Windows 365 Link Device Onboarding – All You Need to Know

The business environment today is constantly evolving and organizations that fail to adapt can quickly find themselves falling behind. And in this era of rapid technology changes, it can sometimes prove impossible to catch up. If we look back at just the last five years, for instance, we have witnessed significant change in hybrid work acceptance. Services such as Windows 365 have given organizations a secure, reliable platform that enables employees to remain productive anywhere.

With this kind of flexibility as well as the capability to access Cloud PCs from any device, business productivity can soar. By introducing Windows 365 Link, the advantages will be even greater.

Having gone over the process for setting up Windows 365 Link in a previous post, today we’ll be looking at how you can onboard Windows 365 Link devices to your organization’s environment. As you get started with this process, it’s important to remember that Windows 365 Link devices have been designed to be shared.

After unboxing and turning on your Link device, the first time it boots it will load the Out of Box Experience to guide you through a straightforward process. This process joins the device to Entra ID and enrolls into Intune management. With this complete, the device will display a sign-in screen from where any user can authenticate and connect to their own Cloud PC.

Any standard user can onboard Windows 365 Link devices using the OOBE process as long as they have the requisite permissions. However, organizations can also decide to have admins onboard Windows 365 Link devices and complete the onboarding before delivering the devices to users. Another option would be to split the tasks with admins onboarding some devices and users onboarding others. To help you decide, you can consider the following information:

ConsiderationsAdmin-driven OnboardingUser-driven onboarding
Device will be availed to multiple, different users.Yes. 
Device will be availed to one specific user. Yes.
Users will not be allowed to join or register devices.Yes. 
Users will get their devices shipped directly to them. Yes.

Admin-driven Onboarding

An account with the designation of a Device Enrollment Manager (DEM) can onboard devices shared by multiple users. Although this account doesn’t require admin privileges in the tenant, it can still enroll up to 1000 devices in Intune. DEMs remain subject to the limit on the number of devices allowed to join to Entra ID. With this in mind, you may want to consider increasing the maximum number of devices per user to a value you expect a DEM to enroll.

By using this DEM account to onboard Link devices, this will:

  • Enroll the Windows 365 Link devices in a shared device mode.
  • Bypass any Intune enrollment restrictions for platforms as well as any device limits that may be in place.
  • Eliminate the need for any changes to allow personal Windows devices.
  • Not require designating a primary user of the device. And with no primary user of the device, Windows 365 Link will not appear in a user’s list of devices in Intune, Entra, Company Portal, or other places.

This requires you to follow the steps below:

  • Create the account you’ll be using for Windows 365 Link device onboarding.
  • Assign the required licensing (Microsoft Entra Premium, Intune, Windows, etc ).
  • Verify that the user has the requisite permissions to join devices to Microsoft Entra ID.
  • The user will then need to be added to the list of Device Enrollment Managers.
  • Lastly, you need to provision a Cloud PC for this DEM account so that you can validate connectivity.

This requires you to follow the steps below:

  • Turn on the Windows 365 Link device.
  • Sign in with the DEM account. You can only join the device to Microsoft Entra and enroll in Intune by completing all the authentication steps.
  • After you’ve connected to the Cloud PC, you’ll need to then disconnect and restart Windows 365 so that any available updates can properly install.
  • Shut down Windows 365 Link.
  • Once the above steps have are complete, the Windows 365 Link device is now ready for use by anyone in the organization with a Cloud PC.

User-driven Onboarding

Organizations don’t need to have IT admins onboard each Windows Link and can instead have users complete the OOBE to join them to Microsoft Entra and enroll them in Intune. By using this method:

  • A user will need to be designated as the primary user of the device.
  • The Windows 365 Link will subsequently appear in their list of devices.
  • All users within the organization can then use the device to access their own Cloud PCs.

THINGS TO VERIFY

  • All users should have the necessary licenses.
  • All users need to have permissions to join devices to Microsoft Entra IP.
  • Users must not exceed the maximum number of devices that can be joined.
  • Users must not be blocked from Intune enrollment by any restrictions or device limits.
  • Each user should have a Cloud PC provisioned and consented to single sign-on.
  • Provide users with the Windows 365 Link devices.
  • Turn the device on.
  • Sign in with the user’s account. You can only join the device to Microsoft Entra and enroll in Intune by completing all the authentication steps.
  • After you’ve connected to the Cloud PC, you’ll then disconnect and restart Windows 365 so that any available updates can install properly.
  • Shut down Windows 365 Link.
  • Once the above steps have been successfully completed, the Windows 365 Link device is now ready for use by anyone in the organization with a Cloud PC.

Wrap up

Windows 365 Link is designed to make accessing Cloud PCs a faster and more secure process. It does this by addressing latency issues and complicated sign in processes to name but two problems. Windows 365 is all about being easy to use so it’s not surprising that onboarding Link devices to your organization’s environment is a relatively straightforward process. Whether you give the task to admins or the users do it themselves, getting your Windows Link devices up and running should be quick and hassle-free.

Windows 365 Link: Enhancing the Cloud PC Experience

Microsoft has recently announced a new product that is built to bring significant changes to how clients interact with Windows 365. The new Windows 365 Link device which is scheduled to be available from April 2025, will potentially show us which direction virtualization could take in the future.

With this thin client device, Microsoft is giving Windows 365 users a product that is purpose-built to connect to Windows 365. Once connected, users will get a seamless Cloud PC experience with easy access to all of the Microsoft 365 apps.

Windows 365 recap

A few years ago, Microsoft introduced a cloud-based service that automatically creates a new version or type of Windows virtual machine known as a Cloud PC. This service allows organizations to provide employees with the tools they need to be productive on any device regardless of where they physically are.

By subscribing to the Windows 365 service, end-users can get their desktops, with all files, apps, and settings included, streamed to whatever devices they are using.

Essentially, Microsoft has built a service that gives you your own personal PC in the cloud. Undoubtedly, one of the greatest advantages of Cloud PCs is getting access from anywhere.

This can fit in perfectly with the hybrid work approaches that many businesses are implementing. As long as there is an internet connection, employees can maintain their productivity levels from any location.

As an increasing number of organizations are adopting Windows 365, Microsoft has chosen the opportune moment to introduce the first Cloud PC device. Now in public preview, this small device has a Windows-based OS that will connect you to Windows 365 in seconds.

After quickly signing in to your Cloud PC, you can securely connect to your familiar Windows desktop in the Microsoft cloud.

To simplify use, Microsoft has designed it such that admins can leverage Intune to manage Windows 365 Link devices alongside other devices. This means that IT will benefit from a more streamlined management experience.

Additionally, IT can continue using the knowledge and policies they already have to ensure maximum efficiency regarding device management. Before you can use Windows 365 Link, you need to meet the following requirements:

  • Purchase a Windows 365 Link device.
  • Ensure management by your organization using Microsoft Intune.
  • Have a Windows 365 license for your Cloud PC.

Optimizing cloud performance

Although there has been a big push for organizations to migrate to the cloud, the simple reality is that inefficiency can often slow down adoption. Some of the more concerning problems that Microsoft has noted include latency issues, difficult sign-in processes, and peripheral incompatibility. These are exactly the types of issues that the Windows 365 Link device has been designed to address, especially in shared workspace situations.

The small, compact design means that you won’t have space concerns while taking advantage of faster access processes. Users should be happy with the few seconds the device takes to boot as well as the dual 4K monitor support, 4 USB ports, an Ethernet port, Wi-Fi 6E, and Bluetooth 5.3, that the devices comes with. Furthermore, the local processing capabilities on the device provide high-performance video playback and conferencing that is ideal for enhanced productivity.

Device description

As already mentioned, the Windows 365 Link device is a small, compact product that will be easy to move around the workplace as needed. Because of its size and light weight, you can easily place it anywhere on your desk or maybe even attach it to the back of a monitor. The dimensions of the device are given in the table below:

DimensionUnits metricUnits imperial
Length120mm4.72 inches
Width120mm4.72 inches
Height30mm1.18 inches
Weight418 grams14.75 ounces

The device will run on a small, Windows-based operating system known as Windows CPC and there will be no local applications or local users. In addition, there will be a strict application control policy that you cannot disable. To add to the convenience already on offer, updates will automatically download seamlessly in the background and then install at night.

Inside the computer, there will be an Intel chip that comes with 8GB of RAM and 64GB of storage. Even though the device has no moving parts, it will have the following ports:

  • Three USB-A 3.2 ports.
  • One USB-C 3.2 port.
  • One HDMI port.
  • One DisplayPort.
  • 3.5mm headphone jack.
  • Ethernet port.
  • Kensington lock slot.
  • A port for the power cord.

Enhanced security

One of the things that Microsoft has emphasized about Windows 365 Link is that not only will it provide quick access to Windows 365 but it will do so very securely. As one can imagine, this is a very important issue to address as secure access is arguably one of the biggest concerns that businesses have about virtual solutions. Fortunately, the Windows 365 Link device will come with multiple features that guarantee optimum security including:

  • Discrete Trusted Platform Model 2.0.
  • Secure boot.
  • Virtualization-based security.
  • Hypervisor-protected Code Integrity.
  • BitLocker drive encryption.
  • Strict Application Control policy.
  • No local user with administrative rights.
  • No local data storage.
  • No local apps.
  • Security baseline policies are enabled by default.
  • Microsoft Defender EDR Sensor.

Wrap up

One of the chief ideas that Microsoft has reiterated over the years is how Windows 365 should simplify the use of virtualization technology. The ultimate goal is to see organizations migrate to the cloud and have a service that is quick, easy to use, and secure.

Windows 365 Link offers an additional update to the innovative measures that Microsoft has introduced to enhance the Windows 365 Cloud PC experience even more. And with the devices being available in just a few month’s time, it’ll be interesting to see the client responses during this public preview period.

Latest Updates for Microsoft Intune and Windows 365

New features and updates are paramount to improving the functionality of the various devices and applications that businesses use. This is necessary, especially if companies expect high levels of performance. It’s also essential as the tasks that we deal with grow more complex.

Not only do companies want to maintain performance but they also need tech companies to address any existing issues. As a result, organizations like Microsoft will offer many new features. These updates are for services like Microsoft Intune and Windows 365.

Because of the updates, released in 2024, overall user experiences will greatly improve. Let’s discuss the recent additions and explore how they might help elevate, simplify, and improve your business operations.

Improvements to Microsoft Intune

2024 has been a year with a lot of innovation from Microsoft across its various products and services. Plenty of this effort prioritizes Microsoft Intune improvements, bringing us features such as:

New capabilities for Windows Autopilot

Windows Autopilot is a service that makes the device deployment process faster and less complex. Companies benefit immensely from Autopilot’s ability to do away with the labor-intensive process previously necessary to provision new devices. And, Microsoft has additional service improvements to share.

Earlier this year, an announcement introduced an exciting new release – device preparation. This brilliant new innovation will enable the accommodation of more devices and delivery of more efficient results. Moreover, it will allow for the provisioning of cloud instances such as Windows 365.

Still, Microsoft ensures customers that the original, existing Windows Autopilot architecture is still in place. Because of this, you still have access to all your favorite features. IT admins can now enjoy a faster and simpler addition of groups to devices. This is due to enrollment time grouping, which replaces dynamic grouping. This creates a process that assigns app policies and scripts to devices more efficiently.

NEW SECURITY BASELINE

A key reason for updating devices and applications is to strengthen security and address vulnerabilities. Companies want to make sure that their security measures can stay ahead of the methods being employed by cybercriminals.

Hence the introduction of an update to the Microsoft Defender for Endpoint security baseline. These one-click collections of policies can be applied to devices (and device groups) in Intune. They also provide you with a way to configure all your organization’s devices with the same security policies.

Setting up your security measures in this way makes it’s easier to maintain the same security levels across the entire enterprise. This particular update offers a much better way of implementing the configuration recommendations made by the Microsoft Defender for Endpoint team. Furthermore, because it’s based on the Windows unified settings platform, you also get:

  • Quicker turnaround for updates.
  • Improved reporting, including per-setting status reports.
  • Assignment filter support.
  • Improved UI.
  • Consistent names across Intune.

Platform single sign-on (SSO) has arrived for macOS device enrollment

Signing in to multiple applications and websites using different credentials can be a tedious task. It can also be difficult for many people to keep up with all their sign-in information and passwords. This is why Platform Single Sign On (SSO) is a wonderful solution for streamlining the authentication process.

Because of how local account credentials synchronize with an individual’s IdP, one will only need to log in once. Platform SSO can help your company improve its security posture and enhance productivity.

Owing to the integration of SSI with Apple’s Secure Enclave technology, your organization can enable phishing-resistant, hardware-bound, passwordless authentication on Mac through Intune. In addition to better security, end-users can enjoy a less complex and faster out-of-the-box experience. This is possible because all they’ll need to set up their devices are their Entra ID passwords.

End-users also get to work more efficiently. This SSO experience, unique to Intune, enables them to sign in to their Outlook, Teams, and other Microsoft 365 apps simultaneously.

Installation of macOS apps on demand via Intune

Microsoft has done plenty of work to develop systems that can provide more capable Mac management. Intune has made providing IT admins and end-users a better, more efficient platform one of its key objectives. And one of the main reasons they’ve been able to achieve that is by leveraging feedback from customers.

Of note among the latest developments, are options that admins can provide to users for downloading unmanaged applications. These specifically apply in PKG and DMG format via the Intune Company Portal app.

Furthermore, to reduce the reliance on line-of-business app workflow or third-party tools to deploy optional applications, Intune added the “available” assignment type to the well-known “required” type. As one of the most requested features by Mac device administrators, this should be a well-received development as it will help both end-users and admins save time.

Expanded support for Microsoft Managed Home Screen

Microsoft Managed Home Screen (MHS) is an enterprise launcher application that enables IT admins to customize their devices and restrict the capabilities that a user can access. If you configure in multi-kiosk mode in Intune, MHS launches automatically as the default home screen on the device. This customizable launcher serves as a key tool for IT admins to better manage devices. It also ensures that users are performing at the expected levels.

As organizations provide users with increasingly more powerful devices, they need to make sure that business operations improve accordingly. The availability of Managed Home Screen is expanding from just user-less kiosks or shared devices to corporate-owned, fully managed devices associated with a specific user as well. As a result, this means capabilities are will extend to a wider range of use cases and applications.

BitLocker RECOVERY KEY

Having access to a BitLocker recovery key allows you to unlock an Intune-enrolled PC if you have the misfortune of forgetting your sign-in password and getting locked out. The stored recovery key is accessible from the Intune Company Portal website. It’s also accessible in the Intune Company Portal app.

Without this key, users would typically need to contact the Help Desk for assistance. As one can imagine, it’s easy to see why this option is better. It offers greater support to users while lightening the load on IT professionals.

Going forward, this update will enable end-users to access their BitLocker recovery key directly from the Company Portal website. Because of this, your organization can expect to benefit from a more intuitive and streamlined path to recovery.

This should also help improve productivity because end-users won’t need to wait for the delays that sometimes occur while waiting for IT support to assist them. And with IT having this task taken care of for them, they will have more time to dedicate to more productive endeavors.

CORPORATE IDENTIFIERS

This feature aims to verify that corporate devices are labeled as corporate-owned as soon as they enroll. It does so by adding their corporate identifiers ahead of time in the Microsoft Intune admin center.

For businesses, corporate device management provides you with more capabilities than that for personal devices. This new change will help organizations restrict the application of the corporate-owned devices label only to authorized devices.

Adding corporate identifiers to Intune requires you to upload a file of corporate identifiers in the admin center or enter each identifier separately. Also important to note is the fact that you don’t need to add corporate identifiers for all deployments. During enrollment, Intune automatically assigns corporate-owned status to devices that join to Microsoft Entra via:

  • Device enrollment manager account (all platforms)
  • An Apple device enrollment program such as Apple School Manager, Apple Business Manager, or Apple Configurator (iOS/iPadOS only)
  • Windows Autopilot
  • Co-management with Microsoft Intune and group policy (GPO)
  • Azure Virtual Desktop
  • Automatic mobile device management (MDM) enrollment via provisioning package
  • Knox Mobile Enrollment
  • Android Enterprise management:
  • Corporate-owned devices with work profile.
  • Fully managed devices.
  • Dedicated devices.
  • Android Open Source Project (AOSP) management:
  • Corporate-owned user-associated devices
  • Corporate-owned userless devices
  • Google Zero Touch

Windows 365 Cloud PC security baseline updates

From the new, additional features and updates to Microsoft Intune, it’s clear to see that increasing efficiency matters. Strengthening security is also of utmost importance. And the same applies here.

Configuring security settings can often be a complex, time-consuming task that few will enjoy especially if you are still a novice. These deployed policy templates with Intune aim to establish Microsoft Security–recommended settings are central to the security strategies employed by Intune.

To ensure that you get the most from these measures, Intune has set it up such that these baselines can be tailored to your unique needs. Additionally, this particular update requires you to manually update your customizations, if any, from the previous baseline. This baseline, which comes highly recommended, will also give you:

  • Faster deployment of baseline version updates
  • Improved user interface and reporting experience (such as per-setting status reports)
  • More consistent naming across the Intune portal
  • Elimination of setting “tattooing”
  • Ability to use assignment filters for profiles

New updates and features for Windows 365

Similar to Microsoft Intune, Windows 365 has also introduced several updates to the Cloud PC service. Some of these include:

ADDITIONS TO DEVICE MANAGEMENT CAPABILITIES

UpdateWhat it offers
Windows 11 Cloud PCs now support EN-NZAs of September 2024, Windows 11 Cloud PCs now support EN-NZ.
Support for symmetric NAT with RDP ShortpathThe goal is to develop an RDP Short path in Windows 365 such that it can support setting up an indirect UDP connection using Traversal Using Relays around NAT (TURN) for symmetric NAT. Most are probably aware that TURN is a widely accepted standard for device-to-device networking for low latency, high-throughput data transmission.
Uni-directional clipboard support is now generally availableWith service release 2407 in July 2024, came the release of uni-directional clipboard support into general availability.
Closing port 3389 by default for newly provisioned and reprovisioned Cloud PCsGoing forward, expect to find the inbound port 3389 closed by default. This update has come about as a means to further safeguard your Windows 365 environment.
Chroma subsampling default change to 4:2:0This change has been made to help reduce monitor support issues. The Windows 365 service will now default to the chroma subsampling at 4:2:0. instead of the previous 4:4:4.
Windows 365 Boot and Windows 365 Switch now support battery status redirectionIn a move that should be welcomed by users, Windows 365 Boot and Windows 365 Switch will now offer support for battery status redirection. Therefore, you can now view your local PCs battery status on a Cloud PC.
Upgrade Windows 365 licenses in Microsoft admin centerAll clients with Modern Microsoft Cloud Agreements can now upgrade their existing Windows 365 licenses in the Microsoft Admin Center.
New Windows 365 Cloud PC images available in the galleryAs of May 2024, you can now access new Cloud PC gallery images for Windows 10 and Windows 11. These improved images have harmonized optimizations with Windows 365 apps images for better policy management:   Win 10 Enterprise Cloud PC: 21H2, 22H2,Win 11 Enterprise Cloud PC: 21H2, 22H2, 23H2
Manage redirections for Cloud PCs on iOS/iPadOS devicesThe Intune admin center can now be used to handle redirections for iOS/iPadOS users who access their Cloud PCs using Microsoft Remote Desktop and Windows App.

DEVICE SECURITY UPDATES

UpdateWhat it offers
Session lock experience configuration for single sign-onThis new update offers clients the ability to configure the remote session lock experience when single sign-on (SSO) is enabled between the default disconnect behavior and showing the remote lock screen. Enabling SSO allows you to use passwordless authentication and third-party Identity Providers that federate with Microsoft Entra ID to sign in to your Cloud PC. This tool offers an SSO experience when authenticating to the Cloud PC and inside the session when accessing Microsoft Entra ID-based apps and websites.
Windows 365 support for Microsoft Purview Customer KeyWindows 365 clients are also being given a feature that supports the encryption of Cloud PCs by setting up Microsoft Purview Customer Key.
Customer LockboxWith service release 2407 is new Windows 365 Government support for Microsoft Purview Customer Lockbox. The Customer Lockbox prevents Microsoft from accessing your content without explicit approval. This feature gets you integrated into the approval workflow process that Microsoft uses thereby restricting access to your content only to authorized requests.
Single sign-on Windows 365 clients authentication changeSingle sign-on for Windows 365 is switching to the use of the Windows Cloud Login Entra ID cloud app for Windows authentication. This change will begin with the Windows and Web clients.
FQDNs removed from requirement listSeveral of the required FQDNs have in the past been moved to the *.infra.windows365.microsoft.com wildcard FQDN. This move reduces the initial configuration requirements and the change rate of connectivity requirements. As of May 2024, the old FQDNs have been removed from the requirement list.  
Microsoft Purview Data Loss PreventionIn March 2024 (service release 2403), it was announced that Microsoft Purview Data Loss Prevention (DLP) will now support Windows 365 Enterprise. Getting access to DLP means that you can now monitor the actions that are being taken on items you’ve determined to be sensitive. Moreover, this also helps you block unintentional sharing of these items. As soon as you onboard devices into the Microsoft Purview solutions, data concerning what users are doing with sensitive items becomes available in activity explorer.
Windows 365 Boot shared mode supports FIDOThis change can help your business strengthen the security of your Windows 365 environment. Because Windows 365 Boot shared mode now supports FIDO, enterprises can leverage hardened authentication measures that minimize the risk of successful attacks.

MONITOR AND TROUBLESHOOT

UpdateWhat it offers
New Intune report and device action for Windows enrollment attestation (public preview)The device status attestation report gives you information about devices that have either Completed, Failed, or Not started enrollment attestation. With the new device attestation status report in Microsoft Intune, you can find out if a device has attested and enrolled securely while being hardware-backed.
Cloud PC utilization report for Windows 365 GovernmentThe Cloud PC utilization report offers you a useful tool for monitoring and optimizing Cloud PC usage in your organization. You can glean from it information such as how much time users are spending on their Cloud PCs or when they last connected. As of June 2024, support for this feature is now available to Windows 365 Government.
Cloud PC size recommendations reportThis Cloud PC recommendations report is now out of preview and generally available. The report is an AI-powered feature that enables administrators to determine the correct size for Cloud PCs. By assessing data such as end-user Cloud PC usage patterns, platform level resource utilization data, and performance needs, you can work out the best Cloud PC configuration for your users.
Cloud PCs that aren’t available reportGenerally available as of May 2024 (service release 2404). Simplifies the task for admins by helping them identify Cloud PCs that may be currently unavailable. The report will give you information concerning conditions up to 5 to 15 minutes ago. As a result, you could potentially find Cloud PCs in the report that have already recovered.
Improvements to Cloud PC connection quality reportSeveral upgrades to the Cloud PC connection quality report became generally available in March. The improvements that you can look forward to include:   A more comprehensive view of the overall performance of your Cloud PCs.A more detailed view of devices when they are in a state of poor performance due to high round trip times.Tenant level visibility to most recent/current for:Round Trip Time.Bandwidth.Connection Time.UDP Utilization.Connection specific detail on client IP and associated CPC Gateway.Filters for all columns.
Alerts for Windows 365 Frontline maximum concurrent Cloud PCsWindows 365 administrators will be getting even more information to help them better manage their Cloud PC environments. With this update, admins receive alerts notifying them when the maximum concurrent Cloud PCs are active for Windows 365 Frontline subscriptions.
Device action data kept for 90 daysYou get to view actions performed within the last 90 days. To access this information, navigate to the Overview page for individual Cloud PCs.

UPDATES TO WINDOWS 365 BOOT

UpdateWhat it offers
Shared and dedicated Windows 365 Boot deviceUsing Windows 365 Boot, admins can configure Windows 11 physical devices so that users can:   Avoid signing in to their physical device.Sign in directly to their Windows 365 Cloud PC on their physical device.   To add to the flexibility, Windows 365 Boot now supports both dedicated and shared PC scenarios.
Windows 365 Boot sign-in page customizationAnother update for Windows 365 Boot is the availability of sign-in page customization. Previously in preview, this feature became generally available in February.
Windows 365 Boot fail fast notificationsAdding to the previous new updates is fail fast notifications. Beginning in February as well, Windows 365 Boot detection and notification of network or application setup issues transitioned to general availability.
Management of local PC settingsThe last update for February allowed for changes regarding the management of local PC settings. Going forward, users will be able to manage local PC settings through their Windows 365 Boot Cloud PC.

Wrap up

Ensuring that your IT environment is operating at peak efficiency is a goal that every company should have. Optimizing the functions of applications and devices is integral to maintaining elevated productivity levels. This is why one cannot overstate the importance of the new features and updates. It’s why we regularly see them from Microsoft Intune and Windows 365.

Not only do they keep your business running smoothly. They constantly address any issues that may arise. As a business, your needs change as the operating environment evolves. Therefore, there is a need for services like Intune and the Cloud PC that can keep up with those changes.

Synology SSD Cache: A Comprehensive Guide

Synology NAS (Network Attached Storage) devices are known for their versatility, offering a wide array of features for data storage, sharing, and management. One feature that significantly enhances performance is the Synology SSD cache. This guide explores Synology SSD cache, its benefits, how to set it up, the importance of upgrading DiskStation Manager (DSM) versions, and how to verify if you’re running the latest DSM version.

What is Synology SSD Cache?

An SSD cache uses Solid-State Drives (SSDs) to accelerate data access on traditional Hard Disk Drives (HDDs). SSDs are much faster than HDDs due to their lack of mechanical parts, providing lower latency and higher throughput. In Synology NAS, SSD caching improves the performance of your storage pools without requiring a full SSD-only setup.

Types of SSD Cache in Synology NAS

  1. Read-Only Cache:
    • Speeds up frequently accessed data by storing it in SSDs.
    • Improves read performance but does not affect write operations.
  2. Read-Write Cache:
    • Boosts both read and write performance.
    • Requires at least two SSDs in RAID 1 for redundancy.

Benefits of SSD Cache

  • Enhanced Performance: Faster data access and improved application performance.
  • Cost-Effective: Combines HDDs and SSDs for performance gains without the expense of SSD-only setups.
  • Scalable: Easily added or removed as needed.
  • Optimized Utilization: Ensures frequently accessed data is quickly available.

When to Use SSD Cache

  • High I/O Workloads: For example, virtualization, databases, or file servers.
  • Mixed Storage Systems: Combining HDDs and SSDs for balanced performance.
  • Repetitive Access Patterns: Ideal for applications with predictable workloads.

How to Set Up SSD Cache

Prerequisites

  • A compatible Synology NAS model.
  • Supported SSDs (check Synology’s compatibility list).
  • An existing storage pool.

Configuration Steps

  1. Install SSDs:
    • Install SSDs in the designated bays or via an adapter card like the Synology M2D17 in PCIe Slot 1.
    • Verify installation using Synology DSM.
  2. Create SSD Cache:
    • Navigate to Storage Manager > SSD Cache.
    • Choose the storage pool and cache type (read-only or read-write).
    • Follow the on-screen instructions.
  3. Monitor Performance:
    • Use Resource Monitor to track cache efficiency.
  4. Optimize Cache:
    • Update DSM for the latest features.
    • Adjust settings as needed.

Why Upgrade DSM?

DiskStation Manager (DSM) is the operating system powering Synology NAS devices. Regular upgrades are essential for:

  • New Features: Improved functionality and usability.
  • Security: Patches to keep your system secure.
  • Performance: Enhanced efficiency with updated algorithms.
  • Compatibility: Support for new hardware and apps.
  • Bug Fixes: Resolves known issues.

DSM Upgrade Steps

  1. Prepare for the Upgrade:
    • Backup data using Hyper Backup.
    • Verify compatibility and system health.
  2. Upgrade DSM:
    • Use the Control Panel > Update & Restore for automatic updates.
    • Perform manual updates by downloading the update file from Synology’s website.
  3. Post-Upgrade Verification:
    • Test applications and review logs for errors.
    • Reconfigure settings as needed.

How to Verify DSM Version

  1. DSM Interface: Navigate to Control Panel > Update & Restore to check for updates.
  2. Synology Assistant: Use this tool to display the DSM version.
  3. Command-Line: Run cat /etc/VERSION via SSH.
  4. Mobile App: Use Synology’s DS Finder to check the version.

My Setup and Observations

I am using a DS1817+ with eight Seagate ST8000AS0002-1NA17Z 8 TB Archive HDDs, running without issues. Currently, I’m upgrading to 16 TB Western Digital WDC WD161KFGX-68AFPN0 HDDs. My SSD cache consists of two Samsung SSD 850 EVO M.2 (500 GB) drives installed using a Synology M2D17 adapter in PCIe Slot 1.

Hardware Highlights

Seagate ST8000AS0002 HDD:

  • Energy-efficient archival storage.
  • Reliable for long-term use.

Western Digital WDC WD161KFGX HDD:

  • High-capacity Ultrastar DC HC500 series.
  • Optimized for data centers with vibration resistance.

Samsung SSD 850 EVO M.2:

  • Advanced 3D V-NAND technology.
  • TurboWrite for faster write speeds.
  • High endurance and energy efficiency.

Best Practices for SSD Cache

  • Regular Maintenance: Monitor and optimize cache performance.
  • Stay Updated: Enable automatic DSM updates.
  • Evaluate Workloads: Periodically assess cache efficiency.
  • Use Compatible Hardware: Follow Synology’s compatibility guidelines.
  • Backup Data: Regularly back up to avoid data loss.

Conclusion

Synology SSD cache is a game-changer for optimizing NAS performance. Coupled with regular DSM upgrades, it ensures a reliable and high-performing system. Follow these best practices to maximize your NAS potential, enhance data security, and enjoy seamless compatibility.

Microsoft Intune and Windows 365 in 2025: What to Expect

As 2024 is drawing to a close, we can start to look back at the features that have been added to Microsoft Intune and Windows 365. These upgrades have enhanced the user experience, strengthened security measures, and enabled users to operate more efficiently.

As such, it will be exciting to look at what Microsoft could potentially add to these platforms in 2025. Businesses will be interested in seeing what Microsoft has on the horizon. They will also be eager to see what will improve these platforms even further while simultaneously addressing some common concerns they may have.

With this in mind, in this article, we’ll be going over the information Microsoft has released concerning features scheduled to be released in 2025.

What does 2025 hold for Intune?

Microsoft Intune: Managed device attestation for iOS/iPadOS and macOS device enrollment and ADE

When we consider the threat landscape that organizations constantly have to deal with, it’s easy to see why there is a great need for continually improving security measures. Hence why bringing ACME and managed device attestation support for eligible Apple devices to GA is a great move on Intune’s part. It should enable you to have better control over the verification processes of various devices.

Included in this update are device enrollment and ADE enrollments, notably AC2. Admins should note that this will apply to new enrollments with device enrollment (BYOD) and new enrollments with ADE or Apple Configurator tool. We can expect to see the rollout of this feature beginning in April 2025.

Microsoft Intune: Windows enrollment attestation

Staying with the same theme of enhancing security measures, businesses will also be getting this feature beginning in March 2025. You can expect to have physical devices attested at enrollment and enrollment credentials storage in the hardware of the device.

This can provide administrators with an extra bit of convenience. It will allow them to view device attestations in the new Device attestation status report. Additionally, they can force attestation from that report when necessary.

Microsoft Intune: Enhanced device inventory for Windows devices

Few things can increase work efficiency the way that easily having access to all the information you need when you need it can. This is what businesses will be getting when this service is rolled out in February 2025 enabling them to obtain more inventory information about their Windows devices. You get to specify which device properties you need to collect as well as from which devices. With this, you can view that information for your devices.

Microsoft Intune: Hardware-backed attestation – enhanced for Windows 11

This feature, which will be coming to you in January 2025, seeks to improve the Windows compliance policy. You should expect an improvement in device health due to the addition of five additional hardware attestation settings. These settings are specific to Windows 11 using advanced platform security features. The latter will include features such as firmware protection, virtualization-based security, Memory Integrity and Access Protection, and Early Launch Antimalware protection.

Microsoft Intune: macOS Platform SSO Support

Intune is constantly looking for ways to enhance the user experience for customers that use the macOS platform. To this end, features like this one in particular will give you better security and increase convenience. With the release planned for January 2025, customers should soon be able to log in on a managed Mac using their Entra ID password.

Microsoft Intune: Multiple managed accounts

Adding to the convenience that the upcoming Intune features will bring is this feature. As of January 2025, Microsoft plans on enabling users to use a single device with multiple company accounts to access company information through specific managed applications.

Microsoft Intune: Enrollment time grouping for Android Enterprise Corporate devices

Enrollment time grouping (ETG) for Android Enterprise Corporate devices is a feature that will help targeted apps and policies reach devices faster thus minimizing delays common with device setup. The rollout is slated for January 2025.

AI to boost the capabilities of the Cloud PC

Businesses cannot deny the immense potential that AI can offer them. This technology has vast applications that can positively impact business operations at just about every level. It’s therefore no surprise that Windows 365 is working on taking advantage of AI to improve the user experience for Cloud PC users. Already, Windows 365 can use AI to provide you with Cloud PC resizing recommendations that can help minimize costs and increase efficiency.

Windows 365 does this and more by leveraging AI to evaluate Cloud PC deployment and utilization. With this information in hand, companies can better plan their Cloud PC environments thus maximizing the value of their investment. These tailored, AI-powered insights will help you avoid several issues including:

  • Complex purchase discussions – when you lack specific information, your organization could spend vast amounts of time bogged down in discussions with vendors trying to figure out what’s most suitable for your needs.
  • Low productivity levels – if your environment operates with incorrect configurations, employees cannot perform at optimum levels and their output will be lower than it should be.
  • Fluctuations in usage and license churn – any discrepancies between your purchased licenses and actual use may cause irregular usage patterns which in turn negatively impacts cost management.

Wrap up

The various development teams at Microsoft appreciate the need to keep expanding the capabilities of the products and services they offer. As the modern work environment evolves, so too should the tools available to us. Companies need technologies that empower their employees, strengthen their security, and inspire business innovation.

Fortunately, the new features and capabilities that Microsoft Intune and Windows 365 are working on promise to deliver. Customers can plan excitedly for the future knowing that their platforms of choice will keep them ahead of the curve.

Enhancing Your Security Posture in Windows 365 and Azure Virtual Desktop

Setting up a virtual computing environment offers plenty of benefits for most organizations. But, businesses also need to understand the potential security issues involved and how best they can address them. Recently, Microsoft has been working on enhancing security measures for Windows 365 and Azure Virtual Desktop (AVD) clients. In addition to that, one of the key goals is to address the complexities that organizations often have to deal with regarding security policy management.

By doing so, Microsoft intends to provide clients with a robust suite of new security features. The new features will offer greater infrastructure protection.

Common security risks in virtual computing

Businesses are constantly dealing with various threats to their infrastructure and data breaches can be some of the most damaging. From huge financial losses to potential legal ramifications, data breaches pose serious threats to companies. Some organizations might even find it hard to bounce back from if left unprotected.

Another of the biggest challenges that businesses deal with on a daily basis is insider threat. What makes this such a tough issue to deal with is that it encompasses both negligent as well as malicious users. This kind of problem serves to highlight the importance of the new features Microsoft is launching. These latest features aim to strengthen identity and access management protocols.

Organizations can also get punished for a lack of due diligence. If one makes the mistake of engaging a virtual computing services provider without a full understanding of the security they have in place, it can end up being extremely costly.

Working with platforms, like Azure Virtual Desktop (AVD) and Windows 365, gives you the advantage of integrated services into the Microsoft security ecosystem. Not only do you get excellent security but you also get compliance with the appropriate regulations.

Ensuring security by default

One of the key things that Microsoft is doing to counteract security threats is putting in place features that provide security by default. This can be achieved by embedding Microsoft-recommended security settings right at the beginning when creating Cloud PCs or virtual machines. Putting in place measures like these serves to make security an integral part of these virtual services. It also provides you with robust security straight out of the box

SIMPLICITY with Azure Virtual Desktop

Implementing security by default also simplifies things by reducing the need for manual configurations. This allows you to have more productive time. IT admins will have even less to worry about, thanks to one of Microsoft’s newer updates. This update works by restricting Port 3389 by default on all newly provisioned and reprovisioned Windows 365 Cloud PCs. This update goes a long way in getting virtual services to the goal of automated, built-in security.

FLEXIBILITY with Azure Virtual Desktop

Despite the need for default security, Microsoft still appreciates that there may be times when IT admins may need to override these settings. For instance, think of a situation where IT admins have to customize security for their virtualization deployment to accommodate different devices and varying work models.

In anticipation of such scenarios, Microsoft gives clients the flexibility to override these security settings when the need arises. Ultimately, the key is to offer businesses solutions that are easy to use but not at the cost of improved security. Thus, the new features will simplify securing identity, data, and access. They’ll do so while simultaneously giving organizations the choice, flexibility, and control necessary to maintain a robust security structure.

Secure identity

Considering the threat landscape that businesses have to deal with, it’s extremely important to have the right technologies and processes to safeguard access to resources. Comprehensive solutions are necessary to secure identities ensuring that the right individuals get the right access at the right time.

Not only that, but end-users expect a seamless user experience that makes things easier for them. Needless to say, it’s equally or maybe even more important to have processes that curb malicious access.

FACILITATING SECURE ACCESS

In keeping with the goal of improved identity security, Microsoft recently preview launched Passkey support in Microsoft Entra for macOS and iOS devices with single sign-on and password-less authentication.

With this update, users can expect the end-to-end user experience to become more streamlined. Coupled with improved phish-resistant password-less security for Windows 365 and Azure Virtual Desktop, this launch will undoubtedly give organizations stronger identity processes.

Given that many individuals view Passkeys as not only easier to use but more secure than passwords, this move by Microsoft is bound to be very welcome. As a method of authentication reliant on cryptographic techniques combined with biometrics such as fingerprints, Passkeys can be a significant upgrade over conventional password-based authentication.

RE-AUTHENTICATION

In addition, clients can also look forward to new features. These include faster re-authentication (public preview) that will leverage sign-in frequency in Microsoft Entra Conditional Access policies. This is something that will give IT admins the necessary control to enforce secure, timely reauthentication based on their needs.

Users must re-authenticate only when needing to authenticate to a resource and also when a new access token is needed. Once a connection has been established, they won’t be prompted even if the connection lasts longer than the configured sign-in frequency.

Users also need to re-authenticate if a network disruption occurs that forces the session to be re-established after the configured sign-in frequency. Unfortunately, on unstable networks this probably means more frequent authentication requests.

Wrap up about Windows 365 and Azure Virtual Desktop

The threat landscape is constantly evolving thus creating new risks that organizations have to be prepared to face. With malicious actors working nonstop to expose vulnerabilities, businesses cannot afford to be lax in their approaches to data security. This is why Microsoft is committed to ensuring that clients using the Windows 365 and Azure Virtual Desktop platforms regularly receive new high-end security tools and updates. By doing so, organizations like yours can mitigate the risk of dangerous data breaches and financial losses with fortified security postures.

Windows 365 – Scalability

One of the major features that has driven the success of cloud computing is scalability. This particular feature is vital to businesses like yours. And it’s how businesses will be able to swiftly and efficiently scale their IT resources.

So, it’s not surprising that Microsoft’s Windows 365 environment supports this feature because of how easy it is to use. For starters, deploying Cloud PCs is going to be a relatively simple exercise. But, if your organization’s demands for computing resources such as storage and processing power change, then you’ll be able to address those demands with very little fuss. And with the growing interest in cloud computing, Windows 365 needs to be a top consideration as the service of choice.

What is Scalability?

So, what exactly is scalability with regard to cloud computing? Simply put, this refers to the ability to either increase or decrease your IT resources at your convenience. And it’s a valuable feature to have when your business needs require it.

Therefore, if your business is growing, you can swiftly make the necessary changes to your cloud computing environment. Gain additional resources such as storage, processing power, and bandwidth. And you can easily do this without the potentially huge financial outlay that may otherwise be required to upgrade your hardware or change your infrastructure. This will then translate t more cost-effective business operations. And it will boost your performance even further.

Whatever cloud services your business would like to use, scalability will be key in ensuring that you get the best possible experience. Fortunately, for clients of Windows 365, the system functions in a way that enables you to scale quickly so that businesses, regardless of size, can easily meet their computing needs.

Although we often think of scaling up for growing business, in some cases, you may find yourself needing to scale down. As a result, admins can also remove virtual desktops according to the needs of the business and not just increase the number.

Scalability Features of Windows 365

With Windows 365, Microsoft offers clients the next step in desktop virtualization technology. It gives organizations plenty of features that will help to optimize IT operations and increase productivity. Among these features include those that can help you to swiftly scale up or down according to your needs. In this section, we’re going to look at some of these scalability features.

FLEXIBLE PRICING

In addition to offering clients two versions of the service - Windows 365 Business and Windows 365 Enterprise - Microsoft has a flexible pricing arrangement in place to meet different needs. You can find the lowest-end SKUs costing $20 a month and the highest-end at just over $150. The pricing model is meant to ensure that both small and large enterprises can find something to adequately meet their requirements without having to pay for more than they need.

For instance, regular frontline workers will not need anywhere near the same computing power as web developers, software engineers, etc. And the benefit of having this fixed monthly subscription is that it makes it easier to plan accordingly for your IT expenditures.

Furthermore, despite there being two different editions to cater to different types of organizations, the range of features that will be available to clients is pretty much the same. This helps to alleviate any concerns about potentially getting an inferior service to clients paying for the higher-end subscription plans.

So, even if your organization is relatively small at the moment, Windows 365 allows you to pay only for what you need, and then as you continue to grow, you can eventually scale up as needed without worrying about significant additional expenses.

SELF-SERVICE PORTAL

The availability of self-service is something that can help to streamline business processes and enhance overall client satisfaction. Relying on manual processes as well as depending on external support, can massively hinder the efficiency with which your business can operate.

This is why Windows 365 provides clients with a self-service portal whose aim is to ensure that it eliminates as many obstacles as possible. Therefore, by giving clients the control needed to perform certain actions, we can expect to see fewer disruptions and faster implementation of important changes.

With this control, admins can create, manage, and deploy virtual desktops very quickly and without any trouble. And this will also help to minimize IT friction because of the reduction in downtime as well as dependency on help desks.

Simply put, getting greater control allows your business to run more smoothly and without needing any additional IT resources. This is something that will also benefit you financially as you can expect a reduction in IT expenses.

RESOURCE ALLOCATION

One thing that we should not forget is that virtual resources are similar to your regular traditional resources in that they are exhaustible. It’s important to remember that this ‘cloud’ that we so often talk about requires physical hardware on the other side. This means that when it comes to the allocation of resources, we should not abandon the principles that we have been using all along.

We’ve already discussed the flexible pricing that Windows 365 clients can leverage. But businesses can still have concerns about the cost of cloud computing resources. Hence the need for resource optimization to ensure that resources are being placed precisely where they are needed.

Microsoft wants Windows 365 to be as cost-efficient as possible for clients, which is why you can allocate resources in a way that maximizes usage and thus improves productivity. By directing resources such as memory, storage, and processing power to areas with the heaviest workload, you can enhance the efficiency of your business processes.

With the ideal resource allocation strategy in place, you can also reduce your cloud computing costs. And the best way to craft that strategy is to have a full understanding of how Windows 365 works, the workloads of various users, and the network your organization uses.

RAPID DEPLOYMENT

One of the things that can make businesses hesitate about implementing new technologies is the potential downtime. Whenever possible, businesses want to avoid spending several days or weeks deploying new software. Getting a new system set up as quickly as possible is the most ideal scenario. And Windows 365 is designed precisely for this purpose. One of the things that Microsoft constantly repeats about Windows 365 is its ease of use and deployment.

Even without bringing in additional IT resources, you can easily have a new Cloud PC within half an hour. As the age-old cliché goes, “time is money,” and so being able to set up new Cloud PCs this quickly only makes Windows 365 that much more attractive.

Therefore, whether it’s deploying new virtual desktops or scaling up your computing resources, Windows 365 can handle this in minutes, not hours or days. This means that when the need arises, businesses can make a swift response to changes in computing resource demands.

CENTRALIZED MANAGEMENT

Decentralized systems can breed a lot of chaos that can negatively impact how efficiently your IT staff can work. If a problem arises and is dealt with in one department but keeps occurring in other departments, then your organization’s productivity will expectedly suffer.

Centralized management capabilities such as those you get with Windows 365 will not only improve performance but will help to potentially reduce operating costs while simultaneously enhancing overall security. Administrators can utilize a single console to monitor and manage all virtual desktops, thus making the job easier. By leveraging these benefits, your business can scale its computing resources quickly and without compromising on security or efficiency.

INTEGRATION WITH MICROSOFT AZURE

An undeniable part of the success of Windows 365 is the fact that it exists on Azure infrastructure. Because of this, it can take advantage of components of the already successful Azure Virtual Desktop (AVD). This gives Windows 365 access to arguably the most secure platform you can get. Azure’s industry-leading security measures and identity management can provide Cloud PCs with more than adequate security.

Furthermore, businesses will benefit from exceptional computing resources, including virtual machines. There are also databases, computing power, and as much storage as companies need. And you get access to these vast resources. Moreover, as your business continues to grow, you’ll have the option to implement a secure upscale of your resources. The reason why all of this is achievable, with almost no difficulty whatsoever, is because of the tools and services. Essentially, you’ll be using the same arsenal of resources you usually use for the process.

Benefits of Windows 365 Scalability

As we’ve already discussed above, scalability plays a key role in how businesses can efficiently utilize their resources. The scalability features that Windows 365 avails to its clients come with several benefits:

REDUCED COSTS

Probably the biggest benefit your business stands to gain from the above-mentioned features is reduced IT expenditure. Because of how easy the scaling process is, you won’t need to bring in any additional IT personnel to do the job. Moreover, you also don’t need to make costly infrastructure changes or purchase additional hardware. All of this, combined with the flexible pricing plans and self-service portal, will help your business to reduce IT expenses. And this is something that will be particularly beneficial to smaller enterprises that could struggle with the costs of scaling their computing resources.

IMPROVED EFFICIENCY

Businesses know that occasionally unexpected opportunities will occur, and the ability to effect a swift response will be essential if they are to take advantage. The centralized management and rapid deployment features available with Windows 365 will give you just that. If you suddenly experience a significant increase in traffic, then you will need to respond with a quick and efficient scaling of your computing resources. And this should be done without compromising performance or quality of service. You can be certain that if you miss this opportunity, another business will be eagerly waiting to take advantage.

INCREASED FLEXIBILITY

Windows 365 is great for offering your employees increased flexibility in their working conditions. But this flexibility also extends to the entire organization. Setting up IT infrastructure is often a very costly endeavor for any business. So, having a service like Windows 365 helps businesses to purchase only what they need. And as the business grows, you won’t have to worry too much about scaling up or down, as necessary. This is because Windows 365 is flexible enough to do that quickly and cost-efficiently. Businesses, large or small, can easily adapt to a changing environment without the usual challenges that often accompany the task.

ENHANCED SECURITY

Remote work obviously comes with its fair share of security concerns. This is why a lot of businesses are apprehensive about migrating to the cloud. Windows 365, however, has a foundation built on Azure cloud infrastructure. And it offers excellent security. Organizations will know that users, regardless of where they are working, should be just as secure as those working on-premises. The security measures you put in place will significantly reduce the risk of malicious access to employees’ devices and your organization’s network. In addition, the centralized management capabilities simplify the management and monitoring of all virtual devices. This results in an ability to fortify your security posture even more.

Wrap up

Scalability should be a key priority for any business, regardless of sector. You need to have strategies in place to scale as needed without hindrance due to a lack of resources. As your business grows, new clients should be able to receive the same quality of service that has built your reputation thus far.

And this is why services like Windows 365 are offering businesses the kinds of capabilities that will adequately meet their needs at whatever stage of growth they may be. The ease with which you can scale allows your business to evolve efficiently and without incurring unnecessary costs. Windows 365 could just be the technology you need to help take your business to the next level.

Igniting The Future of AI With Microsoft

Every year, Microsoft holds its Ignite conference, which is open to all partners, IT professionals, developers, and IT enthusiasts. At this Ignite 2024 event, attendees will be treated to keynotes, sessions, and hands-on events. These will be delivered by Microsoft experts as well as other industry leaders.

This year, at Ignite 2024, the key focus will be AI, the role that Microsoft is playing, and what people can expect in the short and long term. We have all probably had some experience with the impact of AI and machine learning processes on how we conduct our business.

So, considering all the cutting-edge innovations currently in development, you can expect Ignite 2024 to be an exciting and informative affair.

The impact of AI on business

OPERATIONAL EFFICIENCY

The capabilities of AI have resulted in a positive impact being felt across different business sectors. With the transformative effect of AI, enterprises can significantly improve how they operate. As the age-old cliché goes, time is money.

By using AI, your organization can start to operate more efficiently by automating most of your time-consuming and repetitive tasks. The benefit is that employing a better and much faster process for dealing with these tasks. This will free employees up to focus on more productive tasks. Expectedly, this could give you an edge in today’s very competitive business landscape.

DATA ANALYSIS

There is no denying the importance of data in the success of any enterprise. But, with the availability of big data, organizations need reliable tools to quickly help them sift through that data and provide valuable insights. Due to the exceptional tools that AI provides, businesses can gather and swiftly analyze huge volumes of data in a very short time.

Consequently, this gives you valuable insights regarding client wants and needs. And when coupled with information about the general behavior of the market, you can immediately start implementing the necessary actions.

Moreover, AI can help minimize human error in the data analysis process while also picking up trends or anomalies that may have gone unnoticed.

IMPROVED SECURITY MEASURES

As businesses increasingly look to AI and cloud-based solutions to improve efficiency and productivity levels, the need for robust security measures becomes more apparent. Every organization needs to be adequately prepared when dealing with the sophisticated attack methods that cybercriminals are using.

Fortunately, AI can also play a key role in your security strategy. Similarly to how it analyzes data for improving your business operations, it can detect patterns or anomalies that could weaken your security posture. By helping identify these issues, AI enables you to reinforce your security measures. It also ensures that sensitive data remains out of reach for unauthorized access.

CUSTOMER ENGAGEMENT

AI can be an extremely useful tool that your organization can utilize to improve the customer experience. The efficient analysis of large amounts of information can give you incredible data insights that are necessary for developing an ideal personalized customer experience.

A lot of companies and brands are already using AI customer service automation to create a more efficient 24/7 customer support system. Not only can services such as these provide excellent feedback, but they can help customers resolve simple issues much faster.

Furthermore, having information that allows you to personalize customer engagement will help employees deliver higher levels of customer satisfaction.

Ignite 2024 Conference

This year, the Ignite conference will not only be focusing on all the latest Microsoft innovations. It will also be taking a deep dive into the power of AI. Attendees can additionally expect to learn about how the power of AI can drive productivity across different industries.

From Microsoft personnel to leading industry experts, the event will offer plenty for participants to choose from with a schedule packed with plenty of sessions and hands-on training. All of this will be taking place at the McCormick Place Convention Center, conveniently located in Chicago, Illinois.

Apart from those leading the sessions, you can expect to meet experts from various tech sectors whose expertise could be invaluable to your organization. However, it’s not just the leading experts who will be around. You also get to meet tech enthusiasts with different levels of experience.

Networking among various groups of people can provide you with greater information about all the amazing innovations happening around the globe. In addition to these groups of people, expect to see business leaders and Microsoft partners who will have plenty to add to the experience.

Why should you attend?

When it comes to tech conferences, one may wonder why they should bother attending. After all, with countless blogs, podcasts, and various other tech platforms, you have plenty of choices regarding where and how you get your tech news and updates. Despite this, however, there are some very good reasons why you should consider attending events like Ignite 2024.

UNIQUE OPPORTUNITIES

Attending tech conferences can give you learning opportunities that other platforms cannot deliver. You get to interact with Microsoft experts, industry leaders, and other professionals. The wealth of information available from keynote speeches, hands-on workshops, and breakout sessions can be instrumental to professional development. Both the learning experience and the engagement with top experts will give you an edge that will not only benefit you but your company as a whole.

CULTIVATE CONNECTIONS

We can all appreciate the value that networking can bring to our lives. From expanding your career prospects to professional development, cultivating mutually beneficial connections can often be the key to success. We’ve all heard the expression, “It’s not what you know but who you know.”

Granted, this doesn’t always ring true. But there’s no denying the impact that well-developed networks can have on one’s career and business endeavors. By connecting with like-minded individuals, you get the opportunity to interact with others who may inspire your creativity. It’s here that you’ll find those who can expose you to cutting-edge innovations. Moreover, you can learn insights that only individuals with certain expertise can provide.

LEAVE YOUR COMFORT ZONE

Another great thing about attending conferences like Ignite is that it takes you out of your comfort zone. Whatever you do and wherever you work, immersing yourself in an environment away from your typical daily routine can be a refreshing and motivational experience.

Take the time to learn about the latest AI and machine learning innovations. Also, commune with others and share ideas. See what other experts, professionals, and IT enthusiasts have to offer, and it might just inspire you to greater success. And if nothing else, enjoy the time off away from work and make the most of it!

Presence of sponsors

As already mentioned, in addition to Microsoft personnel, Ignite 2024 will have plenty to showcase from other industry experts. As the drive toward empowering companies with AI and machine learning technology gains momentum, plenty of tech businesses are pushing the boundaries with innovative solutions. Some of the sponsors you will be seeing at the event include:

  • Intel – a tech giant that is working on hardware and software solutions, designed to help enterprises benefit fully from AI. It should be exciting to see what products and services they are developing to enable organizations to support AI at scale.
  • AMD – one of the key things that AMD is doing is working on high-performance hardware and software products to leverage the full power of their AI solutions. Additionally, by tailoring the capabilities of their products and services to your unique needs, AMD contributes to more efficient operations.
  • Rubrik – with the threats that enterprises are constantly dealing with, solutions that can fortify your data security are necessary. Due to the capabilities of AI, Rubrik can do a lot to enhance your cybersecurity through swift threat detection and analysis, recovery, and resilience.
  • Kyndryl – businesses have much to gain with innovative solutions that speed up the development and implementation of AI-powered processes. Companies can learn how to simplify their operations while potentially scaling up productivity by leveraging generative AI at scale.
  • Dell Technologies – Dell is heavily invested in developing infrastructure that is optimized for AI. Businesses need to have products and services that are powered by AI and that can be deployed anywhere. Considering this, you can expect to learn about the work Dell is putting in to eliminate barriers and support companies with their AI strategies.
  • Fujitsu – Fujitsu is focused on providing companies with AI platforms and technologies uniquely tailored to their needs. The goal of this approach is to empower businesses to take advantage of the full power of AI technology and get the best ROI.
  • NVIDIA – NVIDIA plays a central role in the processing power of AI due to its GPUs, which are fundamental to AI computations. This allows us to benefit from more efficient AI processes. And this is crucial for the further development of AI and its applications across different industries.

Additional event information

The Ignite 2024 conference will be running from November 18-22, 2024. However, attendees should know that day one is an optional half-day. The conference will come to a close on the afternoon of the 22nd. For those attending online, the dates will be from November 19-21. And they also get live streams for keynotes and some sessions. Additionally, they will have access to the following features:

  • Session scheduler
  • Attendee and Featured Partner directory
  • Digital Favorites
  • On-demand access to keynotes and sessions
  • Digital swag, including wallpapers, Microsoft Teams backgrounds, and more.

DAY 1

In-person attendees who will be in Chicago for day one (November 18) with a Technical or Partner Business pass can take advantage of this opportunity to add a pre-day lab or workshop. Running officially from 1:00 PM to 5:00 PM CT, this will be available for an additional fee of USD $325. As a participant in these interactive sessions, you can start preparing yourself for what’s to come in the days ahead.

PLUS PASS

If you’d like to have exclusive access to the Microsoft Ignite room block at the Hyatt Regency McCormick Place and Marriott Marquise Chicago, then you’ll need a Plus Pass. This pass, previously known as a Premier or Convenience Pass, is available as an add-on to a full conference registration pass.

Those who are interested will need to move quickly, as this pass will be available on a first-come, first-served basis and only while rooms are still available. With the Plus Pass, you will have access to a dedicated check-in station on Level 3 of the West Building, from where you can pick up your name badge and official conference swag.

ACCOMMODATION

Reserving a hotel can be done during the registration process. In-person attendees will find that there are pre-arranged hotel room blocks at hotels offering exclusive rates to Microsoft Ignite 2024 registrants. However, only reservations made through the registration website will qualify for the event rate. This means that hotels won’t be able to book rooms at the event rate through their reservation offices.

Wrap up

Attending the Ignite 2024 conference promises to be quite an experience. One that everyone who wants to stay a step ahead of the latest in AI innovation should be excited about. Take advantage of the opportunity to commune with Microsoft experts, industry leaders, and multiple other professionals. And with an online platform available, even if you can’t make it to Chicago, you can still partake in plenty of events from wherever you may be.

Understandably, the world is bristling with excitement over the transformative effect of AI on industries across different sectors. We all want to see how these innovations will continue to impact our business operations. As such, the conference which we are now counting down to is one not to be missed.

Nerdio: Enhancing the Windows 365 Experience

For years now, many organizations have been looking at remote work situations to assess just how feasible this can be for their operations. Undoubtedly, businesses would want to know the cost implications of establishing such a setup. They’d also want to know the difficulties involved and how security issues are addressed, among other things.

This is why Windows 365 has garnered plenty of interest in recent years. With the Windows 365 Cloud PC, businesses can expect to get powerful virtual PCs that are easy to set up, cost-efficient to run, and highly secure. And when you bring a service such as Nerdio into the mix, you can offer clients an even better experience.

Explaining Windows 365

Let’s start by going over what exactly this product is. The Windows 365 Cloud PC is a virtualization service that Microsoft introduced to businesses a few years ago in 2021. The service’s design enables users to stream their Windows 10 or 11 desktop, its settings, any applications, and content from the Microsoft Cloud to any of their devices.

As a business, this means that your workers can experience the full Windows ecosystem whether someone is using a personal or corporate-owned device. Regardless of where they are working, Microsoft aims to take the cloud computing experience to a higher level.

Having an option like this opens up vast possibilities for businesses. Workers no longer need to be restricted to the physical confines of their office buildings and can work from anywhere. Some surveys show that as much as 73% of today’s workers want to have the option to work remotely. We can see why a lot of organizations show a growing interest in this service.

So, with essentially what is an Operating System-As-A-Service solution, Windows 365 offers virtual desktops that can be accessed in any modern web browser. And with a large number of available features, businesses can get the digital solutions necessary to bring about technological transformation.

Benefits of Windows 365

Windows 365 has plenty of great features that make it an attractive option for many businesses. Among some of them, organizations can expect:

IMPROVED FLEXIBILITY

As a virtual workstation with access from anywhere, the Windows 365 Cloud PC gives users increased flexibility regarding where they can work. With an internet connection and a modern work browser, you can access your Cloud PC wherever you are. Additionally, you have the freedom to use any device, be it your PC, Mac, iPad, Android device, etc.

This simplifies working outside the office even more. You don’t necessarily have to go out and purchase new devices that would enable you to access your Cloud PC. Moreover, if individuals get to use the devices that they are most comfortable with, this may potentially increase productivity for some.

GREAT SECURITY

With all the flexibility and remote access that Windows 365 offers, it is imperative that the security measures be of the highest standard. Fortunately, as data is stored on a Microsoft Cloud, clients enjoy guarantees that their data is extremely secure. And this can be further enhanced by using Zero Trust principles.

Features including strict authentication of all users and use of just-in-time and just-enough-access, among others, provides you with the kind of cyber security needed for the complexities of today’s modern environment and the hybrid workplace. Therefore, admins will have less to worry about regardless of whether people are in the office or working remotely.

COST-EFFECTIVE

Hardware costs can be prohibitive for businesses, especially for those that have just started operations. By using Windows 365, organizations can pour their finances into other critical areas because hardware expenditure is significantly reduced.

And since heavy computing is being carried out on the cloud, you won’t need to worry about having the latest, most powerful devices. This is something that benefits even the more established organizations as well.

Using Windows 365 can help to reduce the costs of regularly refreshing your hardware. As long as your devices meet the minimum requirements, you can use them just fine.

REDUCE YOUR CARBON FOOTPRINT

Data centers can be the cause of significant carbon emissions. As such, considering options like Windows 365 for virtual workstations can go a long way in reducing an organization’s carbon footprint. Especially when the Microsoft Cloud operates far more efficiently than traditional data centers.

Some have even stated that it may operate up to 93% more efficiently. And when you combine that with reduced hardware refresh cycles, your organization can potentially make huge strides toward achieving a green operation. Any organization attempting to achieve net-zero emissions may find using Windows 365 to be hugely beneficial towards achieving that goal.

ACCESSIBILITY

One of the best features of Windows 365 is that it’s not a service that targets only big businesses. From massive organizations to smaller ones with less than 300 users, most can find an option that can meet their unique needs.

Microsoft offers two core subscription models, Windows 365 Business for smaller enterprises and Windows 365 Enterprise for the larger ones. Arguably, the best thing about these options is that they share the same range of features. They also provide several Cloud PC configurations from which to choose.

What is Nerdio?

After going over what Windows 365 is and what it offers, one may naturally wonder what Nerdio is and why you would need it. By definition, Nerdio is a deployment, management, and optimization platform for Managed Service Providers (MSPs.) It’s a solution for those using Azure Virtual Desktop and Windows 365.

Its design helps users simplify the use of their virtual workstations by addressing challenges that clients may often encounter. For instance, people who have previously had issues with storage management in the native solutions will get the assistance they need with managing storage.

In addition to increasing user efficiency, one of the most attractive features of Nerdio for businesses is that it aims to help enterprises with native Microsoft Cloud technologies to run more cost-efficiently.

Tools like the Cost Estimator provide precise information that will help you plan accordingly for the technologies you intend to use. Therefore, not only will virtual desktop users be empowered, but organizations will have a tool that can minimize costs.

Prerequisites

Before your organization can deploy Nerdio Manager for Enterprise (NME), you will need to meet several requirements, including the following:

VNET AND SUBNET

You’ll first need to pre-create a VNET as well as a SUBNET. If your environment is Active Directory-joined, then you need to have connectivity to Active Directory or Microsoft Entra Domain Services domains. You should also verify that DNS and any peerings or WAN connections have been established and are working. Before you can deploy NME, you need to check the following:

  • AVD and Azure should have several necessary URLs and ports available.
  • Tasks in NME will require additional URLs, which must be accessible for the successful completion of the provisioning process.

DIRECTORY CREDENTIALS AND SERVICE ACCOUNT

To join host virtual machines to the domain, there will be directory credentials required. Additionally, you’ll need a service account with delegated privileges to join computers to the domain. You should note that a domain account could be suitable but is not necessarily required.

ADMINISTRATOR PRIVILEGES

The administrator responsible for carrying out the NME deployment must have the necessary privileges for Microsoft Entra ID and the Azure subscription. Nerdio recommends the Global Admin and Owner privileges as the best option for simplifying the deployment process. Admins should be aware that NME is not assigned as Global Admin or Owner on the subscription.

Despite that, you still need these permissions to complete the setup. Furthermore, if you have access to another Global Admin user capable of granting consent to the required permissions for NME, the Global Admin privilege becomes unnecessary. However, subscription owner privileges still remain necessary.

FUNDED AZURE SUBSCRIPTION

This subscription is another requirement, and it must have the following resource providers:

  • Microsoft.DesktopVirtualization
  • Microsoft.Compute
  • Microsoft.Storage
  • Microsoft.Automation
  • Microsoft.RecoveryServices
  • Microsoft.SQL
  • Microsoft.Insights

Most of these resource providers should be automatically enabled by the deployment from the Microsoft Azure Marketplace. Not only that, but NME needs to validate if any resource providers are missing during the initial configuration.

Reasons to choose Nerdio

It’s also important to know that there is far more to Nerdio than just simplifying virtual desktop use or increasing cost efficiency. In this section, we’ll be going over why your organization needs to consider Nerdio as a potentially essential tool for your business operations. According to information provided by Nerdio, there is far more on offer than just cost-savings, and this includes:

AUTOMATION AND REPEATABILITY

Most businesses can appreciate how automation can significantly improve efficiency and minimize human error. This means that certain, often mundane, tasks can be carried out with a greater degree of consistency as well as accuracy.

By providing automation, Nerdio can help you optimize workflows and reduce time wastage. And with almost everything you can do within Nerdio automation, this places the service at least a notch above similar products.

It’s not rare to find management tasks within Windows 365 that some may find too complex or time-consuming. This is precisely why Nerdio would be the ideal solution for handling such issues. The ability to automate some of these repetitive tasks will not only save time but also contribute to cost efficiency.

Furthermore, IT teams will be glad for the help that Nerdio offers them as it reduces their burden by automating routine processes such as on-demand desktop provisioning, desktop (image) management, and software deployment.

DISASTER MANAGEMENT

One of the unfortunate things that businesses need to prepare for is system outages. Whether it be due to software/hardware faults or some cyber security event, every organization needs to have a plan in place to handle disruptions. Without the capabilities to swiftly identify and rectify the problem, productivity will grind to a halt, and businesses can suffer massive financial losses.

Ideally, you would want to minimize downtime as much as possible to prevent prolonged customer dissatisfaction. Here is where Nerdio can come through for organizations with excellent tools:

Proactive MeasureService
Automated regular critical data and system backupsMost people will appreciate the need for having secure data backups in case the unexpected ever happens. So, in the event of a cyber attack, or hardware failure, etc, you can quickly have your system restored. With Nerdio automating this process, you can expect swift, consistent backups with the risk of suffering data loss reduced to a minimum.
Disaster recovery as a service (DRaaS)This unique solution gives organizations a reliable backup in the event of a systems failure. Having your data and systems replicated to an alternative region safeguards against prolonged downtime in case of disaster. In some cases, your system may be back up in under 30 minutes.
Specified alternative VM sizes and typesSometimes, organizations may encounter resource shortages in Azure regions. When facing such situations, Nerdio has the capabilities to help you resolve Azure compute capacity limits by providing fallback VM sizes. Therefore, even if your preferred VM size in the region is unavailable, you can still continue with operations such as host creation, auto-scale, auto-grow, and auto-heal.

MANAGEMENT MADE SIMPLER

Nerdio offers clients a great solution to simplify management that comes in the form of three-click management. This service provides your Help Desk with a powerful and user-friendly portal that enables you to manage all aspects of Windows 365.

By using this feature, your organization can easily manage multiple features from one place, including RBAC with an end-user portal, performance and utilization monitoring, alerts and notifications, and MSIX AppAttach, among many others.

DYNAMIC SCALING

Most people can probably agree that manually handling the scaling up and down of resources during traffic spikes can be a burdensome task. This is why organizations with regularly fluctuating workloads can leverage dynamic scaling to minimize time wastage while optimizing resource usage. Nerdio monitors various aspects, such as CPU and RAM, that provide essential data that can be used to determine the actions that need to be implemented.

Additionally, to ensure an even better experience, this service extends to storage as well, and this includes attached disks, Azure files, and more. Ultimately, this service ensures that your business runs as efficiently as possible by helping to allocate resources accordingly. Whenever traffic spikes occur, those who require greater access to resources will get what they need when they need it.

UPDATES AND PATCHING

Keeping up with routine updates can be a hassle for a lot of people. Whether it’s for personal or corporate devices, sometimes people won’t implement the necessary actions to ensure that their devices maintain high levels of security and performance. Most of the time, the reason for this is simple – performing these processes manually can be labor-intensive and thus time-consuming.

Also, recognize the errors that one could easily make. With a lot of IT teams already burdened with a never-ending list of tasks, many virtual machines under their control may end up not getting necessary updates and patches, leaving them vulnerable.

More

Fortunately, Nerdio has a solution for this by offering automation for the update and patching process, thus lightening the load on IT departments. One of the ways you can take advantage of this is by setting up recurring schedules within Nerdio that will automatically install updates a pre-determined number of days after Patch Tuesday. Once this is set up, Nerdio will update your chosen image with the latest patches and the sys prepping process. All this while removing the complexities that the administrator may otherwise have to deal with.

After the update process is complete, you can choose a host pool to test the updates. By doing so, you can verify that all apps are working as they should and that you don’t have any driver or performance issues. Another thing that Nerdio will handle is backing up critical components and integrating them with the Azure Computer Gallery.

With a safety net in place, you can easily go back to your previous versions if the situation ever calls for it. This means that you get to roll out the updated image to your production host pools using the same automated mechanisms only after you’ve satisfactorily tested that everything works as you want it to.

PROOF OF BUSINESS VALUE

The process of establishing an entire AVD environment can potentially be such a massive task that few would envy taking on. Nerdio can help you make this task a lot more manageable by enabling you to provision multiple host pools and machines that can be availed to users within a couple of hours.

Similarly, when a client wants to start a Proof of Value, Nerdio uses this same mechanism. Leveraging the same mechanism helps to maximize efficiency for your organization. Moreover, this can also be combined with scaling profiles.

Nerdio enhances the Windows 365 experience

Nerdio already has a great setup with AVD, so it should come as no surprise that it can also offer services to improve the Windows 365 experience. Moreover, Nerdio Manager starts by providing additional management capabilities for users in addition to what they already get with the native Windows 365 service. Those familiar with the excellent image management options that Nerdio provides for AVD will be glad to know that this will be extended to Windows 365 as well. Not only that, but you’ll be getting it in a single management interface, side-by-side.

With everything being automated and scheduled according to your convenience, image-based software deployments, as well as updating and patching MEM-managed Windows 365 machines, should become much easier.

More

Those who may find themselves in need of a File Server or an Azure Files file share will benefit immensely from the auto-scaling, auto-provisioning, and fine-tuning that Nerdio Manager can deliver. However, this only applies to Enterprise Windows 365 because it has the same network flexibility as AVD. Some of the options you can look forward to are listed below:

  • Readying your environment with the necessary prerequisites for Windows 365.
  • Creation and management of on-prem network connections and provisioning policies.
  • Creation and management of desktop images, including backups and versioning.
  • Management of Active Directory profiles.
  • Assignment of licenses, groups, and users.
  • Cloud PC provisioning as well as re-provisioning.
  • Cloud PC machine restarting.
  • Leveraging a single interface to manage multiple environments.
  • Management of Cloud PC user settings.
  • Providing a comprehensive overview of all provisioned Cloud PCs and their status.
  • There is an audit of everything, and this can be viewed in detail.

But, before you can enable Windows 365, you need to know a few things. If you are going to successfully complete the process, the individual who wants to enable Windows 365 must be a global administrator. You also need to verify that an Intune license is available in the Entra ID tenant where Nerdio Manager is installed.

Furthermore, you should ensure that the Entra ID has the requisite approval on an application permission request consent page. If you are presented with an option to “grant consent on behalf of my organization“, you must approve.

Wrap up

Cloud computing has evolved to a point where it can offer businesses exceptional computing abilities that are difficult to ignore. By working with services such as Windows 365, organizations can take advantage of very powerful virtual workstations regardless of their choice of physical devices.

Users will have excellent accessibility with great security measures in place to ensure business networks are well protected. And if you want to enhance the experience even more, then partnering up with Nerdio can help you do just that. It provides you with tools that will make setting up and managing your virtual desktops a far simpler task. By doing so, you can lighten the burden for admins and potentially improve overall productivity.

Exciting New Features Coming To Windows 365 and Microsoft Intune

When it comes to which tech products and services to use, businesses certainly have plenty of choices. There are so many players in the tech landscape that winning over new clients is often a huge challenge. With this in mind, tech companies need to go above and beyond to retain the customers they already have. For Microsoft, this means ensuring its Windows 365 and Intune offerings continuously update and offer new features.

Doing this helps these services continue to deliver the exceptional quality that customers expect. But more importantly, these services want to enhance the experience even more so that they remain the best in class. With that said, what can we expect from these products in the near future?

What’s coming to Microsoft Intune?

Intune is one of the leading endpoint management platforms available. It is constantly pushing the boundaries of what it can offer to customers. Especially now, with the growing interest in hybrid and remote workforces.

Microsoft Intune is helping companies better manage access to organizational resources. It’s also simplifying app and device management across various devices. With this in mind, new features are consistently in development to improve management. And some of those upcoming features to be excited about include:

Microsoft Intune: On-Demand remediations – single device

We should expect the rollout for this one to begin in December 2024. Remediations are excellent tools that help you address problems a lot faster. These script packages will detect and resolve common support issues on a user’s device. And they’ll do so before they even realize there’s a problem. By running remediations on-demand on a single device, you can immediately start resolving issues. Find resolution without waiting for the predetermined remediation schedule.

Microsoft Intune: Enrollment time grouping for iOS/iPadOS automated device enrollment

Enrollment time grouping (ETG) for iOS/iPadOS automated device enrollment (ADE) is another feature. It will support targeted apps and policies in reaching devices faster. This helps minimize delays, common with device setup.

However, it’s only going to be part of the new iOS/iPadOS enrollment policies. For devices to be part of that group upon enrollment, admins need to add a static Entra ID group into the enrollment policy. This will also reduce the latency of targeted apps and policies. The rollout is on the schedule for October 2024.

Microsoft Intune: Scoped and targeted device clean-up rule

The preview will be available in November 2024, with the rollout starting the following month. With this rollout, admins will be able to clean up inactive devices from their tenant by providing capabilities of running these rules at a platform level. I’m sure we can all attest to the need for a clean environment.

Microsoft Intune: Security Baselines for HoloLens 2

To get the best level of security for your organizational resources, it is advisable to use the security baselines that Microsoft considers the best practice guidelines. This should enhance your security and improve the experience in deploying and supporting HoloLens 2 devices to customers in various industries. The rollout will be coming in October 2024.

Microsoft Intune: SCEP certificate delivery

With the rollout scheduled to begin in October 2024, Microsoft Intune is offering this solution to its customers as well as other external partners. This feature’s design can deliver SCEP certificates with all the necessary security requirements to devices to mitigate the KFC issue.

Microsoft Intune: Enhanced device inventory for Windows devices

Few things can increase work efficiency the way that easily having access to all the information you need when you need it can. This is what businesses will get when this service rolls out in October 2024. And it will enable them to obtain more inventory information about their Windows devices. You get to specify which device properties you need to collect as well as from which devices. With this done, you can view that information for your devices.

Microsoft Intune: Simplified App Control policy creation experience (curated workflow)

In keeping in line with the need to increase efficiency, this solution’s upcoming October 2024 update rollout will do a lot to make life easier for IT admins. This capability will help you configure App Control policies with built-in toggles in the console that expose all App Control for Business capabilities.

Microsoft Intune: Work-hour access controls for Front-Line Workers

This solution can contribute significantly to simplifying workforce management as well as enhancing your overall security posture. Coming in October 2024, this feature will help IT admins with work-hour access controls for front-line workers. Once workers have clocked out, admins can swiftly put in place measures to prevent Teams access or notifications.

Microsoft Intune: Endpoint Privilege Management on single session Azure Virtual Desktop

Anything that can simplify user management will be a welcome addition to the tools that IT admins already have. With this in mind, admins will be happy, as it enables them to use Privilege Management elevation rules and policies to simplify how they manage standard users on Azure Virtual Desktop. The rollout for this one is on the schedule for September 2024.

Microsoft Intune: Endpoint Privilege Management rules support specifying allowable command arguments

Similar to the previous solution, this one is also coming to market in September 2024. This will give admins Endpoint Privilege Management rules support that can specify a list of allowable command parameters. Consequently, this will restrict elevation to only the allowed or mandatory arguments.

Microsoft Intune: New design for Windows Company Portal app

This new and updated design should give users a platform that is easier to use and streamline workflow. You should expect to see changes in the Home, Devices, and Downloads & updates pages. These intend to enhance the overall user experience. Additionally, this updated design will be very simple to understand and thus use. It will clearly highlight any areas that require action from the user.

Windows 365 features in development

For Windows 365, Microsoft has provided us with information about the exciting new features that are currently in development but not yet released. These should help improve the security posture of organizations and enhance the end-user experience. We haven’t found any release dates as of yet. It would be useful for planning purposes to look at what we could soon see coming to our Cloud PCs.

DEVICE MANAGEMENT

FeaturesWhat to expect
Support for symmetric NAT with RDP ShortpathThe goal is to develop an RDP Short path in Windows 365 such that it can support setting up an indirect UDP connection using Traversal Using Relays around NAT (TURN) for symmetric NAT. Most are probably aware that TURN is a widely accepted standard for device-to-device networking for low latency, high-throughput data transmission.
Chroma subsampling default change to 4:2:0Both Intune and Windows 365 want to help enterprises operate more efficiently. And in this case, that can be achieved by reducing monitor support issues. The Windows 365 service will be able to do so by defaulting the chroma subsampling at 4:2:0 (instead of the previous 4:4:4).
Cloud PC gallery images update to Microsoft Teams 2.1Another feature that we should expect to see in the future is Windows 365 Cloud PC gallery images with Microsoft 365 applications being updated to use Microsoft Teams 2.1. These images will include: Windows 11 Enterprise + Microsoft 365 Apps 21H2Windows 10 Enterprise + Microsoft 365 Apps 22H2Windows 10 Enterprise + Microsoft 365 Apps 21H2
Windows 365 support for HEVC video codingWindows 365 is also working on providing support for Hardware High Efficiency Video Coding (HEVC) h.265 4:2:0 on compatible GPU-enabled Cloud PCs.
Azure network connections inactive stateIn the future, some Azure network connections will start getting marked as inactive under some conditions. These conditions are as follows: ANCs not associated with provisioning policies for more than four weeks, ANCs with provisioning policies that have no Cloud PCs associated with them for more than four weeks. IT administrators need to be aware that inactive ANCs will be skipped during health checks and cannot be assigned to provisioning policies. However, if need be, you can reactivate these ANCs.

DEVICE SECURITY

FeaturesWhat to expect
Cloud PC support for FIDO devices and passkeys on macOS and iOSMany consider Fast Identity Online (FIDO) to be the future of authentication measures. These protocols allow you to swiftly and securely authenticate to various services without the need for a password. Because of the ease of deployment, convenience, and extremely high security, it’s no surprise that FIDO is now widely supported and used. Therefore, macOS and iOS users will be glad to know that Windows 365 is working on enabling Cloud PCs to support FIDO devices and passkeys for Microsoft Entra ID sign-in on their devices.

MONITOR AND TROUBLESHOOT

FeaturesWhat to expect
End user manual connectivity checkI’m sure we’ve all experienced the frustrations that always come with faulty connections. All one wants in that instance is to quickly figure out what’s wrong and resolve it. Currently, connectivity health checks are run on individual Cloud PCs, but in the future, end-users will have the tools to manually run connectivity checks on their Cloud PCs from windows365.microsoft.com.
Update to Cloud PC action status reportThe Cloud PC action status report officially allows you to view the actions that admins have taken as well as on which Cloud PCs these actions have been taken. In addition, you get to see the status of these actions. To access this report, you need to sign in to the Microsoft Intune admin center. Once there, select Devices > Monitor > Cloud PC actions (preview). With the update that is soon to come to the Cloud PC action status report, you will be able to view batches of devices in which actions have been activated. Furthermore, customers will be able to see the batch current progress.

PROVISIONING

FeaturesWhat to expect
New health check: UDP TURN (preview)The Azure network connection (ANC) health checks are one of the more unique features that Windows 365 provides. These health checks, which are run regularly, help to ensure that the provisioning of Cloud PCs is successful in addition to verifying that end-users are getting the best possible Cloud PC experience. The update that Windows 365 has mentioned, will see a new UDP TURN being added to the Azure Network Connections health checks.

SECURITY

FeaturesWhat to expect
New settings for Windows 365 security baselinesIn the near future, customers should expect to receive new configuration settings for the Windows 365 security baseline. These Windows 365 security baselines provide customers with a set of policy templates that are founded on security best practices and experience from real-life situations. By using these baselines, customers can obtain security recommendations that will improve their cyber security and reduce the risks facing their networks. With these security baselines, security configurations for Windows 11, Windows 10, Microsoft Edge, and Microsoft Defender for Endpoint will be enabled. Before fully implementing any Configuration changes, however, it’s always safer to first test the security baseline on a pilot group of Cloud PCs.

Wrap up

Getting updates and new features is always an important part of keeping our apps and devices performing at optimum levels. Technology is constantly evolving. And without regular updates, the user experience can suffer negative impacts within a short space of time. Devices can slow down, apps can develop issues that hinder productivity, and security can become compromised.

This is why Microsoft works hard to stay ahead of the issues with a stream of new features and services frequently released to Microsoft Intune and Windows 365. These upgrades guarantee end-users that they will continue to receive industry-leading quality of service, enabling their user experience to improve even further.