About This Architecture

Hybrid Azure Virtual Desktop architecture spans on-premises networks and Azure West Europe via site-to-site VPN. On-prem users traverse firewall and router to VPN Gateway, connecting to AVD session hosts in dedicated subnets protected by NSGs and Azure Firewall. Session hosts authenticate via Azure AD Connect, store profiles on FSLogix storage with private endpoints, and stream telemetry to Log Analytics and Azure Monitor. This architecture demonstrates secure hybrid identity integration, network segmentation, and centralized monitoring for enterprise AVD deployments. Fork this diagram on Diagrams.so to customize subnet ranges, add ExpressRoute, or model multi-region AVD topologies for your organization.

People also ask

How do I design a secure hybrid Azure Virtual Desktop architecture connecting on-premises users to AVD session hosts in Azure?

This diagram shows a hybrid AVD architecture where on-prem users connect via VPN Gateway to Azure Firewall, which routes traffic to session hosts in segmented subnets. Azure AD Connect handles identity sync, FSLogix storage uses private endpoints, and Log Analytics monitors all components.