Search Pass4Sure

azure-guides

AZ-140 Azure Virtual Desktop Study Guide

Complete AZ-140 Azure Virtual Desktop study guide covering host pool design, FSLogix profiles, networking, security, and monitoring for the AVD specialist exam.

·Published March 9, 2026 ·Editorial standards
8 min read·1188 views
AZ-140 Azure Virtual Desktop Study Guide

What does the AZ-140 exam test?

The AZ-140 Configuring and Operating Microsoft Azure Virtual Desktop exam tests skills in planning, implementing, managing, and monitoring Azure Virtual Desktop environments. It covers host pool configuration, user profiles with FSLogix, networking, security, and performance optimization. The exam costs $165 USD and is aimed at administrators with Azure infrastructure and VDI experience.

The AZ-140 Configuring and Operating Microsoft Azure Virtual Desktop certification validates expertise in deploying and managing Azure Virtual Desktop (AVD), Microsoft's cloud-based desktop and app virtualization service. AVD enables organizations to deliver Windows desktops and applications from Azure to any device, replacing or extending traditional on-premises VDI infrastructure.

With the continued growth of remote work and organizations migrating on-premises infrastructure to Azure, AVD specialists are in high demand. Professionals with AZ-140 certification report salaries ranging from $90,000 to $125,000 in the United States. The exam costs $165 USD and requires a passing score of 700 out of 1000.

Exam Overview

Detail Information
Exam Code AZ-140
Full Name Configuring and Operating Microsoft Azure Virtual Desktop
Number of Questions 40-60
Time Limit 120 minutes
Passing Score 700/1000
Cost $165 USD
Prerequisites AZ-104 knowledge strongly recommended
Renewal Every 12 months via free online assessment

The exam covers five domains:

  1. Plan an Azure Virtual Desktop architecture (10-15%)
  2. Implement an Azure Virtual Desktop infrastructure (25-30%)
  3. Manage access and security (10-15%)
  4. Manage user environments and apps (20-25%)
  5. Monitor and maintain an Azure Virtual Desktop infrastructure (20-25%)

"AZ-140 candidates who underestimate FSLogix profile management typically fail. FSLogix profile containers, ODFC containers, and cloud cache configuration are tested extensively because user profile management is the most common source of AVD performance and reliability issues in production environments." -- AVD specialist community guidance

Domain 1: Plan an Azure Virtual Desktop Architecture (10-15%)

AVD Architecture Components

Azure Virtual Desktop consists of several core components:

  • Host pools: Collections of Azure VMs (session hosts) that deliver desktops or applications
  • Session hosts: The Azure VMs on which users run their sessions
  • Application groups: Logical groupings of applications published from a host pool (Desktop application group or RemoteApp application group)
  • Workspaces: Logical groupings of application groups that users see in the AVD client
  • User assignments: Assigning users or Azure AD groups to application groups to control access

Sizing and Capacity Planning

Host pool sizing depends on workload type:

Workload Type User Density (vCPUs per User) Examples
Light 6 vCPUs per user Task workers, data entry
Medium 4 vCPUs per user Office productivity, line-of-business apps
Heavy 2-3 vCPUs per user Developers, CAD, rendering
Power 1 vCPU per user Data scientists, GPU workloads

Pooled vs. Personal Host Pools

  • Pooled host pools: Users connect to any available session host. Multiple users share sessions on the same VM (multi-session Windows). Most cost-efficient for knowledge workers.
  • Personal host pools: Each user is assigned a dedicated VM. Required for specialized software, personalized configurations, or compliance requirements.

Domain 2: Implement an AVD Infrastructure (25-30%)

Creating Host Pools

Host pools are created via the Azure portal, ARM templates, Bicep, or PowerShell. Key configuration decisions:

  • VM size: Based on workload type and user density calculations
  • OS image: Windows 11 Enterprise multi-session with Microsoft 365 Apps is the most common choice for pooled environments
  • Availability: Availability zones or availability sets for session host high availability
  • Domain join: Azure AD join (modern) or traditional AD domain join (legacy, requires line-of-sight to domain controller)

Session Host Registration

Session hosts automatically register with the host pool using a registration token. The AVD agent is installed during provisioning and communicates with the AVD control plane.

Networking for AVD

  • Host pools connect through a VNet that must have line-of-sight to the identity provider (Azure AD or AD DS)
  • For AD DS domain join, the VNet must be able to reach domain controllers (on-premises via ExpressRoute/VPN or Azure AD DS in Azure)
  • Azure Private Link can be used to keep AVD gateway traffic on the Microsoft backbone
  • RDP Shortpath enables direct UDP connectivity between clients and session hosts, reducing latency compared to the default TCP reverse connect through the gateway

Domain 3: Manage Access and Security (10-15%)

RBAC for Azure Virtual Desktop

AVD uses Azure RBAC with specific built-in roles:

  • Desktop Virtualization User: Can connect to application groups (required for all users)
  • Desktop Virtualization Contributor: Can manage all AVD components except RBAC assignments
  • Desktop Virtualization Session Host Operator: Can manage session hosts but not users or application groups
  • Desktop Virtualization Host Pool Contributor: Can manage host pool properties

Conditional Access for AVD

Conditional Access policies can require:

  • MFA for all AVD connections
  • Compliant device requirement (Intune compliance)
  • Specific locations or network conditions
  • Session risk evaluation

Trusted Launch and Security Features

Modern AVD deployments use security-hardened VM configurations:

  • Trusted Launch: Enables Secure Boot, vTPM, and integrity monitoring
  • Microsoft Defender for Endpoint: Endpoint detection and response for session hosts
  • Azure Monitor: Log collection and security monitoring

Domain 4: Manage User Environments and Apps (20-25%)

FSLogix Profile Containers

FSLogix is the user profile management solution for AVD. It stores user profiles in VHD/VHDX files on network storage (Azure Files or Azure NetApp Files), allowing roaming profiles that follow users across session hosts.

Key FSLogix configurations:

  • Profile Container: Stores the full user profile (AppData, registry, etc.)
  • ODFC Container (Office Data and Feature Capture): Stores only Office-related data (Outlook OST, OneDrive, Teams cache) separately from the main profile
  • Cloud Cache: Writes profile data to multiple storage locations simultaneously for high availability
  • VHD location: Azure Files SMB share is the most common storage target; Azure NetApp Files for high-performance requirements

Azure Files for FSLogix

Configuring Azure Files as the FSLogix storage target:

  • Create a storage account with Azure Files enabled
  • Configure Azure AD authentication or AD DS authentication for the file share
  • Set NTFS permissions using icacls or PowerShell to give users access to the profile share
  • Configure FSLogix registry keys via GPO or Intune

"Azure Files NTFS permissions for FSLogix is one of the most commonly failed exam topics because it requires understanding both the Azure RBAC layer and the NTFS permission layer. Azure RBAC controls who can access the storage account API; NTFS permissions control what users can do within the file share. Both must be configured correctly for FSLogix to function." -- AZ-140 exam prep community

MSIX App Attach

MSIX App Attach delivers applications to AVD session hosts dynamically without installing them in the base OS image:

  • Applications packaged as MSIX packages are stored in VHD files on an Azure Files share
  • The AVD agent mounts the package VHD to session hosts when needed
  • Applications appear installed to users but are not written to the session host OS disk
  • Simplifies image management by separating application management from OS image management

Domain 5: Monitor and Maintain an AVD Infrastructure (20-25%)

Azure Monitor for AVD

Azure Virtual Desktop Insights provides a pre-built Azure Monitor workbook showing:

  • Session host health and availability
  • Connection reliability metrics (connection success rate, time-to-connect)
  • User experience metrics (input delay, frame rate)
  • Host pool capacity and utilization

Performance Monitoring

Key performance metrics for AVD session hosts:

Metric Alert Threshold Implication
CPU utilization >85% sustained Session hosts overloaded; add capacity
Available memory <200 MB Memory pressure; increase VM size
User Input Delay >200 ms Poor user experience; investigate OS or app issue
GPU utilization >85% GPU workloads need more capacity

Host Pool Autoscaling

Autoscale automatically starts and stops session hosts based on a schedule or demand, reducing costs during off-hours. Configuration includes:

  • Scaling plan with schedules (peak hours, off-peak hours, weekends)
  • Ramp-up, peak, ramp-down, and off-peak phases with different capacity settings
  • Drain mode (allowing existing sessions to complete before stopping a host)

Frequently Asked Questions

What background is needed for AZ-140? AZ-140 is best suited for candidates with Azure infrastructure administration experience (AZ-104 level) and familiarity with Windows server environments and Active Directory. Prior virtual desktop infrastructure (VDI) experience with Citrix or VMware Horizon is helpful but not required. Expect to spend significant time in a lab environment practicing host pool creation, FSLogix configuration, and networking setup.

How is AZ-140 different from managing traditional on-premises VDI? Azure Virtual Desktop offloads the management of the control plane (brokering, gateway, web access) to Microsoft. Administrators focus on session host management, profile storage (FSLogix), application delivery, and user experience optimization. The core networking and identity concepts are the same as on-premises VDI, but the implementation uses Azure services rather than specialized VDI appliances.

Does Microsoft update AVD and the AZ-140 exam frequently? Yes, Microsoft frequently updates Azure Virtual Desktop with new features, and the AZ-140 exam objectives are updated accordingly. Check the official Microsoft exam page for the current study guide before beginning preparation. Topics like Windows 365 Cloud PC, MSIX App Attach, and RDP Shortpath were all added to the exam after its initial release.

References

  1. Microsoft. (2025). Exam AZ-140: Configuring and Operating Microsoft Azure Virtual Desktop. https://learn.microsoft.com/en-us/credentials/certifications/exams/az-140/
  2. Microsoft. (2025). Azure Virtual Desktop Documentation. https://learn.microsoft.com/en-us/azure/virtual-desktop/
  3. Microsoft. (2025). FSLogix Documentation. https://learn.microsoft.com/en-us/fslogix/
  4. Microsoft. (2025). Azure Virtual Desktop Autoscale. https://learn.microsoft.com/en-us/azure/virtual-desktop/autoscale-scaling-plan
  5. Neff, N. (2024). Mastering Azure Virtual Desktop. Packt Publishing.
  6. Microsoft. (2025). Azure Monitor for Azure Virtual Desktop. https://learn.microsoft.com/en-us/azure/virtual-desktop/azure-monitor

Tags

AZ-140 Azure Virtual Desktop FSLogix

Share this article

Continue Reading