Tackling Hybrid Work Environments With Cloud PC Integration

The last few years have seen an increase in the adoption of cloud-based solutions by a lot of organizations. As some employees were forced to work remotely, businesses have had to quickly develop hybrid work environments.

With a lot of discussion about what the future may look like for organizations concerning work environments, the importance of cloud technologies has grown even more. In 2021, Microsoft launched the Windows 365 Cloud PC in an effort to set the standard for what a hybrid work environment can actually look like.

The Cloud PC is meant to be an easy-to-use platform that addresses the challenges that organizations have been facing with cloud-based technologies.

Adapting to the future

Some people believe that as cloud technologies become more widely used, we may end up doing more work outside the office. And when you look at it from this perspective then organizations will need services like the Cloud PC to enable them to avail corporate data and assets to their employees from anywhere.

With plenty of organizations already heavily reliant on Windows products and services, the integration with the Cloud PC means that one can reasonably expect productivity levels to be maintained.

Especially when you consider that a massive 73% of workers would like to see flexible work conditions maintained. So if organizations can provide an ideal hybrid work environment that caters to the desires of their workers while maintaining or increasing productivity levels then it will be a great benefit to the business. And the Cloud PC could be perfect for organizations in the following scenarios:

  • Your staff is flexible enough to work in the office or from home.
  • You have staff working remotely using their personal devices.
  • You have plenty of staff who are temporary workers or you have a high staff turnover.
  • Your staff requires powerful computers that may not be easy to move around with.
  • You require a contingency plan that will enable you to have a PC or multiple in a matter of minutes if some disaster should occur.

Cloud PCs offer a different approach

VDIs have been a very popular platform over the years to meet the virtual technology needs of most organizations. However, legacy VDI has proven to be somewhat limited in what it can offer businesses. For instance, as the number of users and the distance from the office increases, VDI performance diminishes noticeably.

This slows down productivity and affects the organization’s performance as a whole. Not to mention that your VDI infrastructure can be very costly to maintain and also requires significant IT resources. With Windows 365’s Cloud PC, all these issues are addressed with various options available to cater to the needs of small and large enterprises alike.

Providing a simpler solution

Trying to modify existing VDI infrastructure to cater to modern needs can be an extremely challenging task. If you are to accommodate a hybrid work environment then ideally you want something easy to use. And the Cloud PC can give you that. The pricing is flexible and structured to meet the needs of different organizations.

You can also scale up or down as per your requirements. Thus, your organization will only need to pay for the resources you use. Moreover, the service is easy to set up and does away with complex, lengthy provisioning processes. Microsoft wants you to be up and running in under an hour. All of this adds up to give you a Cloud PC that can be of immense value to your business’ hybrid work environment.

Enhanced Windows 11 integration

Microsoft is constantly making improvements to the various products and services that support hybrid work environments. This year, Microsoft has announced new features that will improve the integration between Windows 11 and Windows 365.

All this was a part of the virtual event aptly titled ‘Windows Powers the Future of Hybrid Work‘. Some of the things to look forward to include the Windows 365 Switch. With this feature, users will be able to move between a Cloud instance and an actual desktop PC with a single click.

Another interesting feature is Windows 365 Boot which is going to allow you to boot straight to a Windows 365 Cloud PC. And it will only take a single step. In addition, when you find yourself in a situation where you have no internet connection, you can use Windows 365 Offline to continue working. And then when you manage to get back online there’ll be an automatic resync without losing any data.

Resolving accessibility issues

As previously alluded to above, legacy VDI systems for all they can do will probably start to become problematic the further away you are. So as one would expect, this can put significant restrictions on a hybrid work environment.

But, when it comes to the Cloud PC, one of its most attractive features is the accessibility that users get. This gives organizations a great incentive to migrate their desktop environment to the cloud.

When using the Cloud PC, users don’t need to worry about restricting their movements. They can easily move around and still access their Cloud PCs wherever they are. All you need is a decent internet connection and you can ‘carry your desktop’ with you in your pocket.

Flexible requirements

Another way that the Windows 365 Cloud PC addresses the challenges presented by hybrid work environments is by making the terms flexible. For instance, when it comes to devices, for the most part, it doesn’t really matter what device you are using. Whether you prefer Windows or Linux, Android or iOS, you can still access the Cloud PC.

This means that organizations need not worry about making significant investments in devices before embarking on the migration of their desktop environment to the cloud. Not only that, but users can be comfortable using the devices of their choice.

Furthermore, even when using multiple devices, you don’t need to worry about losing progress. If you need to use more than one device then you’re not going to be facing any accessibility issues.

What about security?

No one can deny the potential benefits that a service like the Cloud PC can bring to most organizations. However, with all the great features, arguably the biggest concern would be just how secure it is.

Can users really access corporate resources from anywhere using any device without compromising the organization’s cyber security? And the answer is yes.

Windows 365 has put measures in place to resolve some of those security concerns by using a Zero Trust architecture. A service that also comes with multi-factor authentication (MFA). This means that login or access attempts to the Cloud PC will be verified using integration with Microsoft Azure Active Directory.

Furthermore, you will get options to delegate specific permissions such as licensing, device management, and cloud PC management using specific rules. This is in addition to getting to use Microsoft Defender for Endpoint to improve your overall security posture.

In addition to all the above, there is also high level encryption for all stored data at rest, all managed disks running Windows 365-based Cloud PCs, as well as all network traffic to and from the PCs.

Employee collaboration

Communication and collaboration are things that can be severely hindered by hybrid working. This can create a situation that lowers staff morale and adversely affects productivity. With the Cloud PC, Microsoft has attempted to eliminate these issues by integrating Microsoft Teams into the service.

Using a collaboration platform is going to enhance hybrid working by creating a great team space that promotes the making of creative decisions and communication. When you can use features such as online video calling and screen sharing, multi-user real-time collaboration becomes easier.

It also helps to manage the isolation one may experience when working remotely. Other features such as chat function, document sharing, audio conferencing, and plenty more will only serve to enhance the hybrid work experience potentially boosting productivity.

Staff management

Effective management of staff members that are working remotely can be a nightmare of a problem. Communication issues can be common at the office so when you have remote staff it can be significantly worse.

Management can leverage Microsoft Teams to create channels for small groups within departments or for project-based collaboration. Doing this helps your team members to collaborate with greater ease.

However, even with this arrangement you still need effective file management to work quickly and efficiently. For this, you can use Sharepoint so that you can keep your files centralized and easy to access.

Another feature that will come in useful is the recording of meetings. This means all team members, in particular any who may have been absent, can get a copy of the meeting to review at their convenience.

And when it comes to project management, you can make use of OneNote to view and manage the tasks of all team members. So when you take these and all the other features available, you’ll get a platform that can significantly enhance staff management and overall team culture.

IT expenses

Changing the way your organization operates can often come at a hefty cost. With that in mind, Microsoft wants to lower IT expenses for businesses looking to establish a hybrid work environment. This is something you can see in the hardware department. Because users will have desktops running in the cloud, you don’t need to make any significant investments in new devices.

In addition, because the Cloud PC handles the heavy computing on the Azure cloud, your organization’s hardware refresh rate will potentially decrease. Furthermore, with Windows 365 being easy to set up, you’ll save even more by not needing to bring in specialist IT professionals. Your IT people will be able to deploy and manage the configuration of any PC pretty much like they have been doing all along. 

Licensing concerns

Your organization may be rightly concerned as to how using the Cloud PC will affect their current licenses. Do you need to pay more for Microsoft services? But, Microsoft has set it up such that if you already have a Microsoft 365 E3 license, for instance, then you won’t need to pay twice for the same service. This means that you can continue to use the software you have paid for and that includes Windows 10.

So as far as the Windows 365 licenses are concerned, all you need is to pay for access to the virtual PC service. The latter will be maintained by Microsoft on its vast network of servers with the aim of running the software that you already have. Therefore, it’s basically like buying a computer and then purchasing the operating system and applications that you need.

The licensing requirements are as follows:

  • On Windows Pro endpoints: Windows 10 Enterprise E3 + EMS E3; or Microsoft 365 F3, E3, E5 ,or BP (Business Premium);
  • On non-Windows Pro endpoints: Windows VDA E3 + EMS E3; or Microsoft 365 F3, E3, F5, or BP (Business Premium).

Wrap up

A lot of organizations have countless concerns about establishing a hybrid work environment. These concerns can understandably be a stumbling block. However, Microsoft has introduced the Windows 365 Cloud PC to address the challenges that organizations typically face with hybrid environments.

The Cloud PC is easy to set up and offers several different options to cater to the various organizations that may be interested in Windows 365. This gives businesses a service that their employees can use to create flexible work schedules. Users can easily remain productive wherever they may be using just about any device.

As some would say, hybrid work environments are the future. So, if that is the case, then taking advantage of a platform like the Windows 365 Cloud PC would be a great choice to make.

Integrated 365 and Citrix HDX Team Up Again

In an ever-evolving tech environment, organizations are seeking solutions that can keep pace with their increasing needs. So as giants in this space, it comes as no surprise that Microsoft and Citrix have maintained a working relationship over the decades.

As cloud-based technology brings greater flexibility to the working environment, these two businesses are looking to further enhance the way organizations operate.

In a recent announcement, Microsoft informed the tech world that it will be bringing to the table a new solution that will integrate Citrix’s high-definition user experience (HDX) technology with Windows 365.

With growing distributed workforces across the globe, this integration can help to empower users anywhere to easily access their cloud-hosted Windows desktops.

Embracing flexible work models

The last couple of years saw the world having to deal with a global pandemic that forced most organizations to rethink their work strategies. Restrictions in a lot of regions meant that businesses had to make changes to not only their physical workspaces but to the overall workforce management policies.

As this was unfolding, both Microsoft and Citrix saw the need to aid businesses by providing potential solutions. By working together, these two enterprises aimed to help enterprises accelerate their move to the cloud.

Cloud-based solutions have played a monumental role in helping businesses to adapt to a new working model that has enormous potential for development. And as we have witnessed with Windows 365 over the last year, cloud solutions are a great option for enhancing your organization’s work environment.

Recap of Windows 365

For those who may be as yet unfamiliar with Windows 365, this relatively new product is a Cloud PC subscription service that enables users to access their Windows desktops from anywhere using any device.

Launched in 2021, Windows 365 is built on the solid foundation that is Azure Virtual Desktop (AVD). However, there are several differences between Windows 365 and AVD such as the fact that with the former, each user is assigned a personal cloud virtual desktop service. In simple terms, this means that each user receives their own Windows 10 or 11 machine in the cloud with a local profile.

Moreover, those interested in the service need not worry about device compatibility. This is because all Windows 10 and Windows 11 devices are compatible. In addition, sessions can also be streamed to hardware running macOS, iPadOS, Linux, and Android.

Undoubtedly, this service will offer plenty of benefits as more and more organizations look to migrate to the cloud. Arguably the biggest benefit will have to do with facilitating remote work. This will enable businesses to be more flexible with their workforce.

Therefore, hybrid workers will also get a platform that makes it easier for them to complete their various projects whether working from home or at the office. And with the heavy computing work being carried out on the cloud, enterprises no longer need to constantly refresh employees’ hardware thus making huge cost savings.

The Citrix experience is not new

As already mentioned, Microsoft and Citrix have a history of working together so this new development shouldn’t be all too surprising. In fact, all you have to do is look at Microsoft’s Azure Virtual Desktop where Citrix HDX is currently being used.

Users have been promised advanced security features ensuring that only authenticated users can access data and apps on AVD virtual machines and Azure resources. Combining Citrix Analytics with your end-to-end analytics means that you will get a much better analytics process guaranteed to improve overall performance.

Also, you can look forward to having virtual apps and desktops embedded within a complete digital workspace platform. With this, users get a feature that organizes, guides and automates work, with options for additional features. The solutions that Microsoft and Citrix have partnered up on have yielded results such as the following:

  • Citrix on Azure

In this instance, we have seen the possibility of greatly reducing overall IT costs while simultaneously increasing efficiency with Citrix DaaS solutions on Azure. Not only that, but your organization can also benefit from increasing the efficiency of your data center by leveraging Citrix ADC for Azure-hosted applications.

To top it off, IT will be glad to note that by using Citrix SD WAN and Azure Virtual WAN Service, you can vastly simplify and optimize branch office network deployment for your organization.

  • Citrix on Microsoft 365

For any who have had any experience here, they will have noted how using Citrix DaaS solutions for Windows 10 and Azure Virtual Desktop can be instrumental in cutting costs as well as reducing complexities.

Moreover, Citrix solutions for Office 365 are perfectly designed to help your organization to both secure and enhance productivity as well as optimize the user experience. Lastly, you can also leverage Citrix Endpoint Management Apps and EMS in a way that will see your organization expand enterprise mobility and embrace digital workspaces.

So, from just the few features that I have gone over here, it’s clear to see that Windows 365 users probably have a lot to potentially look forward to.

Examining Citrix HDX technology

When assessing this new partnership, it’s important to understand what exactly HDX is and what it has to offer. According to Citric, HDX “is a suite of proprietary technologies that delivers a high-definition experience to users of virtual desktops and virtual applications.”  

HDX is designed to offer users high-quality service and reliability. It aims to counter the network challenges that we face given that virtual app and desktop traffic has to compete with everything else on a network.

Through a combination of Independent Computing Architecture (ICA) traffic prioritization, branch office caching, and ICA protocol optimizations, HDX can give you reliable, high-quality service.

Thus users can expect an enhanced experience when using virtual apps and desktops across public clouds and on-prem platforms. And this even applies when using difficult networks. HDX also gives you remoting technologies that can offer flawless graphics and video with smooth motion and clear audio.

Not only that, but support is available as well for various devices and peripherals. Furthermore, users can benefit from a great experience using platforms like Microsoft Teams on which there will be improved security and management. 

Is it already accessible?

According to the statement that Microsoft has given, this new integrated solution is something that is still in development. The statement only goes so far as to tell us that Citrix HDX technology will be coming to Windows 365 later this year.

IT admins can look forward to a far more streamlined user licensing process. Users will also benefit from being able to seamlessly switch to Citrix clients through Microsoft Endpoint Manager and windows 365.com.

Citrix VP of Product Management Calvin Hsu had this to say:

Citrix and Microsoft are committed to delivering industry-leading solutions to enable secure, remote work. This joint engineering effort brings unique Citrix high-definition technologies to end-users and sophisticated management controls to IT, extending the value of Cloud PCs.”

What Citrix brings to Microsoft clients

One of the principal reasons that companies come together is to combine their strengths so that they can offer their clients better service. Carisa Stringer, Citrix Vice President of Product Marketing, put it clearly when she said:

Work today is all about flexibility and choice. Together, Citrix and Microsoft can provide a new generation of Citrix and Windows 365 users with easy access to the apps and data they need to work when, where, and how they choose, leveraging familiar Citrix interfaces and client capabilities.”

Given that Citrix is on the list of Windows 365 Approved Partners, we can fully expect this partnership to yield improved solutions for clients. Users of the Cloud PC can be excited about the possibilities that may come about from this partnership.

When you combine Citrix’s unquestionable capacity for delivering great virtualization technologies with Windows 365’s features that enable clients to stream content, apps, and settings from the Microsoft cloud to any device, then there are plenty of advantages to be had. These will include:

  • Giving users the ability to quickly and easily switch to Citrix clients through windows365.microsoft.com.
  • The optimization of voice and video performance for multimedia applications.
  • Enabling users to take advantage of a high-definition, interactive experience across a large variety of endpoint devices and peripherals.
  • The application of granular policy controls to enhance security and protect corporate data.
  • Can also seamlessly integrate with third-party identity solutions.

Windows 365 is a game changer

In a world that is realizing the importance of cloud-based solutions, Windows 365 has placed itself as a great option to simplify the virtualization experience for users. It’s so simple that Microsoft suggests that businesses won’t even need to have expert IT teams to set up and run the Windows 365 environment.

By offering clients a Cloud PC that you can acess anywhere and on any device, Microsoft is offering organizations an incredible service that facilitates remote access. And regardless of the size of your organization, there are bound to be options that will suit your needs.

Windows 365 allows you to configure the size, CPU, and RAM of Cloud PCs thus offering you great scalability and flexibility. This simply means that you can expand or reduce your processing and storage capacity depending on your requirements.

The Cloud PC is also going to help your organization’s hybrid workforce to operate seamlessly. Users can access their Cloud PCs and do their work without disruption whether on-premises or from home.

Since the PC is hosted on the Microsoft server, you don’t lose any progress and you can pick up right where you left off. Furthermore, you’ll be glad to know that the Cloud PC easily integrates with other Microsoft tools and applications making the user experience even better.

This helps to eliminate the problem that Microsoft users often face when trying to use their preferred tools and applications across various devices and operating systems. And when you consider the high levels of security and zero-trust architecture that Microsoft has put in place, using this ground-breaking service should be an incredible and secure experience.

Bringing futuristic solutions to clients

As employees continuously adopt new technologies in their work environments, it is the goal of Microsoft and Citrix to provide you with an optimized user experience as well as easy access to all the apps and insights you need.

The solutions being offered are intended to facilitate organizations’ migration to the cloud as well as speed up the adoption of digital workspaces and virtual desktops. And you can look at the partnership that these two enterprises have already built around Microsoft Teams as a great example of what organizations stand to gain.

By delivering this within the Citrix Workspace experience, users can benefit from higher levels of performance leading to increased productivity.

Ultimately, integrating Citrix HDX with Windows 365 improves the overall process of how users can leverage cloud-based solutions. The agility that organizations will get in combination with highly secure networks and communications are just why partnerships like this are essential.

Wrap Up

Although we are yet to receive any comprehensive information on this new development, we can look at existing areas of partnership to see what is potentially in store. As we have already seen, these two enterprises have worked together for decades and have given clients great solutions that have enhanced the working environment.

The last few years have proven that the ability to operate without depending uniquely on on-prem solutions can be the difference between maintaining productivity levels during troubling times and operations shutting down. 

 And with Windows 365 offering enterprises a service that is simplifying the way that they can migrate to and utilize the cloud, the partnership with Citrix HDX will make that service even better.

Everything You Want To Know: The Anatomy of Windows 365

There is no denying how cloud-based solutions have evolved over the decades to become an integral part of most organizations’ operations. Businesses have grown to depend on these services to improve the ease of doing business as well as bolster their cyber security.

With Windows 365, Microsoft enables businesses to operate more effectively as well as offer their workforce greater flexibility.

The arrival of Windows 365 coincides with an increasing need in the workplace to offer employees more agility. Organizations can take advantage of virtualization technology to increase their talent pool by hiring the best people from anywhere in the world.

By using services like Windows 365, these individuals can easily communicate and collaborate with team members from across the globe. Given how much there is to gain from Windows 365, I will today be going through everything you may need to know about this platform.

Breaking new ground

In July of 2021, Microsoft announced a brand new service that would enable users to access Cloud PCs from anywhere. Although similar features have been available through virtualization and remote access software, Windows 365 has now become the first official service from Microsoft.

As businesses increasingly embrace the idea of a hybrid work environment, Windows 365 is aiming to be at the forefront of the services that potential clients will be looking into. By streaming Windows 10 or Windows 11 onto almost any device, Microsoft will offer users the ability to take their desktops anywhere.

And Microsoft has assured clients that Cloud PCs will be highly secure thus users will be able to work remotely with greater peace of mind.

Accessing your desktop on the cloud will also be relatively easy because all you need is a modern browser or Microsoft’s Remote Desktop app. So as long as your internet connection is good enough to stream videos then you’ll be able to access your Cloud PC on most devices.

Users will get instant access to their Cloud PCs and can stream Windows sessions with all of their same apps, tools, data, and settings across Macs, iPads, Linux machines, and Android devices.

And according to Wangui McKelvey, a general manager for Microsoft 365, “You can pick up right where you left off, because the state of your Cloud PC remains the same, even when you switch devices.

Windows 365’s solid foundation

Ideally, any service that you want to invest in needs to have a proven track record. However, given that Windows 365 is still less than a year old there’s not much of a track record to go over.

This is why it’s important to understand the foundation on which Windows 365 is built. Because the company that has given us Azure Virtual Desktop (AVD) is the same that is responsible for the Windows 365 Cloud PC.

And if there’s anything that AVD has shown us it is that Microsoft has a good handle on cloud computing services. This is vital for you when considering Windows 365 because Microsoft has built it on its Azure infrastructure.

So you can rest assured that if you go with Windows 365, you’ll be investing in a service that is founded on a tried and tested platform. Therefore, we can take a look at AVD’s track record and some of what it has been able to offer clients.

Azure Virtual Desktop has proven to be a cost-effective alternative to scaling up a traditional virtual desktop environment in your own data center. The reduction in expenses is something that could very well help you to have a better ROI.

AVD has also proven to be invaluable to companies because of how it lets organizations control apps and data while allowing their employees to access those resources on their own devices.

This means that you can offer your workers greater flexibility in how they work while still retaining overall control and keeping security standards high. Although you could get some of these benefits from a traditional VDI environment, the service that you get from Microsoft comes at a better price point with better security.

One of the greatest benefits that you will gain from investing in Windows 365 is that it will allow you to experience Windows 10 or Windows 11 at its very best. That’s in addition to having the full power of Microsoft 365 in your hands. AVD has built a reputation for offering clients a smooth experience when using these Microsoft products. And with Windows 365 being based on AVD, you can expect the experience to be even better.

Selecting an option

Microsoft wants to avail its Windows 365 services to as many organizations as possible. Obviously, that is not going to be a simple task considering the vast differences and needs between smaller companies and large enterprises.

However, Microsoft is determined to cater to the needs of the businesses that require this virtualization service. To that end, Microsoft offers us two different editions – Windows 365 Business and Windows 365 Enterprise.

The former is designed for smaller organizations while the Enterprise edition is aimed at larger ones. And the great thing about these options is that they share a lot of the same range of features.

Windows 365 Business

This edition of Windows 365 is going to be targeting smaller businesses that require no more than 300 Cloud PCs. The service allows these companies to get a simple way to purchase, deploy, and manage Cloud PCs.

So if you do sign up for Windows 365 Business, you can easily provide Cloud PCs to any of your users that need them. Doing so allows them to stream their apps, data, content, settings, and storage from the Microsoft cloud.

Purchasing Windows 365 subscriptions can be done either through the Windows 365 product site or via the Microsoft 365 admin center. And once you have purchased your subscription, you can assign licenses to users in your organization using the Microsoft 365 admin center. As far as sizing options are concerned, there are fixed-price licenses for the different Cloud PC sizes. During the assigning of licenses to users, you need to choose a size option. The options come with different numbers of CPUs, RAM, and storage to cater to the different work needs. The table below details this information:

* Microsoft is retiring the first option (1vCPU) so clients are encouraged to select the 2vCPU option as the minimum configuration going forward.

The Windows 365 Business edition doesn’t have any licensing pre-requirements to purchase and deploy. Also, Microsoft has simplified the provisioning process which will use the default configurations.

After Cloud PC licenses have been assigned, provisioning of those Cloud PCs will happen automatically using a standard image. When it comes to Windows updates, the default Windows Update for Business settings will be configured for users.

And if you have an Intune license then these settings can be edited. Moreover, device management is only going to be limited to the assigning and unassigning of licenses in the Microsoft Admin Center. Although, those that have Intune licenses may get some device management via Microsoft Endpoint Manager.

Users will be able to access their Cloud PCs from windows 365.microsoft.com or alternatively, they can use the Microsoft Remote Desktop app. During usage, users can restart, reset, rename, and troubleshoot their Cloud PCs.

Windows 365 Enterprise

The second option that Microsoft gives clients is for larger organizations that have significantly greater computing needs. Unlike with the Business edition, in this case, users will require licensing for Windows 10 or 11 Enterprise, Microsoft Endpoint Manager, Azure AD P1. The networking situation will see the networking go through a client’s Azure VNet since it’s not part of the license.

As the provisioning process goes on, each business can customize and configure the process to meet their specific needs. It’s the role of your admins to choose the network, configure user permissions, and then assign the policy to an Azure AD group.

With that done you can then provision the Cloud PCs using either standard gallery images or custom images. Microsoft Endpoint Manager can be used for managing Windows updates as well as for troubleshooting purposes.

Users can access their Cloud PCs in the same way as Enterprise clients from the Windows 365 website or via the Microsoft Remote Desktop app. Furthermore, users can restart, rename, and troubleshoot their Cloud PCs and will be assigned a standard user role by default.

However, the admin can change that in the Microsoft Endpoint Manager admin center. Windows 365 Enterprise offers high-end security measures through the use of features such as Conditional Access and integration with Defender for Endpoint.

In addition, for clients with E5 licensing, their Cloud PCs will respond to Defender for Endpoint policies and appear in MDE dashboards.

Cost of service

Regardless of how good a product may be, choosing whether or not to subscribe may ultimately come down to cost. As we’ve already discussed above, Microsoft offers two editions of Windows 365 and both of them have a range of configurations that clients can pick from. This should help all businesses that want Cloud PCs to find something that can fit within their budget.

So small businesses with less than 300 users and massive organizations with countless users can all potentially find a subscription that suits them. The pricing model has fees starting from $20 per user per month for the lowest-end SKU, up to $162 per user per month for the most expensive one. In addition, unlike with the consumption-based pricing model that you get with Azure Virtual Desktop, Windows 365 gives you fixed monthly subscriptions. And if you need to scale up then you are given the option of getting a different subscription as well.

Clients with the Windows 365 Business subscription can get a single virtual core, 2GB of RAM, and 64GB of storage for the starting price of $20.

However, this fee is only available for clients that have Windows Hybrid Benefit. The latter is Microsoft’s Bring-Your-Own license model that is designed to help clients to apply existing (or new) licenses toward the cost of a product. If not, then that cost goes up to $24.

But, if your organization requires a lot more, you can pay $158 for eight virtual cores, 32GB of RAM, and 512GB of storage. The same situation regarding Windows Hybrid Benefit applies here and so without it, the fee goes up to $162.

The pricing model is pretty much consistent and the range of prices remains the same for Windows 365 Enterprise clients. Those that aren’t looking for a lot of computing resources can get a single virtual core with 2GB of RAM and 64GB of storage for the same $20.

However, if your computing needs are a lot greater then you can get the option that offers eight virtual cores, 32GB of RAM, and 512GB of storage for $158 per user per month.

Cloud PC Provisioning

The provisioning process in Windows 365 is an automated one that is going to:

  • create a Cloud PC virtual machine.
  • set it up for the end-user.
  • perform any other necessary tasks to ready the Cloud PC for use.
  • send access information to the user.

Life is made easier for admins as they only need to furnish a few configuration details to get the provisioning process going. Once that’s done Cloud PCs will be automatically provisioned for all users who have a Windows 365 license and matching configuration details.

Because this process is a one-time per user and per license process, a user and license pair can only have a single Cloud PC provisioned for them. The complete process is going to follow the steps below:

  • Starts with the creation of a provisioning policy to manage access to the Cloud PCs. Provisioning policies are key to the entire process as they are responsible for building, configuring, and availing Cloud PCs to end-users. Each policy will require you to provide details regarding the on-premises network connection, the image used to create each Cloud PC, and an Azure AD user group.
  • Assignment of a Windows 365 license to users in the Azure AD user group will begin the provisioning process. And the provisioning of the Cloud PC will be carried out automatically by Windows 365 after which it will then send the necessary access information to the user. The automation is going to proceed in 3 phases that will be invisible to the administrator.
  • The last part of the process involves the end-user receiving the necessary access information that will allow them to sign in to the Windows Cloud PC from anywhere.

Windows 365 Architecture

Virtual network connectivity

All Cloud PCs are going to have a virtual network interface card (NIC) in Microsoft Azure. There are two available NIC management options:

  • Bringing an Azure subscription or managing the NIC won’t be necessary for those using Azure AD Join and a Microsoft-hosted network.
  • NICs are created by Windows 365 in your Azure subscription in instances where you bring your own network and use an OPNC.

The configuration of your OPNC is what will determine how the NICs are attached to an Azure Virtual Network. There are many regions in which Windows 365 is supported and to control which region is used you can:

  • Choose the Microsoft-hosted network as well as an Azure region.
  • Choose an Azure virtual network from your Azure subscription during the creation of the OPNC.

The region selected is what determines where the Cloud PC will be created and hosted. However, with your own virtual network access can be extended between your current Azure regions to other Azure regions supported by Windows 365.

Microsoft Endpoint Manager integration

Management of all Cloud PCs is handled with MEM. The latter along with associated Windows components have various network endpoints that must be allowed through the Virtual Network. If you don’t use MEM to manage Apple and Android devices then you can ignore the endpoints.

The system requires you to only grant access to a subset of endpoints based on your MEM tenant location. Microsoft recommends allowing access to an entire region and not just a specific endpoint to allow for the possible relocation of tenants within a region.

Identity services

Windows 365 relies on both Azure AD and on-premises AD DS. With Azure AD you get:

  • User authentication for Windows 365.
  • Device identity services for MEM via Hybrid Azure AD Join or Azure AD Join.

For the configuration of Cloud PCs to use Hybrid Azure AD Join, AD DS offers:

  • On-premises domain join for Cloud PCs.
  • User authentication for RDP connections.

And for the configuration of Cloud PCs to use Azure AD Join, Azure AD gives you:

  • The domain join mechanism for the Cloud PCs.
  • User authentication for RDP connections.

Azure AD

User authentication and authorization for the Windows 365 web portal and Remote Desktop client apps is provided by Azure AD. Azure AD Conditional Access can be included to offer.

  • multi-factor authentication
  • sign-in risk management
  • restrictions based on location
  • device compliance controls
  • session limits

Active Directory Domain Services

Microsoft gives you the option of having your Cloud PCs either Hybrid Azure AD Joined or Azure AD Joined. Your Cloud PCs will require domain joining to an AD DS domain if you want to use Hybrid Azure AD Join. And that domain should be synchronized with Azure AD. The domain’s domain controllers need to be hosted in Azure or on-premises.

If it’s the latter, connectivity should be made from Azure to the on-prem environment and the type can be either Azure Express Route or site-to-site VPN. The connectivity should be set up to enable communication from the Cloud PCs to the domain controllers needed by AD.

Hosted on behalf of” architecture

This type of architecture enables Microsoft services to attach hosted Azure services to a customer subscription. Using this type of connectivity model allows a Microsoft service to provide options other than the usual consumption-based services. These include software-as-a-service and user-licensed services.

All Cloud PC connectivity comes from the virtual NIC. Because of “hosted on behalf of” architecture, you have Cloud PCs that exist in the subscription owned by Microsoft. This basically means the costs for running and managing the infrastructure are borne by Microsoft.

Azure Virtual Desktop connectivity

AVD is responsible for the provision of Cloud PC connectivity. Thus, there aren’t going to be any inbound connections directly from the internet to the Cloud PC. Rather, the connections will be established from:

  • The Cloud PC to the AVD endpoints.
  • The Remote Desktop clients to AVD endpoints.

Microsoft recommends the use of Service Tags for AVD to identify these endpoints. By doing so you should be able to ease the configuration of network security controls. It’s also worth noting that configuring your Cloud PCs to make these connections is not a pre-requisite.

The integration of AVD connectivity components into gallery or custom images is seamlessly performed by Windows 365. Furthermore, third-party connection brokers aren’t going to be supported on Windows 365 Cloud PCs.

How businesses will benefit

Having a great-sounding service availed to you is one thing, but after looking into what Windows 365 is, you still need to know how exactly this product will help your business. After all, there are plenty of great services out there that just aren’t a good fit for your business. So just what are the benefits that Windows brings to an organization?

Remote access

Most people across the globe have probably familiarized themselves with remote work over the last couple of years. Although plenty of businesses saw the need for remote access during the pandemic, the need for it has grown beyond the pandemic scenario.

One of the things that some people may be looking at when considering career opportunities is the availability of remote access. This may just prove to be key in attracting as well as retaining the best people you can find for your organization.

The Windows 365 Cloud PC gives users the ability to carry their desktops with them wherever they may be. Therefore, access to the cloud is going to be simple and hassle-free because users won’t need to be at a workstation in the office to access corporate resources.

Lower hardware costs

If you tell any business that you can potentially help to lower operating costs then most would probably at least want to give you a few moments of their time. And this is what Windows 365 aims to achieve with the Cloud PC. The cost of purchasing high-end computers for the office that can meet the needs of the various users is no small one.

But, when your PC is running in the cloud then the actual device that you need is less important. Microsoft allows users to access their Cloud PCs from most devices including those running macOS, iOS, Android, and Linux.

This means that users don’t necessarily need to invest in new devices. Not only that, but in the long run, you may not need to refresh your hardware as often thus lowering your expenses even further.

Secure hybrid work

As attractive as the possibility of working remotely may be, without top-notch security the option is not viable. So Microsoft has enhanced security measures by implementing Zero Trust principles enabling each request to be fully authenticated, authorized, and encrypted before access is granted.

Add to that the fact that data is not stored on the physical devices but on the cloud and you have even more protection around your data. These measures should help to assuage concerns about the security of remote work as well as the risk of security breaches.

Not to forget as well that Windows 365 clients can benefit from the already existing solutions that are part of Microsoft Endpoint Manager. Microsoft has also made specific security recommendations that I will be addressing below.

Simple to use

Another feature that Microsoft puts forward as a highly attractive one for Windows 365 clients is how easy the service will be to use.

In fact, Microsoft has gone so far as to say that organizations won’t need to hire specialist IT professionals to set up and manage the Cloud PCs. Features such as easy management and instant start-up enable users to have the ability to work traditionally without any prior virtual work experience. This is something that may also help you to lower overall operating costs.

Furthermore, your IT staff can manage, deploy, and configure the PC environment just as they have done all along.

Windows 365 security measures

Continuing on from what I touched on above, there are other security features that are important to know. Microsoft gives Windows 365 certain capabilities straight out of the box that are meant to enhance your security. Just as you have with your physical computers, Windows 365 Cloud PCs will come with Microsoft Defender. This helps to ensure that your device is secure from the first-run experience.

Also, the provisioning of the Cloud PCs is done using a gallery image. To ensure improved security, the image will have the latest updates for Windows 10 through Windows Update for Business. There are some differences that must be noted regarding the security measures for Windows 365 Business and those for Windows 365 Enterprise.

Windows 365 Business

Since Windows 365 Business is a service aimed at smaller organizations, particularly those that may not have IT staff, users on this edition are granted local admin rights to their Cloud PCs.

So this situation basically replicates what happens with a lot of small businesses whereby users purchase computers and retain local admin rights.

For IT departments that want to use Windows 365 Business for particular cases, they need to follow standard security practices if they intend to make those users standard users on their devices. To use MEM for this approach, you’ll need to follow the guidelines below:

  • The process starts with device configuration to enroll the devices in MEM

               using automatic enrollment.

  • The next step involves the management of the Local Administrators group.

               This can be done using Azure AD or MEM.

  • In addition, it would be a good idea to have Microsoft Defender Attack

               Surface Reduction (ASR) rules enabled. This would be very useful because

               these rules are in-depth defense mitigations for specific security concerns,

               such as blocking credential stealing from the Windows local security

               authority subsystem.

Windows 365 Enterprise

When it comes to Windows 365 Enterprise you’ll start to see some significant differences because this edition was designed for organizations that have dedicated IT teams.

This makes things slightly easier for IT as you have a system that is molded on the management and security that Microsoft Endpoint Manager provides. All Cloud PCs in Windows 365 Enterprise configure users as standard users by default.

However, admins still have the ability to make exceptions on a per-user basis. Furthermore, all Cloud PCs will be enrolled in MEM with reporting of Microsoft Defender Antivirus alerts.

You’ll also get the ability to onboard into the full Microsoft Defender for Endpoint capabilities. Microsoft makes the following security recommendations for users of Windows 365 Enterprise:

  • Users should stick to standard Windows 10 security practices. This also means restricting access to your Cloud PC using local administrator privileges.
  • You need to deploy Windows 365 security baselines to your Cloud PC from MEM. Furthermore, you should utilize Microsoft Defender to protect your endpoints, especially all Cloud PCs.
  • Taking advantage of Azure AD conditional access is a must. With features such as MFA and user/sign-in risk mitigation, you can significantly reduce the risk of unauthorized access to your Cloud PC.

Communication and collaboration

Windows 365 not only provides a platform that facilitates remote work for your organization but also ensures that team members can work together regardless of location. Clients can take full advantage of the power of Microsoft Teams to ensure that communication in your organization happens smoothly.

By using Teams, your organization can set up your environment in a way that best suits you. And when you are ready to use Microsoft Teams, the users can download the Teams client from https://teams.microsoft.com/downloads. And just like Windows 365 itself, you can install the Teams client on various devices such as Windows, Mac, or Linux PCs as well as on your Android or iOS devices. However, you’ll need to ensure that all these users have the necessary Teams license.

Some of the more important elements in Teams include chat, teams, and channels. With chat, you can have one or more users talking, sharing files, or meeting privately. Teams will enable collaboration on any project at any time and it can be visible to the entire organization or just the relevant team members. And then channels can help segment topics, projects, or anything else within teams in a way that suits the way you would like to work. Meetings and conferences are two major things that businesses need to conduct to keep things moving smoothly. By using a Teams or Skype for Business client, individuals can participate in meetings to which they’ve been invited. Even if you happen to have a bad internet connection you can still participate in meetings via audio conferencing. All you need is your regular phone, the conference phone number, and the meeting ID. Although meetings are enabled by default, you can still retain control of the meeting experience.

For smaller businesses with fewer than 300 users, you can utilize Microsoft 365 Teams Phone with Calling Plan to establish an office phone system without having a complex, costly on-premises phone system. The system will include a phone system menu, caller ID, voice mail, and other great features. So all of these features are going to enable the Windows 365 Cloud PC experience to basically simulate the office experience. Those working remotely won’t miss out on collaborating with their colleagues, sharing ideas, and crucially maintaining social connections with others. Without this, working remotely could quickly become a difficult, isolated affair.

Easy administration management

As one is going through the information that we have on Windows 365, it becomes abundantly clear that there are countless benefits for end-users. But, your IT admins will also want to know if they’ll also see changes when compared to other services. And the reality is, the ease of use principle that Microsoft applies to Windows 365 extends to your IT team as well. From the management perspective, there is plenty to be excited about starting with the fact that there is no need to have headaches about the infrastructure you need to set up to get the Cloud PC experience. Microsoft handles that side of things. Also, admins won’t need to get certified in anything else or learn new management tools. This is because Windows 365 is designed for all organizations even those without expert IT pros on staff to be able to run it without difficulty. Furthermore, you’ll be happy to know that the way you currently manage your physical devices with Microsoft Endpoint Manager will for the most part be similar to the management of Cloud PCs. A good example of this is that if you navigate to the All Devices list in Microsoft Endpoint Manager, you’ll see both your physical and Cloud PCs listed side by side.

Admins will also find that the deployment process is not complicated at all. For users to get a Cloud PC assigned to them, there are pretty much just two requirements that need to be met. They need to have the necessary license in addition to being part of an Azure AD Group that’s assigned to a provisioning policy. The process starts in the Microsoft Admin Center where you assign licenses similarly to how you would for other Microsoft 365 services. You can have a licensing admin take care of this particular task. After that, you can head over to Active Users and perform the assignment. With that done, you can now give users Cloud PCs and set them up with Microsoft 365 as well. As soon as a user is added to a group, the Cloud PC provisioning process will be launched and it won’t be long before the Cloud PC is ready for use. And with Windows 365 using a fixed price per user per month model, there’s no extra workload involving tracking, utilization, or keeping idle resources running.

Wrap Up

Windows 365 is a service that has countless different applications that can help businesses, both large and small, to completely change their IT environment. Taking advantage of the Cloud PC can mean potential changes in policy about who and how your organization hires. The ability to give employees remote access without compromising collaboration gives you a far deeper pool of talent to choose from when looking to hire people. The cost of the service is something that can also help your business by reducing expenditure on hardware. Not having to provide employees with brand new high-end computers and reducing hardware refresh rates can go a long way in improving your bottom line. In addition, when you consider how Microsoft has designed Windows 365 to be easy to use then you begin to see a platform that can change the virtualization sector. Undoubtedly, there’s still a lot more to come as the service improves but for now, Windows 365 has certainly offered a lot to be excited about.

Reasons You Should Invest In Windows 365

For a lot of businesses, making the switch to cloud computing services represents a major shift from the way they have been operating for years. What possibly complicates the decision-making, even more, may be a lack of information on what cloud technology is and how it can improve their way of doing business.

Microsoft has done a good job of providing us with plenty of information on this topic. As one of the big cloud service providers, they have been providing clients with plenty of products over the years.

And in 2021, Microsoft took an even bigger step into the future with the announcement of a desktop in the cloud. A PC that you can take with you anywhere and access at any time on almost any device.

In this blog, I will be going over the major reasons why Windows 365 would be a great investment for your organization.

Getting familiar with the cloud

Making a decision about which infrastructure is best suited for your business is no small matter. Because whatever you end up deciding will play a huge role in how your business operates. Certain businesses have legacy IT systems or on-premises infrastructure that has served them well over the years.

As such, businesses like this would prefer to stay with tried and tested solutions rather than make the leap to the cloud. But, whether you prefer your on-prem infrastructure to anything else out there, it’s still important to understand technology such as Windows 365. Doing so will help you to make an informed decision about your business’ IT systems.

So whether you choose to invest in Windows 365 or continue using what has brought you success thus far, at least you’ll be fully aware of the options available to you.

But, just what exactly is the difference between your on-premises infrastructure and what Windows 365 offers? The simplest answer to that is location. When it comes to the on-premises computing model, this refers to the physical hardware that you own such as computers and servers that reside on your business premises.

It also refers to the software that has been downloaded and installed on the hardware. On the other hand, when looking at cloud service providers, the latter owns the servers, storage, databases, and software, and provides them to clients “as-a-service”.

Thus the major difference is that a company like Microsoft is responsible for purchasing, running, and maintaining the hardware. All you have to do is pay for the computing resources that you need and forget worrying about everything else.

So what is a Cloud PC?

Now that we understand what cloud computing is, we need to know what then is a Cloud PC? According to Microsoft, a Cloud PC is a highly available, optimized, and scalable virtual machine that is going to allow users to have an enriched Windows desktop experience. This takes Windows and gets it running on the Azure cloud.

As Microsoft 365’s General Manager Wangui McKelvey has said, “Windows 365 takes the operating system to the Microsoft Cloud, securely streaming the full Windows experience – including all your apps, data, and settings – to your personal or corporate devices. This approach creates a fully new computing category, specifically for the hybrid world: the Cloud PC.”

So basically, Microsoft is giving you a PC that runs on the cloud. Meaning that you can access it anytime using most devices.  And for the most part, it really doesn’t matter what operating system is running on your device. Whether you’re using Mac or Linux PCs, Android or iOS devices, you’ll get a consistent Windows experience.

Therefore, whatever you are working on won’t be affected by the device you are using. Since the state of your Cloud PC remains the same, you will always pick up right where you left off. The service will allow you to have access to plenty of great apps.

Using the Windows 365 portal, you can access Microsoft apps such as Word, Excel, and PowerPoint. In addition, native support will also be provided for Microsoft Teams, Adobe Reader, the Edge browser, and Microsoft defender antivirus software.

Built on a sound platform

Ideally, any service that you want to invest in needs to have a proven track record. However, given that Windows 365 is still less than a year old there’s not much of a track record to go over. This is why it’s important to understand the foundation on which Windows 365 is built. Because the company that has given us Azure Virtual Desktop (AVD) is the same that is responsible for the Windows 365 Cloud PC.

And if there’s anything that AVD has shown us it is that Microsoft has a good handle on cloud computing services. This is vital for you when considering Windows 365 because Microsoft has built it on its Azure infrastructure.

So you can rest assured that if you go with Windows 365, you’ll be investing in a service that is founded on a tried and tested platform. Therefore, we can take a look at AVD’s track record and some of what it has been able to offer clients.

Azure Virtual Desktop has proven to be a cost-effective alternative to scaling up a traditional virtual desktop environment in your own data center. The reduction in expenses is something that could very well help you to have a better ROI.

AVD has also proven to be invaluable to companies because of how it lets organizations control apps and data while allowing their employees to access those resources on their own devices. This means that you can offer your workers greater flexibility in how they work while still retaining overall control and keeping security standards high.

Although you could get some of these benefits from a traditional VDI environment, the service that you get from Microsoft comes at a better price point with better security.

One of the greatest benefits that you will gain from investing in Windows 365 is that it will allow you to experience Windows 10 or Windows 11 at its very best. That’s in addition to having the full power of Microsoft 365 in your hands. AVD has built a reputation for offering clients a smooth experience when using these Microsoft products. And with Windows 365 being based on AVD, you can expect the experience to be even better.

The strength of Azure

The reason that makes Azure as impressive as it is, is the fact that it takes traditional on-premises infrastructure to the cloud. Because of this migration, Microsoft frees you from the responsibilities of a traditional VDI such as brokering, load-balancing, compute, storage, and diagnostics. What this then does is to create more time for IT pros in your enterprise to improve your business operations and promote growth.

And then there are Azure’s state-of-the-art security measures. As undoubtedly one the most secure public cloud platforms you can find, Azure significantly reduces the risk of falling victim to cyber criminals.

Azure Active Directory’s strict authentication process offers the only way that users can access their virtual machines. Clients can leverage features such as conditional access and multi-factor authentication to add layers of security to their access protocols.

Enhancing your business

Now that we’ve established how the cloud is different from your on-prem infrastructure, you could still ask why do I need it? If we already have our own hardware and software, why look to someone else to offer us a service? Now, these are very valid questions. But there are plenty of ways that taking advantage of cloud computing can enhance your business. For instance, we could take a look at the services you can get:

  • Infrastructure-as-a-Service (IaaS) – this is where a cloud service provider operates resources such as servers, virtual machines, storage, networks, and operating systems. Clients can then use these services over the internet on a pay-as-you-go basis.
  • Platform-as-a-Service (PaaS) – clients can use this service to pay for on-demand resources such as hardware, software, and infrastructure that they can use to develop software. Therefore, developers, in particular, can take advantage of this to test, deliver, and manage software applications.
  • Software-as-a-Service (SaaS) – this is a subscription-based model that allows clients to have access to whatever software applications they need without concerning themselves about licensing or software management.

What’s clear from the services that businesses like Microsoft can offer is that your organization can have access to almost limitless resources. And arguably the biggest benefit you stand to gain is that the cloud computing model places the responsibility for the maintenance of the physical infrastructure on a third party.

So when using the Windows 365 Cloud PC there are no longer any complex hardware management issues to deal with. In addition, by eliminating hardware-related expenses your business can grow a lot faster and simultaneously become more productive.

Choosing Windows 365

If you’ve made the decision to migrate your business to the cloud, you’ll still need to decide about which solution to go with. But, Microsoft has designed the Windows 365 Cloud PC to be a great option that is affordable, easy to run, and simple to set up. For instance, if you were to go with Azure Virtual Desktop, you would need individuals with the necessary expertise to run the system for your business.

However, Windows 365 doesn’t require that. Microsoft will set up Windows 365 for you and allow you to control how to scale your Windows 365 instances and monitor Cloud PC’s performance.

The ease-of-use approach you get with Windows 365 means that you don’t need to have an Azure Solutions Architect Expert on staff to create and manage virtual PCs. So one could look at it this way, Azure Virtual Desktop is designed with flexibility in mind whereas Windows 365 is going for ease of use.

As far as pricing is concerned, Windows 365 offers clients a simple and flexible pricing structure in keeping up with the theme of ease of use. Clients will also be allowed to change their configuration should they decide to. This makes it a lot easier for businesses to scale up or down depending on their particular needs.

Thus you can add or remove resources and adjust your monthly subscription accordingly. When it comes to accessing your Windows 365 Cloud PC, you can do so on just about any operating system out there. Although, you may want to download the Remote Desktop Client for the most optimal experience.

Different options available

To ensure that any business that wants cloud computing services can have access, Microsoft gives you various options. This allows you to choose a subscription plan that is most ideal for your business. Something that suits your budget. The options that you get with Windows 365 are given to you under the two editions available – Windows 365 Business and Windows 365 Enterprise.

Business edition

The Windows 365 Business edition is designed for small to medium-sized enterprises. So if your company requires only a few desktops as well as fixed pricing, then the Business edition is the right choice for you. You will be charged a fixed rate for the Business desktop and the prices will depend on the hardware configuration that you select.

Also, because your Business desktop is attached to a managed Microsoft vNet, you won’t have to deal with any network egress fees. This edition comes with a maximum number of 300 users and there are no licensing pre-requirements to purchase and deploy the Cloud PC.

But, if users are licensed for Microsoft Endpoint Manager they will have access to other features such as device management. The provisioning won’t present any problems as it uses default configurations.

So as soon as a Cloud PC license is assigned, the Cloud PC is automatically provisioned with a standard image. When it comes to actual pricing, you get to choose from the following options:

  • Basic – at a cost of $31/month and with support for up to 300 users, this option allows you to run light productivity tools and web browsers. Clients will get 2vCPU, 4GB RAM, and 128 GB Storage.
  • Standard – this option will cost $41/month and also supports up to 300 users. Clients will get 2vCPU, 8GB, and 128 GB of storage allowing you to Run a full range of productivity tools and line-of-business apps.
  • Premium – the last option costs $66/month and gives you access to 4vCPU, 16 GB of RAM, and 128 GB of storage. With this you get support for up to 300 users and can run high-performance workloads and heavier data processing.

Enterprise edition

If your organization is a larger one, then the Business edition is not going to be adequate for you. The Windows 365 Enterprise edition will best serve large businesses that may be interested in integrating the desktops with their existing Azure virtual network, have endpoint security with comprehensive features as well as single sign-on.

Unlike Business desktops, Enterprise desktops are attached to a customer’s vNet so the standard fees for network egress traffic will apply. This edition allows clients to manage and roll out their own customized images.

In addition, you’ll be able to use other features including Universal Print, troubleshooting, etc. Also, the provisioning process can be configured and tailored to meet the specific needs of your organization.

Depending on the various needs of your business, you can select a subscription plan from the options given below:

  • Basic – at a cost of $31/month and with support for unlimited users, this option allows you to run light productivity tools and web browsers. Clients will get 2vCPU, 4GB RAM, and 128 GB Storage.
  • Standard – this option will cost $41/month and also supports an unlimited number of users. Clients will get 2vCPU, 8GB, and 128 GB of storage allowing you to run a full range of productivity tools and line-of-business apps.
  • Premium – the last option costs $66/month and gives you access to 4vCPU, 16 GB of RAM, and 128 GB of storage. With this you get support for an unlimited number of users and can run high-performance workloads and heavier data processing.

Improve workforce management

Windows 365 can play an integral role in helping your business improve in the area of workforce management. The features that the service provides are designed to enable you to optimize the way your business operates. As a result, you can expect to have the tools you need to put the right people in the right place at the right time to enhance your clients’ experience in a way that will reflect positively on your revenue stream.

Leveraging Windows 365 can improve your use of time thus improving your efficiency and productivity. The ease of use that Microsoft has emphasized helps your employees because they don’t need to spend time maintaining the environment or resolving issues. Also, the available collaboration platforms such as Microsoft Teams facilitate instant communication and simplify working together for teams who may be in different locations.

Those communication platforms are equally important in ensuring that employees who are working remotely retain the same degree of efficiency and productivity as their peers who are on-site.

As this trend of remote work continues to grow, those in leadership positions will need the flexibility to comfortably perform their management duties without missing a step. This is why it’s so important that you can access your Windows 365 Cloud PC from anywhere on just about any device.

Additionally, you can create various groups of people on Microsoft Teams so that those managing people working on the same project find it a lot simpler. Regardless of where they or you are.

A lot of businesses are in great need of innovative solutions that can promote rapid growth without relying on massive amounts of investment. Windows 365 has got this well covered. There are a wide range of options available with both Windows 365 Business and Windows 365 Enterprise.

So there’s something for everyone. From the small business trying to grow to the huge enterprises looking to streamline their operations. Because of the pricing structure, scaling up is easy and relatively affordable allowing you to acquire more resources as your business expands.

Another thing that helps with better workforce management is the fact that Windows 365 will be responsible for software updates and new releases. This helps your business to focus its energies on critical, productive endeavors.

Not only that but you can also eliminate the exhaustive and costly task of refreshing dated hardware. As long as your current hardware is compliant with the Windows 365 requirements then you won’t need to worry about your hardware anytime in the near future.

Reduce your physical footprint

Windows 365 can also be instrumental in helping you to reduce your physical footprint. This means that when you use cloud computing you won’t need as much office space as plenty of other businesses.

Because of the flexibility that Windows 365 allows you, you may no longer need to have physical offices for a significant section of your workforce. You can simply take full advantage of having a hybrid work environment and remain productive in that way.

So you can have people working for you from all corners of the globe in the comfort of their own homes. Working this way may even enhance the working experience for some of your employees thus increasing the possibility of employee satisfaction and higher levels of productivity. Moreover, using Microsoft Teams will ensure that communication and collaboration are carried on without difficulty.

Offices for your employees aren’t the only area where you can save space. When considering setting up your on-premises infrastructure, a significant amount of space is going to be required for your network servers. As you can imagine, you’ll need to have plenty of space for the servers themselves and the security measures such as cages to enhance protection.

Your data center will also need state-of-the-art security to ensure that the risk of a security breach is reduced. And then we obviously can’t forget the staffing resources that will be required. You need to have teams of people who will be responsible for maintaining the servers and monitoring security to try and prevent hacker attacks.

These staff members will probably require an operations center and that means more building space. In addition to these IT people, you should have reliable security personnel guarding the physical premises. All of this will cost space and money. A lot of it.

Ultimately, having a significant portion of your workforce work remotely can help to increase your revenue streams. By reducing expenditure on building space, you can invest more in core business areas that will draw more clients to you.

Communication and collaboration

This is an area that is fundamental to the success of every business. Especially when working in a hybrid environment. Windows 365 allows clients to take full advantage of the power of Microsoft Teams to ensure that communication in your organization happens smoothly.

You can set up teams in a way that will work best for you. When your organization is ready for users to start using Teams, the users can download the Teams client from https://teams.microsoft.com/downloads.

The Teams client can then be installed on your Windows, Mac, or Linux PC as well as on your Android or iOS device. However, you’ll need to ensure that all these users have the necessary Teams license.

Some of the more important elements in Teams include chat, teams, and channels. With chat, you can have one or more users talking, sharing files, or meeting privately. Teams will enable collaboration on any project at any time and it can be visible to the entire organization or just the relevant team members.

And then channels can help segment topics, projects, or anything else within teams in a way that suits the way you would like to work. Meetings and conferencing are two major things that businesses need to conduct to keep things moving smoothly. By using a Teams or Skype for Business client, individuals can participate in meetings to which they’ve been invited.

Even if you happen to have a bad internet connection you can still participate in meetings via audio conferencing. All you need is your regular phone, the conference phone number, and the meeting ID. Although meetings are enabled by default, you can still retain control of the meeting experience.

For smaller businesses with fewer than 300 users, you can utilize Microsoft 365 Teams Phone with Calling Plan to establish an office phone system without having a complex, costly on-premises phone system.

The system will include a phone system menu, caller ID, voice mail, and other great features. So all of these features are going to enable the Windows 365 Cloud PC experience to basically simulate the office experience.

Those working remotely won’t miss out on collaborating with their colleagues, sharing ideas, and crucially maintaining social connections with others. Without this, working remotely could quickly become a difficult, isolated affair.

Disaster recovery strategy

Every business needs to have effective data recovery strategies in place. The brazen nature of cyberattacks recently has shown that no enterprise is too small or too big to fall victim to hackers. And statistics suggest that in the last decade up to 4 billion people had their records stolen. Here are a few of the more notable data breaches of the last decade:

  • In 2013, Target fell victim to cyber criminals who managed to compromise their network. This unfortunate incident was able to expose 40 million credit and debit card accounts.
  • The very next year in 2014, another massive enterprise, eBay this time, suffered a massive breach of information. Estimates say that up to 145 million people may have had their login credentials stolen.
  • In 2018, the Marriott also fell victim to hackers. This time, they managed to compromise the reservation system and steal names, addresses, credit card numbers, and phone numbers of hotel guests, as well as information on travel itineraries like passport numbers and arrival and departure dates.

Incidences like this can be very costly for a business. Losing the trust of clients can see your share price drop like a rock. But, by using Windows 365 and having access to the Microsoft Cloud, you can massively reduce the risk of suffering such a disaster. As leaders in the industry, Microsoft will ensure that your data is protected to the highest degree.

Furthermore, the distribution of data centers means that anyone using the Windows 365 Cloud PC won’t have to worry about a data center being possibly taken down. The redundancies in the system will make sure that your data remains secure and available.

The vast resources available to Microsoft mean that they are well placed to withstand just about any unforeseen disruptive events, such as hardware/software failure, natural disasters, and power outages, to ensure high application availability and business continuity.

Increased accessibility

If there’s anything that just about every business has had in common over the last few years it has been the challenge of accessibility. During a certain period, the global pandemic had managed to bring businesses to barely a crawl. Others were brought to a grinding halt. The economic repercussions have been evident for everyone to see and it has not been a pleasant situation.

There are companies that have had to shut their doors meaning thousands of people have lost their jobs. Having gone through this, most businesses would be happy to have a solution that can save them from having to experience anything similar again. And Windows 365 is there to give your business a service that has the necessary solutions.

The Cloud PC is certainly not the first cloud computing service to come into existence. Virtualization and remote access to PCs have been around for several years now. But, as a product that was announced last year, Windows 365 is packed with new features that previous services may not have had.

These are what you will need to ensure that even in the event of a pandemic, your organization can keep operating as smoothly as possible. The accessibility of the Windows 365 Cloud PC makes it that much easier for your employees to remain productive from anywhere across the globe. And they can do this without having to worry about what device they are using. Be it on a desktop computer, tablet, mobile phone, etc, you can still attend meetings, collaborate on projects with colleagues, and maintain communication with your fellow workers.

In addition, Windows 365 aims to make the hybrid work situation as seamless as it can be. This will mean that accessing company resources that are necessary for your work will be a simple and straightforward process. Because as one would expect, there are concerns about the ability to access files, folders, or internet apps that may be on your local office’s network and are normally accessed either directly in the office or via a VPN.

However, Microsoft assures clients that the hybrid work experience they have created caters to this scenario. Since Cloud PCs can remain constantly connected to your work network, you don’t need to worry about local or VPN access from personal devices. The main objective of the Windows 365 Cloud PC is to provide users with their ‘desktops’ anywhere, anytime.

Therefore, regardless of where you are you’ll still have the same experience as though you were sitting at your desk in the office. This smooth and highly secure experience is available to all employees regardless of which department they’re in.

According to Wangui McKelvey, a general manager for Microsoft 365, “Windows 365 provides an instant-on boot experience.” It is a product that is meant to take a huge step into the future of the desktop-as-a-service domain.

The availability that you benefit from will allow your employees to stream their Windows session with all of their same apps, tools, data, and settings across Macs, iPads, Linux machines, and Android devices.

Basically, this creates a scenario where business employees don’t need to go to the office, and neither do they need access to their office PC. With the Windows 365 Cloud PC, your ‘desktop’ is wherever you are.

All you need is an internet connection and the rest is easy. McKelvey went on to add, “You can pick up right where you left off, because the state of your Cloud PC remains the same, even when you switch devices.”

Simplifying life for admins

As one is going through the information that we have on Windows 365, it becomes abundantly clear that there are countless benefits for end-users. But, your IT admins will also want to know if they’ll also see changes when compared to other services. And the reality is, the ease of use principle that Microsoft applies to Windows 365 extends to your IT team as well.

From the management perspective, there is plenty to be excited about starting with the fact that there is no need to have headaches about the infrastructure you need to set up to get the Cloud PC experience. Microsoft handles that side of things.

Also, admins won’t need to get certified in anything else or learn new management tools. This is because Windows 365 is designed for all organizations even those without expert IT pros on staff to be able to run it without difficulty.

Furthermore, you’ll be happy to know that the way you currently manage your physical devices with Microsoft Endpoint Manager will for the most part be similar to the management of Cloud PCs. A good example of this is that if you navigate to the All Devices list in Microsoft Endpoint Manager, you’ll see both your physical and Cloud PCs listed side by side.

Admins will also find that the deployment process is not complicated at all. For users to get a Cloud PC assigned to them, there are pretty much just two requirements that need to be met. They need to have the necessary license in addition to being part of an Azure Active Directory Group that’s assigned to a provisioning policy.

The process starts in the Microsoft Admin Center where you assign licenses similarly to how you would for other Microsoft 365 services. You can have a licensing admin take care of this particular task. After that, you can head over to Active Users and perform the assignment. With that done, you can now give users Cloud PCs and set them up with Microsoft 365 as well.

 As soon as a user is added to a group, the Cloud PC provisioning process will be launched and it won’t be long before the Cloud PC is ready for use. And with Windows 365 using a fixed price per user per month model, there’s no extra workload involving tracking, utilization, or keeping idle resources running.

Wrap Up

When we look at Windows 365, it’s clear that Microsoft has not created a completely new product. Cloud computing services have been around for a while and so has virtual machine technology. However, Microsoft does intend to improve on the existing technology to give clients a highly enriched desktop-as-a-service experience. An experience that they can access anywhere at any time on a very secure platform.

And what will attract clients, even more, is the ease of use of the service. Businesses don’t need expert IT professionals certified in Azure Solutions to be able to create and manage new virtual Cloud PCs. The provisioning and deployment process is relatively uncomplicated enabling businesses to quickly and easily join the hybrid computing revolution.

Windows 365 can simplify the virtualization experience for end users thus allowing them greater control over various details. With all the features availed to your business, Windows 365 looks like a very worthwhile investment.

Windows 365 Enterprise’s Exciting New Updates – Azure AD Join

First announced in early 2021, Windows 365 is Microsoft’s latest product that is making waves in the domain of virtualization technology. It is a platform that has been designed to take the desktop-as-a-service experience to greater heights.

Windows 365 is built on top of existing Azure Virtual Desktop infrastructure. It provides clients with PCs in the cloud that can be provisioned from the very same Microsoft Endpoint Manager dashboard that your organization may be using to manage your physical devices and VMs.

However, unlike with AVD where the pricing is consumption-based, Windows 365 comes in two editions – Windows 365 Business and Windows 365 Enterprise – both of which have fixed per-user monthly pricing. But, as with any product, It gets better with regular updates and Microsoft just announced a few that we should definitely take a look at.

What is Azure AD Join?

When we talk about Azure AD joined devices we are referring to devices whose computer object is no longer stored in the on-premises Active Directory Domain Services environment. Rather, it is now located in Azure Active Directory.

Simply put, by using Azure AD Join you’ll be able to join devices directly to Azure AD without the need to join to on-premises Active Directory. And all this can be done while keeping your users productive and secure. Your admins can easily leverage Azure AD Join for both at-scale and scoped deployments.

In addition, you can get single sign-on (SSO) access to on-premises resources for all your devices that are Azure AD joined. But, as you can imagine, this makes a rather significant change to how IT professionals have been managing devices over the decades. So when considering Azure AD Join there are a few criteria you can look at to help you decide:

  • If your goal is to adopt Microsoft 365 as the productivity suite for your users then Azure AD Join could be ideal for you.
  • Another ideal scenario is if you are interested in device management using a cloud device management solution.
  • Azure AD join would also be good for those wanting to simplify device provisioning for geographically distributed users.
  • Lastly, if you are planning on modernizing your application infrastructure then it’s worth considering.

Adding the ‘join’ feature

So after looking at what Azure AD Join is, it’s probably not surprising that one of the biggest requests that have been made to Microsoft regarding Windows 365 has been to simplify the onboarding process by adding this feature. And there’s great news for all admins out there.

Microsoft has recently announced some Windows 365 updates and undoubtedly the Azure AD Join Windows 365 Cloud PC support is going to draw a lot of attention. Microsoft had this to say in the announcement:

” This has been by far the most requested feature since Windows 365 reached general availability. With Azure AD Join as a Cloud PC join type option, you no longer need an existing Azure infrastructure to use the service, just your Azure AD users.”

This new feature is meant to make it easier for admins to onboard users using Azure Active Directory. As one can imagine, this is a huge development when you consider just how integral Azure AD is to Microsoft’s identity and security services.

Therefore, bringing the ‘join’ feature to the Windows 365 platform will go a long way in maintaining the theme of ease of use that Microsoft has described for its Cloud PC. Until now, the ‘join’ feature has helped businesses that use the on-premises version of Active Directory by functioning as a device-joining bridge.

So bringing Azure AD Join to the Windows 365 platform is going to enable admins to enroll devices without the need to have on-premises Active Directory. Now all you need to do is use your Azure AD users.

Localized first run experience

One of the key aspects that can help to expand the reach of Windows 365 is to ensure that clients in any part of the world can make use of this platform as easily as those within the United States. To that end, Microsoft is aiming to simplify the configuration process by enabling admins to set up local language Cloud PCs easily and at first login.

What this entails is that when you’ll be doing the process of creating provisioning policies, this new update will enable you to configure a Language & Region pack to be installed on the Cloud PCs during provisioning. Currently, it appears as though there will be 38 languages available.

Also, the process should be a relatively simple one. It will require you to navigate to the Microsoft Endpoint Manager admin center. There you’ll find Language & Region under Configuration where you can then proceed to select your language of choice.

So what about already provisioned Cloud PCs? Well, Microsoft has made it such that provisioned Cloud PCs can also reap the same benefits. Admins will be able to change the configured language for any existing provisioning policies that you choose and subsequently reprovision any desired Cloud PCs.

I think most admins will agree that this new feature is going to vastly simplify their lives. You no longer have to spend all that time manually installing language packs onto a custom image to l

I think most admins will agree that this new feature is going to vastly simplify their lives. You no longer have to spend all that time manually installing language packs onto a custom image to localize your Cloud PCs. Instead, all you need to do is simply configure language settings in a gallery image.

Adding more regions

In addition to providing organizations with local languages for their Cloud PCs, Microsoft is looking to reach more people by expanding the regions they support.

With the February 2022 announcement, Microsoft informed their clients that with immediate effect the US Central region and the Germany West Central region were now on the list of supported regions for Windows 365.

So for any businesses that would like to use the new features that are Azure AD Join and Microsoft hosted network, you simply head over to the Region drop-down and you’ll see these as available options.

Create a virtual network

So if you intend to bring your own network you’ll need to ensure that you create virtual networks in advance in one of these new regions. This virtual network is necessary for connecting to resources in the cloud.

As you migrate compute workloads to the cloud you’ll discover that a virtual network is integral to the process. There needs to be communication among your resources but this has to happen in a secure environment. There are several ways you can use to create a virtual network including:

Create an on-premises network connection

After you have completed the process of creating a virtual network, you’ll then need to create a new on-premises network connection with this virtual network. And what an on-premises network connection (OPNC) is, is an object in the Microsoft Endpoint Manager admin center.

This is what provides Cloud PC provisioning profiles with the required information to connect to on-premises resources. So before you get started with creating the OPNC, you’ll need the following:

  • AD DNS domain name
  • Organizational unit
  • Configure Azure AD Connect
  • AD username UPN
  • AD join password

With everything now in place, you first need to find your domain name which is simple enough with access to a domain controller. Once you know your domain name then you can proceed to validate the User Principal Name Suffix (UPN Suffix). Checking that your UPN Suffix is routable is extremely important to avoid problems later on.

With that done, you need to create an Organizational Unit that will allow you to properly manage your Cloud PCs and dedicated GPOs. To perform this task, go to AD Users and Computers mmc and then head over to where you want to set your new Organizational Unit. Next, you can then either right-click an existing Organizational Unit or click where you want to create a new one.

Next, you need to ensure that Azure AD Connect is properly configured to get users synchronized with Azure AD. This you will do by opening Azure AD Connect and then selecting Configure device options.

Finally, you need to fill in the AD username UPN and the AD domain password. Then click next. On the page that then appears click Review+create. It should take no more than a few minutes to create the on-premises network connection. And if you have configured everything properly, you’ll see a “checks successful” status.

Become more proficient

Improving your proficiency in Windows 365 is critical to your organization taking full advantage of what the platform has to offer. Microsoft designed Windows 365 to be easy to use from the outset.

So, unlike with Azure Virtual Desktop, your organization does not need to have an Azure Solutions expert on staff to configure and manage your Windows 365 environment. The provisioning and deployment process should not present too many difficulties. And it will be even easier with the new updates that have just been announced.

Also, to learn more about Windows 365 Enterprise and utilizing these features, Microsoft has a video on Windows in the Cloud that you should take a look at.

In addition, to help Windows 365 clients, even more, Microsoft is going to be hosting Ask Microsoft Anything (AMA) events specifically dedicated to Windows 365. These will be held on the fourth Wednesday of every month starting February 2022. So all interested parties should make a note in their calendars for Wednesday, February 23rd at 8:00 AM Pacific Time.

Any questions that you have about Windows 365 will be up for discussion including questions regarding the available features, provisioning, deployment, customization, best practices, and anything else you may need clarification on.

And Microsoft will have members from its engineering and product teams available at these hour-long events to help you and provide you with the answers you need.

Therefore, if your organization wants to get the most out of running Windows in the cloud, there’s probably no better place to get the information you need.

As Microsoft has stated previously, the feedback that they constantly receive from clients has been crucial in the creation of Windows 365. And Microsoft wants to continue in that manner as the platform continues to evolve.

To that end, Microsoft is availing a platform to us where we can forward our feedback and/or suggestions. So if you want to help further enhance Windows 365 and have ideas that you’d like to share you can do so at https://aka.ms/W365feedback.

Wrap up

There’s no denying the impact that Windows 365 is having on the way that businesses manage their IT environments. Admins can benefit from a platform that is easy to use and provides their organization with a great virtualization experience. And one of the truly good things about the services is that Microsoft appears to be paying attention to the feedback from its clients.

This is something that is pretty much evident in the new updates that have been recently announced. By giving us Azure AD Join Cloud PC support Microsoft simplifies the process of enrolling devices without an on-premises Active Directory. Not only that but this feature can help to increase the appeal of Windows 365 to those who may have been on the fence about it.

Talking of expanding appeal, having more regions that are supported and availing local language packages for Cloud PCs should go a long way with that. It can allow clients from different parts of the world to have a better experience with the Windows 365 Cloud PC.

And all this will be done without burdening IT with the task of manually installing language packs onto a custom image. Windows 365 has a goal to revolutionize the virtualization domain and with regular improvements like this, that reality is far from impossible.

Key Signs You Need To Switch To Windows 365

Microsoft is looking to take cloud computing to a whole other level through its Windows 365 Cloud PC. Cloud computing technology has seen tremendous growth in the last couple of decades.

It has enabled organizations to operate in ways that were previously only possible in imagination. And Windows 365 was built to enhance those possibilities even further. It can give clients the Windows experience wherever they may be and on almost any device they choose.

The applications for such features can do wonders for the productivity of your organization. Many have heard about Windows 365 but still have doubts. In this blog, I’ll be going over what your organization could be potentially missing out on with the Cloud PC.

Cloud computing explained

Before we delve into Windows 365, let’s step back a little and go over what exactly cloud computing is.

Although it’s only now gaining popularity, computing-as-a-service has existed in one form or another from as far back as five decades ago. And then in the 2000s the term ‘cloud computing’ started getting thrown about. As the need for computer resources has grown, more and more people and organizations have been making use of this service.

Over the last couple of years, in particular, plenty of people have probably heard about and used cloud computing services. Simply put, cloud computing provides you with on-demand computing services, meaning applications, servers, data storage, and networking capabilities among many others. The service will be delivered to clients via the internet for a fee that can be a fixed monthly subscription or based on usage.

So basically, rather than owning on-premises infrastructure, you can rent whatever you need. And if need be you can scale up your operations at any time. The most obvious benefit here is that as an organization you won’t have to worry about the complexities and potentially astronomical costs of purchasing and maintaining your own infrastructure.

Why Windows 365?

There are clients who may also be wondering why Windows 365? Is this not a case of Microsoft just giving us another version of Azure Virtual Desktop? Well, not exactly. Windows 365 Cloud PC may be built on Azure but they are different services and understanding those differences can help you choose what’s best for your business.

To start with, you’ll find differences in the architecture of these products. With AVD, apps and resources are run on virtual machines meaning that one PC can be used by an individual or as a pooled desktop.

Windows 365 operates completely differently on a one user:one PC basis. Another key difference is how these services are priced. For the most part, you’ll find Windows 365 offering subscriptions for a fixed monthly fee. On the other hand, AVD charges according to your monthly usage as well as the Windows version you use.

When it comes to administration then admins may be slightly happier with the flexibility that AVD offers. Using the latter, admins can configure network routers, security settings, and the storage type. But when using Windows 365, admin settings are saved on the cloud and used across all devices. They can only change if and when an administrator decides to change them.

The next point, however, goes to Windows 365. The onboarding process is a lot simpler than it is for AVD and may only take a few hours, if not minutes. Because AVD’s onboarding happens on the Azure portal, it can be a tedious process that takes weeks.

Ideal user scenarios

Once you have considered the differences between AVD and Windows 365, you may also want to know what kind of scenarios would be best for Windows 365. This will be key in helping you decide in which direction to take your organization.

The first thing you can look at is the number of PCs you have in your IT environment. Because of the low-cost factor, ease of deployment, and lack of pre-requisites, environments with only a few PCs will find Windows 365 to be a great choice.

Another consideration is organizations that currently aren’t utilizing Azure and have no plans to do so in the near future. For these businesses, they should seriously look into Windows 365 because of how easy they’ll find desktop assignment. Not to mention that there is no administrative overhead for IT admins to worry about.

Some enterprises may also be wary of Windows 365 because of a lack of experience with virtualization technology. They may not have the necessary in-house expertise to handle other virtualization services available. But, this is where Windows 365 makes itself even more attractive.

To start using it, you don’t need to have an expert team of IT pros who are well versed in multi-session administration, profile encapsulation, auto-scaling, etc. The easy-to-use design gives organizations a simple, uncomplicated way to deploy and manage their Cloud PCs alongside their existing on-premises infrastructure.

Microsoft has made the administration of Cloud PCs easier by allowing IT to delegate administration to users who need it. Since Cloud PCs are personalized and designed for a single user, it makes it a lot more convenient if users can install the software they need or make configuration changes if required.

Organizations will also find that using Windows 365 will prove more cost-effective when you have users who need PC access 24/7. This is because of the fixed fee structure meaning that Cloud PCs can run continuously without worrying about shutting them down to save costs.

Empower your users

One of the things that can undoubtedly improve the way that your organization operates is empowering your users. In the modern world with so much technological innovation, businesses need to leverage the best tools available to them. This can simplify the way your employees work thereby increasing productivity.

Improved flexibility

Windows 365 promises to provide your employees with greater flexibility. Right now if whatever platforms you may be using don’t enable users to be productive from anywhere using any device, it’s time to start considering other solutions. And the Cloud PC is one that can provide just what you need.

This is because users can access Cloud PCs via a modern web browser or through Microsoft’s Remote Desktop app. They can also access Windows from their PC, Mac, iPad, Android device, and more.

Doing so will enable your organization to take full advantage of the hybrid work scenario. This can be performed seamlessly because whenever you log in regardless of your location or device, you’ll find your settings just how you left them and your work unchanged.

Not only that, but organizations don’t need to worry about having the necessary IT expertise to run a hybrid environment. This will be an added advantage because users can utilize bring-your-own-device policies to use devices of their choice.

And if you happen to be one of those individuals or businesses that prefer Microsoft software but want Apple hardware, then this will suit you perfectly. You can now get the best of both without having to sacrifice.

Network security

If your organization has already implemented a hybrid working environment, the question is how secure is your network? Do those working from home have the same level of security as those using on-prem infrastructure?

Ensuring hybrid work is as secure as possible is a key objective for Windows 365. And by storing data on the cloud and making use of Zero Trust principles, the Cloud PC will give clients very strong security.

Features such as strict authentication of all users and use of just-in-time and just-enough-access, among others are going to provide you with the kind of cyber security necessary for the complexities of the modern environment and the hybrid workplace.

What will make this even better for configuring these settings is that you can preconfigure them en masse for all users. Whether they be a handful of users or number in the thousands. By using features such as multi-factor authentication, admins can determine which accounts can log in, and how long they have access.

Furthermore, the bringing together of Configuration Manager and Intune in Microsoft Endpoint Manager has created a solid foundation for supporting Windows 365 in the hybrid configuration.

Hardware updates

Something else that will endear Windows 365 to users is that they will no longer have to constantly face the costs of refreshing dated technology. Not only is upgrading your devices a costly process, but it can be a very time-consuming process as well.

However, the Cloud PC was made to ensure that users will always have access to the latest updates, fixes, and features. All of this for a flat subscription fee. This allows you to easily upgrade or downgrade users’ Cloud PCs according to the requirements of the work they are carrying out.

Performing the upgrade is a very simple task. All an admin needs is to have a good, reliable internet connection and within seconds they can switch a user/users from a 2GB RAM machine to a 32GB RAM machine.

And as far as maintaining the configuration goes, it’s now all about a simple subscription model that can be scaled as well as distributed globally. Also, managing everything won’t be too difficult a task as you can do it directly from the Microsoft Cloud using Microsoft Endpoint Manager.

By shifting resources to the cloud, you can protect your investments by ensuring that hardware specifications are Windows 11 compliant thus preventing you from running into challenges later.

Support for Windows 11

In keeping up with the trend of constantly improving the products that Microsoft wants to offer its clients, Windows 11 can give users an even better experience than before. It gives you a more eye-catching layout with its new design and several new features designed to smoothen the Windows experience. Some of the features to look forward to include:

  • More cohesive interface features
  • Improved multi-monitor support
  • Multiple desktops on a single monitor
  • Translucent windows
  • Enhanced touchscreen interactions
  • Introduction of the Microsoft Store (to replace the Windows Store)

Beginning in October of 2021, Microsoft began offering Windows 365 Enterprise clients support for Windows 11 for all newly provisioned PCs in the available regions. And by year-end that support had been extended to all Windows 365 Business clients as well.

Windows 11 is the ideal OS for the hybrid environment. It is made to adapt to how you work, is highly secure, and IT won’t have difficulties with deployment and management. So as long as the hardware configuration supports it, you will get the option to select Windows 11 as the operating software. Distinguishing between Windows 10 and 11 isn’t difficult because of the newly designed wallpaper that comes with Windows 11.

Benefits of Windows 11

As already mentioned, Windows 11 is the ideal OS for hybrid work environments and so that is arguably the biggest benefit. Collaboration will become easier because of how Microsoft Teams Chat and other functions have been integrated into the taskbar. And even if the person you want to communicate with doesn’t have the Teams app, you can still communicate via two-way SMS.

The new interface is also designed to be sleek, smooth, and free of distractions thus it should improve productivity. Using the same device for both work and play can sometimes prove tricky. But, you can better organize your life by creating virtual desktops with different looks and apps to cater to the different scenarios.

It follows from this, however, that you’ll need great security to protect that device. Windows 11 built-in security features will provide a high degree of encryption and malware protection.

Enhanced security

Microsoft wants to enhance both the performance and security of Windows and to do so there are new requirements being introduced. This makes it the first service capable of delivering Windows 11 in the cloud while also meeting the new system requirements, such as TPM, UEFI, and secure boot.

Also, all hardware requirements are supported by Windows 365 as part of the new baseline configuration for Cloud PCs. However, clients should note that the current Windows 365 Cloud PC baseline that you already have in Microsoft Endpoint Manager also supports Windows 11. Microsoft recommends using this baseline for optimizing the security posture of your Cloud PCs.

Gallery images

For Windows 365 Enterprise, the Windows 11 image that Windows 365 Enterprise provided on October 5 2021, includes the same apps preinstalled and configured as the Windows 10 image. However, if your organization would like to create your own custom Windows 11 images then you can also do that.

  • Custom images switch to Gen2 – if your business decides to use custom images instead of Windows 365 Cloud PC gallery images then you can continue doing that. But, for you to prepare a new version you are going to have to change the virtual machine type from Gen1 to Gen2 as the source image. So for your Cloud PC to be ready for Windows 11 in-place upgrades, this will need to be carried out.
  • Detect your Cloud PC Windows 11 readiness via Endpoint Analytics – for those using gallery-based images, provisioning of new Cloud PCs based on Windows 11 became possible in October 2021. So for any Cloud PCs that were provisioned before then and that you would like to upgrade to Windows 11, you can:
  • Make a direct transition to Windows 11. To do this you must change the gallery image from Windows 10 Enterprise to Windows 11 Enterprise + Microsoft 365 Apps. Following this, a reprovisioning of your Cloud PCs will be triggered via the Devices menu in Intune/Microsoft Endpoint Manager.
  • Alternatively, you can start by reprovisioning your existing Cloud PCs back to Windows 10 Enterprise. You can then do an in-place upgrade to Windows 11 Enterprise directly or later.

Organizations that want to reprovision their Cloud PCs will find that it’s a simple and straightforward process. As long as users are assigned OneDrive licenses, their data will be automatically backed up and then restored after the reprovisioning process.

To view whether your Cloud PC is ready for in-place Windows 11 upgrades you can go over to the Work from anywhere dashboard in Endpoint Analytics. And if the Windows 11 readiness status of your Cloud PC reads Capable, then it means you can now perform the in-place upgrade.

Reducing costs

There is not a single company out there that would not love to reduce operating costs. And IT costs can be extremely high for a lot of businesses. This can prove to be a stumbling block especially for small enterprises with very limited budgets. So given the opportunity to get access to all the computational resources you could want without breaking the bank you should certainly take it. Or at least seriously consider it.

Save on data centers

Using Windows 365 can help to reduce those costs while placing almost limitless resources at your disposal. Organizations that run their own data centers or those considering it can appreciate just how massive an investment it takes just to get set up.

And then there are going to be the never-ending expenses associated with the physical space, personnel, heating, cooling, and electricity required to operate the servers. That’s before we even start talking about the costs related to infrastructure as well as operational data.

This is why taking advantage of the Windows 365 Cloud PC can be of immense benefit to your business. You can let Microsoft take care of running and maintaining the data centers. All you’ll need to do is pay for whatever resources you need and that’s it.

Software-As-A-Service

This is another area that businesses can take advantage of to reduce their costs even more. Your organization stands to gain by reducing the time to benefit because the SaaS model differs from the traditional one by having the application already installed and configured. So all you’ll need to do is the provisioning and after a few hours, the app will be ready.

Also, since SaaS often resides in a shared or multi-tenant environment, the hardware and software costs are bound to be a lot less than the traditional model. By gaining access to software that they may not normally have because of the high license costs, smaller enterprises will benefit a lot by scaling up and growing their clientele base.

In addition, you’ll also find that the costs associated with upgrades and new releases will be lower than with the traditional model. This is because the responsibility for this falls entirely on the service provider.

Lower staff cost

Windows 365 is a platform that any business can utilize regardless of how small or big it is. Therefore, Microsoft has built it such that small businesses without large IT departments or expert IT pros won’t face too many difficulties.

Windows 365 enables any business to create a hybrid work environment and access Cloud PCs without having to bring in full-time IT experts to run it. It’s also going to allow you to develop a more streamlined staff that can increase focus on innovation, optimization, and improving overall productivity.

Cost-efficient disaster recovery

Coming up with an effective disaster recovery strategy is a prerequisite for any business today. The challenge that businesses will face is just how much they may have to pay for such a strategy. How do you create resilience in your network without breaking the bank? Well, a great way to do it is to move towards cloud services.

With a platform like Windows 365, you can free yourself from having to use disaster recovery plans that require you to build redundancies into everything thus pushing up your expenses. Having a Cloud PC will keep your data securely on the cloud without having to purchase two of everything.

Data Security

As already mentioned above, Windows 365 provides you with the best security features to ensure that your data and devices are well protected. It gives businesses plenty of reasons to migrate to the cloud. Especially given the increasing opinion that storing your data on the cloud is a safer option that may also save you money on security expenses.

When looking at having your data stored on the Microsoft Cloud, it’s safe to say that there aren’t too many places that even come close to that level of security. And even for organizations that may want to establish this level of security on-site, it’s not easy. Or cheap.

Most businesses simply don’t have the necessary staff or financial resources to have the kind of on-site security that companies like Microsoft can provide. Moreover, having your data stored in multiple, geo-independent data centers gives you the kind of availability that businesses need.

The distribution of data across multiple data centers and the redundancies placed in the system serve to secure your data even more. This is because if one goes down your data will remain secure and your access won’t be affected.

Another consideration you should have when discussing potential migration to the cloud is the cost of on-site physical security. Because to have the highest level of security for your on-premises servers, you’ll have to invest in security personnel, high-tech security systems, mantraps, and locked cages.

In addition, to have adequate surveillance of your data centers, you would need to have round-the-clock staff. You need people to constantly monitor for attacks while others are guarding the physical premises. As most know, this is something that will certainly require a significant capital outlay.

However, when you opt for a service like Windows 365, you need not worry about all these other factors. The company has data centers that are very well guarded and have state-of-the-art security systems in place. Therefore, your data is far more secure and the cost for that is shared across all of Microsoft’s clients.

Switching to the Windows 365 Cloud PC and placing your data on the cloud is also going to help boost your technical security. Most businesses, whether small companies or massive enterprises have faced issues with patching.

And there’s a good likelihood that without leveraging the power of the cloud, those issues will remain. Service providers like Microsoft are well-placed to adequately deal with those issues. They have the resources necessary to hire full-time teams dedicated to patching their products.

And with the automation of the cloud patching process, you’ll also be saved the downtime that you would otherwise face on-premises.

If you are still hesitant about the cloud, how about looking at the complete segmentation of user workstations which helps to fortify your network. Cyber criminals have had a lot of success penetrating secure networks via phishing and email attacks.

This is because by directly targeting a user workstation, a hacker has a greater chance of succeeding than if they were to attempt going through the servers. When using the cloud, user workstations are completely segmented meaning that users won’t be sitting on the corporate network where data is stored.

We all know just how important encryption is to the security of our data and communications. So all your data should be highly encrypted to keep it secure. The problem is that not all businesses have the necessary resources to provide this kind of encryption across an entire organization.

But, Windows 365 can easily provide it from the start. And this will serve to protect your data so that even in the event of data theft, the military-grade encryption that the big cloud service providers offer will still secure your information. So a hacker may have your data but it will be extremely difficult, sometimes impossible, to decrypt.

Collaboration

If you’ve been looking into how you can improve collaborative work within your organization as well as with other organizations, then Windows 365 is worth considering. In this modern world and especially in the last few years, finding ways to better collaborate has become a key requirement for plenty of businesses.

These days you have people on-site working on projects with those who are working remotely from home. Then you also have work that you may want to do with other companies. All this requires you to have efficient ways to simplify how you work together. And needless to say, security remains of the utmost importance.

The cloud environment encourages collaboration across teams from end users, administrators, security personnel, support staff, to any other department. They are all working on the same infrastructure allowing them all to work seamlessly without getting in each other’s way. Assigned roles and permissions enable administrators to monitor the entire network ensuring that smooth workflow is maintained.

Microsoft has created a system that makes collaboration using platforms such as Windows 365 simpler and more efficient. Your organization can utilize Microsoft Teams to facilitate flexible working conditions, whether you’re in the office, at home, or across the globe.

You can create teams for various reasons such as a team for people under the same manager or a team for people working on a particular project. It gives you a central storage place for data and communications.

Furthermore, colleagues can work simultaneously on a file without having to wait for someone to finish first. Using real-time co-authoring can speed up how you work and even the quality of work done.

Sharing files is also aided by making use of OneDrive features. Taking advantage of certain features means that you can share a file with peers and stop sharing it if necessary. This gives you ultimate control over who can access and edit your files.

And if you decide to share the file with more people then uploading the file to Microsoft Teams or a team site is an option. So basically with Microsoft 365, we now have the ability to work from anywhere with access to all the tools we need and use just about any device we have.

Therefore, even if I’m in a remote area somewhere and only have my mobile phone, as long as there’s internet access I can easily attend meetings online, share Office files, co-author in real-time, and remain productive.

Simplified set up

We’ve already gone over the benefits to users and the lower expenses a business will face when using Windows 365. Even with all that, chances are your organization is not interested in anything that would take ages to set up and be complicated to manage.

Once again, the Windows 365 Cloud PC can present itself as the right option for you. One of the biggest selling points of the service is the click-and-go approach to cloud computing and virtual environments. Administrators can quickly and easily configure and assign Cloud PCs to users based on the various needs of the work they need to carry out.

The ease with which this can be done creates an amazing scenario in which users can be signed in and ready to work within a matter of minutes. And with the fixed monthly rates that Microsoft offers, businesses can plan well in advance and easily stay within their budgets.

Increase your financial returns

Every business out there is constantly looking for ways to increase its revenue stream. You need to come up with measures that will help you to operate more efficiently, cut down on expenses, and improve your productivity.

Well, why not consider taking advantage of cloud computing? Windows 365, in particular, is tailor-made to help organizations gain access to the computational resources they need at a fee that will enable you to operate in an ideal IT environment.

Because all the necessary heavy processing is carried out in the cloud, the device one uses to access the Cloud PC is less important. The benefit to your business is that most of the devices you are currently using can remain operational for longer thus maximizing the return on your investment.

In addition, the implementation of bring-your-own-device policies means that establishing a hybrid work environment can be done a lot faster. Not to mention for a lot less. No significant capital outlay will be required and you can have peace of mind concerning the need to frequently refresh your hardware. Instead, you can take advantage of this scenario to pour more investment into critical areas that will grow your business.

Build for the future

One of the headaches that businesses constantly have is the need to modernize so that they don’t get left behind by rapidly evolving technological advancements. So if there’s a way to invest for the future while also safeguarding those investments, you’d be interested right?

Microsoft has presented Windows 365 as a potential solution for businesses. The technology that one gets with Windows 365 is designed to keep up with the advancements that will continue to happen in the future.

Therefore, unlike with your office PCs that eventually start to have performance and reliability issues as the years go by. Windows 365 Cloud PCs won’t face the same problems.

Clients will continue to benefit from new features and updates as they are rolled out. You won’t have to worry about decreasing performance levels or spending massively to upgrade your infrastructure.

If necessary, you’ll also have the option to upgrade the version of Windows that you have installed on your Cloud PC. So with the Windows 365 Cloud PC, as the years go by you can actually anticipate a better computing experience.

Design a modern workplace

There’s no denying that the workplace has changed over the last few decades. And if there’s anything that the last few years have shown us is that the evolution will continue at a rapid rate. The global pandemic has probably accelerated the change that we have all known was coming. Most businesses have been forced to rethink how they’ve been operating and in some cases they have probably realized that adopting modern technology has had a significant impact on improving their business models. Using a service like Windows 365 can play a huge role in that. You can easily create virtual ‘offices’ and have people collaborating on work projects from different ends of the planet.

Microsoft is looking to provide organizations with modern workplace services that can improve user satisfaction, promote remote collaboration, and increase productivity. All in a highly secure environment. For instance, by using the latest generation of Office 365 features, you can securely manage business-owned devices.

In addition, you’ll be able to easily manage employee devices that fall under bring-your-own-device policies and choose-your-own-device style strategies. Leveraging the Windows 365 Cloud PC can help you to ensure that business technologies can work everywhere in a distributed workforce.

The Cloud PC offers a lot to foster the way that modern employees want to work. And the state-of-the-art security that Windows 365 provides allows the modern workplace to operate without the constant worry about security breaches.

Conclusion

Windows 365 has brought us a product that can revolutionize the workplace by eliminating the boundaries that have prevented businesses from creating an agile workforce. For businesses that had not been thinking about cloud computing, the pandemic may have forced their hand.

But, even if that may be the case, Windows 365 has been of immense benefit as it allows employees to work remotely without losing the collaborative and productivity benefits of teams working in the office. For other businesses, the flexibility that they can offer employees can play a huge role in attracting as well as keeping talent.

When it comes to devices, you can access the Cloud PC using almost any device. And if you happen to lose that physical device, your data will remain secure on the cloud and you won’t lose any work progress. You can simply continue where you left off when you access your Cloud PC via another device.

So for a lot of people out there, cloud computing may be something that they weren’t interested in and didn’t know too much about. But, with the experience of a platform like Windows 365, you may just find the solution that will take your business to that next level.

MicrosoftStoreAppUpdater script

A simple way to update Microsoft Store Apps

This script will inititae update for Microsoft Store Apps and applications available using winget.
By default it will delete the logfile if older then 30 days.

Should run with local administrative rights or as system

When deploying new computers, there might be modern apps without processed updates.
Can also update on regular machines in use.

Works with Windows 365 Deployments and regular OSD using ConfigMgr/MDT

https://github.com/ThomasMarcussen/assortedScripts

An Intro to Windows 365 Security Guidelines

Cybercrime has increasingly become a very big problem. Whether you’re a small business or a multinational conglomerate. A WEF report goes so far as to say that cyber-attacks have become the fifth top-rated risk as of 2020.

This means that businesses need to do everything possible to safeguard their data. Security protocols need to be in place that will keep cyber criminals at bay. As some organizations can attest, a cyber attack can cost your business tens of millions of dollars.

Hence the need for Windows 365 to implement security features that will give you peace of mind. Understandably, there is concern about having your desktop in the cloud, but Microsoft has put in place measures designed to mitigate the risk of an attack on your system.

Why you should enhance security

Over the last few years, plenty of organizations have fallen victim to cybercrime. And as hackers grow bolder and more sophisticated, the cybersecurity risk to your business grows significantly. This is why you must take advantage of any and all measures that are available to you.

By implementing security guidelines, you can protect your business against a wide range of cybersecurity threats such as:

  • DDoS Attack – a Distributed Denial of Service Attack happens when nefarious elements try to overwhelm your network or servers by sending large volumes of traffic. This can eventually make your network unusable.
  • Malware – this encompasses a lot of elements such as viruses, spyware, Trojan horses, etc. And the danger with these is that users’ computers can become infected from downloading seemingly harmless content or attachments in emails.
  • MiTM – a Man-in-The-Middle attack involves hackers intercepting data being transferred between two or more parties.
  • Phishing – in this scenario, you’ll have cybercriminals sending out emails to various people hoping to get sensitive information such as banking details, social security numbers, passwords, etc.
  • SQL injections – the objective here would be to insert malicious code via SQL statement and then carry out actions on data in a database to potentially steal it.

From the threats above, and these are only some of them, it’s abundantly clear why you need to leverage the security features that Windows 365 offers. This will increase your digital protection and prevent your employees from falling victim to criminals.

Moreover, by having effective security measures in place, you can increase productivity levels because malware won’t be slowing down or crashing your system. Also, having these kinds of security measures is bound to boost client confidence in your organization.

Securing your Cloud PCs

As most people are aware, cloud computing has many benefits that it can bring to any organization. But, it’s extremely important to follow strict cyber security guidelines to ensure you safeguard your data and applications.

Microsoft provides its clients with security advice to maintain the highest level of network security. The guidelines provided will differ slightly for clients of Windows 365 Business (designed for small businesses) and those of Windows 365 Enterprise (designed for larger businesses).

For clients of Windows 365 Business, Microsoft provides IT admins with standard IT security practices that are meant to set each user as standard users on their devices using Microsoft Endpoint Manager (MEM). The typical process that you will need to follow is outlined below:

  • The process starts with device configuration to enroll the devices in MEM using automatic enrollment.
  • The next step involves the management of the Local Administrators group. This can be done using Azure Active Directory (Azure AD) or using Microsoft Endpoint Manager.
  • In addition, it would be a good idea to have Microsoft Defender Attack surface reduction (ASR) rules enabled. This would be very useful because these rules are in-depth defense mitigations for specific security concerns, such as blocking credential stealing from the Windows local security authority subsystem.

When it comes to Windows 365 Enterprise, the process is slightly easier for IT admins. This is because, for the Enterprise license, Cloud PCs are automatically enrolled.

Not only that but they also get reporting of Microsoft Defender Antivirus alerts as well as optional onboarding into Microsoft Defender for Endpoint capabilities. By default, Enterprise users are automatically set up as standard users.

However, admins still retain the option to make per-user exceptions when necessary. The guidelines for users of Windows 365 Enterprise Cloud PCs are as below:

  • Users should stick to standard Windows 10 security practices. This also means restricting access to your Cloud PC using local administrator privileges.
  • You need to deploy Windows 365 security baselines to your Cloud PC from MEM. Furthermore, you should utilize Microsoft Defender to protect your endpoints, especially all Cloud PCs.
  • Taking advantage of Azure AD conditional access is a must. With features such as multifactor authentication (MFA) and user/sign-in risk mitigation, you can significantly reduce the risk of unauthorized access to your Cloud PC.

Enhancing protection for Windows 365

Microsoft offers various security measures to aid its clients with threat protection, data protection, and device management. These features have proven to be a great way to safeguard your organization from online threats and unauthorized access. Below I’ll be going over some of the features that your business should be using to enhance security.

Multi-factor authentication

When looking for easy but very effective ways to reduce the risk of unauthorized access, multi-factor authentication (MFA) offers a great solution.

That simple step of having to provide a second verification factor to gain access can block hackers from going any further even if they have your password. And adding 2-step verification to your personal Microsoft account is an equally simple process.

Setting up MFA is going to require you to turn on Security defaults and if your subscription is new, this may already be automatically turned on. But, you can do this yourself from the Properties pane for Azure AD in the Azure portal.

Training users

Another recommendation that Microsoft makes is that you should utilize the Harvard Kennedy School Cybersecurity Campaign Handbook to help develop the security awareness of your employees. This includes things such as training people to identify phishing attacks.

Furthermore, Microsoft itself has provided an article describing various actions that you should be taking to further protect your data and devices. These actions include the use of good, strong passwords, protecting your devices, and enabling security features on Windows 10 and Mac PCs. There are also a couple of articles that users need to read to better protect their personal email accounts:

Use dedicated admin accounts

The administrative accounts that your organization uses for the administration of your Microsoft 365 environment have elevated privileges that can provide cybercriminals with a way to compromise your network.

Therefore, you need to use admin accounts strictly for administration purposes only. This means that admins should have separate user accounts for regular, non-administrative tasks. Microsoft also recommends:

  • Setting up your admin accounts with multi-factor authentication.
  • Closing all unrelated browser sessions and apps, including personal email           accounts before you sign into an admin account.
  • Logging out of the browser session as soon as you complete the admin tasks.

Raise the protection level against malware

Although your Microsoft 365 environment does offer protection against malware, you can enhance that security by blocking attachments with file types that are commonly used for malware. Strengthening your malware protection in email can be done in the following ways:

  • Navigating to the Microsoft 365 Defender portal and going to Email & collaboration > Policies & rules > Threat policies > Anti-malware in the Policies section.
  • Go to the Anti-malware page, double-click on Default (Default), and a flyout will appear.
  • Next, go down to the bottom of the flyout and choose Edit protection settings.
  • Now, head over to the next page, and under Protection settings select the checkbox next to Enable the common attachments filter. Below this option, you can view all the blocked file types and if you want to add or delete file types you can select Customize file types.
  • Click Save.

Ransomware protection

Ransomware is malware that is used to block your access to your computer files, systems, or networks. And the only way you’ll be able to regain access is by paying a ransom. To reduce the risk of falling victim to this kind of attack, you can create one or more mail flow rules to block file extensions that are commonly used for ransomware, or to warn users who receive these attachments in email. There are a couple of rules you can create for this:

  • Macros are a common vehicle for hiding ransomware so you can warn all users to avoid opening attachments with this file type, especially from unknown senders.
  • The next rule is to block file types that could be infected with ransomware or any other type of malicious software.

Stop auto-forwarding for email

This is crucial for all users because if a hacker manages to gain access to your email, they can easily exfiltrate mail by enabling auto-forwarding. And this can go on without you being aware that anything is wrong. To prevent this from happening, you can configure a mail flow rule:

  • Go to the Exchange admin center.
  • Head over to the mail flow category and choose rules.
  • Select +, and then Create a new rule.
  • You can view the full set of options by selecting More options at the bottom of the dialog box.
  • Next, you can provide the settings that you want in the following table. And unless there’s a need to change, leave the rest of the settings at default.
  • Select Save.

Use Office Message Encryption

In this case, the advantage is that Office Message Encryption (OME) comes with Microsoft 365 and is already set up. Using this feature will enable you to have encrypted communications. Not only in your organization but with people outside your organization as well. And it works with the popular Outlook.com, Yahoo!, Gmail, among other email services.

Utilizing this service is a great way to try and ensure that only the intended recipient/s can view a message. There are two protection options that you get with Office Message Encryption namely Do Not Forward and Encrypt. Furthermore, your organization also has the option to set up other options that apply a label to an email, such as Confidential.

Safeguarding against phishing attacks

Protection against phishing is something that will come included with Microsoft Defender for Office 365. This can help protect your organization against various types of phishing attacks especially those of the impersonation type. However, without a configured custom domain, you won’t need to do this. Creating an anti-phishing policy in Defender for Office 365 requires you to follow the steps below:

  • Go to the Microsoft 365 Defender portal.
  • Next, head over to Email & collaboration > Policies & rules > Threat policies > Anti-phishing in the Policies section.
  • Now, navigate to the Anti-phishing page where you’ll choose + Create. After this, a wizard will be launched to guide you through defining your anti-phishing policy.
  • Provide a name, description, and settings for your policy according to the given recommendations.
  • When you are done reviewing all the settings, you can then proceed to Create this policy or Save.

Using Safe Links

Another way that hackers can employ to compromise your network is by hiding malicious websites in links in email or other files. Fortunately, for clients with Microsoft Defender for Office 365, you can take advantage of Safe Links. The latter is designed to offer you time-of-click verification of web addresses in emails and Office documents. Getting Safe Links only requires you to follow a few simple steps:

  • Head over to the Microsoft 365 Defender portal where you’ll need to sign in with your admin account.
  • Now you go to Email & collaboration > Policies & rules > Threat policies > Anti-malware in the Policies section.
  • Select + Create to create a new policy or modify the default policy.

Deployment of security baselines

Every organization needs specific security controls that can help to address its cybersecurity needs. To ensure the highest level of security, Microsoft recommends using industry-standard security measures that have been well-tested.

With Windows 365 security baselines, you’ll be getting Microsoft-recommended security measures that are based on best practices and expert feedback. This will help to improve the security of your Cloud PCs because of the recommendations you benefit from. Windows 365 security baselines are going to affect the following areas:

             – Windows 10 settings: 1809

             – MDATP settings: version 4

             –  Edge settings: April 2020 (Edge version 80 and later)

Microsoft also optionally allows you to apply Windows 365 security baselines to the Azure AD groups containing Cloud PC devices in your tenant. Once you are ready to deploy the security configurations, you’ll follow the steps below:

  1. Navigate to the Microsoft Endpoint Manager admin center and sign in. Then select Endpoint Security > View Security Baselines
  2. Select Cloud PC Security Baseline (Preview).
  3. Next, you select Create Profile and then give a name for the profile.
  4. The groups of settings for the baseline you chose can now be viewed on the Configuration settings tab. If you want to view the settings in a particular group as well as the default values for those settings in the baseline, all you need to do is expand the group. And if you want to see specific settings:

                               – Select a group to expand and from there you can review the available settings.

                              – You can use the search bar to type in specific keywords so that you get results displaying only the groups that match your search criteria.

All the settings in a baseline will have default configurations for that particular baseline version. To cater to varying business needs, Microsoft gives you the option to reconfigure the default settings. You will also notice that depending on the intent of the baseline, some baselines will have the same setting but will use different default values for that setting.

  • Next, go to the Assignments tab and select a device group with Cloud PCs to include. After that, you’ll need to assign the baseline to one or more groups with your Cloud PCs. You can use Select groups to exclude to fine-tune the assignment.
  • After completing the above and you’re ready for deployment, go to the Review + create tab and review the details for the baseline. To save and deploy the profile click on Create.

Application of the baseline to the assigned group Is carried out immediately following the creation of the profile.

Configuring Conditional Access

Conditional Access provides organizations with a set of security measures that make it significantly more difficult for unauthorized people to access apps or data. This ensures greater protection for your users and your organization’s resources by defining certain requirements that must be met to be granted access to apps and data. Conditional Access policies can be simply defined as statements concerning what specific actions a user will need to perform to access a resource. There are two main objectives for using Conditional Access:

  • Increase productivity and empower users by making it possible for them to work anywhere at any time.
  • Enhance the layers of security around your organization’s resources.

However, Microsoft does not intend for Conditional Access policies to encumber the way your employees work. Therefore, you can set up access controls in such a way that they improve the security of your organization but are out of the way when not needed.

Policy assignment

You’ll need to go through the process of assigning Conditional Access policies to your Cloud PCs. This is because you won’t be getting those policies set for your tenant by default. So for you to target CA policies to the Cloud PC first-party app, there are a couple of methods that you can use. But, regardless of which option you choose, the policies will be enforced on the Cloud PC end-user portal and the connection to the Cloud PC. The methods available are below:

  • The first way would require you to go through Azure.
  • And the second way would require the use of Microsoft Endpoint Manager. For this method, follow the steps below:
  • Navigate to the Microsoft Endpoint Manager admin center and sign in. Select Endpoint Security > Conditional Access > New Policy.
  • Next, you’ll need to provide a name for the specific Conditional Access policy that you require.
  • Now you go to the New Policy tab and look under Users and groups. From there select Specific users included. With that done you now have to choose the specific user or group that you want to target with the CA policy. Depending on your particular needs you have the option to exclude certain users or groups to fine-tune the assignment.
  • Go to Cloud apps or actions and choose No cloud apps, action, or authentication contexts selected.
  • Select Cloud apps > Include > Select apps.
  • Next, head over to the Select pane. Here you’ll have to search for and select the apps below:
  • Windows 365, or you can alternatively search for cloud.
  • Windows Virtual Desktop. You could potentially see it come up as Azure Virtual Desktop.

Ensuring that the policy is applied to the Cloud PC end-user portal as well as the connection to the Cloud PC.is achieved by choosing both of the apps above. Choosing both of these apps is also necessary if you want to be able to exclude apps.

  • Fine-tuning a policy can be performed by going over to Access controls and selecting 0 controls selected. Now, go to Grant and proceed to choose the options that you want to apply to all objects assigned to this policy.
  • Before you proceed any further you may want to test the policy. This can be done by going to Enable Policy and turning the setting Report-only to Off. This will prevent the policy from being applied as soon as you’ve completed the creation process.
  • All that’s left now is for you to select Create and you’ll complete the creation of the policy.

If you want to see the list of your active and inactive policies, navigate to the Policies view in the Conditional Access UI.

Managing the local admin group

Managing a Windows device is only possible if you are a member of the local administrators’ group. Because it’s a part of the Azure AD join process, Azure AD updates the membership of this group on a device. Membership updates can be customized to your liking so as to meet your organization’s needs.

Explaining the process

Connecting a Windows device with Azure AD using an Azure AD join will add the security principles below to the local admin group on the device:

  • The Azure AD global administrator role
  • The Azure AD joined device local administrator role
  • The user performing the Azure AD join

Adding Azure AD roles to the local admin group is going to enable you to update the users that can manage a device anytime in Azure AD without modifying anything on the device. The principle of least privilege (PoLP) is very important to your overall security. To support PoLP, Azure AD will add the Azure AD joined device local administrator role to the local administrators’ group. Furthermore, users that have been only assigned the device administrator role can also be enabled to manage a device.

Managing the device administrator role

Management of the device administrator role can be handled through the Azure portal from the Devices page. The steps for the process are as given below:

  1. Start by going to the Azure portal and signing in as a global administrator.
  2. Now you need to search for and select Azure Active Directory.
  3. Next, click on Devices which you’ll find under the Manage section.
  4. And then on the Devices page, click Device settings.

If at any point, modification of the device admin role becomes necessary, you’ll need to configure Additional local administrators on Azure AD joined devices.

However, doing this will need an Azure AD Premium tenant. All Azure AD joined devices have device admins assigned to them and these admins cannot be scoped to a specific set of devices.

Another thing is that any updates done to this admin role aren’t necessarily going to have an immediate impact on the affected users. For devices with users already signed in, privilege elevation will only happen when:

  • About 4 hours have passed allowing Azure AD to issue a new Primary Refresh Token with the appropriate privileges.
  • A user signs out and then back in again to refresh their profile. This excludes lock/unlock.
  • With everything done, users won’t be listed in the local admin group, the permissions are received through the Primary Refresh Token.

However, it’s worth noting that this only applies to users who have not previously signed in to the relevant device. Otherwise, the administrator privileges will be applied immediately after a user’s first sign-in to the device.

Manage administrator privileges using Azure AD groups

Azure AD groups can be used to manage admin privileges on Azure AD joined devices with the Restricted Groups MDM policy from Windows 10 version 2004 onwards. By leveraging this policy, you’ll be able to assign individual users or Azure AD groups to the local admin group on an Azure AD joined device.

This will ultimately enable you to configure distinct administrators for different groups of devices. You should also be aware that from Windows 10 20H2, Microsoft now recommends using the Local Users and Groups policy instead of the Restricted Groups policy.

The management and configuration of these policies can be carried out through Custom OMA-URI Settings. Before using these policies, you’ll need to consider a few things:

  • To add Azure AD groups through the policy you need the group’s SID and you can get this by executing the Microsoft Graph API for Groups. You’ll find the SID defined by the property securityIdentifier in the API response.
  • Enforcing the Restricted Groups policy will result in the removal of any current member of the group that is not on the Members list. Therefore, enforcing this policy with new members or groups will remove the existing admins. These include users who joined the device, the Device admin role, and the Global admin role from the device. So if you want to avoid the removal of members, the latter will need to be configured as part of the Members list in the Restricted Groups policy. You can use the Local Users and Groups policy to address this limitation.
  • When using both policies, admin privileges can only be evaluated for the following well-known groups on a Windows 10 device – Administrators, Users, Guests, Power Users, Remote Desktop Users, and Remote Management Users.
  • For Hybrid Azure AD joined or Azure AD Registered devices, you won’t be able to manage local admins using Azure AD groups.
  • The Restricted Groups policy is not entirely new and was in existence before Windows 10 version 2004. However, it did not provide support for Azure AD groups as members of a device’s local admin group.
  • Azure AD groups deployed to devices with any of these policies can’t be applied to remote desktop connections. You’ll need to add the individual user’s SID to the appropriate group to manage the remote desktop permissions for Azure AD joined devices.

Note:

Windows sign-in with Azure AD supports the evaluation of up to 20 groups for admin rights. So to ensure the correct assignment of admin rights, Microsoft advises keeping the number of Azure AD groups on each device under 20. And this should also apply to nested groups.

Manage regular users

Users performing the Azure AD join are automatically added to the admin group on the device. So to prevent Azure AD from making regular users local admins, you can take the options below:

  • Windows Autopilot – using Windows Autopilot enables you to block a primary user performing the join from becoming a local admin. All you need to do is create an Autopilot profile.
  • Bulk enrollment – an Azure AD join that is performed in the context of a bulk enrollment happens in the context of an auto-created user. Thus, any users that sign in after the device join won’t be added to the admin group.

Manually elevate a user on a device

Microsoft has also made it possible for you to manually elevate a regular user to local admin on one specific device. However, you must be a member of the local admin group to perform this. From the Windows 10 1709 update, you can do this by:

      – Navigating to Settings -> Accounts -> Other users.

      – Select Add a work or school user.

      – Enter the user’s UPN under User account.

      – Next, you then select Administrator under Account type.

Another method for adding users would involve the use of command prompts:

      – For instances where the tenant users are synchronized from on-prem Active Directory, use net localgroup administrators /add  “Contoso\username”.

      – And if tenant users are created in Azure AD, use net localgroup administrators /add “AzureAD\UserUpn”

Attack Surface Reduction

By using Attack Surface Reduction (ASR) rules, you are placing additional layers of security around all the potential vulnerabilities in your organization’s network. This will create a highly secure environment with far fewer areas that attackers can use to compromise your network. ASR rules are designed to target certain software behaviors such as:

    ● Launching executable files and scripts that attempt to download or run files.

    ● Running obscure or plainly suspicious scripts.

    ● Carrying out activities that one doesn’t normally expect from apps during the course of everyday work.

Although some of these actions may appear in the normal running of legitimate apps, they are still considered risky as they can be abused by attackers. So the goal of ASR rules is to limit risky software behaviors thereby enhancing your security.

ASR rules features across Windows

Attack Surface Reduction rules can be set for various editions and versions of Windows:

  • Windows 10 Pro, version 1709 or later
  • Windows 10 Enterprise, version 1709 or later
  • Windows Server, version 1803 (Semi-Annual Channel) or later
  • Windows Server 2019
  • Windows Server 2016*
  • Windows Server 2012 R2*

* For this feature to work on Windows Server 2016 and Windows Server 2012 R2, they will need to be onboarded using the instructions in Onboard Windows servers.

Having a Windows E5 License is not a pre-requisite for using Attack Surface Reduction rules. But, having the E5 License will offer you advanced management capabilities including:

  • The monitoring, analytics, and workflows available in Defender for Endpoint
  • The reporting and configuration capabilities in Microsoft 365 Defender.

So clients with Windows Professional or Windows E3 licenses won’t have these advanced abilities. But, having these licenses allows you to use Event Viewer and Microsoft Defender Antivirus logs to review your attack surface reduction rule events.

Automatic enrollment

Another key thing that Microsoft has advised clients to secure their Windows 365 Cloud PCs is to configure devices to enroll into MEM using automatic enrollment. However, to do that, you need to meet the following requirements:

Sign in Intune in Microsoft Endpoint Manager

Start by signing in to the MEM admin center as a Global administrator. If you are using the Trial subscription, then the account you used to create the subscription becomes the Global administrator.

Set up Windows 10/11 automatic enrollment

If you want to enroll both corporate and bring-your-own-devices, you’ll have to use MDM enrollment. In addition, you have to sign up for a free Azure AD Premium subscription.

  1. Navigate to the MEM admin center. Select All services > M365 Azure Active Directory > Azure Active Directory > Mobility (MDM and MAM).
  2. Choose Get a free Premium trial to use this feature. This enables auto-enrollment using the Azure AD free Premium trial.
  3. Select the Enterprise Mobility + Security E5 free trial option.
  4. Click Free trial > Activate the free trial.
  5. Choose Microsoft Intune to configure Intune.
  6. Go to the MDM user scope and select Some. This enables you to use MDM auto-enrollment to manage enterprise data on your employees’ Windows devices. This will configure MDM auto-enrollment for AAD joined devices and bring your own device scenarios.
  7. Click Select groups > Contoso Testers > Select as the assigned group.
  8. And then for data management on your workforce’s device, choose Some from the MAM Users scope.
  9. Choose Select groups > Contoso Testers > Select as the assigned group.
  10. And then, for the remaining configuration values, you’ll use the default values.
  11. Choose Save.

Wrap Up

Cybercrime has unfortunately evolved into a multimillion-dollar venture for criminals across the globe. The sophisticated and often well-organized attacks have been an absolute nightmare for countless enterprises over the last few years.

This is why any business looking to take advantage of the multitude of benefits that cloud computing offers needs to look into having the best security measures available in place.

And this is why the Windows 365 Cloud PC has been such a hot topic since it was first announced last year. The potential it has for enhancing your organization’s operations is almost limitless. But, what makes it even better are the top-notch security measures that we have gone over in this blog. If nothing else, the security features you’ll have access to could be reason enough to make the jump to Windows 365.

The Step-by-Step Process for Cloud PC Provisioning and Deployment

The idea of hybrid work is something that has captivated the minds of people for years. And it’s not surprising when you consider the long list of advantages that individuals and businesses alike stand to gain. By using Cloud PCs, businesses can have their employees working from anywhere and using just about any device.

In this guide, I will be focusing on Windows 365 Cloud PC and giving you the step-by-step process for Cloud PC provisioning and deployment.

Introduced by Microsoft last year, Windows 365 gives you Windows running on the cloud. And from the overwhelming response to the service that we witnessed, it’s quite clear that there is a lot of interest in Cloud PC technology.

Recap on Windows 365

Windows 365 is essentially a service that will run your desktop on the cloud. In the words of Windows 365 General Manager Wangui McKelvey, “Windows 365 takes the operating system to the Microsoft Cloud, securely streaming the full Windows experience — including all your apps, data, and settings — to your personal or corporate devices. This approach creates a fully new personal computing category, specifically for the hybrid world: the Cloud PC.”

And as Microsoft has stated, you can stream apps, tools, data, and settings from the cloud across any device. This means that you can use Apple devices

(Mac, iPads, etc), Android devices, and Linux PCs among others to access your desktop on the cloud. This gives you the convenience of being able to pick up your work right where you left off because the Windows experience does not differ. Regardless of where you may be or the device that you are using.

Planning your deployment

Deploying Windows 365 Cloud PC is a significant undertaking for any organization. As such, it needs meticulous planning to carry out.

There are several objectives that will need to be considered such as determining what end users will need to access on their Cloud PC. For instance, if your end users are going to use Windows 365 to access specialized software, then you’ll need to look into installing all lines of business apps.

Another objective would be considering the geographical locations of your end-users. Because Windows 365 can provide Cloud PCs in multiple Azure locations, it makes it possible to provide the Cloud PCs in a location with the lowest latency to your end users’ physical location.

The next objective to consider will be the management of Cloud PCs. In this instance, you’ll need to determine who will be managing the Cloud PCs as well as which management groups will have which permissions.

With the above done, you now need to look at how end users will connect to a Cloud PC. This means you need to know whether they’ll be using a browser or a Remote Desktop Client. And then, as far as licensing goes, you need to assess all use cases and evaluate workloads to determine the specific licenses that will be needed.

For the next step, you need to do a complete review of your endpoint management and infrastructure. This will enable you to determine whether you are going to keep your existing management plan for devices or if you need to come up with something different for the Cloud PC. So you need to look at Cloud PC management, application of policies (GPO or Intune), and the updating policy for all devices.

With all this considered, it becomes time to plan how and when users will receive their Cloud PCs. Here you can start by creating several different rollout phases based on your environment. Pilot and/or test groups are a great way to start with early stages involving willing participants who will provide feedback.

At the end of each phase, you can use the feedback provided to determine how to map the way forward for the rest of the organization. Also, it’s important to have clearly defined goals and success metrics if you want to stay on top of things and keep your rollout on track.

In the midst of all this planning, however, it’s key to have clear communication with all users. People need to understand what exactly the goals are and why the organization has chosen the Windows 365 Cloud PC.

Having a smooth rollout requires people to be fully informed of all the changes and potential disruptions that they will need to prepare for. You need to determine what information users need and this includes information about the Cloud PC and why the organization wants it.

During the pilot and subsequent onboarding phases, you should continue to provide additional information so that users understand the process and its importance. Just as important as the information is how you’ll communicate with users. You could have meetings or leverage platforms like Microsoft Teams or email.

Another key area to consider during the planning phase is your IT support and help desk staff. These individuals play a significant role in ensuring a smooth adoption of Cloud PC. They can help educate your end-users and show how to connect to and use the Cloud PC.

Because of this, IT support and help desk staff need adequate training to be able to provide the required support to end-users and resolve any issues that may arise.  And they also need to know how and at which level of end-users they will be supporting. This training should touch on all the various scenarios that Windows 365 will be used for and should also consider training on all supported Windows 365 platforms.

Overview of provisioning

When we talk of provisioning, we are referring to the process that is going to create a Cloud PC virtual machine and then set it up for the user. It’s also responsible for the completion of other tasks that prepare it for use and the sending of access information to the user. The process starts with admins providing configuration details to set up the process.

After which, users with a Windows 365 license and matching the configuration details will automatically have a Cloud PC provisioned for them. Because provisioning works on a  one-time per user and per-license basis, each user and license pair can only have one Cloud PC provisioned for them. The provisioning process is going to proceed as follows:

  • Starts with the creation of a provisioning policy to manage access to the Cloud PCs. Provisioning policies are key to the entire process as they are responsible for building, configuring, and availing Cloud PCs to end-users. Each policy will require you to provide details regarding the on-premises network connection, the image used to create each Cloud PC, and an Azure AD user group.
  • Assignment of a Windows 365 license to users in the Azure AD user will begin the provisioning process. And the provisioning of the Cloud PC will be carried out automatically by Windows 365 after which it will then send the necessary access information to the user. The automation is going to proceed in 3 phases that will be invisible to the administrator.
  • The last part of the process involves the end-user receiving the necessary access informationthat will allow them to sign in to the Windows Cloud PC from anywhere.

Provisioning policy objects

Provisioning policies are essential objects in the MEM admin console that carry the required rules and settings that enable Windows 365 to set up and configure Cloud PCs for your users. Admins will have the responsibility of providing the required information when creating provisioning policies. This includes:

On-premises network connection – the OPNC provides the platform that enables the policy to connect to your on-premises resources. It’s responsible for identifying:

  • The relevant Azure subscription for your Cloud PC.
  • Which domain and Organizational Unit to join.
  • The AD credentials that should be used.

Image – all Cloud PCs provisioned with a particular policy will carry a Windows image that is used as the reference image. This image can either be one that you select from the gallery or a custom image that you provide yourself.

Assignment – the role of the assignment is the identification of one or more Azure AD user groups. All licensed users in the policy’s Azure AD users group will then have Windows 365 automatically provision Cloud PCs for them. Also, users who may be added at a later date will get Cloud PCs as well.

The above information is absolutely integral to the provisioning process because without it the Cloud PCs cannot be provisioned. Once you’ve seen to the creation of the provisioning policies, Windows 365 takes over the provisioning process thus automatically providing users with Cloud PCs.

Modifying provisioning policies

Once provisioning of the Cloud PC is complete, there will be no possibility of a re-occur unless you perform a reprovision. Any alterations to the provisioning policy won’t trigger a reprovision and these alterations also won’t be applied to already provisioned Cloud PCs.

So any modifications that you make to a provisioning policy will only apply to subsequently provision Cloud PCs or those that are reprovisioned. Furthermore, changing the name of the provisioning policy will not update the Cloud PC name under All Cloud PCs. And it’s also not going to update the enrollmentProfileName in Azure AD

Deleting a provisioning policy

Only provisional policies that are not assigned to any Azure AD groups can be deleted. Removing the targeting of a provisioning policy that was used for successful Cloud PC provisioning will put the Cloud PCs into a grace period. And those Cloud PCs will face automatic deletion once this grace period has expired.

Provisioning policy conflict resolution

Since the assignment of provisioning policies is made to user groups the risk of overlapping groups/users does exist. In the instance where a user may have more than one provisioning policy assigned, the provisioning process will only consider the first assigned policy and ignore the rest. And in the event of reprovisioning, the policy used will be the one that has been modified most recently (if changes have been made to one of the provisioning policies).

Provisioning retry

If provisioning of a Cloud PC fails, the process automatically retries twice. And if it still fails, the process will stop and the affected Cloud PC is marked as Failed. There’ll also be an error message displayed. You’ll then need to figure out why the provisioning of the Cloud PC has failed. Once you get to the root cause, you can manually restart the provisioning process by clicking Retry.

Reprovisioning

Reprovisioning of Cloud PCs is something that admins can perform remotely. It comes in useful when:

  • You need to test various Cloud PC configurations.
  • There are problems with a provisioned Cloud PC.
  • A user requires a new Cloud PC.

You can also leverage the reprovisioning action for Cloud PCs that are in a Failed provisioning state in the Windows 365 provisioning node. Basically, you can look at reprovisioning like resetting a physical device. Since this action deletes the Cloud PC and creates a new one, all data, apps, etc, will also be deleted. The reprovisioning will use the configurations of the provisioning policy used by that user’s Azure AD group.

Users with multiple Windows 365 licenses

Users with multiple Windows 365 licenses can have more than one Cloud PC. In this scenario, each license can have a Cloud PC with the appropriate specifications provisioned. However, it’s worth noting that you cannot have different provisioning policies for different user licenses. The Cloud PCs for these users will be provisioned using the same provisioning policy.

Clean up

In the event of a provisioning failure or deletion of a Cloud PC after the grace period, Windows 365 will delete all objects that were created during provisioning. This will be done about 3 hours after the failure and will include Intune objects, Azure AD device objects, and Azure vNics.

Because other objects are relying on the network security groups the latter won’t be deleted. Neither will on-prem Azure AD computer accounts that were joined to the domain during provisioning. This is because Windows 365 does not have the necessary permissions and therefore can only disable the redundant computer objects.

Network requirements

Being a cloud-based service means that you need to have internet access to use Windows 365 services. As such, there are certain networking requirements that will support the necessary connections. These requirements are client-specific because they are based on your workload. Below are some of those requirements:

General network requirements

·       Azure virtual network – having a virtual network in your Azure subscription is a necessity. And it should be in the same region as where the Windows 365 desktops are created.

·       You’ll need to define your AD DS DNS servers as the DNS servers for the virtual network so that the virtual network can resolve DNS entries for your AD DS environment.

·        The Azure vNet needs access to an enterprise domain controller (on-premises or Azure).

·         There should also be a subnet within the vNet and IP address space must be available.

·         Network bandwidth is based on Azure’s network guidelines.

 Allow network connectivity

Your Azure network configuration will need to allow traffic to the following service URLs and ports:

DNS requirements

Organizations’ Cloud PCs should be able to join on-prem Active Directory because this is a Hybrid Azure AD Join requirement. Cloud PCs should be able to resolve DNS records for your on-prem AD environment. So you’re going to need to configure your Azure vNet where the Cloud PCs are provisioned as follows:

1)    Verify that your Azure vNet has network connectivity to DNS servers that can resolve your Active Directory domain.

2)    Navigate to Azure vNet’s Settings, select DNS Servers, and then choose Custom.

3)  Type in the IP address of DNS servers that environment that can resolve your AD DS domain.

Bandwidth

As you know by now, Windows 365 uses Azure network infrastructure. It follows therefore that you’ll need an Azure subscription to select a virtual network while deploying Windows 365 Enterprise. Costs incurred for using a Cloud PC are as follows:

  • Network traffic into a Cloud PC is free.
  • Any outbound traffic will incur charges against the Azure subscription for the virtual network.
  • Office data such as email incurs egress charges if the Cloud PC and a user’s data reside in different regions.
  • For RDP networking traffic you should always expect egress charges.

Choosing a Cloud PC option

After making the decision to sign up for the Cloud PC, you now need to choose what option is best suitable for your business. Microsoft offers clients two license types to cater to different business needs.

However, for both license types, the price will depend on the size of the Cloud PC. There are some significant differences between the business and enterprise licenses that are worth knowing before deciding. These include:

1)    Business is designed for small to medium enterprises with a maximum of 300 users whereas Enterprise is for much larger businesses looking to deploy Cloud PCs throughout their entire organizations and with an unlimited number of users.

2)  For Business, the desktop will be attached to a virtual network that Microsoft manages and has the added benefit of clients not being charged for network egress fees. When it comes to Enterprise, the desktops are attached to the customers existing Azure virtual network. And clients will also have to pay standard network egress fees.

3)    Enterprise clients will get both standard and custom images but Business clients will get only standard images.

4)    Business clients will have to go through a process of manual configuration and app installation. Enterprise clients will get automatic configuration and app installations because of the advantage of full integration with Microsoft Endpoint Manager/Microsoft Intune.

5)    For the Enterprise license, users will also need licenses for Windows 10 Enterprise or Windows 11 Enterprise, Microsoft Endpoint Manager, and Azure Active Directory P1. Business clients won’t require any additional licenses.

Having looked at the various differences, it’s clear to see that for smaller businesses looking to buy, deploy, and manage Cloud PCs, the Business license is the way to go. And it has the following options:

Basic – at a cost of $31/month and with support for up to 300 users, this option allows you to run light productivity tools and web browsers. Clients will get 2vCPU, 4GB RAM, and 128 GB Storage.

Standard – this option will cost $41/month and also supports up to 300 users. Clients will get 2vCPU, 8GB, and 128 GB of storage allowing you to run a full range of productivity tools and line-of-business apps.

Premium – the last option costs $66/month and gives you access to 4vCPU, 16 GB of RAM, and 128 GB of storage. With this, you get support for up to 300 users and can run high-performance workloads and heavier data processing.

For larger businesses looking to manage their Cloud PCs with Microsoft Endpoint Manager and take advantage of integrations with other Microsoft services, Windows 365 Enterprise is the choice for you. The options on offer are as follows:

Basic – at a cost of $31/month and with support for unlimited users, this option allows you to run light productivity tools and web browsers. Clients will get 2vCPU, 4GB RAM, and 128 GB Storage.

Standard – this option will cost $41/month and also supports an unlimited number of users. Clients will get 2vCPU, 8GB, and 128 GB of storage allowing you to run a full range of productivity tools and line-of-business apps.

Premium – the last option costs $66/month and gives you access to 4vCPU, 16 GB of RAM, and 128 GB of storage. With this, you get support for an unlimited number of users and can run high-performance workloads and heavier data processing.

Image source: Microsoft

Assigning licenses

Before users can start using their Cloud PCs, you will need to first assign licenses to them. The necessary licenses are available for purchase from the Microsoft 365 store and you can get there by going through the Microsoft 365 Admin Center: https://admin.microsoft365.com.

Once you have purchased all the appropriate licenses, you can begin the task of assigning licenses to all your users. To do this you first need to login to the Azure Active Directory admin center.

And for license assignment to a single user, you use the Microsoft 365 Portal. Once in there go to Users > Active Users and select the user that you want to assign with a license. Then, go to the tab “Licenses and apps” and select your Cloud PC license. Apply the changes while clicking on Save changes below.

Assigning group-based licensing is slightly different. For this, you go to the Azure Portal and then head over to your Azure Active Directory. If you look to your left-hand side you’ll see Licenses. Go there and select All Products.

Next, you select the available Cloud PC license and then click Assign. So to enable group licensing, go to the left-hand side, and select Licensed Groups. Yet again you’ll need to click on Assign and select the group that you want to automatically license for the Windows 365 Cloud PC feature.

Creating an on-premises connection

Another requirement that organizations will have is the need to have an on-premises connection. An on-premises network connection (OPNC) is an object in the Microsoft Endpoint Manager admin center that provides Cloud PC provisioning profiles with the required information to connect to on-premises resources.

Before getting started with Cloud PC, you’ll need the following:

  1. AD DNS domain name
  2. Organizational unit
  3. Configure Azure AD Connect
  4. AD username UPN
  5. AD join password

So first you need to find your domain name which is simple enough with access to a domain controller. Once you know your domain name then you can proceed to validate the User Principal Name Suffix (UPN Suffix). Checking that your UPN Suffix is routable is extremely important to avoid problems later on.

With that done, you need to create an Organizational Unit that will allow you to properly manage your CloudPCs and dedicated GPOs. To perform this task, go to AD Users and Computers mmc and then head over to where you want to set your new Organizational Unit. Next, you can then either right-click an existing Organizational Unit or click where you want to create a new one.

Next, you need to ensure that Azure AD Connect is properly configured to get users synchronized with Azure AD. This you will do by opening Azure AD Connect and then selecting Configure device options.

Finally, you need to fill in the AD username UPN and the AD domain password. Then click Next. On the page, that then appears click Review+create. It should take no more than a few minutes to create the on-premises network connection. And if you have configured everything properly, you’ll see a “checks successful” status.

Creating a provisioning policy

The next step in this process requires you to create a Provisioning Policy so that you can provision the Cloud PC with an image of choice and is based on Azure AD security groups. Provisioning policies hold key provisioning rules and settings allowing the Windows 365 service to set up and configure the right Cloud PCs for your users. To create a provisioning policy, follow the steps below:

1.   Sign in to the MEM admin center and select Devices > Windows 365 (under Provisioning) > Provisioning policies > Create policy.

2.    On the General page, enter a Name and Description (optional) for the new policy.

3.    For OPNC select the connection to use for this policy > Next.

4.    On the image page, you need to select one of the following options for the image type:

  • Gallery Image: Choose Select > select an image from the gallery > Select. Here you’ll get default images for your use.
  • Custom image: Choose Select > select an image from the list > Select. This shows you the list of images that you uploaded using the Add device images workflow.55

5.    Select Next.

6. On the Assignments page, choose Select groups > choose the groups you want this policy assigned to > Select > Next.

7.    On the Review + create page, select Create. It can take up to 60 minutes for the policy creation process to complete, depending on when the Azure AD connect sync last happened.

With the information provided through the on-premises network connections and the creation of provisioning policies, Windows 365 can now provision Cloud PCs for licensed users. Performing the provisioning process will involve Windows 365 automatically completing the following stages:

  • Core provisioning – this process does all the necessary tasks required to stand up a VM until a user can successfully sign in.
  • Post-provisioning configuration – modifications can be made to the configuration for the purpose of optimizing the Cloud PC end-user experience.
  • Assignment – a user is assigned to the Cloud PC and can now sign in.

User connectivity

After everything has been set up, users will then need to know how they can connect to the Cloud PC. We need to clarify what clients can be used as well as what options the end-users will have. Also, we need to know how administrative credentials can be provided to the end-user. Microsoft has provided two ways for users to connect to the Cloud PC:

                        I.        Web browser – the first method that users have for accessing the Cloud PC is via a web browser. All you have to do is simply navigate to windows365.microsoft.com. Once there you can log in with the user credentials that have a desktop provisioned and the portal will show you an overview of the desktops available to you. However, to access the Cloud PC using this website, users devices need to meet the following requirements:

Supported operating systems: Windows, macOS, ChromeOS, Linux,

A modern browser like Microsoft Edge, Google Chrome, Safari, or Mozilla Firefox (v55.0 and later).

 When using windows365.microsoft.com, end users can carry out various tasks on their Cloud PCs by selecting the gear icon on a Cloud PC card.

  • Rename: doing this will change the name of the Cloud PC that the user sees on the website. But, performing this action doesn’t change any name in Microsoft Endpoint Manager, Azure Active Directory, on the device, or in the Remote Desktop Apps.
  • Restart: this will restart the Cloud PC.
  • Troubleshoot: whenever a user is encountering challenges with connecting to the Cloud PC, this will help you to troubleshoot and try to resolve those challenges. A few checks will be run including verifying that all the files and agents necessary for connectivity have been properly installed. There will also be a check for the availability of Azure resources.

                        II.        Remote desktop – the second method that Microsoft offers clients for connecting to the Cloud PC is by using the Microsoft Remote Desktop app.

This is designed to enable users to access and control a remote PC, including a Cloud PC. So for those who have been using Azure Virtual Desktop, this is an app they will already be familiar with. Setting up the Remote Desktop is a relatively simple process that requires you to follow a few steps:

  1. First, you’ll have to download the Remote Desktop app. You can find it on the Download App page on www.microsoft.com/windows-365?rtc=1.
  2. Next, you select Subscribe.
  3. The next step will require you to enter your Azure Active Directory credentials.
  4. You will then see the Cloud PC appear on a list. Simply double-click it to launch.

Managing Cloud PCs

Next, let’s discuss just how you’ll be managing your Cloud PCs. For the management of your Cloud PCs, you’ll be using Microsoft Intune. The latter is a 100% cloud-based mobile device management and mobile application management platform for your apps and devices. And this also includes your Cloud PCs. Signing in to Intune requires you to navigate to the Microsoft Endpoint Manager admin center.

Overview page

To start, you’ll want to go over to the landing page for managing your Cloud PCs which is the Overview tab. To access it, you need to sign in to the Microsoft Endpoint Manager admin center > Devices > Windows 365 (under Provisioning).

This section is going to provide you with some information about how your Cloud PCs are performing. You’re going to see:

  • Provisioning status: this summarizes your organization’s Cloud PC status.
  • Connection health: this provides a summary of the health of your organization’s on-premises network connection.

All Cloud PCs page

On this page, you’re going to see a summary and list view with details regarding the status information for each of your organization’s Cloud PCs. The list view automatically refreshes every 5 minutes and by using it you can search filter, and sort. Users with multiple Windows 365 SKUs assigned to them will get multiple Cloud PCs and this means that in the All Cloud PCs list view there’ll be multiple rows for a single user.

Column details

Name – Name of the Cloud PC.

Device name – The Windows computer name.

Image – this is the image that was used during provisioning and so may not reflect the current Cloud PC version.

PC type – the Windows 365 SKU assigned to the user.

Status – this reflects the current provisioning status of the Cloud PC and possibilities include:

  • Provisioned: shows when provisioning was successful.
  • Provisioning: the provisioning is still in progress.
  • Provisioned with warnings: shows when a non-critical step failed in the provisioning process but the user still has access.
  • Not provisioned: this happens when a user has been assigned a Windows 365 license but doesn’t have a provisioning policy assigned to them.
  • Deprovisioning: appears when the 7 day grace period has ended and the Cloud PC is undergoing deprovisioning.
  • Failed: shows when the provisioning process has failed.
  • In grace period: indicates when a license/assignment change occurs for a user with a current Cloud PC.
  • Pending: it means that there are currently no available licenses in your tenant to process the provisioning request.

User – indicates the user to whom the Cloud PC is assigned.

Date modified – shows a timestamp reflecting the last status change of the Cloud PC.

Remote management

Like any other managed device, the option exists to remotely manage Cloud PCs using Intune. You’ll find that there are several remote management actions that Cloud PCs will support and they include:

  • Restart
  • Sync
  • Rename
  • Quick scan
  • Full scan
  • Update Windows Defender
  • Reprovisioning*
  • Resize*

*Reprovisioning and resizing are both remote actions that are unique to Cloud PC devices.

Conclusion

Microsoft’s personalized desktop solution brings a lot of advantages to the way enterprises operate. As technology continues to evolve in leaps and bounds, so too are the devices at our disposal. This has brought us to a point where many people in their various organizations are using many different devices to perform work-related tasks.

And businesses realize that bring-your-own-device policies will be integral moving forward. This is why platforms like Windows 365’s Cloud PC are potential game-changers. Giving users access to their desktops from anywhere and using almost any device enables businesses to operate at a completely higher level.

Furthermore, the last couple of years have shown just how important the need is for workers to be able to work from anywhere. This has helped to keep a lot of companies operational. Not only that but leveraging cloud computing helps the organization to lower its overall hardware expenses.

The Cloud PC also allows organizations to stay within their budgets by selecting the options that are best suited to their business. And if the need to scale arises then that can easily be achieved. Windows 365 Cloud PC really does have the potential to do great things for any business. It’s certainly worth a try.

This PC can’t run Windows 11 (Hyper-V)

Trying to install Windows 11, but not meeting requirements?

The error that prevents the computer from running Windows 11 is due to not meeting the minimum system requirements.

You can refer to the following table:

Processor1 gigahertz (GHz) or faster with 2 or more cores on a compatible 64-bit processor or System on a Chip (SoC).       
TPMTrusted Platform Module (TPM) version 2.0. Check here for instructions on how your PC might be enabled to meet this requirement.
Storage64 GB or larger storage device Note: See below under “More information on storage space to keep Windows 11 up-to-date” for more details.
System firmwareUEFI, Secure Boot capable. Check here for information on how your PC might be able to meet this requirement.
RAM4 GB or larger storage device
Graphics cardCompatible with DirectX 12 or later with WDDM 2.0 driver.
DisplayHigh definition (720p) display that is greater than 9” diagonally, 8 bits per colour channel.
Internet connection and Microsoft accountWindows 11 Home edition requires internet connectivity and a Microsoft account.

If you are trying to run Windows 11 on Hyper-v the default Generation 2 Virtual Machines does NOT meet the requirement.
You will need to modify the following configuration for Processor and TPM to accommodate the required configuration.

Processor1 gigahertz (GHz) or faster with 2 or more cores on a compatible 64-bit processor or System on a Chip (SoC).       
TPMTrusted Platform Module (TPM) version 2.0. Check here for instructions on how your PC might be enabled to meet this requirement.

Meeting TPM requirement on a Virtual Machine, Generation 2:

  1. Right Click the virtual machine
  2. Click Settings
  3. Click Security
  4. Mark ‘Enable Trusted Platform Module’

Meeting Processor requirement on a Virtual Machine, Generation 2:

  1. Right Click the virtual machine
  2. Click Settings
  3. Click Processor
  4. Change ‘Number of virtual processors’ to a minimum of ‘2’

Now enjoy Windows 11 on Hyper-V…