Updating a Golden Master VM from Windows 10 multi-user to Windows 11 multi-user
The Golden-Master approach is a common way to deploy applications and desktops as session hosts in Azure Virtual Desktop. The approach is very simple, and the rollout of new session hosts is very fast - while applications are installed and the host configured. Using PowerShell, WVDAdmin, or Hydra simplifies the process while the original Golden Master VM survives and can be updated with OS and application updates over time.
The process looks like this: - Installing the Golden Master VM in Azure with Windows multi-user - Running Windows Update - Installing the applications - Configuring the VM - Grabbing an image with PowerShell, WVDAdmin, Hydra, etc., without destroying the Golden Master VM - Using the image to deploy multiple session hosts
It is a very easy approach, and often, the applications and the configuration of the master are done with a software deployment solution (like Intune, ECM). But there are also deployments where the master was customized manually, including the configuration and applications. In this case, changing the underlying OS can be a challenge.
Windows 10 multi-user
There are a lot of manual customized Golden Masters with Windows 10 multi-user. Unfortunately, Windows Update mostly does not offer an in-place-upgrade to Windows 11 multi-user. Even the following approaches are not working for Windows 10 multi-user: - Downloading Windows 11 and trying to upgrade the VM -> Doesn't work, while the ISO files of Windows 11 are not multi-user - Forcing Windows Update to install Windows 11 -> That is mostly not enough (see below)
Preparing your VM
To update to Windows 11 multi-user, your VM must have trusted launch-, secure boot-enabled, and a vTPM.
You can do this in the following ways: - Your VM is Generation V1: - Creating a Windows Azure VM Generation V2 from a V1 VM - Your VM is Generation V2 without a trusted launch-enabled security type: - Updating or cloning a Azure VM with standard security to trusted launch with secure boot and vTPM or - Creating a Windows Azure VM Generation V2 from a V1 VM
Forcing Windows Update
You can force Windows Update to show Windows 11 as an option. - Log in to the new Golden Master - Modify the local policy to force Windows Update to install Windows 11 22h2: Local Computer Policy\Computer Configuration\Administrative Templates\Windows Components\Windows Update\Windows Updates for Business\Select the target Feature Update version - Run Windows Update - Update to Windows 11 - Reboot - Remove the local policy entries - Your Golden Master is ready and converted from Windows 10 to 11 multi-user
If you got the following error message: The PC must support TPM 2.0., you have forgotten to migrate your VM to a V2 Generation with trusted lauch-enabled.