{"id":1791,"date":"2026-04-16T09:09:51","date_gmt":"2026-04-16T07:09:51","guid":{"rendered":"https:\/\/www.gerjon.com\/?p=1791"},"modified":"2026-04-16T09:21:34","modified_gmt":"2026-04-16T07:21:34","slug":"maximize-rpa-efficiency-with-power-automate-desktop-on-virtual-machines","status":"publish","type":"post","link":"https:\/\/www.gerjon.com\/?p=1791","title":{"rendered":"Maximize RPA Efficiency with Power Automate Desktop on Virtual Machines"},"content":{"rendered":"<div class=\"wp-block-image\">\n<figure class=\"alignleft size-full is-resized\"><a href=\"https:\/\/i0.wp.com\/www.gerjon.com\/wp-content\/uploads\/2026\/04\/image.png?ssl=1\"><img data-recalc-dims=\"1\" loading=\"lazy\" decoding=\"async\" width=\"512\" height=\"423\" src=\"https:\/\/i0.wp.com\/www.gerjon.com\/wp-content\/uploads\/2026\/04\/image.png?resize=512%2C423&#038;ssl=1\" alt=\"\" class=\"wp-image-1792\" style=\"width:209px;height:auto\" srcset=\"https:\/\/i0.wp.com\/www.gerjon.com\/wp-content\/uploads\/2026\/04\/image.png?w=512&amp;ssl=1 512w, https:\/\/i0.wp.com\/www.gerjon.com\/wp-content\/uploads\/2026\/04\/image.png?resize=300%2C248&amp;ssl=1 300w, https:\/\/i0.wp.com\/www.gerjon.com\/wp-content\/uploads\/2026\/04\/image.png?resize=363%2C300&amp;ssl=1 363w\" sizes=\"auto, (max-width: 512px) 100vw, 512px\" \/><\/a><\/figure>\n<\/div>\n\n\n<p>Power Automate Desktop excels in virtual machine automation, whether for attended development or unattended cloud-triggered flows. This guide covers installation on any VM plus Azure-specific setup, communication architecture, and network requirements. Perfect for enterprise RPA deployments.<\/p>\n\n\n\n<p>Target Windows 10\/11 Pro\/Enterprise or Server 2016\/2019\/2022\/2025 VMs. Admin rights needed for MSI installer. Agent requires 300 MB storage + 500 MB RAM per user\/session. Close any active RDP\/Citrix session before installing the desktop app. Virtual desktop automation works with Windows RDP, RemoteApp, Citrix Desktop, and Citrix Virtual Apps \u2014\u00a0<strong>not<\/strong>\u00a0Windows Home editions or Microsoft Store PAD version. (Windows 10 Home and Windows 11 Home <em>can<\/em> run PAD for creating desktop flows and monitoring them in the portal \u2014 they just can&#8217;t trigger desktop flows from the cloud)<a href=\"https:\/\/learn.microsoft.com\/en-us\/power-automate\/desktop-flows\/virtual-desktops\" target=\"_blank\" rel=\"noreferrer noopener\"><\/a><\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"prerequisites\">Prerequisites<\/h2>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"core-installation-steps\">Core Installation Steps<\/h2>\n\n\n\n<ol class=\"wp-block-list\">\n<li><strong>Download<\/strong>&nbsp;Power Automate from Microsoft Learn:&nbsp;<code>Setup.Microsoft.PowerAutomate.exe<\/code>.<a href=\"https:\/\/learn.microsoft.com\/en-us\/power-automate\/desktop-flows\/install\" target=\"_blank\" rel=\"noreferrer noopener\"><\/a><\/li>\n\n\n\n<li><strong>Run installer<\/strong>&nbsp;on the VM as administrator.<\/li>\n\n\n\n<li><strong>Select components<\/strong>:\n<ul class=\"wp-block-list\">\n<li><strong>Power Automate for desktop<\/strong>&nbsp;\u2014 builds\/runs flows<\/li>\n\n\n\n<li><strong>Machine runtime app<\/strong>&nbsp;\u2014 cloud connectivity (required for unattended)<\/li>\n\n\n\n<li><strong>Java UI automation<\/strong>&nbsp;\u2014 optional for Java apps<a href=\"https:\/\/learn.microsoft.com\/en-us\/power-automate\/desktop-flows\/install\" target=\"_blank\" rel=\"noreferrer noopener\"><\/a><\/li>\n<\/ul>\n<\/li>\n\n\n\n<li>Accept license \u2192&nbsp;<strong>Install<\/strong>. .NET 8 runtime auto-downloads if needed.<\/li>\n\n\n\n<li>Launch from Start menu, sign in with Power Platform account.<\/li>\n<\/ol>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"virtual-desktop-agent-rdpcitrix\">Virtual Desktop Agent (RDP\/Citrix)<\/h2>\n\n\n\n<p>For UI automation&nbsp;<strong>inside<\/strong>&nbsp;remote sessions, install&nbsp;<strong>Power Automate agent for virtual desktops<\/strong>&nbsp;<strong>on the VM<\/strong>:<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li>Download agent MSI from Microsoft.<\/li>\n\n\n\n<li>Copy to VM if accessing remotely.<\/li>\n\n\n\n<li>Run as administrator \u2192 agent appears in system tray.<a href=\"https:\/\/learn.microsoft.com\/en-us\/power-automate\/desktop-flows\/virtual-desktops\" target=\"_blank\" rel=\"noreferrer noopener\"><\/a><\/li>\n<\/ol>\n\n\n\n<p>Communication flow: Designer (endpoint) \u2194 Agent (VM) over RDP\/Citrix virtual channel \u2192 UI automation executes. Initial handshake + version sync occurs automatically.<a rel=\"noreferrer noopener\" target=\"_blank\" href=\"https:\/\/learn.microsoft.com\/en-us\/power-automate\/desktop-flows\/virtual-desktops\"><\/a><\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"communication-architecture\">Communication Architecture<\/h2>\n\n\n\n<pre class=\"wp-block-preformatted\">text<code>Endpoint (PAD Designer) \u2190 RDP\/Citrix Channel \u2192 VM (PAD Agent + Runtime)\n                              \u2193\n                    Cloud Flow triggers via HTTPS 443<\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Endpoint \u2194 VM<\/strong>: Uses existing RDP\/Citrix session channel (<code>PAD\\CONTROL<\/code>&nbsp;virtual channel for Citrix). No separate TCP listener.<\/li>\n\n\n\n<li><strong>VM \u2194 Cloud<\/strong>: Machine runtime polls Power Platform over outbound HTTPS 443.<a href=\"https:\/\/learn.microsoft.com\/en-us\/answers\/questions\/2286300\/power-automate-what-are-the-azure-vm-prerequisites\" target=\"_blank\" rel=\"noreferrer noopener\"><\/a><\/li>\n\n\n\n<li><strong>Handshake sequence<\/strong>: Connect \u2192 Version sync \u2192 UI automation phase.<a href=\"https:\/\/learn.microsoft.com\/en-us\/power-automate\/desktop-flows\/virtual-desktops\" target=\"_blank\" rel=\"noreferrer noopener\"><\/a><\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"azure-vm-setup\">Azure VM Setup<\/h2>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"1-create-vm\">1. Create VM<\/h2>\n\n\n\n<pre class=\"wp-block-preformatted\">text<code>Portal.azure.com \u2192 Virtual machines \u2192 Create<br>- Image: Windows 11 Pro\/Server 2022<br>- Size: D4s v5 (4 vCPU\/16 GB min) (not official recommendation, but tip after several usecases :-))<br>- Networking: Open RDP 3389 temporarily<\/code><\/pre>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"2-initial-access--install\">2. Initial Access &amp; Install<\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li>RDP to VM (TCP 3389)<\/li>\n\n\n\n<li>Install PAD + Machine runtime + Agent<\/li>\n\n\n\n<li>Sign in \u2192 machine auto-registers in&nbsp;<code>make.powerautomate.com &gt; Machines<\/code><\/li>\n\n\n\n<li><strong>Disconnect RDP completely<\/strong><a href=\"https:\/\/www.youtube.com\/watch?v=-r5sJpqY73k\" target=\"_blank\" rel=\"noreferrer noopener\"><\/a><\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"3-network-configuration\">3. Network Configuration<\/h2>\n\n\n\n<figure class=\"wp-block-table\"><table class=\"has-fixed-layout\"><thead><tr><th class=\"has-text-align-left\" data-align=\"left\">Direction<\/th><th class=\"has-text-align-left\" data-align=\"left\">Port\/Protocol<\/th><th class=\"has-text-align-left\" data-align=\"left\">Purpose<\/th><th class=\"has-text-align-left\" data-align=\"left\">After Setup<\/th><\/tr><\/thead><tbody><tr><td><strong>Inbound<\/strong><\/td><td>TCP 3389<\/td><td>Admin access<\/td><td><strong>Close for security<\/strong><\/td><\/tr><tr><td><strong>Outbound<\/strong><\/td><td>TCP 443<\/td><td>Power Platform<\/td><td>Always open<\/td><\/tr><tr><td><strong>Inbound<\/strong><\/td><td>None<\/td><td>PAD agent<\/td><td>None needed&nbsp;<a rel=\"noreferrer noopener\" target=\"_blank\" href=\"https:\/\/learn.microsoft.com\/en-us\/answers\/questions\/2286300\/power-automate-what-are-the-azure-vm-prerequisites\"><\/a><\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<p><strong>Key<\/strong>: Port 3389&nbsp;<strong>NOT required<\/strong>&nbsp;for remote flow execution. Unattended flows run headless via cloud service \u2192 machine runtime polling.<a rel=\"noreferrer noopener\" target=\"_blank\" href=\"https:\/\/community.powerplatform.com\/forums\/thread\/details\/?threadid=bd8c9c8a-52cb-4eb8-995a-a2b2133f0a67\"><\/a><\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"4-test-unattended-flow\">4. Test Unattended Flow<\/h2>\n\n\n\n<pre class=\"wp-block-preformatted\">text<code>Cloud Flow \u2192 \"Run a flow built with Power Automate for desktop\" \n\u2192 Select registered Azure VM machine \u2192 Executes without RDP<\/code><\/pre>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"verification-checklist\">Verification Checklist<\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li>PAD version matches agent version<\/li>\n\n\n\n<li>Machine shows &#8220;Connected&#8221; in Power Automate portal<\/li>\n\n\n\n<li>Agent running in VM system tray (or&nbsp;<code>PAD.RDP.ControlAgent.exe<\/code>)<\/li>\n\n\n\n<li>Simple flow tests: Notepad open\/save<a href=\"https:\/\/learn.microsoft.com\/en-us\/power-automate\/desktop-flows\/virtual-desktops\" target=\"_blank\" rel=\"noreferrer noopener\"><\/a><\/li>\n\n\n\n<li>Cloud flow triggers VM flow headless (no RDP)<\/li>\n<\/ul>\n\n\n\n<p>Logs:&nbsp;<code>C:\\ProgramData\\Microsoft\\Power Automate Desktop\\Logs\\<\/code><\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"common-issues--fixes\">Common Issues &amp; Fixes<\/h2>\n\n\n\n<figure class=\"wp-block-table\"><table class=\"has-fixed-layout\"><thead><tr><th class=\"has-text-align-left\" data-align=\"left\">Issue<\/th><th class=\"has-text-align-left\" data-align=\"left\">Cause<\/th><th class=\"has-text-align-left\" data-align=\"left\">Fix<\/th><\/tr><\/thead><tbody><tr><td>Agent disconnected<\/td><td>Citrix policy blocks&nbsp;<code>PAD\\CONTROL<\/code><\/td><td>Add to virtual channel allow list&nbsp;<a rel=\"noreferrer noopener\" target=\"_blank\" href=\"https:\/\/support.citrix.com\/external\/article\/CTX582509\/power-automate-agent-for-virtual-desktop.html\"><\/a><\/td><\/tr><tr><td>Version mismatch<\/td><td>Different PAD\/agent versions<\/td><td>Update both to latest&nbsp;<a rel=\"noreferrer noopener\" target=\"_blank\" href=\"https:\/\/learn.microsoft.com\/en-us\/power-automate\/desktop-flows\/virtual-desktops\"><\/a><\/td><\/tr><tr><td>Cloud flow fails<\/td><td>Outbound 443 blocked<\/td><td>NSG: Allow HTTPS to&nbsp;<code>*.flow.microsoft.com<\/code>&nbsp;<a rel=\"noreferrer noopener\" target=\"_blank\" href=\"https:\/\/learn.microsoft.com\/en-us\/answers\/questions\/2286300\/power-automate-what-are-the-azure-vm-prerequisites\"><\/a><\/td><\/tr><tr><td>No UI automation<\/td><td>RDP session closed during recording<\/td><td>Agent handles headless; reconnect for attended dev&nbsp;<a rel=\"noreferrer noopener\" target=\"_blank\" href=\"https:\/\/www.youtube.com\/watch?v=-r5sJpqY73k\"><\/a><\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"cost-optimization\">Cost Optimization<\/h2>\n\n\n\n<p>Azure VMs auto-shutdown via scheduled events or cloud flows. D4s v5 (~$0.20\/hour) works for most RPA; scale with machine groups for production.<a rel=\"noreferrer noopener\" target=\"_blank\" href=\"https:\/\/www.youtube.com\/watch?v=-r5sJpqY73k\"><\/a><\/p>\n\n\n\n<p>This setup delivers production-grade RPA on VMs. Problem with this setup is, it Requires a disconnected RDP\/Citrix session to be active. So a logged in user that has his session disconnected. So Power Automate Desktop runs unattended flows&nbsp;<strong>without an active RDP session<\/strong>&nbsp;using its machine runtime, which Power Automate service connects to directly over HTTPS. Microsoft automatically creates a temporary, managed Windows user session (locked screen) when triggered from a cloud flow \u2014 no manual RDP needed.<a href=\"https:\/\/learn.microsoft.com\/en-us\/power-automate\/desktop-flows\/run-unattended-desktop-flows\" target=\"_blank\" rel=\"noreferrer noopener\"><\/a><\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"how-unattended-mode-works\">How to implement unattended (no disconnected RDP session) mode<\/h2>\n\n\n\n<p><strong>No open RDP port 3389 required<\/strong>&nbsp;\u2014 it&#8217;s all outbound HTTPS from VM to Power Platform. Users must be signed out\/locked beforehand.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"setup-for-headless-runs\">Setup for Headless Runs<\/h2>\n\n\n\n<ol class=\"wp-block-list\">\n<li><strong>License<\/strong>: Power Automate Process plan (per bot, ~$150\/month).<a href=\"https:\/\/learn.microsoft.com\/en-us\/power-automate\/desktop-flows\/run-unattended-desktop-flows\" target=\"_blank\" rel=\"noreferrer noopener\"><\/a><\/li>\n\n\n\n<li><strong>VM Prep<\/strong>:\n<ul class=\"wp-block-list\">\n<li>Local\/domain\/entra service account (e.g.,&nbsp;<code>VMNAME\\flowbot<\/code>) with logon rights.<\/li>\n\n\n\n<li>Install PAD 2.50+ + machine runtime.<a href=\"https:\/\/learn.microsoft.com\/en-us\/power-automate\/desktop-flows\/run-unattended-desktop-flows\" target=\"_blank\" rel=\"noreferrer noopener\"><\/a><\/li>\n<\/ul>\n<\/li>\n\n\n\n<li><strong>Portal Config<\/strong>:\n<ul class=\"wp-block-list\">\n<li>Machines &gt; Settings &gt; Enable&nbsp;<strong>&#8220;Reuse sessions for unattended runs&#8221;<\/strong>&nbsp;(faster reuse).<a href=\"https:\/\/learn.microsoft.com\/en-us\/power-automate\/desktop-flows\/run-unattended-desktop-flows\" target=\"_blank\" rel=\"noreferrer noopener\"><\/a><\/li>\n\n\n\n<li>Create connection: Username\/password or Entra ID.<a href=\"https:\/\/learn.microsoft.com\/en-us\/power-automate\/desktop-flows\/run-unattended-desktop-flows\" target=\"_blank\" rel=\"noreferrer noopener\"><\/a><\/li>\n<\/ul>\n<\/li>\n\n\n\n<li><strong>Cloud Flow<\/strong>:text<code>Trigger \u2192 Run desktop flow - Run mode: Unattended - Machine: Your Azure VM - Connection: Service account creds - PowerAutomate Logs on using the credentials and runs the flow<\/code><\/li>\n<\/ol>\n\n\n\n<p><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Power Automate Desktop excels in virtual machine automation, whether for attended development or unattended cloud-triggered flows. This guide covers installation on any VM plus Azure-specific setup, communication architecture, and network requirements. Perfect for enterprise RPA &hellip;<\/p>\n","protected":false},"author":1,"featured_media":1793,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":true,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":true,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2}},"categories":[11,31],"tags":[],"class_list":["post-1791","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-microsoft","category-powerapps"],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"https:\/\/i0.wp.com\/www.gerjon.com\/wp-content\/uploads\/2026\/04\/generated-image-16-scaled.jpg?fit=2560%2C1438&ssl=1","jetpack_shortlink":"https:\/\/wp.me\/p59CpB-sT","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/www.gerjon.com\/index.php?rest_route=\/wp\/v2\/posts\/1791","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.gerjon.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.gerjon.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.gerjon.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.gerjon.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1791"}],"version-history":[{"count":6,"href":"https:\/\/www.gerjon.com\/index.php?rest_route=\/wp\/v2\/posts\/1791\/revisions"}],"predecessor-version":[{"id":1800,"href":"https:\/\/www.gerjon.com\/index.php?rest_route=\/wp\/v2\/posts\/1791\/revisions\/1800"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.gerjon.com\/index.php?rest_route=\/wp\/v2\/media\/1793"}],"wp:attachment":[{"href":"https:\/\/www.gerjon.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1791"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.gerjon.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1791"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.gerjon.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1791"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}