Application Management and Patching
Building a Golden Image for AVD with Packer and Application Workspace
Let’s be honest, creating and maintaining a custom golden (sometimes called a master) image for Azure Virtual Desktop (AVD) isn’t always smooth sailing. It takes time, precision, and a lot of trial and error to get it just right. Recently, I tried a fresh approach to creating a golden image with Packer and Application Workspace, and I’d like to share what I learned about this automated, almost-magical combination.
Keep Customizations Light with Application Workspace
If you’ve ever deployed AVD, you know that a clean, well-prepared golden image is the foundation of a smooth rollout. My advice? Keep it simple. Install your core applications natively but avoid overloading the image with too many customizations.
That’s where Application Workspace comes in. Instead of baking everything into the image, it dynamically injects settings like certificates, drive mappings, custom wallpapers, registry tweaks, and database configs—at user login or app startup. The result? A clean image, easier maintenance, and a much more flexible deployment process.
My goal is to automate everything. Like many of you, I regularly rebuild AVD environments—sometimes for production, sometimes for demos. This time, I wanted to automate the entire process of building a golden image using Packer and Application Workspace. No more manual steps. Just a repeatable, reliable pipeline.
Three Ways Application Workspace Builds an Image
Application Workspace supports multiple paths to get your master image up and running:
- Create a custom gallery image
- Use a marketplace image
- Upload an image via Azure Image Builder
Whichever route you choose, Application Workspace keeps things clean and unattended, ensuring your apps and settings deploy consistently across all session hosts. It’s a great way to keep your AVD environment evergreen.
So, why not get the best of both worlds? In this post, I’ll walk you through how I combined a Marketplace image with Application Workspace to pull the latest application versions from our curated Setup Store and apply every setting in one smooth, automated flow.
With Recast Software in your corner, you gain the flexibility and control to make end-to-end AVD deployments a whole lot better.
What is Packer?
If you haven’t used it before, Packer is an open-source tool from HashiCorp that automates the creation of machine images. It’s template-based, and as of version 1.7.0, it uses HCL2 (HashiCorp Configuration Language) as the preferred format. If you’re still on JSON, there’s a handy hcl2_upgrade command to help you migrate.
Here’s a quick look at what a Packer template includes:
- Builders (required)
- Provisioners (optional)
- Variables (optional)
- Description (optional)
- Min_packer_version (optional)
Why do I like Packer? A few things stood out to me right away:
- It’s stable and efficient—if something breaks, it stops and tells you exactly where
- It works across multi-cloud and on-prem environments
- It fits perfectly into an automated CI/CD pipeline for image creation
Granting Packer Access to Azure
First things first, I needed to give Packer access to my Azure resources. To do that, I created a Service Principal (SP) in Azure Entra and assigned it the Contributor role. For authentication, I went with a Client Secret (you can also use a certificate, but I kept it simple this time). The SP is identified using the application (client) ID, and to make it work with Packer, I had to plug in the subscription_id, tenant_id, client_id, and of course, the client_secret.
In my image build, I used a PowerShell script within Packer to run the Application Workspace Agent bootstrapper. What this does is:
- Installs the latest version of the Application Workspace agent
- Registers the VM in the correct Application Workspace zone
- Kicks off a deployment, see my deployment below
During this deployment, a few things happen automatically:
- Applications are installed from our Recast Setup Store
- Settings are applied
- The OS gets optimized using the Windows Virtual Desktop Optimization Tool (VDOT)—including tweaks for Microsoft Teams
For this build, I went with a Windows 11 base image (version 24H2) from the Azure Marketplace. It’s specifically designed for AVD and comes with Microsoft 365 apps pre-installed. The SKU I used was win11-24h2-avd-m365. For the VM size, I chose Standard_D2as_v5 with a Premium SSD— a solid setup for demo purposes.
Here’s how I structured my Packer project:
- Template file: Build_W11_v1.pkr.json – This tells Packer what to do.
- Variables file: Build_W11_v1.auto.pkrvars.hcl – This keeps sensitive data (like secrets and IDs) out of the main template and hidden during the build process. Keeping variables separate is not just cleaner, it’s also a good security practice.
Here’s the variables file, which you can also find here on GitHub.
Run the Packer Build
We’re kicking things off with a super simple command:
packer.exe build Packer is smart enough to automatically pick up any variable files that follow the *.auto.pkrvars.hcl naming convention. So as long as your template and your variable file are placed in the same folder (like mine are), you don’t even need to pass the var file manually via the command line.
A temporary VM is being created.
A PowerShell script inside the Packer build installs the Application Workspace agent, registers the VM in a zone, and kicks off deployment.
The process finishes with Sysprep, followed by an automated cleanup of the temporary resources.
The result is a new golden image, named according to your convention and ready to deploy fresh AVD session hosts.
Key Takeaways: Building a Golden Image for AVD with Packer and Application Workspace
Deploying AVD doesn’t have to be complex. With a tool like Packer and Recast’s platform Application Workspace, you can streamline the process, reduce manual work, and keep your environment clean and consistent. Application Workspace gives you the flexibility to adapt to whatever your deployment needs are, whether you’re building for production or spinning up a quick demo.
