Azure Virtual Desktop for Berlin SMBs: When It Makes Sense and How to Set It Up

Azure Virtual Desktop (AVD) is Microsoft’s cloud-hosted desktop and app virtualisation service. Instead of running Windows on a physical laptop or desktop, users connect to a Windows session running in Microsoft’s Azure data centres — from any device, anywhere.

For Berlin SMBs, AVD solves some real operational problems. It also introduces costs and complexity that are not always worth it. This guide covers the honest tradeoffs.

What Azure Virtual Desktop actually is

AVD delivers a full Windows 11 desktop — or individual published apps — streamed to any device: Windows, Mac, iOS, Android, or a thin client. The operating system, applications, and data live in Azure, not on the endpoint. The endpoint becomes a display terminal.

Key components:

• Host pools. Virtual machines in Azure that run the Windows sessions. These can be pooled (multiple users share VMs from a pool) or personal (each user has a dedicated VM).
• Session hosts. The individual Azure VMs running Windows 10/11 Enterprise multi-session (a Microsoft variant that allows multiple concurrent users on a single VM, unavailable on standard Azure VMs).
• FSLogix profile containers. User profiles stored in Azure Files, so a user’s desktop, settings, and profile follow them across any VM in the pool.
• App Attach / MSIX App Attach. Application packages attached to sessions at runtime rather than installed on the base image — simplifying image management.

When AVD makes sense for a Berlin SMB

AVD is not the right answer for every business. The scenarios where it genuinely solves problems:

Remote and hybrid workforce with BYOD

If your team works from personal devices and you want to keep company data off those devices entirely, AVD achieves this cleanly. The session runs in Azure; nothing is stored locally. Conditional Access still controls who can connect. This is a meaningful security improvement over trying to manage Intune app protection policies on personal devices.

Branch offices or temporary staff

Setting up a new employee in a remote location — or bringing in a contractor — traditionally requires shipping hardware, imaging a laptop, and walking someone through setup. With AVD, you provision a new user account, assign them to the host pool, and they are working within minutes on whatever hardware is available.

Compliance-sensitive environments

For businesses that need to demonstrate that sensitive data never leaves a controlled environment — relevant for certain GDPR scenarios, financial services, and healthcare — AVD provides a clean boundary. Data stays in Azure (in the EU region you select); endpoints are just display terminals.

Legacy application compatibility

If you have a line-of-business application that only runs on Windows 10, or that has specific hardware dependencies that make it incompatible with modern endpoints, hosting it in AVD extends its life without maintaining aging physical hardware.

Cost-driven device refresh cycles

AVD can extend the useful life of existing hardware significantly. A laptop that is too slow to run modern Windows and applications locally can function perfectly as an AVD client. If you are facing a device refresh and the hardware is otherwise functional, this is worth evaluating.

When AVD does not make sense

AVD introduces complexity and cost that are not justified in every scenario:

• Teams and video calls are problematic. Video and audio in AVD require multimedia redirection (MMR) — without it, video calls run on the Azure VM rather than the local client, resulting in poor quality and high bandwidth consumption. MMR works on Windows clients; on Mac, iOS, and Android it is partial or absent. If your team lives in Teams calls, test this carefully before committing.
• High-performance graphics workloads. CAD, video editing, or design work requiring GPU performance is possible in AVD but expensive — GPU-enabled Azure VMs (NV-series) cost significantly more than standard compute VMs.
• Small, static teams on company-managed hardware. If you have 10 employees, all on company-managed laptops, all in one location, Intune and Microsoft 365 delivers the security and management you need without AVD’s infrastructure overhead.
• Poor or unreliable internet connectivity. AVD requires consistent internet. A 4-hour internet outage means your team cannot work. In a traditional endpoint setup, local applications keep running.

Licensing requirements

AVD licensing has improved significantly in recent years. The key requirement is a qualifying Microsoft 365 licence:

• Microsoft 365 Business Premium, E3, or E5 — all include AVD access rights
• Microsoft 365 F3 — also includes AVD rights

If your users already have Microsoft 365 Business Premium (which most Berlin SMBs should, given its security stack), AVD access rights are already included. You pay for Azure compute and storage, not additional per-user licensing.

Azure compute costs for AVD depend on VM size, usage hours, and storage. For a pooled deployment with 10 users, expect roughly €150–400/month in Azure costs depending on VM size and hours. This is on top of your Microsoft 365 subscription. Use the Azure Pricing Calculator with actual expected usage hours — if your team only works business hours, auto-scaling can significantly reduce costs by deallocating VMs outside working hours.

Architecture for a Berlin SMB deployment

Users (any device, any location)
         |
    [Azure AD / Entra ID — Conditional Access]
         |
    [AVD Gateway — Microsoft-managed]
         |
    [Host Pool — Azure VMs in West Europe region]
    [Session Hosts: Windows 11 Enterprise Multi-session]
         |
    [FSLogix Profiles — Azure Files share]
    [App Attach — Azure Files / Blob Storage]
         |
    [Microsoft 365 tenant — Exchange, SharePoint, Teams]
    [On-premises resources — via Azure VNet peering or ExpressRoute if needed]

For most SMBs, the deployment stays entirely in Azure with no on-premises component. Users connect via the AVD web client or the Windows/Mac AVD app. FSLogix profiles live in an Azure Files share (Premium tier recommended for performance). DNS and identity are managed through Entra ID with no requirement for on-premises Active Directory in a cloud-only or Entra-joined deployment.

Key configuration decisions

Pooled vs. personal host pools. Pooled pools share VMs across users (cost-efficient, requires consistent user workloads). Personal pools give each user a dedicated VM (better for power users, higher cost). Most SMBs start with pooled.

Entra-joined vs. hybrid-joined session hosts. For businesses with no on-premises Active Directory, Entra-joined session hosts (pure cloud identity) are simpler to manage and eliminate the need for a domain controller. For businesses with on-premises AD, hybrid join maintains compatibility with existing Group Policy and on-premises resources.

Image management. Use Azure Compute Gallery to store and version your session host images. Build a custom image with your line-of-business apps baked in — this significantly improves session start times versus installing apps at session launch.

Auto-scaling. Configure scaling plans to deallocate VMs outside business hours. This is the single largest AVD cost reduction lever for SMBs with predictable working patterns.

Microsoft 365 integration

OneDrive and SharePoint work natively in AVD sessions. Configure OneDrive Known Folder Move in the session host image so user documents sync automatically. Teams multimedia redirection (for Windows clients) enables acceptable video call quality — ensure the Teams client in the AVD session is updated to the current version, as MMR requires recent client versions on both ends.

Microsoft 365 apps are installed per-machine in AVD deployments (not per-user as on traditional endpoints) — use the Microsoft 365 Apps for Enterprise deployment configuration for AVD, which handles the per-machine activation model correctly.

Is AVD right for your business?

AVD makes most sense for Berlin SMBs with significant remote or hybrid workforces, BYOD requirements, compliance-sensitive data handling, or specific legacy application constraints. It is not a universal upgrade — for a fully in-office team on company-managed hardware, Intune and Microsoft 365 is simpler and cheaper.

If you are evaluating AVD, the most important step is a realistic assessment of your current endpoint environment and usage patterns before committing to the infrastructure. Our free IT assessment covers your Microsoft 365 configuration and current endpoint management setup, which forms the foundation for any AVD migration decision.