I'm a Systems Engineer at a small to medium-sized company, and we are considering fully transitioning to the cloud to save on costs and move away from on-premises setups and Active Directory. We've got some traditional applications that still rely on a typical setup, which is pushing me toward using Entra-only sessions with Intune-managed Azure Virtual Desktop (AVD) hosts. These AVD hosts can scale down to zero when not in use, quickly booting up when someone logs in, which helps keep costs low.
Additionally, I've also set up Azure SQL databases with Entra ID authentication on serverless mode, allowing these databases to power down when inactive, so we're only paying for storage instead of compute resources for apps that aren't used frequently, like once a week.
For some continuous running needs, like an FTP server, I'm using Azure Container Apps with backend blob storage. This approach minimizes our use of virtual machines, leaving only the AVD session hosts in operation, which I can manage primarily through Intune.
I find this approach practical, but I've noticed there's not a lot of chatter about going this route. Are there others out there doing something similar with Entra-only AVD setups? What are your experiences?
4 Answers
Honestly, traditional on-prem setups still work really well for us. Our servers have warranties that last seven years, and we can serve up files like 700MB QuickBooks files faster than any cloud solution. We didn’t experience downtime during recent outages unlike the cloud setup, which was down for hours and more expensive.
We're still migrating some on-prem servers, and the process is complicated, especially in rural areas with multiple locations.
To cut costs even more, consider investing in VM reservations and going for Windows Server SQL subscriptions. Also, Azure File Storage supports FTP, which can be pricey, but you can automate it to turn on and off using a webhook and an Azure function, making it affordable for periodic backups.
We managed to run SFTPgo as a container app with blob storage, and it ended up being really budget-friendly!
We’re all about using Entra where possible; where we can’t, we just rely on Entra Domain Services.
When it comes to using Azure SQL, you should definitely check if the legacy applications can actually handle the Azure offerings. From my experience, some older apps have issues with Azure's PaaS services, like working with named pipes. But newer applications seem to handle it just fine.
True! We've faced similar issues with some legacy apps, but we found a way to secure the connection string—creating it dynamically as the app launches, then deleting it to keep things secure.
For those situations, I've had success with SQL Managed Instance; it usually plays well with older applications.
I totally get that! We had no issues during the recent outages as well. The Azure problems were mostly external services, not internal tools. Our SQL database and VM are shut down when not in use, keeping costs around $20 per month, including backups.