When we first spoke to this client, their IT setup looked like a lot of UAE businesses we meet: offices in three emirates, a mix of company and personal laptops, a VPN that worked most of the time, and an IT manager who spent more time troubleshooting than planning.
They weren't behind the times by accident. They had grown fast. New offices, new hires, new compliance requirements — the infrastructure just hadn't kept pace.
We proposed Azure Virtual Desktop (AVD). Here's exactly what we did and what changed.
The situation before
The company had around 60 users spread across offices in Dubai, Abu Dhabi, and Sharjah, with a small number working remotely. Their setup included a mix of Windows 10 laptops — some company-issued, some personal — all connecting to on-premises servers via a site-to-site VPN.
The pain points were real:
- Inconsistent environments: each office had slightly different software versions, drive mappings, and printer configs
- BYOD risk: personal devices were accessing corporate data with no Mobile Device Management (MDM) in place
- Hardware refresh cost: they were looking at replacing 25–30 laptops within 12 months at a cost of AED 250,000+
- Compliance gap: no centralised session logging, no MFA enforcement, and no audit trail for data access
The IT manager described it plainly:
"We know something will go wrong. We just don't know when."
What we built
We designed and deployed an Azure Virtual Desktop environment on Microsoft Azure's UAE North region (Dubai), giving the team full data residency within the UAE — an important requirement for their industry.
The architecture included:
Windows 11 multi-session VMs sized to match user workload profiles (light users on D2s_v5, power users on D4s_v5). Hosts are pooled for standard staff and personal for finance and executive users who need a persistent desktop.
User profiles stored in Azure Files shares and loaded at login via FSLogix. Any user can log into any session host and get their exact desktop — same wallpaper, same pinned apps, same recent files.
MFA enforced for all AVD sign-ins. Conditional Access policies block access from non-compliant devices and outside of approved countries. Sign-in risk policies flag anomalous logins automatically.
Deployed to enforce device compliance even on personal (BYOD) devices. Users enrol once; Intune checks for OS patch level, disk encryption, and antivirus status before granting access.
Running on all session hosts with centralised alerting into Microsoft Sentinel for the client's IT team.
Daily snapshots of FSLogix profile containers with 30-day retention.
The entire deployment — from kickoff to all 60 users live — took 19 working days.
The results (6 months post go-live)
The planned laptop refresh was cancelled. Users access AVD from existing devices. Endpoint hardware spend is down 42% year-on-year.
Zero unplanned downtime caused by device failure. Previously, a broken laptop meant a user was offline for hours or days waiting for a replacement or repair.
The client passed their first internal IT audit post-deployment with no findings related to access control or data governance — a first.
New joiners are set up in under 2 hours. IT provisions an Entra ID account, assigns the user to an AVD application group, and the employee logs in from day one. No laptop imaging, no VPN config, no waiting for hardware.
Three months in, Defender flagged a credential stuffing attempt against one user account. Conditional Access blocked the session. The old setup would not have caught it.
Is AVD right for your business?
AVD works best when you have:
- ✓ A distributed workforce across multiple locations or working remotely
- ✓ Mixed device environments (company and personal)
- ✓ A Microsoft 365 or Azure footprint already in place
- ✓ Compliance or data residency requirements (UAE, KSA, GCC)
- ✓ A hardware refresh cycle coming up that you'd rather avoid
It is not a fit for every scenario — CPU-intensive workloads like CAD or video editing need careful sizing, and organisations with no existing Azure footprint need to factor in migration time.
If this sounds like your situation, we're happy to walk through an AVD assessment and TCO comparison specific to your environment.