Service controls
This table provides an overview of all the service controls required to maintain a Schoolyear AVD implementation. The service controls aim to be a complete list definining everything required to run and sustain the AVD service in production in a secure, stable and repeatable way. In addition to the code and title, it lists three Triggers. They describe when a control should be evaluated or acted upon.
-
Initial: You have to act on this control when performing the initial implementation.
-
Periodically: We advise acting on this control with at least the noted frequency in months.
-
Event: Act on this control in case of the specified event.
Each control is described in detail further down on this page.
| Code | Title | Initial | Periodically | Event |
|---|---|---|---|---|
| A | Infrastructure | |||
| A.1 | Maintain prerequisites | X | 12 | Personnel/Microsoft/Azure changes |
| A.2 | Maintain AVD admin access for service team | X | Personnel changes | |
| A.3 | Install or update to the most recent major version | X | 12 | |
| A.4 | Update to the most recent minor version | 3 | Emergency patch | |
| A.5 | Rotate App Registration secret | 6 | Secret revocation | |
| A.6 | Maintain the wildcard certificate | X | * | Certificate revocation |
| A.7 | Maintain DNS delegation | X | DNS server or resolver changes | |
| A.8 | Maintain reservation time clearance | X | 6 | |
| A.9 | Maintain license server connections | X | License server or network changes | |
| A.10 | Clean up temporary devices | 3 | Reaching Entra’s object quota | |
| B | Images | |||
| B.1 | Implement & maintain images | X | 12 | New education requirements |
| B.2 | OS patches | 6 | Emergency patch | |
| B.3 | Software patches | 6 | Emergency patch | |
| C | Incident support | |||
| C.1 | Maintain a service team | X | 12 | Personnel changes |
| C.2 | Maintain an on-call schedule for incident response | X | 12 | Personnel changes |
| C.3 | Maintain a support rotation for key user support | X | 12 | Personnel changes |
* The frequency of certificate renewal depends on the lifetime of the certificates you use. Most commercial providers offer yearly certificates by default, whereas popular automated services require only monitoring for automation failures.
A: Infrastructure
Section titled “A: Infrastructure”A.1 Maintain prerequisites
Section titled “A.1 Maintain prerequisites”You need to make sure you keep all your Prerequisites for the service. These include third-party licenses, accounts and configurations that Schoolyear does not provide. If one of these prerequisites is no longer available, your service may become unavailable.
We recommend revisiting the list of prerequisites at least once a year and whenever the suppliers of the prerequisites make a relevant change.
If you are using Schoolyear AVD on ChromeOS devices, you have to make sure the network these ChromeOS are on remains isolated. Furthermore, if the public IP addresses of this network change, you have to update the configuration in the AVD add-on. This prerequisite is mentioned separately because it is not immediately obvious when the network is no longer isolated, while the security impact is large.
A.2 Maintain AVD admin access for the service team
Section titled “A.2 Maintain AVD admin access for the service team”The members of your service team need AVD admin access to Schoolyear to do their job.
- If a member of the service team leaves the role: remove the user from Schoolyear or remove the admin rights.
- If a new member joins the service team: grant the user AVD admin rights by contacting Schoolyear support @ support@schoolyear.com .
A.3 Install or update to the most recent major version
Section titled “A.3 Install or update to the most recent major version”The installation was performed during the implementation, so this control is mostly about performing major version updates. What makes a major update “major” is that it requires an impactful change or action by the service team. How much time is required to perform this update depends on your organization and the update.
As by our Versioning policy, major versions are supported for at least one year. But once that year has passed, it loses support 12 months after a new major version is introduced. Therefore, we recommend performing a major version update at least once a year.
You may decide to perform a major update sooner if it includes a feature or fix desired by your users.
A.4 Update to the most recent minor version
Section titled “A.4 Update to the most recent minor version”We recommend reserving some time every 3 months to keep up with minor version updates when available. Minor versions require a small change or action in your Azure infrastructure and are supported for 6 months. That means that when a new minor version is released, your current version loses support in 6 months.
A.5 Rotate App Registration secret
Section titled “A.5 Rotate App Registration secret”The App Registration created during the implementation has an API secret. We recommend rotating this secret every 6 months, but your policy may be more or less strict. If you want to follow a different cadence, adjust the expiration date of the secret accordingly.
To rotate the App Registration secret, follow the Rotate Secrets guide.
A.6 Maintain the wildcard certificate
Section titled “A.6 Maintain the wildcard certificate”The wildcard certificate you imported during the implementation expires at some point, like all certificates do. How often this certificate expires is different for every certificate supplier. Check what the expiration is for your certificates and adjust the frequency for this control accordingly.
To rotate the certificate, follow the Rotate Secrets guide.
A.7 Maintain DNS delegation
Section titled “A.7 Maintain DNS delegation”You need to make sure that the DNS delegation you configured during the implementation remains active and available. That means that when the DNS server changes, this configuration needs to be carried over, and that you need to keep the DNS server online.
You probably have bigger problems if your DNS server goes offline, so if that is the reason you are reading this right now, please visit this website for help.
A.8 Maintain reservation time clearance
Section titled “A.8 Maintain reservation time clearance”In the AVD add-on you can configure per App how much time in advance
the deployment job starts (reservation time). The configurable deployment
time and configurable buffer window combined is the reservation time of an app.
It is important this duration is long enough for the deployment to finish, but more importantly,
enough for the service team to respond to any failures that may occur.
Reservation time:
gantt
dateFormat HH:mm
axisFormat %H:%M
todayMarker off
tickInterval 60minute
section Deployment Time
Deployment time :a1, 05:30, 1h
section Buffer Window
Buffer window :a2, after a1, 2.5h
section Exam
Exam Start :milestone, a3, 09:00, 0h
The reservation time configured initially may have been appropriate at that time. However, this may change over time. Perhaps, your service team may now need more time or less time to respond to incidents, or deployments are taking longer to finish due to capacity constraints in your Azure region.
We recommend revisiting these configurations every 6 months based on your experience and historical deployment times.
A.9 Maintain license server connections
Section titled “A.9 Maintain license server connections”If you have Apps that depend on local license server connections, you need to make sure these servers and their peering remain available.
In practice, these servers may not be your responsibility, so it is important to maintain contact with those who are responsible to ensure their continued reachability.
A.10 Clean up temporary resources
Section titled “A.10 Clean up temporary resources”Schoolyear AVD creates new resources for each exam for which it is enabled. These resources are deleted automatically after the exam.
However, there are a few types of resources that cannot be deleted by Schoolyear AVD or sometimes fail to delete. Therefore, we recommend cleaning up these resources every 3 months.
For instructions on how to clean up these resources, see the Clean up resources guide.
B: Images
Section titled “B: Images”B.1 Implement & maintain images
Section titled “B.1 Implement & maintain images”The service team needs to implement and maintain the images used for Schoolyear AVD. There may be new applications that need to be packaged, new libraries that need to be included or versions that need changing.
We recommend reaching out to the users at least once per academic year to gather any change in the applications needed during exams. Additionally, as the usage of the service grows, new applications may be required throughout the academic year.
B.2 OS Patches
Section titled “B.2 OS Patches”The OS included in the images does not update automatically. We recommend triggering a rebuild for all your images at least every 6 months to update the OS, and whenever there is an applicable security patch released for the OS version.
You can trigger a rebuild of the images by rerunning the avdcli commands that were originally used to start the image build.
An easier option is to simply restart the existing Image Templates if you didn’t delete them yet.
You should be able to find them in the Azure Portal
B.3 Software patches
Section titled “B.3 Software patches”Just like the OS in the image does not update automatically, the software installed on the OS does not either. This is by design, to make sure the exam experience for students is stable, but it does require periodic rebuilds.
We recommend triggering a rebuild for all your images at least every 6 months, and whenever there is an applicable security patch released for one of the applications installed on an image.
You can trigger a rebuild of the images by rerunning the avdcli commands that were originally used to start the image build.
C: Incident response
Section titled “C: Incident response”C.1 Maintain a service team
Section titled “C.1 Maintain a service team”You need to maintain a service team for Schoolyear AVD to make sure the service remains available to your users. In case of personnel changes, you need to ensure the service team remains effective.
Furthermore, we recommend evaluating the service team once a year. Is your team effective, and does your service meet the expectations of your users?
C.2 Maintain an on-call schedule for incident response
Section titled “C.2 Maintain an on-call schedule for incident response”The service team must maintain an on-call rotation to respond to incidents that impact the service. Because exams are time-sensitive, any incident must be acted on within 30 minutes by the on-call service team member.
Incident response may be required in the following cases:
- A key user reports a service issue.
- The Schoolyear application generates an automatic incident alert.
To meet this requirement:
- Maintain an on-call schedule that guarantees at least one service team member is reachable while the service needs to be operational. This includes the deployment and deletion time before and after the end-user availability window. The key users of the service should define when the service needs to be available.
- Monitor for alerts from Schoolyear. Ensure the on‑call person receives these alerts.
- Publish a single, reliable contact method for on-call (e.g., phone number, Microsoft Teams channel, or email) and share it with key users.
- Document an escalation path and designate backups for when the primary on-call is unavailable.
Prepare concise runbooks for common incidents, such as:
- Failed exam deployment (e.g., an expired secret preventing Schoolyear AVD from deploying resources).
- Failed exam cleanup (e.g., authorization issues preventing full removal of resources).
- Issues during exams (e.g., session hosts crashing or becoming unresponsive).
After personnel changes, verify that on-call coverage still meets the requirements of educational departments. Review and improve the on-call process at least annually and after any significant incident (post-incident review).
C.3 Maintain a support rotation for key user support
Section titled “C.3 Maintain a support rotation for key user support”The service team needs to provide support to the key users of the service. The key users are typically 3–5 people closely connected to the education department who provide functional support to the broader user base.
Provide a clear support channel for these key users and target a response within 2 business days. This support requires knowledge of your specific AVD implementation and should therefore be provided by the service team itself.
Common topics in this support channel include:
- Configuration change requests (e.g., image updates, maximum exam duration adjustments, new application additions).
- Quota increase requests due to growing service utilization.
To reliably meet the response target:
- Maintain a rotation schedule (with a backup) and publish how to contact the current on-duty person (e.g., Teams channel or shared mailbox).
- Track requests in a ticketing system for traceability and handovers.
- Maintain a lightweight knowledge base/FAQ for recurring questions and decisions.
In case of personnel changes, ensure coverage and knowledge transfer remain intact and continue to meet education department requirements. Review this process at least annually and adjust the rotation or support channels as needed to improve responsiveness and clarity.