As I couldn’t find anyone who had written about adding a RemoteApp to a Windows Virtual Desktop hostpool (existing) in an existing Workspace, I figured I’d share my template.
It automatically creates an application group if it doesn’t exist yet
It takes into account existing applications if the application group already exists
The group has to be a remoteapp group, not a desktop group
This template is idempotent
This template can authorize any existing principal you specify
It creates 1 or more remoteapps in the group specified
It automatically manages the link to an existing hostpool/workspace
With the recent Exchange vulnerabilities comes a moment to reflect on further ways to reduce the attach surface of Exchange Servers.
Many organizations still host an Exchange Server solely to maintain a hybrid connectivity link to Office 365. The server therefore has to be publicly accessible, but only to Microsoft. Often this is not the case.
If you don’t have a professional firewall to restrict traffic to only that coming from Microsoft, you can also do so at the IIS level. Microsoft publishes a list of IP’s they use here: