Jump to content

PoC Guide: Citrix DaaS with Azure Virtual Desktop Hybrid

  • Contributed By: Steve Beals, Gerhard Krenn


Microsoft Azure Virtual Desktops allow enterprises to deliver virtual applications and desktops from Azure.
This proof of concept (PoC) guide is designed to help you quickly configure Citrix DaaS with Azure Virtual Desktop for a trial evaluation only, in a hybrid environment.
At the end of this PoC guide you are able to bridge your on-premises Citrix DaaS deployment with a Microsoft Azure subscription using Citrix DaaS.
You are able to let your users launch an Azure Virtual Desktop virtual app or desktop using the new Windows 11 Multi-Session experience, while also accessing on-premises resources.

Conceptual Architecture



In this PoC guide, you experience the role of a Citrix Cloud and Microsoft Azure administrator and create a hybrid environment that spans your organization’s on-premises deployment and Azure.
You provide access to a virtualization environment consisting of the Windows 11 Multi-Session experience in Azure Virtual Desktop (AVD) and on-premises resources to an end user with Citrix DaaS.

This guide showcases how to perform the following actions:

  1. Create a new Azure subscription and an Azure Active Directory (AAD) Tenant (if you don’t have one)
  2. Connect your on-premises AD to your AAD using Azure AD Connect
  3. Create Master Image using Windows 11 Enterprise for Virtual Desktops
  4. Create a Citrix Cloud account (if you don’t have one)
  5. Request a Citrix DaaS trial
  6. Create a Citrix DaaS account (Citrix Cloud account) and add the Azure tenant as a Resource Location
  7. Create a Windows Server VM and install the Citrix Cloud Connector in your Azure resource location
  8. Prepare the Azure Virtual Desktop template for the session host virtual machines (VMs). Install the Citrix Virtual Delivery Agent on the AVD VM
  9. Use your Citrix Virtual Apps and Desktops service account (Citrix Cloud account) to connect to your Azure subscription using the Citrix Cloud Connector
  10. Use Citrix Machine Creation Services for deploying a catalog and then create a delivery group
  11. Create a Windows Server VM and install the Citrix Cloud Connector in on-premises Resource Location and add it as a resource location
  12. Use your Citrix DaaS account (Citrix Cloud account) to connect to your on-premises resources using the Citrix Cloud Connector
  13. Let your users connect to the AVD or on-premises sessions via Citrix Workspace

There is a requirement from Microsoft that the AVD session hosts must be joined to a Windows Active Directory (AD) domain that has been synchronized with either Azure AD using Azure AD Connect or with Azure AD Domain Services. It requires you to connect your on-premises Active Directory to your organization’s Azure subscription. This is out-of-scope for this guide but if you are also a Citrix Networking customer then you can use Site-to-Site VPN with Citrix ADC (which requires a public IP).
The two preceding options are creating IPsec tunnels between your on-premises environment and the AVD network in Azure.

If you are looking for a solution that does much more than just set-up a link between these two locations, then we suggest considering creating an end to end SDWAN solution. The main advantages this gives you are integrated security, orchestration, and policy-based configuration.
SDWAN has further benefits:

  • Enables direct access to video-on-demand that is rendered from the customer data center
  • Provides intelligent traffic steering from the VDA to other on-premises properties
  • VoIP and real-time video traffic are navigated from the corporate data center
  • Aggregate more than 1 link to give you resiliency and expanded bandwidth by combining the different links

To set up an end to end SDWAN solution you can follow these guides:

Express route or Point-to-Site VPN which doesn’t require a public IP are other options to establish the connectivity.

This guide provides detailed instructions on how to deploy and configure your environment including VMs, connecting your AD to Azure AD. As a Citrix and Azure tenant administrator, you create the AVD environment to enable your users to test various scenarios that showcase Citrix DaaS and Azure Virtual Desktop integration.

Create an Azure Subscription and an Azure Active Directory Tenant

If you are an existing Microsoft O365 customer you already have an Azure Active Directory (AAD) and so you can log in to Azure as the global administrator of the subscription and skip to the next section.

  1. Go to the url: Sign into Azure and login to Azure


  2. Enter you information, click Next


  3. Verify your identity and then provide your credit card details for billing purposes. You may be asked to verify your card details by making a payment of ~ USD 1


  4. Once you are done you see this in Azure Portal. If that is the payment method you want to use click Next. Else change it and then click Next.


  5. If you agree, check the I agree checkbox for subscription agreement, offer details, and privacy statement. Click Sign Up.


  6. Alternately you can enroll in an O365 Enterprise E3 trial by going to this link and providing your details


  7. Click + Create a Resource and search for Azure Active Directory and select it


  8. Click Create


  9. Provide the Organization name and Initial domain name of the AD that you want to create. Select the Country or Region and then click Create


  10. Wait for the Azure AD to be created


Connect the on-premises AD to Azure AD using Azure AD Connect

  1. Launch an RDP session to the AD.


  2. Open a browser and login to Azure as the global administrator of the subscription and Azure AD. Click Azure Active Directory and then Azure AD Connect. Click Download Azure AD Connect


  3. In the browser window that opens click Download


  4. Click Run


  5. In the Azure AD connect dialog, click Continue


  6. Click Use Express Settings


  7. Provide the Azure Active Directory global administrator Username and Password. Click Next and login again if requested


  8. Provide the Active Directory enterprise administrator Username and Password. Click Next.


  9. Check the Continue without matching all UPN suffixes to verified domains, click Next


  10. Click Install


  11. Once the config is complete, click Exit


  12. Go back to the Azure Active Directory page in the Azure portal and click Users. Validate that one or more users you created are visible in the list.


Create a master image using Windows 11 Enterprise Multi-session

  1. Select + or + Create a resource. Search for Microsoft Windows 11 and select the Microsoft Windows 11 option that shows Windows 11 Enterprise multi-session in the drop-down list.


  2. Select the Windows 11 Enterprise multi-session option from the drop-down list and then click Create


  3. Select the appropriate Subscription and the Resource group created for AVD to deploy the machine in. Provide a name for the Master Image VM. Choose the same region as the AD VM. Enter the credentials for the administrator account. Click Next: Disks


  4. Select the appropriate OS disk type and Encryption type for your deployment. Click Next: Networking


  5. Select the virtual network that your other VMs are on and ensure that a Public IP is being created for the Master Image. Click Review + Create


  6. Ensure that the Validation Passed message appears and check the machine settings. Click Create to begin the Master Image VM creation


  7. Once the VM creation completes, click Go to resource.


  8. The VM must have a networking rule to allow incoming RDP traffic on it Public IP. Click Networking in the Favorites column. Click Add inbound port rule


  9. Your public IP can be obtained by running a google search for whatsmyip address to make RDP connections to the AD VM. Select IP Address as Source, enter the Public IP Address of the machine you want to connect from in the Source IP field, set Destination Port ranges to 3389, and Protocol to TCP. Set an appropriate Priority value and provide a name to the rule. * Click Add


    *: Leaving port 3389 open remotely long-term can pose a security risk.

  10. RDP in to the machine with the admin credentials you provided when creating the VM and join the VM to the domain and reboot the machine.

Create a Cloud Connector in your Azure subscription

  1. Select + or + Create a resource in Azure. Select Windows Server 2019 Datacenter under Get Started to create a new Windows Server 2016 machine.


  2. Select the appropriate Subscription and the Resource group created for AVD to deploy the machine in. Provide a name for the Cloud connector VM. Choose the same region as the AD VM. Enter the credentials for the administrator account. Click Next: Disks


  3. Select the appropriate OS disk type and Encryption Type for your deployment. Click Next: Networking


  4. Select the virtual network that your other VMs are on and ensure that a Public IP is being created for the Cloud Connector VM. Click Review + Create


  5. Ensure that the Validation Passed message appears and check the machine settings. Click Create to begin the Cloud connector VM creation


  6. Once the VM creation completes, click Go to Resource


  7. The VM must have a networking rule to allow incoming RDP traffic on it Public IP. Click Networking in the favorites column and then click the name of the network interface


  8. Click Network Security Group and then select the Network Security Group of your AVD VM as it already has the port rules to allow access to your machine. Click Save


    *: Leaving port 3389 open remotely long-term can pose a security risk.

  9. RDP in to the machine with the admin credentials you provided when creating the VM and join the Cloud Connector VM to the domain and reboot the machine.

Create a Citrix Cloud account

If you are new to Citrix Cloud, follow the instructions on the Citrix Cloud Sign Up page.

If you are an existing Citrix Cloud customer continue onto the next section. Ensure that you have an active Citrix Cloud account. If your account has expired you need to contact sales to enable it.

Create a new Resource Location

  1. RDP to the Cloud Connector VM and login as the AD admin. Goto the URL: Citrix Cloud.

  2. Enter Username and Password. Click Sign In. (If your account manages more than one customer select the appropriate one)


  3. Under Resource Locations Click Edit or Add New


  4. Click + Resource Location and enter name of the New Resource Location. Click Save


  5. Under the newly created resource location click + Cloud Connectors


  6. Click Download. Click Run when the download begins


  7. The Citrix Cloud Connectivity test successful message is displayed. Click Sign in and Install to continue. If the test fails, check the following link to resolve the issue - CTX224133


  8. From the drop-down lists select the appropriate Customer and Resource Location. Click Install


  9. Once the installation completes, a service connectivity test runs. Let it complete and you again see a successful result. Click Close


  10. Refresh the Resource Location page in Citrix Cloud. Click Cloud Connectors


  11. The newly added Cloud Connector is listed. In production environments, ensure to have 2 Cloud Connectors per resource location


Request a Citrix DaaS trial

  1. Sign in to your Citrix Cloud account

  2. From the management console, select Request Trial for the Citrix DaaS Service


For some services you must request a demo from a Citrix sales representative before you can try out the service. Requesting a demo allows you to discuss your organization’s cloud service needs with a Citrix sales representative. Also, the sales representative ensures you have all the information needed to use the service successfully. When your trial is approved and ready to use, Citrix sends you an email notification.

Install Virtual Delivery Agent on the AVD host VM

While we wait, we can install the Citrix Virtual Apps and Desktops, Virtual Delivery Agent on the Windows 11 Multiuser VM that we created.

  1. Connect to the AVD VM via RDP as the domain admin


  2. Open Citrix.com in your browser. Hover over Sign in and click My Account


  3. Sign in with your Username and Password.


  4. Click Downloads.


  5. From the Select a Product drop-down list, select Citrix Virtual Apps and Desktops


  6. In the page that opens, select the latest version of Citrix Virtual Apps and Desktops 7 (without the .x at the end)


  7. Scroll down to Components that are on the product ISO but also packaged separately. Click the chevron to expand the section. Click Download File under Server OS Virtual Delivery Agent


  8. Check “I have read and certify that I comply with the Export Control Laws” checkbox, if you agree. Click Accept. The download begins.


  9. Save the file and Run it when the download completes


  10. Click Next in the Environment section to create a master MCS image.


  11. In the Core Components section, check the Citrix Workspace app checkbox if your users can use the session to launch sessions from within it. Click Next


  12. In the Additional section choose the components that you need and click Next


    NOTE: To see logon information in Citrix Director, select also Citrix User Profile Manager

  13. Enter the UPN for the Cloud Connector VM and click Test Connection. Ensure that the test is successful a green tick appears next to the entered UPN. Click Add and click Next


  14. Click Next in the Feature section and Next again in the Firewall section.


  15. Click Install in the Summary section


  16. Once the installation completes, in the Diagnostics section click Connect. Enter your Citrix Cloud credentials, click OK. Once the credentials are validated, click Next


  17. Click Finish and let the VM reboot.


Create a hosting connection between Citrix DaaS and Azure

Configure Citrix DaaS to connect to the Azure Subscription that hosts the Azure Virtual Desktop VMs.

  1. Once the trial is approved, Log in to Citrix Cloud from your local machine. Scroll to My Services, and locate DaaS service tile, click Manage


  2. the Full Configuration page is displayed


  3. in the left navigation menu, click Zones and verify that the Resource Location and Cloud Connector you have setup are visible.


  4. In the left menu under Configuration. Click Hosting and then click Add Connection and Resources that host the machines.


  5. From the drop-down lists select Create New Connection, Microsoft© AzureTM as Connection Type, Azure Global for Azure environment and the Azure zone location setup as a Resources Location. Select Citrix provisioning tools (Machine Creation Services selected. Click Next


  6. Paste your Azure Subscription ID in the Subscription ID text box and enter a Connection Name. Click Create New to create a new service principal. Alternately you can manually grant Citrix Cloud Access to the Azure subscription (with more restrictive roles than the default contributor) CTX224110


  7. Sign in to your Azure account when prompted. Ensure that the user is an owner and not an external user in the subscription


  8. Check the Consent on behalf of your organization checkbox and click Accept if you agree. Once the validation completes Connected is displayed. Click Next


  9. Select the appropriate Region and click Next


  10. Enter a Name for these resources and select the appropriate Virtual network and Subnet where the VMs are to be created. Click Next. Review the Summary and click Finish


  11. You are returned to the Hosting page. Once you are done click Machine Catalogs to start creating your catalog.


Create a Machine Catalog and a Delivery Group

  1. Click Create Machine Catalog.


  2. In the Machiune Catalog Setup dialog, click Next


  3. Ensure Multi-Session OS is selected. Click Next


  4. Ensure Machines that are power managed and Citrix Machine Creation service are selected and the correct Azure network is shown in the Resources. Click Next


  5. Choose the correct disk that is associated with the AVD VM. From the minimum functional level drop-down list select 1811 (or newer). Click Next. A pop-up appears to ask for the VM attached to the VHD to be stopped.


  6. Log in to the Azure portal and Under Virtual Machines, go to the AVD VM and Click the Stop button. Ignore the warning about losing the Public IP. Wait for status to show Stopped (deallocated). Return to the Citrix Cloud tab and click Close


  7. Leave Defaults and click Next


  8. Modify the number of VMs if you want and select the machine size you want for your VMs. Click Next


  9. Click Next


  10. Set the write back cache size if you want it. Click Next


  11. Click Next and click Close


  12. Select the OU in which the VMs are placed. Enter the computer Account naming scheme. Ensure that the name is fewer than 15 chars long and ends with a #. Click Next


  13. Click Enter Credentials. In the dialog that opens enter username and password of the AD admin. Click Done. Click Next


  14. Click Next


  15. Click Next


  16. Enter a name for the machine catalog. Click Finish


  17. Wait for the catalog to be created.


  18. When Machine Catalog creation is finished, from the left side menu click Delivery Groups then Create Delivery Group.


  19. Select the Windows 11 Multisession Catalog. Increment the number of machines to the number of VMS you want to add to the delivery group. Click Next


  20. For our example we select the Allow any authenticated users to use this Delivery Groupo radio button. Click Next


  21. If you want to also make apps available from this delivery group click the Add drop-down list and choose From Start Menu


  22. From the Add Applications from the Start drop-down list Dialog check the boxes next to the apps you want to make available. Then click OK


  23. Click Next


  24. In the Desktops section click Add. Enter Display Name for the delivery group. Ensure Enable desktop is checked. Click OK


  25. Click Next


  26. Click Next


  27. Select the appropriate License Type and Click Next


  28. Enter a Delivery Group name. Click Finish


  29. Once the delivery group is created, your Delivery Group overview looks like this.


If you want to add your on-premises resources to the Workspace follow the below steps.

Create a Cloud Connector in your on-premises data center

  1. Add a cloud connector in your on-premises data center. Create a Windows server 2012 R2 or 2016 VM in your on-premises. Repeat the steps in the “Create a new Resource Location” section.

Add on-premises site to the Workspace

  1. Follow the steps in the guide to add the on-premises site to Citrix DaaS. Complete until the end of Task 3: Configure connectivity and confirm settings in this page.


Launch the session from Citrix Workspace

  1. Open the Workspace URL you saved earlier (from Citrix Cloud) to the Citrix Workspace. Log in as one of the domain users that you added to the Delivery Group.


  2. Click View all Desktops


  3. Click the Windows 11 Multi-session DG desktop that you created in Azure.


  4. The session launch gives you access to the Azure Virtual Desktop



The guide walked you through bringing your Azure hosted Azure Virtual Desktop and on-premises resources (using Workspace Configuration) together, so users access them in one place. You learned how to create a hybrid setup to manage both Azure Virtual Desktops based VMs and on-premises based resources using Citrix Virtual Apps and Desktops. The process included creating a network connection between the Azure virtual network and your on-premises data center. Also you learned how to synchronize your on-premises Active Directory with Azure Active Directory with Azure AD connect. We even looked at how to create a Citrix Cloud account, if you didn't have one and get access to the Citrix Virtual Apps and Desktops service, which makes all this work.

To learn more about migrating your on-premises Citrix Virtual Apps and Desktops setup to the cloud, read the deployment guide

User Feedback

There are no comments to display.

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Create New...