gitea-mirror/hacktricks-cloud
1
0
Fork 0
mirror of https://github.com/HackTricks-wiki/hacktricks-cloud.git synced 2026-01-01 23:39:52 -08:00
Code Issues Packages Projects Releases Wiki Activity
Files
13f89a6674ceab008aa7a3f8c097744cd6df20bf
hacktricks-cloud/src/pentesting-cloud/azure-security/az-services/az-virtual-desktop.md
Jimmy 776d9f73df vitualdesktop
2025-02-25 12:41:45 +01:00

8.5 KiB
Raw Blame History

Az - Virtual Desktop

{{#include ../../../banners/hacktricks-training.md}}

Azure Virtual Desktop

Virtual Desktop is a desktop and app virtualization service. It enables to deliver full Windows desktops, including Windows 11, Windows 10, or Windows Server to users remotely, either as individual desktops or through individual applications. It supports single-session setups for personal use and multi-session environments Users can connect from virtually any device using native apps or a web browser.

Host Pools

Host pools in Azure Virtual Desktop are collections of Azure virtual machines configured as session hosts, providing virtual desktops and apps to users. There are two main types:

  • Personal host pools, where each virtual machine is dedicated to a single user, with its environments
  • Pooled host pools, where multiple users share resources on any available session host. It has a configurable session limit and a session host configuration lets Azure Virtual Desktop automate the creation of session hosts based on a configuration

Every host pool has a registration token is used to register virtual machines within an host pool.

Application groups & Workspace

Application groups control user access to either a full desktop or specific sets of applications available on session hosts within a host pool. There are two types:

  • Desktop application groups, which give users access to a complete Windows desktop (available with both personal and pooled host pools)
  • RemoteApp groups, which allow users to access individual published applications (available only with pooled host pools). A host pool can have one Desktop application group but multiple RemoteApp groups. Users can be assigned to multiple application groups across different host pools. If a user is assigned both desktop and RemoteApp groups within the same host pool, they only see resources from the preferred group type set by administrators.

A workspace is a collection of application groups, allowing users to access the desktops and application groups assigned to them. Each application group must be linked to a workspace, and it can only belong to one workspace at a time.

Key Features

  • Flexible VM Creation: Create Azure virtual machines directly or add Azure Local virtual machines later.
  • Security Features: Enable Trusted Launch (secure boot, vTPM, integrity monitoring) for advanced VM security (a virtual network is needed). Can integrate Azure Firewall and control traffic via Network Security Groups.
  • Domain Join: Support for Active Directory domain joins with customizable configurations.
  • Diagnostics & Monitoring: Enable Diagnostic Settings to stream logs and metrics to Log Analytics, storage accounts, or event hubs for monitoring.
  • Custom image templates: Create and manage them to use when adding session hosts. Easily add common customizations or your own custom scripts.
  • Workspace Registration: Easily register default desktop application groups to new or existing workspaces for simplified user access management.

Enumeration

az extension add --name desktopvirtualization

# List HostPool of a Resource group
az desktopvirtualization hostpool list --resource-group <Resource_Group>

# List Application Groups
az desktopvirtualization applicationgroup list --resource-group <Resource_Group>
# List Application Groups By Subscription 
az rest --method GET --url "https://management.azure.com/subscriptions/{subscriptionId}/providers/Microsoft.DesktopVirtualization/applicationGroups?api-version=2024-04-03"
# List Applications in a Application Group
az rest --method GET --url "https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.DesktopVirtualization/applicationGroups/{applicationGroupName}/applications?api-version=2024-04-03"
# List Assigned Users to the Application Group
az rest \
  --method GET \
  --url "https://management.azure.com/subscriptions/<SUBSCRIPTION_ID>/resourceGroups/<RESOURCE_GROUP_NAME>/providers/Microsoft.DesktopVirtualization/applicationGroups/<APP_GROUP_NAME>/providers/Microsoft.Authorization/roleAssignments?api-version=2022-04-01" \
| jq '.value[] | select((.properties.scope | ascii_downcase) == "/subscriptions/<subscription_id_in_lowercase>/resourcegroups/<resource_group_name_in_lowercase>/providers/microsoft.desktopvirtualization/applicationgroups/<app_group_name_in_lowercase>")'


# List Workspace in a resource group
az desktopvirtualization workspace list --resource-group <Resource_Group>
# List Workspace in a subscription
az rest --method GET --url "https://management.azure.com/subscriptions/{subscriptionId}/providers/Microsoft.DesktopVirtualization/workspaces?api-version=2024-04-03"

# List App Attach Package By Resource Group
az rest --method GET --url "https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.DesktopVirtualization/appAttachPackages?api-version=2024-04-03"
# List App Attach Package By Subscription 
az rest --method GET --url "https://management.azure.com/subscriptions/{subscriptionId}/providers/Microsoft.DesktopVirtualization/appAttachPackages?api-version=2024-04-03"

# List Desktops
az rest --method GET --url "https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.DesktopVirtualization/applicationGroups/{applicationGroupName}/desktops?api-version=2024-04-03"

# List MSIX Packages
az rest --method GET --url "https://management.azure.com/subscriptions/{subscriptionId}/resourcegroups/{resourceGroupName}/providers/Microsoft.DesktopVirtualization/hostPools/{hostPoolName}/msixPackages?api-version=2024-04-03"

# List private endpoint connections associated with hostpool.
az rest --method GET --url "https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.DesktopVirtualization/hostPools/{hostPoolName}/privateEndpointConnections?api-version=2024-04-03"
# List private endpoint connections associated By Workspace.
az rest --method GET --url "https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.DesktopVirtualization/workspaces/{workspaceName}/privateEndpointConnections?api-version=2024-04-03"

# List the private link resources available for a hostpool.
az rest --method GET --url "https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.DesktopVirtualization/hostPools/{hostPoolName}/privateLinkResources?api-version=2024-04-03"
# List the private link resources available for this workspace.
az rest --method GET --url "https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.DesktopVirtualization/workspaces/{workspaceName}/privateLinkResources?api-version=2024-04-03"

# List sessionHosts/virtual machines.
az rest --method GET --url "https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.DesktopVirtualization/hostPools/{hostPoolName}/sessionHosts?api-version=2024-04-03"

# List start menu items in the given application group.
az rest --method GET --url "https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.DesktopVirtualization/applicationGroups/{applicationGroupName}/startMenuItems?api-version=2024-04-03"

# List userSessions.
az rest --method GET --url "https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.DesktopVirtualization/hostPools/{hostPoolName}/sessionHosts/{sessionHostName}/userSessions?api-version=2024-04-03"
# List userSessions By Host Pool
az rest --method GET --url "https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.DesktopVirtualization/hostPools/{hostPoolName}/userSessions?api-version=2024-04-03"

Connection

To connect to the virtual desktop via web you can access through https://client.wvd.microsoft.com/arm/webclient/ (most common), or https://client.wvd.microsoft.com/webclient/index.html (classic) There are other methods that are described here https://learn.microsoft.com/en-us/azure/virtual-desktop/users/connect-remote-desktop-client?tabs=windows

Privesc

{{#ref}} ../az-privilege-escalation/az-virtual-desktop-privesc.md {{#endref}}

{{#include ../../../banners/hacktricks-training.md}}

Reference in New Issue View Git Blame Copy Permalink