AVD

From Terminal Servers to Azure

menahem suissa

menahem suissa

9 min read
Share
From Terminal Servers to Azure
Home / Insights / AVD Architecture
Field Architecture · AVD vs RDS

What changed when I stopped managing servers — and started designing platforms.

A field-based reflection on Remote Desktop Services, Azure Virtual Desktop, Intune, licensing, operations, and the architectural shift from keeping systems alive to designing better user experiences.

By Menahem Suissa Modern Endpoint Architect Published: February 2026

I'm not writing this as a cloud evangelist.

I'm writing this as someone who managed real RDS farms. Someone who renewed certificates at midnight. Someone who maintained a licensing server. Someone who pushed Patch Tuesday updates and hoped nothing would break the next morning.

This is not theory.

This is field experience.

Life with RDS — the part no one puts in the slide deck

On paper, Remote Desktop Services looked solid. In reality, the architecture looked different.

On paper

  • Centralized management
  • High availability
  • Session collections
  • Gateway access

In reality

  • Session Hosts
  • Connection Broker
  • RD Gateway
  • Licensing Server
  • Windows Server CALs
  • RDS CALs
  • Certificate renewals
  • GPO conflicts
  • CPU spikes
  • Profile corruption
  • Session overload

Every new employee required manual steps. Every infrastructure change carried risk. Every expansion required hardware planning.

And the most common user question?

“Why doesn't this feel like my computer?”

Because it wasn't. It was a shared server.

The cost no one calculates properly

RDS is rarely just “a server.” You need:

  • Windows Server CALs
  • RDS CALs — Per User or Per Device
  • A Licensing Server
  • Ongoing compliance tracking
  • Version compatibility validation

Then add:

  • Virtual machines or physical hosts
  • Storage
  • Backup
  • Disaster recovery
  • Hardware refresh cycles
  • Operational overhead

The real cost was never just licensing. It was operational fatigue. It was reactive work. It was burnout.

Then Azure Virtual Desktop changed the conversation

The first time I deployed an Azure Virtual Desktop host pool and realized I no longer had to maintain a broker — that was the shift.

  • No RD Gateway to manage
  • No inbound firewall exposure
  • No licensing server
  • No RDS CAL tracking

Microsoft manages the control plane. We manage the workload.

That is not a feature improvement. It is a structural difference.

The licensing reality most organizations overlook

Most modern organizations already run Microsoft 365 Business Premium, E3, or E5.

With eligible licensing, AVD access rights are included.

  • No separate RDS CAL procurement
  • No per-device licensing complexity
  • No scaling procurement cycle

You pay for compute and storage. That simplifies budgeting, scaling, and governance.

The real breakthrough: AVD + Intune

This is where it stops being “VDI” and becomes modern endpoint architecture.

With AVD integrated into Intune:

  • Win32 app deployment becomes structured
  • Update rings are controlled
  • Compliance policies are enforced
  • Defender integrates natively
  • Device governance becomes identity-driven

Move further: MSIX App Attach.

Separate applications from the golden image. Reduce image bloat. Accelerate change. Lower operational risk.

In the RDS world, application deployment meant logging into production servers. Manually. Every time.

Security: network-based vs identity-based

RDS model

  • VPN
  • Firewall rules
  • Network segmentation

Question: What port is open?

AVD model

  • Conditional Access
  • MFA enforcement
  • Device compliance
  • Zero Trust principles

Question: Who is accessing, from what device, under what conditions?

That is architectural maturity.

Operationally, everything changes

RDS era

  • Resetting sessions
  • Troubleshooting brokers
  • Renewing certificates
  • Debugging licensing

AVD era

  • Architecture
  • Automation
  • Cost optimization
  • Scaling strategy
  • Security posture

That is the difference between surviving and leading.

When RDS still makes sense

To be fair: RDS remains relevant when:

  • Cloud connectivity is not permitted
  • Regulations prohibit cloud services
  • Infrastructure must remain isolated
  • Microsoft 365 licensing is absent

But in most modern organizations, AVD aligns better with how identity, security, and device management have evolved.

The personal shift

Before

  • I sent users a server address
  • I explained how to launch mstsc
  • I warned them not to log off incorrectly
  • I hoped performance would hold

Today

  • They sign in with their organizational identity
  • They open their workspace
  • They click
  • They work
  • They don't even realize they are on a session host

And that is the point.

Lessons from the field

RDS taught me how to keep systems alive.

AVD allowed me to design systems properly.

RDS forced reactive infrastructure management.

AVD enabled strategic platform engineering.

The difference is not only technical. It is philosophical.

It is the difference between managing servers and designing experiences.

The technology is powerful. But what matters is the mindset: stop asking “How do we manage this?” and start asking “How do we design this?”

Menahem Suissa
Modern Endpoint Architect
Founder, Modern Endpoint Journal
Published: February 2026

Read more