WVD Springrelease ARMTemplate Token Refresh Script

This is a blogpost about a script which performs a Token Refresh for the WVD springrelease ARMTemplate deployment. This normally needs to be entered manually but with this script this token will be refreshed at the start of every deployment.

I am talking about this parameter which sits in the ARM Template supplied by Microsoft (you can find them here):

Token expiration time parameter.

When you deploy this ARMTemplate via Azure DevOps you can find the parameter here:

ARMTemplate parameters

The token in the picture has expired. This needs to be set manually. You can not set this further than 30 days. That is why we need a script to refresh this parameter at the start of the deployment.


The prerequisites needed are:

  • Service Principal (App Registration) with Permissions to your Azure DevOps project.
  • Azure Key Vault with your Service Principal credentials.
  • Azure DevOps Project with release pipeline for WVD Spring Release.
  • The Azure CLI module installed. You can download it here.


Firstly, we need to create an Azure DevOps variable group. Log on to Azure CLI with the command: (you can login by using the service principal or you can login with your user credentials, for the script we will use the service principal)

az login

Now set the default organization and project:

az devops configure --defaults organization=https://dev.azure.com/organizationame/


az devops configure --defaults project="ProjectName"

Now create the variable group with the following command:

az pipelines variable-group create --name Example --variables TokenRefresh=Example

Important! Take note of the “Id”, we need this later in the script:

Furthermore, this is what it looks like in to Azure DevOps portal:

Configure the script

Now edit your release pipeline which creates your WVD springrelease hostpools. Firstly, add the new variable group to the release pipeline. Go to Edit:

Now go to Variables:

And add the variable group we created earlier:

Now go back to the tasks in your release pipeline and add a new task:

Search for Azure CLI and add the new task:

Enter the variables for the DisplayName, Azure Resource Manager Connection, Script Type and Script Location.

Now enter this in the “Inline Script” section: (Use the group ID created earlier in the blog)

$installedModules = Get-InstalledModule
if ($installedModules.Name -notmatch "Az.DevOps") {
    Install-Module Az.DevOps -Force -AllowClobber

#Put Token data in variable
$AddDays = (Get-date).adddays(5)
$newTokenDate = Get-Date $AddDays -format yyyy-MM-dd

az login --service-principal -u AppId -p password --tenant tenant

az devops configure --defaults organization=https://dev.azure.com/organizationname/

az devops configure --defaults project="projectname"

az pipelines variable-group variable update --group-id 16 --name "TokenRefresh" --value $newTokenDate

Your deployment now should look like this:

When you run the script the following variable should be created: (I wrote this on November 4th)

Lastly, we need to add this value in to our parameters on the WVD Springrelease ARMTemplate deployment. Put the $(TokenRefresh) value over here:

And that is how you script a Token refresh for your WVD Springrelease ARMTemplate deployment.


My Other WVD Scripts:
Drain Hostpools
LogOff Users
Delete Hostpools

5 thoughts on “WVD Springrelease ARMTemplate Token Refresh Script”

  1. Pingback: essay

Leave a Comment