host pool that you intend to use.
Which Azure Virtual Desktop service principle needs a role-based access control (RBAC) role given to it in this host pool setting?
- Autoscale
- Load balancing algorithm
- Preferred app group type
- Validation environment
Reveal Solution
The correct answer is:
✅ Autoscale
Explanation:
Autoscale in Azure Virtual Desktop (AVD) requires role-based access control (RBAC) permissions for a service principal because it automates the process of scaling session hosts based on demand.
- Why is RBAC required?
- Autoscale needs permissions to start, stop, and manage session hosts.
- It uses a managed identity or service principal that must have roles like Virtual Machine Contributor to perform these actions.
The host pools in your Azure Virtual Desktop deployment include the following:
Pool1
- Type: Personal
- Contains ten Windows 10 x64 Generation 2 Enterprise multi-session hosts.
Pool2
- Type: Pooled
- Ten Windows 11, x64 Generation 2 Enterprise multi-session hosts are included in Pool2.
Pool3
- Type: Personal
- Two Windows Server 2022 Datacenter x64 Generation 1 session hosts are included in Pool 3.
On session hosts, you intend to activate Confidential VM settings.
Which host pools have session hosts with Confidential VM parameters available for configuration?
- Pool1 only
- Pool1 and Pool2 only
- Pool1 and Pool3 only
- Pool2 and Pool3 only
- Pool2 only
- Pool3 only
Reveal Solution
The correct answer is:
✅ Pool1 and Pool2 only
Explanation:
Confidential VMs in Azure provide enhanced security features like memory encryption and require specific hardware and OS support.
Requirements for Confidential VMs:
- Generation 2 VM – Required ✅
- Windows 10 or Windows 11 (Enterprise multi-session supported) – ✅
- Windows Server is NOT supported ❌
Now, let’s analyze each pool:
| Pool | Type | OS | Generation | Confidential VM Support? |
|---|---|---|---|---|
| Pool1 | Personal | Windows 10 Enterprise multi-session | Gen 2 | ✅ Supported |
| Pool2 | Pooled | Windows 11 Enterprise multi-session | Gen 2 | ✅ Supported |
| Pool3 | Personal | Windows Server 2022 Datacenter | Gen 1 | ❌ Not Supported |
- Pool1 and Pool2 meet all requirements (Gen 2 + Windows 10/11 multi-session).
- Pool3 is NOT supported because:
- It uses Windows Server 2022 (Confidential VMs do not support Windows Server).
- It is also Generation 1, while Confidential VMs require Generation 2.
You have a pooled host pool called Pool1 in your Azure Virtual Desktop deployment. There are 25 session hosts in Pool 1.
You intend to manage and keep an eye on the session hosts’ vulnerabilities and threats using the Microsoft Defender portal.
You must make sure that Microsoft Defender for Endpoint receives security information from the session hosts.
When using the Microsoft Defender portal, what should you do first?
- Add a URL/Domain indicator.
- Configure an assessment job.
- Download a virtual desktop infrastructure (VDI) onboarding package.
- Run a detection test.
Reveal Solution
The correct answer is:
✅ Download a virtual desktop infrastructure (VDI) onboarding package.
Explanation:
To ensure Azure Virtual Desktop (AVD) session hosts report security information to Microsoft Defender for Endpoint, you must onboard them as part of a Virtual Desktop Infrastructure (VDI).
Steps to Enable Defender for Endpoint on AVD Session Hosts:
- Download the VDI onboarding package from the Microsoft Defender portal.
- Deploy the package to all AVD session hosts in Pool1.
- Verify reporting by running a detection test after onboarding.
You have a pooled host pool called Pool1 in your Azure Virtual Desktop deployment. There are 25 session hosts in Pool 1.
You must suggest a solution that satisfies the following security specifications:
makes certain that every session host is set up correctly and that, when necessary, exploit mitigation mechanisms are used.
discovers unsecured session hosts, dynamically evaluates the security situation, and implements suggested fixes to enhance security overall.
Regarding the Azure Virtual Desktop infrastructure, what recommendations would you make?
- Microsoft Defender for Cloud Apps
- Microsoft Defender for Endpoint
- Microsoft Defender for Identity
- Windows Defender Application Control (WDAC)
- Windows Defender Device Guard
Reveal Solution
The correct answer is:
✅ Microsoft Defender for Endpoint
Explanation:
Microsoft Defender for Endpoint (MDE) is the best solution because it:
- Continuously monitors session hosts for security misconfigurations and vulnerabilities.
- Applies exploit mitigation techniques automatically to protect against threats.
- Dynamically assesses the security state of each session host.
- Provides recommendations and automated actions to improve security posture.
This aligns perfectly with the security requirements stated in the question.
You are planning an Azure Virtual Desktop AVD) deployment that will be using FSLogix for store the users profile
For profile and ODFC containers, you must provide an FSLogix feature that can help guarantee high availability and resilience.
What should you recommend?
- a custom profile redirections.xml file
- Application Rule Sets
- Cloud Cache
- VHD Disk Compaction
Reveal Solution
The correct answer is:
✅ Cloud Cache
Explanation:
FSLogix Cloud Cache is designed to improve resiliency and high availability for FSLogix profile and ODFC (Office Data Files Cache) containers by:
- Enabling multiple storage locations (e.g., Azure Files, Azure NetApp Files, SMB shares).
- Providing automatic failover if one storage location becomes unavailable.
- Caching user profiles locally to improve performance and reduce storage dependency.
This ensures that user profiles remain available even if a primary storage location fails.
You have a host pool called Pool1 in your Azure Virtual Desktop deployment. Host1 is the session host found in Pool1.
You implement FSLogix profile containers.
You need to verify where the FSLogix profile container is being stored on Host1.
Which command should you run?
- frx list-redirects
- frx list-rules
- frx report-assignment
- frxcontext –install
Reveal Solution
The correct answer is:
✅ frx list-redirects
Explanation:
The frx list-redirects command is used to validate the storage location of the FSLogix profile container on a session host. It shows where user profiles are being redirected within the FSLogix configuration.
This helps confirm that profiles are being stored in the correct location (e.g., an Azure Files or SMB share).
Five session hosts include the host pool in your Azure Virtual Desktop deployment. FSLogix profile containers are used by every session host.
You intend to combine the FSLogix implementation with Cloud Cache.
To use Cloud Cache for profile redirection, you must set up an FSLogix registry option on each session host.
Which registry setting ought to be a part of the setup?
- CCDLocations
- ProxyDirectory
- VHDLocations
- WriteCacheDirectory
Reveal Solution
The correct answer is:
✅ CCDLocations
Explanation:
To integrate Cloud Cache with FSLogix profile containers, you must configure the CCDLocations registry setting.
CCDLocationsdefines multiple storage locations (e.g., Azure Files, SMB shares) where the FSLogix profile containers are stored and cached.- It allows automatic failover and high availability, ensuring user profiles remain accessible even if a primary storage location becomes unavailable.
You have a host pool called Pool1 in your Azure Virtual Desktop deployment. Host1 is the session host found in Pool1.
Device1 is the device that a user uses to connect to Host1.
Based on Device 1’s location, you must make sure that printers are accessible.
What should you configure?
- location override on Device1
- location override on Host1
- Network auto detect on Pool1
- the load balancing algorithm on Pool1
Reveal Solution
The correct answer is:
✅ Location override on Host1
Explanation:
To ensure printers are available based on the location of the user’s device (Device1), you must configure location-based printing in Azure Virtual Desktop (AVD).
“Location override on Host1” is the correct setting because:
- Host1 (session host) needs to detect the location of Device1 and apply the correct printer mapping.
- Location-based printing allows printers to be assigned dynamically based on the user’s location.
In your Azure Virtual Desktop setup, you have a host pool named Pool1. The session host in Pool1 is called Host1.
The device that a user connects to Host1 is called Device1.
For inactive Remote Desktop connections, a time limit must be set.
What must be configured?
- a scaling plan on Pool1
- Group Policy settings on Device1
- Group Policy settings on Host1
- session behavior on Pool1
Reveal Solution
The correct answer is:
✅ Group Policy settings on Host1
Explanation:
To set a time limit for idle Remote Desktop connections, you need to configure Group Policy settings on Host1 (the session host).
- The relevant Group Policy setting is:
“Set a time limit for Remote Desktop Services sessions that are both active and inactive“- Location:
Computer Configuration > Administrative Templates > Windows Components > Remote Desktop Services > Remote Desktop Session Host > Session Time Limits - This policy automatically disconnects or logs off idle users after a specified time.
- Location:
In your Azure Virtual Desktop setup, you have a host pool named Pool1. Pool 1 contains ten session hosts.
You plan to use Azure Monitor for Pool 1.
You must ensure that the required components are configured in order to support Azure Monitor.
Which two parts need to be set up?
- Azure Analysis Services
- Automation tasks
- diagnostic settings
- Log Analytics workspace
- Microsoft Purview
Reveal Solution
The correct answers are:
✅ Diagnostic settings
✅ Log Analytics workspace
Explanation:
To implement Azure Monitor for Azure Virtual Desktop (AVD), you need to configure:
1️⃣ Diagnostic settings
- Enables Azure Monitor to collect logs and metrics from AVD components (session hosts, host pools, user sessions, etc.).
- Must be configured on each session host and host pool to send data to a Log Analytics workspace.
2️⃣ Log Analytics workspace
- Stores logs and performance data collected from AVD resources.
- Azure Monitor uses Log Analytics queries to analyze session performance, user activity, and troubleshooting logs.
Your organization, MSCloudExplorers, has deployed Azure Virtual Desktop (AVD) with the following resources:
MSCE-HostPool: A pooled host pool for users
MSCE-AppGroup: A RemoteApp application group that publishes specific apps
MSCE-Workspace: A workspace that contains MSCE-AppGroup as a registered application group
MSCE-AutoScale: An autoscaling plan used for optimizing session host resources
You need to collect diagnostic logs related to user subscription feeds (i.e., the user’s ability to see their assigned apps in the AVD client).
Where should you configure diagnostic settings to capture this information?
MSCE-AppGroup
MSCE-AutoScale
MSCE-HostPool
MSCE-Workspace
Reveal Solution
The correct answer is: MSCE-Workspace
Explanation:
User subscription feed logs (e.g., what users can see in their AVD client) are tied to the workspace registration.
These logs help troubleshoot scenarios where users do not see expected applications in their AVD feed.
Therefore, you must configure diagnostic settings on the workspace resource, not the host pool, app group, or scaling plan.
You have an Azure Virtual Desktop deployment that contains a pooled host pool named Pool1. Users connect to the session hosts in Pool1 by using a VPN.
For Pool1, the load balancing algorithm is set to Depth-first.
You need to implement quality of service (QoS) for the Azure Virtual Desktop deployment.
What should you do first?
- Change the load balancing algorithm for Pool1 to Breadth-first.
- Configure RDP Shortpath for managed networks.
- Configure RDP Shortpath for public networks.
- Create a new personal host pool
- Deploy an on-premises Remote Desktop Gateway.
Reveal Solution
Correct answer: Configure RDP Shortpath for managed networks
Why?
- The users connect to Azure Virtual Desktop through a VPN.
- A VPN connection is considered a managed network.
- Quality of Service (QoS) support in Azure Virtual Desktop is available when using RDP Shortpath.
- For managed networks, you should enable RDP Shortpath for managed networks first.
Why the other options are incorrect
Option | Reason |
Change the load balancing algorithm to Breadth-first | Load balancing affects how sessions are distributed, but it does not enable QoS. |
Configure RDP Shortpath for public networks | This is used when clients connect directly over the internet, not through a VPN. |
Create a new personal host pool | Personal host pools are unrelated to QoS configuration. |
Deploy an on-premises Remote Desktop Gateway | Azure Virtual Desktop does not require an RD Gateway for this scenario. |
You have an Azure Virtual Desktop deployment.
You plan to implement an Azure Storage account to store user profile data.
You need to identify the differences between Premium file shares and Standard file shares.
What are two features of a Premium file share?
- deployed to the FileStorage storage account type
- deployed to the general-purpose version 2 storage account type
- high latency for IO intensive workloads
- uses the pay-as-you-go billing model
- uses the provisioned billing model
Reveal Solution
Correct answers:
- Deployed to the FileStorage storage account type
- Uses the provisioned billing model
Explanation
Premium Azure Files has the following characteristics:
- Deployed to the FileStorage storage account type ✅
- Premium file shares require a FileStorage account.
- Standard file shares use General-purpose v2 (GPv2) storage accounts.
- Uses the provisioned billing model ✅
- Premium shares are billed based on the amount of storage you provision, regardless of actual usage.
- This provides predictable performance and billing.
Why the other options are incorrect
- Deployed to the general-purpose version 2 storage account type ❌
- This is a characteristic of Standard file shares.
- High latency for IO intensive workloads ❌
- Premium file shares are designed for low latency and high-performance workloads.
- Uses the pay-as-you-go billing model ❌
- Standard file shares use a consumption-based (pay-as-you-go) model.
- Premium file shares use provisioned capacity.
You have an Azure Virtual Desktop deployment.
You plan to use FSLogix user profile containers.
You create an Azure Storage account named storage1 and a new file share named fileshare1.
You need to ensure that identity-based Kerberos authentication can be used to access fileshare1.
What should you configure first on storage1?
- a shared access signature (SAS)
- Access control (IAM)
- an identity source
- share-level permissions
Reveal Solution
✅ Correct answer: an identity source
Why?
For Azure Files identity-based authentication (including Kerberos authentication used with FSLogix profile containers), the first step is to configure an identity source for the storage account, such as:
- Microsoft Entra Domain Services
- On-premises Active Directory Domain Services (AD DS)
- Microsoft Entra Kerberos
The storage account must be associated with an identity source before users can be authenticated using their identities to access the file share.
Why the other options are incorrect
- A shared access signature (SAS) ❌
SAS provides delegated access using tokens, not identity-based Kerberos authentication. - Access control (IAM) ❌
IAM controls Azure resource management permissions and does not enable Kerberos authentication for Azure Files.
Share-level permissions ❌
These are configured after identity-based authentication is enabled. They are not the first prerequisite.
You have an Azure Virtual Desktop deployment.
You create an Azure Storage account named storage1.
You need to configure data storage for storage1 to support the following:
- FSLogix profile containers
- Microsoft Entra Kerberos authentication for Microsoft Entra hybrid identities
Which type of data storage should you configure?
Select only one answer.
- containers
- file shares
- queues
- tables
Reveal Solution
✅ Correct answer: file shares
Why?
For FSLogix profile containers, user profiles are stored on SMB file shares. Azure Virtual Desktop commonly uses Azure Files with:
- FSLogix profile containers
- Microsoft Entra Kerberos authentication
- Microsoft Entra hybrid identities
Azure Files provides the required SMB-based storage and supports Microsoft Entra Kerberos authentication.
Why the other options are incorrect
- Containers ❌
Azure Blob containers are object storage and cannot be used as FSLogix profile containers. - Queues ❌
Used for message storage and processing, not user profiles.
Tables ❌
Used for NoSQL key-value data storage, not FSLogix profiles.
You have an Azure Virtual Desktop deployment.
You need to create a host pool named Pool1 to meet the following requirements:
- Session hosts must allow for multiple user sessions.
- Session hosts must distribute new users across the session hosts in Pool1.
- Users must have full access to Windows features and apps.
Which PowerShell command should you run?
- New-AzWvdHostPool -Name Pool1 -ResourceGroupName RG1 -HostPoolType Pooled -LoadBalancerType BreadthFirst -PreferredAppGroupType Desktop
- New-AzWvdHostPool -Name Pool1 -ResourceGroupName RG1 -HostPoolType Pooled -LoadBalancerType DepthFirst -PreferredAppGroupType RailApplications
- New-AzWvdHostPool -Name Pool1 -ResourceGroupName RG1 -HostPoolType Personal -LoadBalancerType Persistent -PreferredAppGroupType Desktop
- New-AzWvdHostPool -Name Pool1 -ResourceGroupName RG1 -HostPoolType Personal -LoadBalancerType Persistent -PreferredAppGroupType None
Reveal Solution
✅ Correct answer:
New-AzWvdHostPool -Name Pool1 -ResourceGroupName RG1 -HostPoolType Pooled -LoadBalancerType BreadthFirst -PreferredAppGroupType Desktop
Why?
The requirements are:
- Multiple user sessions per session host → Requires a Pooled host pool ✅
- Distribute new users across session hosts → Requires BreadthFirst load balancing ✅
- Breadth-first spreads sessions evenly across available hosts.
- Full access to Windows features and apps → Requires a Desktop application group ✅
- Desktop provides the full Windows desktop experience.
Why the other options are incorrect
- Pooled + DepthFirst + RailApplications ❌
- Depth-first concentrates users on fewer hosts.
- RailApplications publishes individual apps, not a full desktop.
- Personal + Persistent + Desktop ❌
- Personal host pools assign users to dedicated session hosts and do not allow multiple users per host.
- Personal + Persistent + None ❌
- Personal host pool doesn’t meet the multiple-user requirement.
No desktop access is configured.
You have an Azure Virtual Desktop deployment and an Azure compute gallery named Gallery1.
You plan to use Azure Image Builder to create images that will be deployed as session hosts.
You need to configure Azure Image Builder to use Gallery1 as the distribution target.
Which type of distribution target should you use?
- Azure File share
- managed image
- Azure Blob Storage
- Image version
Reveal Solution
✅ Correct answer: Image version
Why?
When using Azure Image Builder with an Azure Compute Gallery (formerly Shared Image Gallery), the image is distributed to the gallery as an Image Version.
The process is:
- Create or use an existing Azure Compute Gallery.
- Create an Image Definition.
- Configure Azure Image Builder to distribute the built image as an Image Version within that gallery.
Why the other options are incorrect
- Azure File share ❌
Not a supported distribution target for Azure Image Builder images. - Managed image ❌
A managed image is a separate image resource and is not how images are published into an Azure Compute Gallery.
Azure Blob Storage ❌
Used for VHD output scenarios, not for publishing images to an Azure Compute Gallery.
You have a Hyper-V virtual machine that runs Windows 11 and has the following configurations:
- Name: VM1
- Generation: Generation 2
- Trusted Platform Module (TPM): Enabled
- Disk type: Dynamic
- Disk format: VHD
You plan to create an image of VM1, upload the image to Azure, and use the image as a source image for Azure Virtual Desktop session hosts.
You need to ensure that VM1 supports the Azure environment.
What should you do?
- Convert the disk format to VHDX.
- Convert the disk type to a fixed disk.
- Disable TPM.
- Reconfigure the generation to Generation 1.
Reveal Solution
- ✅ Correct answer: Convert the disk type to a fixed disk
Why?
When uploading a Hyper-V virtual machine image to Azure:
- The virtual hard disk must be in VHD format (not VHDX).
- The VHD must be a fixed-size disk.
- Azure supports Generation 2 VMs.
- TPM does not need to be disabled for this requirement.
Current configuration:
Setting | Status |
Generation 2 | ✅ Supported |
TPM Enabled | ✅ Supported |
Disk Format: VHD | ✅ Supported |
Disk Type: Dynamic | ❌ Not supported for upload |
Therefore, the required change is to convert the VHD from dynamic to fixed.
Why the other options are incorrect
- Convert the disk format to VHDX ❌
Azure requires VHD, not VHDX. - Disable TPM ❌
Not required for Azure Virtual Desktop image preparation. - Reconfigure the generation to Generation 1 ❌
Azure supports Generation 2 VMs.
You have an Azure Virtual Desktop deployment that contains a host pool named Pool1.
You need to enhance secure connectivity to Pool1 to meet the following requirements:
- Disable clipboard functionality between local devices and remote virtual sessions.
- Prevent printers on local computers from connecting to remote virtual sessions.
What should you configure on Pool1?
- Access control (IAM)
- device redirection
- locks
- session behavior
Reveal Solution
✅ Correct answer: Device redirection
Why?
Both requirements involve controlling which local devices and resources can be redirected into the Azure Virtual Desktop session:
- Disable clipboard functionality → Clipboard redirection setting
- Prevent local printers from connecting → Printer redirection setting
These settings are configured under Device Redirection in Azure Virtual Desktop host pool RDP properties.
Why the other options are incorrect
- Access control (IAM) ❌
- Controls Azure resource permissions, not clipboard or printer redirection.
- Locks ❌
- Prevent changes to Azure resources but do not affect user session behavior.
- Session behavior ❌
Controls session-related settings such as reconnection and disconnect behavior, not device redirection.
- Access control (IAM) ❌
You have an Azure Virtual Desktop deployment that contains a host pool named Pool1. Pool1 contains a session host named Host1.
You need to configure role-based access control (RBAC) to support the Start VM on Connect feature.
What should you do?
- Assign the Desktop Virtualization Power On Contributor role to the Azure Virtual Desktop service principal.
- Assign the Desktop Virtualization Power On Contributor role to the Azure Virtual Desktop ARM Provider service principal.
- Assign the Desktop Virtualization Session Host Operator role to the Azure Virtual Desktop service principal.
- Assign the Desktop Virtualization User Session Operator role to the Azure Virtual Desktop Client service principal.
Reveal Solution
✅ Correct answer: Assign the Desktop Virtualization Power On Contributor role to the Azure Virtual Desktop service principal.
Why?
Start VM on Connect allows Azure Virtual Desktop to automatically start a deallocated session host when a user attempts to connect.
For this feature to work, the Azure Virtual Desktop service principal must have permission to power on virtual machines. Microsoft recommends assigning the:
✅ Desktop Virtualization Power On Contributor
role to the Azure Virtual Desktop service principal at the subscription, resource group, or VM scope.
Why the other options are incorrect
- Desktop Virtualization Power On Contributor to the Azure Virtual Desktop ARM Provider service principal ❌
- The role is assigned to the Azure Virtual Desktop service principal, not the ARM Provider service principal.
- Desktop Virtualization Session Host Operator role ❌
- Used for session host management tasks, not powering on VMs.
- Desktop Virtualization User Session Operator role to the Azure Virtual Desktop Client service principal ❌
Used for managing user sessions and is unrelated to Start VM on Connect.
We’d love your feedback!
Share your thoughts on the Renewal Test and help us improve by reporting any inaccurate answers.
🔗 Explore more Renewal Tests at mscloudexplorers.com/learn
📘 Discover more Microsoft 365 & Intune-related blogs at mscloudexplorers.com/blog
📰 Join our newsletter to get the latest Microsoft Cloud updates directly in your inbox.
🔔 Follow us on LinkedIn for regular updates, tips, and community insights.







