Prerequisites

Before you start with this Quick-Start guide, you should check if you meet all prerequisites. Some are easy to meet and simple to check, while others are more involved.

Azure Owner access

In this guide you will take some steps that usually require Owner rights in your Azure tenant. You will have to grant privileged roles and new App Registrations. You probably already know if you meet this prerequisite, but if not, contact your Azure Tenant administrator.

A clean Subscription

In the course of this guide, you will deploy many types of resources and configure authorization controls. We strongly recommend to setup a new Application Landing Zone in your Azure tenant, to prevent colliding with policies already setup in your default Landing Zone.

Schoolyear does not provide support on handling or working with custom policies in your Azure tenant or when deploying in a non-clean Subscription or Landing Zone.

In the Subscription, the following resource providers must be registered:

• Microsoft.VirtualMachineImages
• Microsoft.Storage
• Microsoft.Compute
• Microsoft.KeyVault
• Microsoft.ContainerInstance

You can confirm this by:

• Going to “Subscriptions”
• Select the correct Subscription
• Settings > Resource Providers

Note

The rest of this guide assumes you are working in this Subscription

Azure CLI

You must have the Azure CLI installed locally and be logged in (az login). Follow the Get Start guide if you have not.

Microsoft 365 license

To use Azure Virtual Desktop, you usually need a Microsoft 365 license that includes Windows virtualization rights and Office 365.

For most educational institutes you will need an A3 or A5 license.

Dynamic Group

To set up Schoolyear AVD, you need to create a Dynamic Group in Entra ID. This requires either a Microsoft Entra ID P1 license or an Intune for Education license. For more information, see https://learn.microsoft.com/en-us/entra/identity/users/groups-dynamic-membership.

Schoolyear Admin rights

You will need to install the Schoolyear AVD add-on in the admin dashboard of Schoolyear. You can ask an existing Schoolyear admin to grant you this role.

(Sub)domain

For each exam, one or multiple proxy servers will be deployed. These proxy servers need a DNS entry and an HTTPS certificate.

This guide will walk you through requesting a wildcard certificate from Let’s Encrypt, but you can use your own certificate provider as well.

The proxy servers can be hosted on any subdomain of your organisation. However, some organisations have a policy against wildcard certificates on their primary domain. In such a case, you can purchase a separate domain name and use that instead.

Git

This assumed you have Git installed on your local machine. If you don’t, you can install it here.