Changelog
2025-03-10: Individual Virtual Machine deployments
We revamped the way we deploy resources to allow for more fault tolerance during exam deployments. We split our single deployment template into 2 templates:
- Main deployment template -> Handles the deployment of the peripheral resources, like the AVD Hostpool and the proxy servers.
- Individual VM deployment template -> Handles the deployment of each Virtual Machine individually
Before this change, a single vm deployment failure would cause the entire deployment to be considered a failure requiring the deployment to be restarted manually.
With this change, we are able to detect and handle failures per individual VM. The Exam Orchestrator automatically rotates failed VMs during deployment, resulting in a significantly higher success rate for large scale exam.
You will still only have to upload a single deployment template as you’re used to. The second embedded VM deployment template is linked in the main template. In order to use this feature you simply have to upgrade to the latest deployment template.
You can read more on the implementation on the Exam Orchestrator page:
Exam Orchestrator
2025-01-24: Abillity to connect exams to internal services
We updated both our avdcli and deployment template to allow customers to connect to internal services from within the
exam sessionhost VMs.
What does this mean ?
You can now build images with applications that require an internal connection like License Servers.
You can find a full guide on how to do so in the Internal Services section in the sidebar.
Update to the latest avdcli and deployment template to use this feature by following the Practical Image Building Guide:
Image Building Guide
2025-01-22: No more EntraID Groups
Up until now, Schoolyear AVD required extensive permissions in EntraId to manage groups and group members.
Schoolyear AVD created a user group for each exam and added the students as members.
EntraId has no option for scoping these permissions so Schoolyear AVD required
Group.Create, Group.ReadWrite.All and GroupMember.ReadWrite.All.
Some customers, rightfully, had doubts about giving an internal party these permissions,
and we didn’t like having such extensive permissions either.
We’re happy to announce Schoolyear AVD no longer requires these permissions to work. This change is available in production to all customers starting today.
Instead of creating a group, assigning roles to that group and then adding students to that group, the Exam Orchestrator will now add these roles directly to each individual student.
What changed
- The exam orchestrator now checks if your deployment template has a
groupIdparameter. If it does, it will create a group and add students to that group. If not, it will expect the newappGroupIdoutput parameters to be returned from the deployment template. Schoolyear AVD will add students to this AVD Application Group instead of adding them to an Entra Group. - The new deployment template will return this
appGroupIdinstead of having agroupIdparameter.
Because the Exam Orchestrator checks if your deployment template still has the groupId parameter,
this change is backwards compatible.
However, we do advise all customers to migrate to a newer version of the deployment template.
How to migrate?
-
Update all your deployment templates to the latest version. Perform the following steps for all your images:
- Run
avdcli image package. - Take the deployment template from the resulting
./outfolder. - Search-and-replace the parameters still left in the deployment template (see the quick-start guide).
- Create a new version in the Template Spec resource that belongs to this image.
- Reconfigure the AVD Add-on to use the new Template Spec version.
- Run
-
Remove the following permissions from the Schoolyear AVD App Registration:
Group.CreateGroup.ReadWrite.AllGroupMember.ReadWrite.All
-
Test if your new deployment templates work as expected and students are able to log into the exam environment.