In some Azure environments newly created VMs are restricted from connecting to the internet. This may be done with custom routing and network security groups (NSG) at the virtual network level or with proxy settings or custom security configurations pushed to the VMs via Active Directory GPO.
In order for Nerdio Manager to be able to automate the creation and management of AVD session host VMs the following access must be possible.
|Address||Outbound TCP port||Purpose||Service Tag|
|220.127.116.11||All||Azure platform services||AzureCloud|
|mrsglobalsteus2prod.blob.core.windows.net||443||Agent and SXS stack updates||AzureCloud|
|443||DSC extension download||AzureCloud|
Aside from the above connections, some scripted actions pull binaries from various websites, such as Official Download pages and open-source GitHub repos. If scripted actions are not being used, these addresses can be ignored.
|443||WVD Optimization||Fetches Additional Code|
|teams.microsoft.com||443||Install MS Teams||Downloads MS Teams client|
|microsoft.com||443||Install Office 365||Downloads ODT tool|
|support.zoom.us||443||Install Zoom VDI||Download Zoom VDI Client|
If desired, it is possible to read the scripts and retrieve the appropriate downloads, then self-host the files and change the scripted action code to point to your own servers. This allows further control for heavily restricted environments, but may introduce increased maintenance and complexity.
Azure platform mounts an ISO file to the DVD-ROM when a Windows VM is created from a generalized image. For this reason, the DVD-ROM must be enabled in the OS in the generalized image. If it is disabled, the Windows VM will be stuck at OOBE.
Azure DSC extensions used by the Nerdio Manager leverage Powershell and WinRM. Be sure that WinRM is not disabled on session host VMs and that unsigned Powershell scripts can be run on these VMs. If there is a GPO restricting WinRM and/or unsigned scripts, exclude the OU that contains the session hosts or create a naming prefix exclusion.
Reference KB articles: