🚀 Launch Special: $29/mo for life --d --h --m --s Claim Your Price →
AZ-140
AZ-140 Microsoft Azure

Virtual Desktop

The Azure Virtual Desktop Specialty (AZ-140) course teaches architects how to design, deploy, secure, and manage enterprise‑scale AVD environments, covering hybrid identity, multi‑session Windows, and client connectivity.

120
Minutes
50
Questions
700/1000
Passing Score
$165
Exam Cost
7
Languages

Who Should Take This

It is intended for senior IT architects, cloud engineers, or solutions designers with several years of experience in Windows Server, Azure networking, and identity services who aim to validate their expertise in AVD deployments and advance to a recognized specialty credential.

What's Covered

1 Designing AVD architecture, configuring host pools, session hosts, networking, storage for FSLogix profiles, and implementing Azure Virtual Desktop scaling plans.
2 Configuring Microsoft Entra ID integration, Conditional Access policies, RBAC roles, and security controls for Azure Virtual Desktop environments.
3 Configuring FSLogix profile containers, implementing MSIX app attach, managing RemoteApp programs, and optimizing user experience settings.
4 Monitoring AVD with Azure Monitor, configuring diagnostics, managing session host updates, implementing backup, and troubleshooting connectivity issues.

Exam Structure

Question Types

  • Multiple Choice
  • Multiple Response
  • Case Studies
  • Labs

Scoring Method

Scaled score 100-1000, passing score 700

Delivery Method

Proctored exam, 40-60 questions, 100 minutes

Prerequisites

None required. AZ-104 recommended.

Recertification

Renew annually via free Microsoft Learn renewal assessment

What's Included in AccelaStudy® AI

Adaptive Knowledge Graph
Practice Questions
Lesson Modules
Console Simulator Labs
Exam Tips & Strategy
20 Activity Formats

Course Outline

76 learning goals
1 Domain 1: Plan and Implement an Azure Virtual Desktop Infrastructure
4 topics

Planning an Azure Virtual Desktop architecture

  • Configure Azure Virtual Desktop architecture components including host pools, workspaces, application groups, and session hosts to establish the foundational topology for enterprise desktop virtualization requirements.
  • Assess Azure region selection criteria including latency requirements, data residency regulations, service availability, and disaster recovery proximity for Azure Virtual Desktop deployments.
  • Analyze session host sizing options including VM families, vCPU-to-user ratios, memory allocation, and GPU requirements to determine the optimal configuration for diverse workload profiles.
  • Design an Azure Virtual Desktop architecture that balances user density, session host capacity, network bandwidth, storage performance, and cost constraints for multi-site enterprise deployments.

Implementing networking for Azure Virtual Desktop

  • Configure Azure Virtual Network settings including subnets, network security groups, and service endpoints to provide isolated and secure network connectivity for AVD session hosts.
  • Implement RDP Shortpath for managed and public networks to optimize session transport using UDP-based connections with STUN and TURN relay for improved latency and reliability.
  • Assess DNS resolution, Azure Private Link, and proxy configuration options to determine the optimal endpoint connectivity approach for AVD session hosts operating within corporate network architectures.
  • Plan network connectivity architecture by comparing site-to-site VPN, ExpressRoute, and Azure Virtual WAN to determine the optimal hybrid connectivity approach based on bandwidth, latency, cost, and redundancy requirements for AVD deployments.
  • Recommend a network architecture strategy that integrates VNet peering, Private Link, RDP Shortpath, and firewall rules to optimize AVD traffic flow while enforcing security segmentation requirements.

Implementing and managing host pools and session hosts

  • Configure pooled and personal host pools with appropriate load balancing algorithms, maximum session limits, and assignment types to match organizational desktop delivery requirements.
  • Analyze scaling plan configurations with peak, ramp-up, ramp-down, and off-peak schedules to determine optimal capacity thresholds and exclusion tag strategies for balancing session host availability against cost.
  • Deploy session hosts using Azure Resource Manager templates or Bicep with domain join configurations, custom script extensions, and availability zone placement for automated and repeatable provisioning.
  • Analyze host pool configuration tradeoffs between pooled breadth-first, pooled depth-first, and personal assignment models to evaluate user experience, resource utilization, and management overhead.
  • Devise a host pool management strategy that integrates scaling plans, session host lifecycle, tagging conventions, and capacity planning to optimize cost while maintaining service level targets.

Creating and managing session host images

  • Create golden images for AVD session hosts using generalized VMs with installed applications, OS optimizations, and FSLogix agent configuration for standardized desktop environments.
  • Evaluate Azure Compute Gallery image versioning options including replication across regions, version lifecycle policies, and image definitions to determine the optimal image distribution approach for multi-session and single-session Windows deployments.
  • Implement automated image build pipelines using Azure Image Builder with customization steps, validation triggers, and distribution targets to maintain up-to-date session host images.
  • Evaluate image update strategies including in-place updates, blue-green image deployments, and drain mode rotation to determine the optimal approach for minimizing user disruption during image refreshes.
  • Design an image lifecycle management strategy integrating Azure Compute Gallery versioning, automated build pipelines, patch compliance, and rollback procedures for enterprise image governance.
2 Domain 2: Plan and Implement Identity and Security
3 topics

Planning and implementing identity for Azure Virtual Desktop

  • Configure Microsoft Entra ID and Active Directory Domain Services integration to provide identity services for AVD session host domain join and user authentication.
  • Differentiate Microsoft Entra Connect synchronization methods including password hash sync, pass-through authentication, and federation to determine the optimal hybrid identity configuration for AVD environments.
  • Configure Microsoft Entra joined and hybrid Entra joined session hosts with single sign-on using passwordless authentication methods for streamlined user access.
  • Analyze identity architecture options comparing Microsoft Entra join, hybrid Entra join, and AD DS join to evaluate SSO capabilities, management overhead, and compatibility constraints for AVD.
  • Recommend an identity architecture strategy that integrates Entra ID, AD DS, and synchronization topology with SSO and passwordless authentication aligned to organizational security requirements.

Planning and implementing access control

  • Configure Azure RBAC roles including Desktop Virtualization Contributor, User Session Operator, and custom roles to enforce least-privilege access for AVD administration.
  • Implement conditional access policies with device compliance checks, location restrictions, session controls, and MFA requirements for AVD connection authorization.
  • Analyze access control scenarios comparing RBAC scope assignments, conditional access policy combinations, and device restriction configurations to evaluate security posture tradeoffs for AVD.
  • Design an access governance strategy integrating RBAC hierarchies, conditional access policies, and device trust levels to enforce zero-trust principles across the AVD environment.

Implementing Azure Virtual Desktop security

  • Implement Microsoft Defender for Endpoint on AVD session hosts with onboarding packages, attack surface reduction rules, and endpoint detection and response for threat protection.
  • Configure screen capture protection and digital watermarking policies on AVD session hosts to prevent unauthorized screen recording and enable user activity attribution.
  • Evaluate disk encryption approaches comparing Azure Disk Encryption, server-side encryption with platform-managed keys, and customer-managed keys with Azure Key Vault to determine the appropriate data protection level for AVD session hosts.
  • Devise a threat mitigation priority matrix for AVD environments by assessing session hijacking, lateral movement, profile container tampering, and data exfiltration vectors against available security controls and organizational risk tolerance.
  • Strategize a defense-in-depth security architecture for AVD that layers endpoint protection, encryption, network segmentation, screen capture controls, and threat detection across all attack surfaces.
3 Domain 3: Plan and Implement User Environments and Apps
3 topics

Planning and implementing FSLogix

  • Configure FSLogix profile containers with VHD location lists, profile type settings, and size limits to provide persistent user profiles across pooled AVD session hosts.
  • Implement FSLogix Cloud Cache with multiple provider entries to enable profile container replication across Azure Files, Azure NetApp Files, or SMB storage for high availability.
  • Compare Azure Files and Azure NetApp Files storage backends by evaluating performance tiers, IOPS capabilities, NTFS permission models, and identity-based authentication to determine the optimal FSLogix profile container storage solution.
  • Analyze FSLogix storage performance by evaluating IOPS requirements, latency thresholds, concurrent user load patterns, and storage tier costs to determine optimal storage backend configuration.
  • Troubleshoot FSLogix profile loading failures by analyzing event logs, VHD lock contention, permission misconfigurations, and network connectivity issues to restore profile functionality.
  • Architect a FSLogix profile management strategy that integrates storage backend selection, Cloud Cache topology, backup procedures, and capacity planning to ensure reliable profile delivery at scale.

Planning and implementing user experience settings

  • Configure Universal Print integration with AVD session hosts to enable serverless printing through cloud-based print queues without requiring print server infrastructure.
  • Implement OneDrive for Business known folder redirection and Files On-Demand on AVD session hosts to synchronize user documents while minimizing local storage consumption.
  • Assess RDP device redirection options for printers, drives, clipboard, audio, cameras, and USB devices to determine the appropriate balance between user productivity and data loss prevention requirements.
  • Evaluate multimedia redirection and Teams media optimization configurations to assess audio and video processing offload effectiveness across different client endpoints and network conditions.
  • Plan user experience policies by evaluating device redirection breadth, bandwidth consumption, security exposure, and Teams media optimization tradeoffs to determine appropriate configuration tiers per user group.
  • Design a user experience strategy that integrates printing, file synchronization, device redirection, and multimedia optimization policies aligned with organizational productivity and security objectives.

Planning and implementing app delivery

  • Configure RemoteApp application groups with published applications, user assignments, and friendly names to deliver individual applications without exposing the full desktop environment.
  • Implement MSIX app attach with package staging, registration, and deregistration lifecycle to deliver applications dynamically to AVD session hosts without installing them in the base image.
  • Evaluate per-user application installation and app layering approaches to assess the tradeoffs between application lifecycle independence, storage overhead, and user session isolation from base image management.
  • Compare application delivery methods including image-embedded, MSIX app attach, RemoteApp, and per-user installation to evaluate update agility, storage overhead, and user isolation characteristics.
  • Recommend an application delivery strategy that assigns each application type to the optimal delivery mechanism based on update frequency, licensing requirements, compatibility constraints, and operational complexity.
4 Domain 4: Monitor and Maintain an Azure Virtual Desktop Infrastructure
3 topics

Monitoring and managing Azure Virtual Desktop

  • Configure Azure Monitor and Log Analytics workspaces to collect AVD diagnostic data including connection events, feed events, checkpoint errors, and management activity logs.
  • Deploy AVD Insights workbooks with performance counters, connection quality metrics, and user session dashboards to provide centralized operational visibility across host pools.
  • Configure alert rules for session host health, connection failures, profile load times, and capacity thresholds to enable proactive incident detection and notification.
  • Analyze AVD diagnostic logs using Kusto Query Language to investigate connection failures, session disconnects, latency spikes, and authentication errors for root cause determination.
  • Determine session host performance baselines by analyzing CPU utilization, memory pressure, disk queue length, and input delay metrics to identify degradation patterns and right-sizing opportunities.
  • Recommend a monitoring and alerting strategy that integrates AVD Insights, custom KQL queries, alert severity tiers, and action groups to achieve comprehensive observability with actionable escalation paths.

Planning and implementing business continuity and disaster recovery

  • Implement secondary host pools in paired Azure regions with replicated images and DNS failover to provide disaster recovery capability for AVD service continuity.
  • Evaluate FSLogix profile container backup and replication options comparing Azure Backup, Azure File Sync, and Cloud Cache multi-provider writes to determine the optimal data protection approach against regional failures.
  • Recommend a disaster recovery architecture by comparing active-passive, active-active, and pilot light patterns against RTO, RPO, cost, and operational complexity requirements for AVD deployments.
  • Architect a business continuity strategy for AVD that integrates secondary host pools, profile replication, identity resilience, failover automation, and recovery testing procedures aligned with organizational RTO and RPO requirements.

Automating Azure Virtual Desktop management

  • Implement AVD infrastructure deployments using ARM templates and Bicep with parameterized host pool, session host, and workspace resource definitions for repeatable provisioning.
  • Assess PowerShell and Azure CLI automation approaches for session host management tasks to determine the optimal scripting strategy for drain mode toggling, user session management, and host pool registration token rotation.
  • Implement Azure Automation runbooks and Start VM on Connect functionality to automate session host power management and reduce compute costs during low-demand periods.
  • Differentiate automation approaches comparing ARM/Bicep templates, PowerShell scripts, Azure Automation runbooks, and Azure DevOps pipelines to evaluate repeatability, auditability, and team skill alignment.
  • Recommend an automation governance strategy integrating infrastructure-as-code pipelines, operational runbooks, Start VM on Connect, and change management controls for AVD lifecycle management.
5 Domain 5: Plan and Implement AVD Client Connectivity
2 topics

Implementing client connectivity

  • Configure Windows Desktop client, Windows Store client, and macOS client connections with workspace subscriptions, display settings, and device redirection for AVD access.
  • Deploy the Azure Virtual Desktop web client with browser compatibility validation and configure thin client endpoints for kiosk and shared workspace access scenarios.
  • Assess Remote Desktop client capabilities for iOS, Android, and Linux platforms by evaluating per-platform feature parity, redirection limitations, and connection configuration requirements for cross-platform access.
  • Compare Remote Desktop client capabilities across Windows, macOS, web, iOS, Android, and Linux platforms to evaluate feature parity, redirection support, and user experience differences.
  • Plan a client deployment strategy that assigns endpoint types, client versions, and update channels aligned with organizational device management policies and user mobility requirements.

Managing user connections and sessions

  • Configure drain mode on session hosts to gracefully prevent new connections during maintenance windows while allowing existing sessions to complete naturally.
  • Analyze connection load balancing tradeoffs between breadth-first and depth-first algorithms with session limits and affinity settings to determine the optimal user session distribution strategy.
  • Configure session reconnection settings, disconnected session timeouts, and idle session limits to manage session lifecycle and optimize resource utilization on session hosts.
  • Troubleshoot user connection issues by analyzing gateway connectivity, broker registration, authentication failures, and network path diagnostics to identify and resolve session establishment problems.
  • Optimize session connection quality by analyzing round-trip time, bandwidth estimation, and frame rate metrics to recommend connection configuration adjustments for varying network conditions.
  • Design a session management strategy integrating load balancing algorithms, drain mode procedures, reconnection policies, and session timeout configurations to maximize user satisfaction and resource efficiency.

Hands-On Labs

15 labs ~285 min total Console Simulator

Practice in a simulated cloud console or Python code sandbox — no account needed. Each lab runs entirely in your browser.

Certification Benefits

Salary Impact

$122,000
Average Salary

Related Job Roles

Azure Administrator Virtual Desktop Administrator Desktop Engineer Cloud Infrastructure Engineer

Industry Recognition

Microsoft Azure certifications are among the most valued in enterprise IT, with Microsoft holding the second-largest cloud market share globally and serving as the dominant platform in enterprise and hybrid cloud environments.

Scope

Included Topics

  • All domains and task statements in the Microsoft Azure Virtual Desktop Specialty (AZ-140) certification exam guide: Domain 1 Plan and Implement an Azure Virtual Desktop Infrastructure (25-30%), Domain 2 Plan and Implement Identity and Security (15-20%), Domain 3 Plan and Implement User Environments and Apps (20-25%), Domain 4 Monitor and Maintain an AVD Infrastructure (20-25%), and Domain 5 Plan and Implement AVD Client Connectivity (10-15%).
  • Specialty-level architecture decisions for Azure Virtual Desktop session host design, FSLogix profile management, host pool configuration, scaling plans, golden image management, identity integration with Microsoft Entra ID and AD DS, RBAC and conditional access policies, user environment optimization, app delivery via RemoteApp and MSIX app attach, monitoring with AVD Insights, disaster recovery planning, automation with ARM/Bicep templates and PowerShell, and client connectivity across Remote Desktop clients.
  • Scenario-driven architectural tradeoff analysis integrating session host sizing, network topology, user density, profile storage performance, security posture, cost optimization, and operational efficiency across Azure Virtual Desktop deployments.
  • Key Azure services for AVD specialty: Azure Virtual Desktop, Azure Virtual Machines, Azure Virtual Network, Azure Files, Azure NetApp Files, Azure Blob Storage, Azure Compute Gallery, Microsoft Entra ID, Active Directory Domain Services, Microsoft Entra Connect, Azure RBAC, Conditional Access, Microsoft Defender for Endpoint, Azure Monitor, Log Analytics, AVD Insights, Azure Automation, Azure Resource Manager, Bicep, Azure Key Vault, Azure Bastion, Azure Front Door, Azure Private Link, FSLogix, MSIX App Attach, Universal Print, and OneDrive for Business.

Not Covered

  • Low-level Windows Server administration, Group Policy authoring beyond AVD-specific policies, and detailed Active Directory schema management not required for AVD architecture decisions.
  • Deeply specialized Azure networking topics such as ExpressRoute circuit provisioning, Azure Firewall rule engine internals, and SD-WAN configuration that fall under the Azure Network Engineer Associate (AZ-700) certification.
  • General Azure administration tasks covered by the Azure Administrator Associate (AZ-104) exam that are not specific to Azure Virtual Desktop deployment and management.
  • Current Azure region-specific pricing, temporary promotional offers, and reserved instance price points that change frequently and are not stable for enduring architecture specifications.

Official Exam Page

Learn more at Microsoft Azure

Visit

Ready to master AZ-140?

Adaptive learning that maps your knowledge and closes your gaps.

Subscribe to Access

Trademark Notice

Microsoft and Azure are registered trademarks of Microsoft Corporation. Microsoft does not endorse this product.

AccelaStudy® and Renkara® are registered trademarks of Renkara Media Group, Inc. All third-party marks are the property of their respective owners and are used for nominative identification only.