The Step-by-Step Process for Cloud PC Provisioning and Deployment

The idea of hybrid work is something that has captivated the minds of people for years. And it’s not surprising when you consider the long list of advantages that individuals and businesses alike stand to gain. By using Cloud PCs, businesses can have their employees working from anywhere and using just about any device.

In this guide, I will be focusing on Windows 365 Cloud PC and giving you the step-by-step process for Cloud PC provisioning and deployment.

Introduced by Microsoft last year, Windows 365 gives you Windows running on the cloud. And from the overwhelming response to the service that we witnessed, it’s quite clear that there is a lot of interest in Cloud PC technology.

Recap on Windows 365

Windows 365 is essentially a service that will run your desktop on the cloud. In the words of Windows 365 General Manager Wangui McKelvey, “Windows 365 takes the operating system to the Microsoft Cloud, securely streaming the full Windows experience — including all your apps, data, and settings — to your personal or corporate devices. This approach creates a fully new personal computing category, specifically for the hybrid world: the Cloud PC.”

And as Microsoft has stated, you can stream apps, tools, data, and settings from the cloud across any device. This means that you can use Apple devices

(Mac, iPads, etc), Android devices, and Linux PCs among others to access your desktop on the cloud. This gives you the convenience of being able to pick up your work right where you left off because the Windows experience does not differ. Regardless of where you may be or the device that you are using.

Planning your deployment

Deploying Windows 365 Cloud PC is a significant undertaking for any organization. As such, it needs meticulous planning to carry out.

There are several objectives that will need to be considered such as determining what end users will need to access on their Cloud PC. For instance, if your end users are going to use Windows 365 to access specialized software, then you’ll need to look into installing all lines of business apps.

Another objective would be considering the geographical locations of your end-users. Because Windows 365 can provide Cloud PCs in multiple Azure locations, it makes it possible to provide the Cloud PCs in a location with the lowest latency to your end users’ physical location.

The next objective to consider will be the management of Cloud PCs. In this instance, you’ll need to determine who will be managing the Cloud PCs as well as which management groups will have which permissions.

With the above done, you now need to look at how end users will connect to a Cloud PC. This means you need to know whether they’ll be using a browser or a Remote Desktop Client. And then, as far as licensing goes, you need to assess all use cases and evaluate workloads to determine the specific licenses that will be needed.

For the next step, you need to do a complete review of your endpoint management and infrastructure. This will enable you to determine whether you are going to keep your existing management plan for devices or if you need to come up with something different for the Cloud PC. So you need to look at Cloud PC management, application of policies (GPO or Intune), and the updating policy for all devices.

With all this considered, it becomes time to plan how and when users will receive their Cloud PCs. Here you can start by creating several different rollout phases based on your environment. Pilot and/or test groups are a great way to start with early stages involving willing participants who will provide feedback.

At the end of each phase, you can use the feedback provided to determine how to map the way forward for the rest of the organization. Also, it’s important to have clearly defined goals and success metrics if you want to stay on top of things and keep your rollout on track.

In the midst of all this planning, however, it’s key to have clear communication with all users. People need to understand what exactly the goals are and why the organization has chosen the Windows 365 Cloud PC.

Having a smooth rollout requires people to be fully informed of all the changes and potential disruptions that they will need to prepare for. You need to determine what information users need and this includes information about the Cloud PC and why the organization wants it.

During the pilot and subsequent onboarding phases, you should continue to provide additional information so that users understand the process and its importance. Just as important as the information is how you’ll communicate with users. You could have meetings or leverage platforms like Microsoft Teams or email.

Another key area to consider during the planning phase is your IT support and help desk staff. These individuals play a significant role in ensuring a smooth adoption of Cloud PC. They can help educate your end-users and show how to connect to and use the Cloud PC.

Because of this, IT support and help desk staff need adequate training to be able to provide the required support to end-users and resolve any issues that may arise.  And they also need to know how and at which level of end-users they will be supporting. This training should touch on all the various scenarios that Windows 365 will be used for and should also consider training on all supported Windows 365 platforms.

Overview of provisioning

When we talk of provisioning, we are referring to the process that is going to create a Cloud PC virtual machine and then set it up for the user. It’s also responsible for the completion of other tasks that prepare it for use and the sending of access information to the user. The process starts with admins providing configuration details to set up the process.

After which, users with a Windows 365 license and matching the configuration details will automatically have a Cloud PC provisioned for them. Because provisioning works on a  one-time per user and per-license basis, each user and license pair can only have one Cloud PC provisioned for them. The provisioning process is going to proceed as follows:

  • Starts with the creation of a provisioning policy to manage access to the Cloud PCs. Provisioning policies are key to the entire process as they are responsible for building, configuring, and availing Cloud PCs to end-users. Each policy will require you to provide details regarding the on-premises network connection, the image used to create each Cloud PC, and an Azure AD user group.
  • Assignment of a Windows 365 license to users in the Azure AD user will begin the provisioning process. And the provisioning of the Cloud PC will be carried out automatically by Windows 365 after which it will then send the necessary access information to the user. The automation is going to proceed in 3 phases that will be invisible to the administrator.
  • The last part of the process involves the end-user receiving the necessary access informationthat will allow them to sign in to the Windows Cloud PC from anywhere.

Provisioning policy objects

Provisioning policies are essential objects in the MEM admin console that carry the required rules and settings that enable Windows 365 to set up and configure Cloud PCs for your users. Admins will have the responsibility of providing the required information when creating provisioning policies. This includes:

On-premises network connection – the OPNC provides the platform that enables the policy to connect to your on-premises resources. It’s responsible for identifying:

  • The relevant Azure subscription for your Cloud PC.
  • Which domain and Organizational Unit to join.
  • The AD credentials that should be used.

Image – all Cloud PCs provisioned with a particular policy will carry a Windows image that is used as the reference image. This image can either be one that you select from the gallery or a custom image that you provide yourself.

Assignment – the role of the assignment is the identification of one or more Azure AD user groups. All licensed users in the policy’s Azure AD users group will then have Windows 365 automatically provision Cloud PCs for them. Also, users who may be added at a later date will get Cloud PCs as well.

The above information is absolutely integral to the provisioning process because without it the Cloud PCs cannot be provisioned. Once you’ve seen to the creation of the provisioning policies, Windows 365 takes over the provisioning process thus automatically providing users with Cloud PCs.

Modifying provisioning policies

Once provisioning of the Cloud PC is complete, there will be no possibility of a re-occur unless you perform a reprovision. Any alterations to the provisioning policy won’t trigger a reprovision and these alterations also won’t be applied to already provisioned Cloud PCs.

So any modifications that you make to a provisioning policy will only apply to subsequently provision Cloud PCs or those that are reprovisioned. Furthermore, changing the name of the provisioning policy will not update the Cloud PC name under All Cloud PCs. And it’s also not going to update the enrollmentProfileName in Azure AD

Deleting a provisioning policy

Only provisional policies that are not assigned to any Azure AD groups can be deleted. Removing the targeting of a provisioning policy that was used for successful Cloud PC provisioning will put the Cloud PCs into a grace period. And those Cloud PCs will face automatic deletion once this grace period has expired.

Provisioning policy conflict resolution

Since the assignment of provisioning policies is made to user groups the risk of overlapping groups/users does exist. In the instance where a user may have more than one provisioning policy assigned, the provisioning process will only consider the first assigned policy and ignore the rest. And in the event of reprovisioning, the policy used will be the one that has been modified most recently (if changes have been made to one of the provisioning policies).

Provisioning retry

If provisioning of a Cloud PC fails, the process automatically retries twice. And if it still fails, the process will stop and the affected Cloud PC is marked as Failed. There’ll also be an error message displayed. You’ll then need to figure out why the provisioning of the Cloud PC has failed. Once you get to the root cause, you can manually restart the provisioning process by clicking Retry.

Reprovisioning

Reprovisioning of Cloud PCs is something that admins can perform remotely. It comes in useful when:

  • You need to test various Cloud PC configurations.
  • There are problems with a provisioned Cloud PC.
  • A user requires a new Cloud PC.

You can also leverage the reprovisioning action for Cloud PCs that are in a Failed provisioning state in the Windows 365 provisioning node. Basically, you can look at reprovisioning like resetting a physical device. Since this action deletes the Cloud PC and creates a new one, all data, apps, etc, will also be deleted. The reprovisioning will use the configurations of the provisioning policy used by that user’s Azure AD group.

Users with multiple Windows 365 licenses

Users with multiple Windows 365 licenses can have more than one Cloud PC. In this scenario, each license can have a Cloud PC with the appropriate specifications provisioned. However, it’s worth noting that you cannot have different provisioning policies for different user licenses. The Cloud PCs for these users will be provisioned using the same provisioning policy.

Clean up

In the event of a provisioning failure or deletion of a Cloud PC after the grace period, Windows 365 will delete all objects that were created during provisioning. This will be done about 3 hours after the failure and will include Intune objects, Azure AD device objects, and Azure vNics.

Because other objects are relying on the network security groups the latter won’t be deleted. Neither will on-prem Azure AD computer accounts that were joined to the domain during provisioning. This is because Windows 365 does not have the necessary permissions and therefore can only disable the redundant computer objects.

Network requirements

Being a cloud-based service means that you need to have internet access to use Windows 365 services. As such, there are certain networking requirements that will support the necessary connections. These requirements are client-specific because they are based on your workload. Below are some of those requirements:

General network requirements

·       Azure virtual network – having a virtual network in your Azure subscription is a necessity. And it should be in the same region as where the Windows 365 desktops are created.

·       You’ll need to define your AD DS DNS servers as the DNS servers for the virtual network so that the virtual network can resolve DNS entries for your AD DS environment.

·        The Azure vNet needs access to an enterprise domain controller (on-premises or Azure).

·         There should also be a subnet within the vNet and IP address space must be available.

·         Network bandwidth is based on Azure’s network guidelines.

 Allow network connectivity

Your Azure network configuration will need to allow traffic to the following service URLs and ports:

DNS requirements

Organizations’ Cloud PCs should be able to join on-prem Active Directory because this is a Hybrid Azure AD Join requirement. Cloud PCs should be able to resolve DNS records for your on-prem AD environment. So you’re going to need to configure your Azure vNet where the Cloud PCs are provisioned as follows:

1)    Verify that your Azure vNet has network connectivity to DNS servers that can resolve your Active Directory domain.

2)    Navigate to Azure vNet’s Settings, select DNS Servers, and then choose Custom.

3)  Type in the IP address of DNS servers that environment that can resolve your AD DS domain.

Bandwidth

As you know by now, Windows 365 uses Azure network infrastructure. It follows therefore that you’ll need an Azure subscription to select a virtual network while deploying Windows 365 Enterprise. Costs incurred for using a Cloud PC are as follows:

  • Network traffic into a Cloud PC is free.
  • Any outbound traffic will incur charges against the Azure subscription for the virtual network.
  • Office data such as email incurs egress charges if the Cloud PC and a user’s data reside in different regions.
  • For RDP networking traffic you should always expect egress charges.

Choosing a Cloud PC option

After making the decision to sign up for the Cloud PC, you now need to choose what option is best suitable for your business. Microsoft offers clients two license types to cater to different business needs.

However, for both license types, the price will depend on the size of the Cloud PC. There are some significant differences between the business and enterprise licenses that are worth knowing before deciding. These include:

1)    Business is designed for small to medium enterprises with a maximum of 300 users whereas Enterprise is for much larger businesses looking to deploy Cloud PCs throughout their entire organizations and with an unlimited number of users.

2)  For Business, the desktop will be attached to a virtual network that Microsoft manages and has the added benefit of clients not being charged for network egress fees. When it comes to Enterprise, the desktops are attached to the customers existing Azure virtual network. And clients will also have to pay standard network egress fees.

3)    Enterprise clients will get both standard and custom images but Business clients will get only standard images.

4)    Business clients will have to go through a process of manual configuration and app installation. Enterprise clients will get automatic configuration and app installations because of the advantage of full integration with Microsoft Endpoint Manager/Microsoft Intune.

5)    For the Enterprise license, users will also need licenses for Windows 10 Enterprise or Windows 11 Enterprise, Microsoft Endpoint Manager, and Azure Active Directory P1. Business clients won’t require any additional licenses.

Having looked at the various differences, it’s clear to see that for smaller businesses looking to buy, deploy, and manage Cloud PCs, the Business license is the way to go. And it has the following options:

Basic – at a cost of $31/month and with support for up to 300 users, this option allows you to run light productivity tools and web browsers. Clients will get 2vCPU, 4GB RAM, and 128 GB Storage.

Standard – this option will cost $41/month and also supports up to 300 users. Clients will get 2vCPU, 8GB, and 128 GB of storage allowing you to run a full range of productivity tools and line-of-business apps.

Premium – the last option costs $66/month and gives you access to 4vCPU, 16 GB of RAM, and 128 GB of storage. With this, you get support for up to 300 users and can run high-performance workloads and heavier data processing.

For larger businesses looking to manage their Cloud PCs with Microsoft Endpoint Manager and take advantage of integrations with other Microsoft services, Windows 365 Enterprise is the choice for you. The options on offer are as follows:

Basic – at a cost of $31/month and with support for unlimited users, this option allows you to run light productivity tools and web browsers. Clients will get 2vCPU, 4GB RAM, and 128 GB Storage.

Standard – this option will cost $41/month and also supports an unlimited number of users. Clients will get 2vCPU, 8GB, and 128 GB of storage allowing you to run a full range of productivity tools and line-of-business apps.

Premium – the last option costs $66/month and gives you access to 4vCPU, 16 GB of RAM, and 128 GB of storage. With this, you get support for an unlimited number of users and can run high-performance workloads and heavier data processing.

Image source: Microsoft

Assigning licenses

Before users can start using their Cloud PCs, you will need to first assign licenses to them. The necessary licenses are available for purchase from the Microsoft 365 store and you can get there by going through the Microsoft 365 Admin Center: https://admin.microsoft365.com.

Once you have purchased all the appropriate licenses, you can begin the task of assigning licenses to all your users. To do this you first need to login to the Azure Active Directory admin center.

And for license assignment to a single user, you use the Microsoft 365 Portal. Once in there go to Users > Active Users and select the user that you want to assign with a license. Then, go to the tab “Licenses and apps” and select your Cloud PC license. Apply the changes while clicking on Save changes below.

Assigning group-based licensing is slightly different. For this, you go to the Azure Portal and then head over to your Azure Active Directory. If you look to your left-hand side you’ll see Licenses. Go there and select All Products.

Next, you select the available Cloud PC license and then click Assign. So to enable group licensing, go to the left-hand side, and select Licensed Groups. Yet again you’ll need to click on Assign and select the group that you want to automatically license for the Windows 365 Cloud PC feature.

Creating an on-premises connection

Another requirement that organizations will have is the need to have an on-premises connection. An on-premises network connection (OPNC) is an object in the Microsoft Endpoint Manager admin center that provides Cloud PC provisioning profiles with the required information to connect to on-premises resources.

Before getting started with Cloud PC, you’ll need the following:

  1. AD DNS domain name
  2. Organizational unit
  3. Configure Azure AD Connect
  4. AD username UPN
  5. AD join password

So first you need to find your domain name which is simple enough with access to a domain controller. Once you know your domain name then you can proceed to validate the User Principal Name Suffix (UPN Suffix). Checking that your UPN Suffix is routable is extremely important to avoid problems later on.

With that done, you need to create an Organizational Unit that will allow you to properly manage your CloudPCs and dedicated GPOs. To perform this task, go to AD Users and Computers mmc and then head over to where you want to set your new Organizational Unit. Next, you can then either right-click an existing Organizational Unit or click where you want to create a new one.

Next, you need to ensure that Azure AD Connect is properly configured to get users synchronized with Azure AD. This you will do by opening Azure AD Connect and then selecting Configure device options.

Finally, you need to fill in the AD username UPN and the AD domain password. Then click Next. On the page, that then appears click Review+create. It should take no more than a few minutes to create the on-premises network connection. And if you have configured everything properly, you’ll see a “checks successful” status.

Creating a provisioning policy

The next step in this process requires you to create a Provisioning Policy so that you can provision the Cloud PC with an image of choice and is based on Azure AD security groups. Provisioning policies hold key provisioning rules and settings allowing the Windows 365 service to set up and configure the right Cloud PCs for your users. To create a provisioning policy, follow the steps below:

1.   Sign in to the MEM admin center and select Devices > Windows 365 (under Provisioning) > Provisioning policies > Create policy.

2.    On the General page, enter a Name and Description (optional) for the new policy.

3.    For OPNC select the connection to use for this policy > Next.

4.    On the image page, you need to select one of the following options for the image type:

  • Gallery Image: Choose Select > select an image from the gallery > Select. Here you’ll get default images for your use.
  • Custom image: Choose Select > select an image from the list > Select. This shows you the list of images that you uploaded using the Add device images workflow.55

5.    Select Next.

6. On the Assignments page, choose Select groups > choose the groups you want this policy assigned to > Select > Next.

7.    On the Review + create page, select Create. It can take up to 60 minutes for the policy creation process to complete, depending on when the Azure AD connect sync last happened.

With the information provided through the on-premises network connections and the creation of provisioning policies, Windows 365 can now provision Cloud PCs for licensed users. Performing the provisioning process will involve Windows 365 automatically completing the following stages:

  • Core provisioning – this process does all the necessary tasks required to stand up a VM until a user can successfully sign in.
  • Post-provisioning configuration – modifications can be made to the configuration for the purpose of optimizing the Cloud PC end-user experience.
  • Assignment – a user is assigned to the Cloud PC and can now sign in.

User connectivity

After everything has been set up, users will then need to know how they can connect to the Cloud PC. We need to clarify what clients can be used as well as what options the end-users will have. Also, we need to know how administrative credentials can be provided to the end-user. Microsoft has provided two ways for users to connect to the Cloud PC:

                        I.        Web browser – the first method that users have for accessing the Cloud PC is via a web browser. All you have to do is simply navigate to windows365.microsoft.com. Once there you can log in with the user credentials that have a desktop provisioned and the portal will show you an overview of the desktops available to you. However, to access the Cloud PC using this website, users devices need to meet the following requirements:

Supported operating systems: Windows, macOS, ChromeOS, Linux,

A modern browser like Microsoft Edge, Google Chrome, Safari, or Mozilla Firefox (v55.0 and later).

 When using windows365.microsoft.com, end users can carry out various tasks on their Cloud PCs by selecting the gear icon on a Cloud PC card.

  • Rename: doing this will change the name of the Cloud PC that the user sees on the website. But, performing this action doesn’t change any name in Microsoft Endpoint Manager, Azure Active Directory, on the device, or in the Remote Desktop Apps.
  • Restart: this will restart the Cloud PC.
  • Troubleshoot: whenever a user is encountering challenges with connecting to the Cloud PC, this will help you to troubleshoot and try to resolve those challenges. A few checks will be run including verifying that all the files and agents necessary for connectivity have been properly installed. There will also be a check for the availability of Azure resources.

                        II.        Remote desktop – the second method that Microsoft offers clients for connecting to the Cloud PC is by using the Microsoft Remote Desktop app.

This is designed to enable users to access and control a remote PC, including a Cloud PC. So for those who have been using Azure Virtual Desktop, this is an app they will already be familiar with. Setting up the Remote Desktop is a relatively simple process that requires you to follow a few steps:

  1. First, you’ll have to download the Remote Desktop app. You can find it on the Download App page on www.microsoft.com/windows-365?rtc=1.
  2. Next, you select Subscribe.
  3. The next step will require you to enter your Azure Active Directory credentials.
  4. You will then see the Cloud PC appear on a list. Simply double-click it to launch.

Managing Cloud PCs

Next, let’s discuss just how you’ll be managing your Cloud PCs. For the management of your Cloud PCs, you’ll be using Microsoft Intune. The latter is a 100% cloud-based mobile device management and mobile application management platform for your apps and devices. And this also includes your Cloud PCs. Signing in to Intune requires you to navigate to the Microsoft Endpoint Manager admin center.

Overview page

To start, you’ll want to go over to the landing page for managing your Cloud PCs which is the Overview tab. To access it, you need to sign in to the Microsoft Endpoint Manager admin center > Devices > Windows 365 (under Provisioning).

This section is going to provide you with some information about how your Cloud PCs are performing. You’re going to see:

  • Provisioning status: this summarizes your organization’s Cloud PC status.
  • Connection health: this provides a summary of the health of your organization’s on-premises network connection.

All Cloud PCs page

On this page, you’re going to see a summary and list view with details regarding the status information for each of your organization’s Cloud PCs. The list view automatically refreshes every 5 minutes and by using it you can search filter, and sort. Users with multiple Windows 365 SKUs assigned to them will get multiple Cloud PCs and this means that in the All Cloud PCs list view there’ll be multiple rows for a single user.

Column details

Name – Name of the Cloud PC.

Device name – The Windows computer name.

Image – this is the image that was used during provisioning and so may not reflect the current Cloud PC version.

PC type – the Windows 365 SKU assigned to the user.

Status – this reflects the current provisioning status of the Cloud PC and possibilities include:

  • Provisioned: shows when provisioning was successful.
  • Provisioning: the provisioning is still in progress.
  • Provisioned with warnings: shows when a non-critical step failed in the provisioning process but the user still has access.
  • Not provisioned: this happens when a user has been assigned a Windows 365 license but doesn’t have a provisioning policy assigned to them.
  • Deprovisioning: appears when the 7 day grace period has ended and the Cloud PC is undergoing deprovisioning.
  • Failed: shows when the provisioning process has failed.
  • In grace period: indicates when a license/assignment change occurs for a user with a current Cloud PC.
  • Pending: it means that there are currently no available licenses in your tenant to process the provisioning request.

User – indicates the user to whom the Cloud PC is assigned.

Date modified – shows a timestamp reflecting the last status change of the Cloud PC.

Remote management

Like any other managed device, the option exists to remotely manage Cloud PCs using Intune. You’ll find that there are several remote management actions that Cloud PCs will support and they include:

  • Restart
  • Sync
  • Rename
  • Quick scan
  • Full scan
  • Update Windows Defender
  • Reprovisioning*
  • Resize*

*Reprovisioning and resizing are both remote actions that are unique to Cloud PC devices.

Conclusion

Microsoft’s personalized desktop solution brings a lot of advantages to the way enterprises operate. As technology continues to evolve in leaps and bounds, so too are the devices at our disposal. This has brought us to a point where many people in their various organizations are using many different devices to perform work-related tasks.

And businesses realize that bring-your-own-device policies will be integral moving forward. This is why platforms like Windows 365’s Cloud PC are potential game-changers. Giving users access to their desktops from anywhere and using almost any device enables businesses to operate at a completely higher level.

Furthermore, the last couple of years have shown just how important the need is for workers to be able to work from anywhere. This has helped to keep a lot of companies operational. Not only that but leveraging cloud computing helps the organization to lower its overall hardware expenses.

The Cloud PC also allows organizations to stay within their budgets by selecting the options that are best suited to their business. And if the need to scale arises then that can easily be achieved. Windows 365 Cloud PC really does have the potential to do great things for any business. It’s certainly worth a try.

This PC can’t run Windows 11 (Hyper-V)

Trying to install Windows 11, but not meeting requirements?

The error that prevents the computer from running Windows 11 is due to not meeting the minimum system requirements.

You can refer to the following table:

Processor1 gigahertz (GHz) or faster with 2 or more cores on a compatible 64-bit processor or System on a Chip (SoC).       
TPMTrusted Platform Module (TPM) version 2.0. Check here for instructions on how your PC might be enabled to meet this requirement.
Storage64 GB or larger storage device Note: See below under “More information on storage space to keep Windows 11 up-to-date” for more details.
System firmwareUEFI, Secure Boot capable. Check here for information on how your PC might be able to meet this requirement.
RAM4 GB or larger storage device
Graphics cardCompatible with DirectX 12 or later with WDDM 2.0 driver.
DisplayHigh definition (720p) display that is greater than 9” diagonally, 8 bits per colour channel.
Internet connection and Microsoft accountWindows 11 Home edition requires internet connectivity and a Microsoft account.

If you are trying to run Windows 11 on Hyper-v the default Generation 2 Virtual Machines does NOT meet the requirement.
You will need to modify the following configuration for Processor and TPM to accommodate the required configuration.

Processor1 gigahertz (GHz) or faster with 2 or more cores on a compatible 64-bit processor or System on a Chip (SoC).       
TPMTrusted Platform Module (TPM) version 2.0. Check here for instructions on how your PC might be enabled to meet this requirement.

Meeting TPM requirement on a Virtual Machine, Generation 2:

  1. Right Click the virtual machine
  2. Click Settings
  3. Click Security
  4. Mark ‘Enable Trusted Platform Module’

Meeting Processor requirement on a Virtual Machine, Generation 2:

  1. Right Click the virtual machine
  2. Click Settings
  3. Click Processor
  4. Change ‘Number of virtual processors’ to a minimum of ‘2’

Now enjoy Windows 11 on Hyper-V…

Streamlining IT with Windows Update for Business Deployment Service

In March of 2021 at its Ignite developers conference, Microsoft announced several new features and functionality designed to better help IT manage Windows. 

One of those key announcements was about Windows Update for Business Deployment Service (WUfB Deployment Service). Although plenty of businesses are still comfortable using 2005’s Windows Server Update Service (WSUS), Microsoft views WUfB Deployment Service as an important part of the drive to migrate IT to the cloud. 

According to the information provided, WUfB Deployment Service for drivers and firmware will be available in Microsoft Endpoint Manager and Microsoft Graph as a public preview from the first half of 2022.

What exactly is WUfB Deployment Service?

The key thing that most IT pros would like to know is what exactly this new service that Microsoft is rolling out is. And the latter describes Windows Update for Business Deployment Service as a cloud service that is a part of the Windows Update for Business product family.

It is a service that is going to allow you control over the approval, scheduling, and safeguarding of updates delivered from Windows Update. And the beauty of it is that Microsoft says it will integrate seamlessly with your existing Windows Update for Business policies.

IT pros should look forward to a platform that enables them to meet the goals of their business while also while attending to the needs of end-users regardless of where they may be. And this is crucially important given the difficult time the world has been facing recently.

The need for more efficient cloud services is part of what is driving Microsoft to create services like the deployment service. The latter comes as an enterprise-grade solution that will help to enhance the already-existing servicing platform that Microsoft AI provides to more than a billion devices across the globe.

Availability

Those looking forward to using the new Windows Update for Business Deployment Service for drivers and firmware should expect the public preview to become available starting with the first half of 2022. According to Microsoft, this will be available in Microsoft Endpoint Manager and Microsoft Graph.

In addition, a management reporting system for driver servicing capabilities is also on the way when the new service reaches public preview. This will allow you to access these reports as Workbooks using Windows Update for Business: Update Compliance. 

The availability of reporting will extend to all recommended and approved updates that require attention. And these include drill-downs designed to reveal individual device impact. Public preview for the service should be expected in January 2022 for Microsoft Graph and the first half of 2022 for Intune.

Built for IT professionals

According to the information that Microsoft has given us, this deployment service has been designed by taking into consideration feedback from their clients. Below are the things that WUfB Deployment Service will enable you to do:

IT will maintain control – you get to approve and schedule any Windows content delivered from Windows Update. This includes feature updates, quality updates, drivers, and firmware. This means that the IT pro has the final say and any content that they do not approve will not deploy.

Easy to adopt – integrating the deployment service with Microsoft Endpoint Manager, either through cloud-only controls or co-management allows for easy adoption of content and features. As a result, this can be done at your convenience without having to worry about implementing all these changes at one time.

Responsive to change – delivering innovation through cloud services makes it easy for you to adopt. Capabilities are common across OS releases and you no longer need to install an update to access new update controls.

Compliant and privacy-focused – WUfB deployment service fulfills the necessary compliance regulations thus giving you peace of mind. IT professionals will be happy to know that the deployment service is ISO 27001, FedRAMP High, HiTRUST, and SOC II certified.

Enhancing deployment processes

Simplifying deployment processes can help your organization to operate with greater efficiency. By leveraging Windows Update for Business Deployment Service, IT professionals can significantly extend the management plane available to devices connecting to Windows Update. This should then allow you to:

  • Schedule update deployments to begin on any specific day that is convenient to your organization.
  • Stage deployments over a period of days or weeks using rich expressions. This enables you to make deployments to a given number of devices each day.
  • Bypass pre-configured Windows Update for Business policies to immediately deploy a security update across your organization when emergencies arise.
  • Ensure coverage of hardware and software in your organization through deployments that are tailored to your unique device population through automatic piloting.
  • Leverage Microsoft ML to automatically identify and pause deployments to devices that are likely to be impacted by a safeguard hold.
  • Manage driver and firmware updates just like feature updates and quality updates.

What you stand to gain

This new deployment service will present IT admins with plenty to be excited about. When the service becomes available, it will enable IT, admins, to choose the right drivers for the devices that they are responsible for. 

And this they will do by browsing the entire collection of drivers from independent hardware vendors and original equipment manufacturers available on Windows Update. 

Most end-users will be extremely grateful for this option because it relieves them of having to go through the entire Windows catalog to pick drivers themselves. By having IT admins perform this task, organizations will significantly reduce the risk of having incorrect or outdated drivers installed on company devices.

Also, businesses stand to benefit from regular deployment of driver updates from Windows Update. These benefits include that your devices will receive just the right drivers from Windows Update as well as getting new drivers and fixes regularly from the hardware ecosystem. All of this is key in ensuring that security issues are mitigated and your organization operates more efficiently.

Another thing that this service will do for IT admins is to simplify the process of identifying the right drivers for the various devices. This is because of how Windows Update performs an automatic evaluation of all data sent by a device when it scans the service and identifies drivers on the service that are better than those that are already installed. This is possible because of the various factors that Windows Update uses to identify the specific drivers as well as the hardware.

Requirements

For you to be able to use the deployment service, there are a number of requirements that devices must meet. And those requirements are as follows:

  • Must be running Windows 10, version 1709 or later (or Windows 11),
  • Must be joined to Azure Active Directory (AD) or Hybrid AD,
  • Must have one of the following Windows 10 or Windows 11 editions installed: Pro, Enterprise, Education, Pro Education, or Pro for Workstations.

In addition to the above prerequisites, your organization must have one of the following subscriptions:

·         Windows 10/11 Enterprise E3 or E5 (included in Microsoft 365 F3, E3, or E5),

·         Windows 10/11 Education A3 or A5 (included in Microsoft 365 A3 or A5),

·         Windows Virtual Desktop Access E3 or E5,

·         Microsoft 365 Business Premium.

How does Windows Update for Business Deployment Service work?

Microsoft has designed WUfB Deployment Service to complement and work seamlessly with already existing Windows Update for business capabilities such as existing device policies among others. There are three main elements that make up Windows Update for business and these are:

·      Client policy to govern update experiences and timing – available through Group Policy and CSPs.

·      Deployment service APIs to approve and schedule specific updates – available through the Microsoft Graph and associated SDKs (including PowerShell).

·  Update Compliance to monitor update deployment – available through the Azure Marketplace.

One of the key differences between this new deployment service and the existing client policy is that it does not directly interact with devices. With the service being native to the cloud this means that all interactions will take place between the different Microsoft services. 

So what you’ll then end up with is a direct communication channel between management tools and the Windows Update service. As a result, the approval and offering of content is something that IT pros will directly control.

 For the most part, when using this deployment service things will usually proceed as below:

1)  An IT pro leverages a management tool to pick devices and approve content to be deployed. The management tool used can be either PowerShell or a Microsoft Graph app. You can even opt for a more complete management solution such as Microsoft Endpoint Manager.

2)    The chosen tool conveys your approval, scheduling, and device selection information to the deployment service.

3)    The deployment service processes the content approval and compares it with previously approved content. Final update applicability is determined and conveyed to Windows Update, which then offers approved content to devices on their next check for updates.

Types of updates on offer

Another thing that IT pros should be interested in knowing just what kinds of updates will be available to them. Windows Update for Business manages policies for several types of updates to Windows 10 devices:

·    Feature updates – in addition to security and quality revisions, feature updates also provide feature additions and changes. And they are released as soon as they are available.

·       Quality updates – this type of update is the traditional OS update that normally becomes available on the second Tuesday of every month. These will include security, critical, and driver updates. Under Windows Update for Business, non-Windows updates such as those for Microsoft Office or Visual Studio have also been considered quality updates. They are defined as Microsoft updates and devices can be programmed to receive them with their Windows updates.

·         Driver updates – these updates are for your necessary, non-Microsoft drivers and are on by default. You can, however, use Windows Update for Business policies to turn them off.

·         Microsoft product updates – updates for other Microsoft products that are off by default and can be turned on by using Windows Update for Business policies. These other products can include things such as versions of Office that are installed by using Windows Installer (MSI).

Getting started

To get started using the deployment service, there are a few ways you can go about it. You can use a management tool built on the platform, script common actions using PowerShell, or build your own application.

Microsoft Endpoint Manager – using Microsoft Endpoint Manager gives you the advantage of using a platform that integrates with the deployment service to provide Windows client update management capabilities.

PowerShell – scripting common actions using PowerShell is another way to go. The Microsoft Graph SDK includes a PowerShell extension that you can use to script and automate common update actions.

Building your own application – Microsoft Graph makes deployment service APIs available. There are a couple of learning paths that you can get started with:

1) Learning Path: Microsoft Graph Fundamentals

2) Learning Path: Build apps with Microsoft Graph

And as soon as one is comfortable with Microsoft Graph development, you can find more information in Windows updates API overview in Microsoft Graph.

Enhancing the update process

For years, IT admins and device managers have voiced their displeasure at the lack of control over Windows Updates. And by taking this feedback into consideration, Microsoft is now hoping to address the issues at hand using the Windows Update for Business Deployment Service

The cloud-based service will provide features that will help IT pros approve, schedule, and monitor updates. The greater control that this provides means that the update process will be a lot smoother for all devices on the network. And this is regardless of where that device may be. 

So far the new deployment service can deliver on its multiple promises, it is brining a massive upgrade to the existing update process, and the needed stability and reliability.

How to Improve Network Efficiency with Delivery Optimization and Endpoint Configuration Manager

Can Microsoft’s Delivery Optimization and Configuration Manager help solve enterprise network efficiency problems supercharged by the coronavirus pandemic?

The COVID-19 pandemic has forced numerous companies to adopt hybrid working models. This has seen demand for bandwidth capacity increase considerably.

Couple bandwidth-busting traffic connecting from all over with spiraling data costs and network administrators have something to worry about. With no end in sight of this global pandemic, enterprises are now looking for solutions to counter these issues.

As a result, the question that’s now at the fore for many network administrators is how to improve network efficiency as cost-effectively as possible in the New Year. 

COVID-19 and Network Efficiency

Pre-COVID, 17% of the American workforce worked remotely at least 5 days per week. Since the onset of the pandemic, this number has increased to 44%.

With nearly 6% of the population (i.e. 21 million people) having no high-speed connection, enterprises have begun to ask questions such as how best can they keep all their employees connected to their networks?

A range of solutions has been proposed in order to modernize the existing mainframes including the adoption of key technologies such as Microsoft’s Delivery Optimization, Connected Cache, and Configuration Manager.

Let’s examine each of these in greater detail.

What is Delivery Optimization

Delivery Optimization is an inbuilt Windows component. It’s distributed cache technology which means that it is software that is designed to act as an intermediary between an enterprise’s primary storage solutions and remote employees’ computer.

The benefits that Delivery Optimization provides include optimizing cloud download efficiency, minimizing internet bandwidth, and lowering the latency in data access.

This is excellent because you want to keep your internet bandwidth high as this translates to a faster and better experience for employees, particularly those working remotely.

What is Microsoft Connected Cache?

Microsoft Connected Cache is an application that is installed on a Windows Server 2012 or later. It is also a high-speed data storage function that works hand-in-hand with Delivery Optimization to reduce latency and improve efficiency.

Connected Cache acts as a dedicated cache on your enterprise network. This server-based solution caches the managed downloads that Delivery Optimization extracts from the Cloud.

It’s ideal for companies because it serves as a local cache on your on-premise network.

What is Microsoft Endpoint Configuration Manager

Microsoft Endpoint Configuration Manager, formerly known as System Center Configuration Manager (SCCM) or Systems Management Server (SMS) is a full-feature systems management software designed to manage computers on a larger and streamlined scale.

Configuration Manager works by providing patch management, remote control, operating system deployment, software inventory, software distribution, and network access protection capabilities.

Now that we’re up to speed about what each of these features are and what they do let’s look at the advantages and disadvantages of Delivery Optimization.

Delivery Optimization Pros

No Upfront Costs

For enterprises already encumbered by high remote operating costs, this is a welcome reprieve. There are no upfront costs because of the fact that Delivery Optimization exists as part of Windows 10. Therefore, it’s a feature that’s paid for through your regular Windows 10 license.

Leverages Peer-to-Peer Efficiency

Delivery Optimization enables PCs connected to your network to download updates in a more streamlined manner from other peers within the network that have already downloaded the content. In this way, overall bandwidth use is reduced. This also mitigates update-related traffic.

Same Time Send/Reception of Update Files

Gone are the old days of having to wait long periods of time while update files were sent and received in succession. Today, Delivery Optimization facilitates simultaneous sending and receiving of update files. This allows updates to easily and seamlessly take place.

Can Resume Interrupted Downloads

Do you remember the times when downloads would be interrupted because of a network glitch and had to restart? This meant updating PCs across company networks took longer and sometimes pushed up data costs for enterprises. Thankfully, one of the perks of Delivery Optimization is the ability to resume downloads should they be interrupted.

Load Balancing Capabilities

Network administrators can use all the help they can get to distribute workloads in a uniform manner across enterprise servers and employee PCs.

Load balancing is an incredibly important process as it promotes more efficient processing so there is no uneven overload on individual computer nodes. Delivery Optimization presents itself as a tool that expedites this distribution of network traffic.

Windows Native and Cumulative Updates Enabled

As a Windows 10 native feature, Delivery Optimization is Cumulative Updates enabled. This means that on all the PCs equipped with the DO feature, updates – both old and new – can be bundled together into a single update package.

But it’s not all fun and games with Delivery Optimization, here are a couple of disadvantages network administrators have to also contend with.

Delivery Optimization Cons

No Analytics and or Reporting

In Deloitte’s The Analytics Advantage report, analytics are highlighted as important as they enable companies to drive business strategy and facilitate data-driven decisions. Thus, it comes as a big disappointment that Delivery Optimization provides no such insights neither in the form of analytics nor reports.

No Content Control

Being able to control both the content that’s being downloaded and transmitted across networks is imperative for network safety. The fact that Delivery Optimization doesn’t give network administrators such control is frustrating.

No Support for Windows 7/10 Migration

Are you thinking of migrating from Windows 7 to Windows 10? Well, unfortunately, you’ll have no help from Delivery Optimization. It’s not clear as to why the developers over at Microsoft thought it was a good idea to complicate migration in this way.

No Support Packages and App Deployment

That’s not all, but Delivery Optimization also offers no support for Packages and Application with Configuration Manager stand-alone deployments. This greatly hampers the standardization and streamlining process of installing software on employees’ work devices.

No Smart Agent

Delivery Optimization is a tool full of potential. However, it is baffling trying to understand why this supposed network optimizing resource has no smart agent to facilitate Optimal Source Selection.

No SCCM Support

Microsoft’s System Center Configuration Manager (SCCM) is integral in the management, deployment, and security of connected enterprise devices as well as apps within the network. However, this Windows product doesn’t receive any support which is a major disadvantage.

Needs Manual Boundary Definition

Boundaries, according to Microsoft, are network-specific locations on enterprise intranets that can contain your PCs or other devices making them easier to manage. When using Delivery Optimization, boundaries aren’t automatic, you have to take time to manually define each boundary you want to be created.

Needs Substantial Boundary Configuration

It’s not enough to manually define the boundaries required either, you also need to make sure that each boundary is properly configured. This additional work can be automated so it’s a wonder why Delivery Optimization doesn’t come with boundary configuration pre-set.

5 Steps to Improving Network Efficiency with Delivery Optimization

Faced with hybrid work models and more employees working remotely, enterprises must be smart about network management. Here are the top 5 ways to improve network efficiency using Delivery Optimization, Configuration Manager, and Microsoft Connected Cache in 2022.

Improve Network Efficiency Step# 1. Remove Performance Bottlenecks

When it comes to network efficiency, congestion in the network is one of the major network problems that most enterprises face. There are many causes of bottlenecks in your network which you will need to remove in order to improve network efficiency. These range from:

a)     Network Overload

Network overload happens when you have numerous hosts within your broadcast domain. Delivery Optimization can aid in this particular case by allowing optimized cloud-managed downloads which reduce network pressure.

b)    Broadcast Storms

Broadcast storms occur when you receive more requests on the network than it can handle.

c)     Low Bandwidth

This occurs when there are too many people connected to the network at once. Delivery Optimization and Connected Cache are peer-to-peer cache technology and significantly help to lower the latency and minimize internet bandwidth.

d)    Not Enough Retransmitting Hubs

Failure to have sufficient retransmitting hubs slows down your network. Retransmitting hubs are necessary in order to make data transmission across the network easier.

e)     Multicasting

While created to help ease congestion, multicasting can in fact cause bottlenecks when two packets transferred simultaneously collide leading to congestion

f)      Old Hardware

Technology is changing so fast and hardware components need to be routinely upgraded otherwise servers, routers, and switches can inadvertently lead to network congestion

g)     Poor Configuration Management

When scripts are one-off or repetitive, they can introduce bugs that cause congestion. Thankfully Delivery Optimization and Configuration Manager can help to get rid of this issue.

h)    Foreign Adapter Broadcasts

When rogue adapters connect to your network, this can increase the network load leading to bottlenecks. A rogue adapter is any device that connects oftentimes illegally onto your network and exists like a parasite until it’s removed. These foreign devices also pose a security threat.

Fortunately, network monitoring tools like Configuration Manager make it possible to handle the life cycle of all the devices and configurations within your network. Such visibility can assist in identifying slow traffic and congestion so you can eliminate it.

And speaking of configurations…

Improve Network Efficiency Step# 2. Reconfigure Network Hardware

It doesn’t matter if it’s an installation of cumulative updates or new hardware, every element joining the company network must be properly configured. Failure to do so can lead to poor network efficiency.

When devices are incorrectly configured, they can’t communicate with their peers effectively. This will lead to routing problems and or increase latency.

Network administrators must ensure that each time a device is configured or reconfigured the network is tested to check network performance. Configuration Manager can be used to see whether the new configuration/reconfiguration is affecting the network negatively.

Improve Network Efficiency Step# 3. Educate Employees on Correct Network Usage

Now with more employees working remotely, it can be difficult to control what people do on the company network. However, it is pivotal to educate them on avoiding applications that are bandwidth-heavy and engaging in activities that consume a lot of data such as downloading movies, music videos, and other large files.

The more bandwidth employees are using in non-work-related activities, the less will be available for work slowing down the entire network. Configuration Manager can be used to curb non-work-related activities if necessary by blocking certain devices. 

Improve Network Efficiency Step# 4. Consider Creating a Guest Network

Have you ever thought of creating a separate guest network for people visiting your company?

You don’t want strangers and outsiders to be able to connect to your enterprise network. This is a major security threat. By creating a disparate guest network they will have their own distinct network to connect to.

In this way, guests’ activities don’t interfere with enterprise bandwidth and security threats are reduced.

Improve Network Efficiency Step# 5. Compress Network Traffic and Data

Every day, colossal amounts of data are transmitted across enterprise networks. More so now, in a world where virtual meetings are the order of the day. These data-heavy online activities necessitate data compression and compression of network traffic.

By compressing enterprise data, companies get more out of their internet packages. And with Windows components like Delivery Optimization, you get to stretch your data out more.

You see, Delivery Optimization extracts content from the cloud, stores it in a temporary cache, where peer PCs/devices can easily access said files in smaller, minute data-friendly sizes without having to download all the large files for each connected device.

Wrap up

2020 and 2021 have disrupted the way business is done. With more companies eager to try out hybrid work models that allow employees to work remotely with some days in the office, network administrators have their work cut out for them in terms of making sure networks are efficient and running at optimal round the clock.

And with so much uncertainty about when things will return to normal, enterprises need to get comfortable with the idea of remote work. Resources such as Delivery Optimization and Configuration Manager will prove to be more and more important in 2022 and beyond.

Relying on such Windows features, organizations can rest easy knowing that there are tools to help with improving network efficiency in a cost-effective manner.

Should You Allow Self-Service With Windows Autopilot?

With Windows Autopilot, Microsoft gives clients a collection of technologies designed to eliminate the challenges that come with building, maintaining, and applying custom images.

It’s a platform that IT professionals can utilize to set new desktops to join pre-existing configuration groups and apply profiles to the desktops. All of this is so that new users can access fully functional desktops from their first logon.

By using Windows Autopilot, you can simplify the entire lifecycle of Windows devices. Meaning that it covers devices from the initial deployment to the eventual end of the life cycle. The question, however, is should you allow self-service?

Changing landscape

Over the last few years, we have witnessed a rapid evolution in the remote work landscape. And this evolution has become even more pronounced with the prevailing global pandemic. This has made the need for technology like Windows Autopilot even greater.

Self-service technology has plenty to offer any business. Benefits can include improved end-user experience, effortless coordination for a remote or blended workforce, less complicated management, and significant increases in productivity.

So as the way businesses operate continues to evolve, Windows Autopilot can be the perfect tool to deal with the headaches that we have faced in the past with automated deployment and self-service setups.

Using the self-service setup

The way that Windows Autopilot’s self-service setup works is that it makes workplace devices configured and ready out of the box with its self-deploying mode.

This means that when the employee receives the device they only need to turn it on to start working. Self-deploying mode automatically joins a new device into your company’s Azure Active Directory (Azure AD).

The device is then enrolled into Intune for mobile device management (MDM). Also, you don’t need to worry about apps, certificates, policies, and networking profiles provisioned on the device as they will be dealt with as well.

What this means is that everyone has a lot to gain from using Windows Autopilot, whether you’re IT or the end-user. IT people have their processes simplified and no longer have to deal with the time-consuming, outdated, and overly complex IT processes they had before.

And as for the end-user, all one needs to do is unbox the device, turn it on, connect to the internet, and then verify their credentials.

Self-deploying mode

This feature plays a key role in making Windows Autopilot the platform that it is. Using it will allow you to deploy a device with little to no user interaction. If you have an Ethernet connection then no user interaction will be needed. But, end-users whose devices are connected via Wi-Fi will need to choose the language, locale, and keyboard. And then, they need to make a network connection.

By using self-deploying mode, you can deploy a Windows 10 device as a kiosk, digital signage device, or a shared device. Moreover, it’s also possible to completely automate device configuration by combining self-deploying mode with MDM policies. To deploy in self-deploying mode, you need to follow the steps below:

  • The first step involves creating an Autopilot profile for self-deploying mode that has the settings you want.
  • Next, you need to create a device group in Azure AD and assign the Autopilot profile to that group. Before you try to deploy the device, you should check that the profile has been assigned to the device.
  • Finally, you need to boot the device and connect it to Wi-Fi (if necessary). And then wait for the provisioning process to complete.

Gaining value from technology

As already mentioned earlier, the technological landscape is evolving and so businesses can take advantage of these changes to add value to their operations. The ability to seamlessly deploy devices without IT involvement has huge implications in an increasingly remote-working world.

With countless employees not being on-premises, companies cannot afford to have delays between delivery and deployment. Leveraging Windows Autopilot means that you can eliminate OS image re-engineering and customize the out-of-the-box-experience (OOBE).

By doing this, your processes become easier and faster. And this is going to enhance productivity and potentially increase profitability.

Possible scenarios

Windows Autopilot provides support for a growing list of different scenarios, designed to support the varying needs that most businesses will have. These needs often differ depending on the type of business as well as where you are with moving to Window 10 and transitioning to modern management. Below are some of the common scenarios:

  • Deployment of devices that will be set up by an employee of the company and configured for that person.
  • Deployment of devices that will be automatically configured for shared use, as a kiosk, or as a digital signage.
  • Re-deploying a device in a business-ready state.
  • Pre-provisioning a device with up-to-date apps, policies, and settings.       

User-empowered modern workplace

Windows Autopilot is one of the key components in the Microsoft ecosystem that are helping to create a more user-centric workplace. An environment where users are empowered by IT rather than restricted as they were with legacy IT.

Users will immediately see this from the very beginning as they unbox new devices and have no time-wasting setup involved. Combined with the streamlined benefits of other solutions in the Microsoft ecosystem, this creates a modern, all-digital workplace.

Leveraging digital transformation

So much technological innovation has come to the fore in the last few decades. However, many outdated facets of legacy IT persist including device setup and configuration. But, that doesn’t have to be the case for your organization.

Making use of tools like Windows Autopilot has massive potential benefits for your business. Self-service deployments not only make life simpler, but they can help you to operate faster and with fewer complications.

Not to mention how you can create more productive time. The extensive range of capabilities that you get here gives you more automated and user-friendly processes that can enhance your organization’s performance.

Understanding The Microsoft 365 Stack For Cloud Security

Microsoft 365 (M365) provides businesses with a solution that empowers people to fully utilize their creativity while working together securely.

All of the features that you get should enhance the productivity of your business. But, the key to all of this is keeping your data secure.

Incidents of security breaches have been steadily increasing over the last few years so data security should be a top priority for all businesses. By understanding how the Microsoft 365 stack operates, we can see how the available features can strengthen your cybersecurity.

What’s in it?

The first question that one may ask is what will you get with Microsoft 365? And is it actually any different from Office 365 or is this merely a rebranding exercise?

Firstly, clients get local apps and cloud-based apps, and productivity services. These include both M365 Apps for enterprise, the latest Office apps (such as Word, Excel, PowerPoint, Outlook, and others), and a full suite of online services.

Secondly, you’ll also receive Windows 10 Enterprise which is the most productive and secure version of Windows. It meets the needs of users and IT for both large and medium enterprises.

And finally, you also benefit from device management and advanced security services including Microsoft Intune. So all in all, Microsoft 365 is designed to be a more comprehensive solution and the name change is more reflective of the range of features and benefits in the subscription.  

Businesses are vulnerable

The importance of cloud security to a business cannot be overstated. Especially when you take into consideration the study by the University of Maryland showing that cybercriminals infiltrate business data about once every 39 seconds.

And as remote work continues to expand, the use of personal devices to access sensitive data can be a massive additional risk. This is why businesses need platforms like Microsoft 365 Stack to not only enhance productivity but safeguard business data as well.

Backing up your data

Arguably one of the first things to consider in your data protection strategy is cloud backup. Because there are so many threats – internal and external – to data security, having your data backed up is a must. Using the Microsoft 365 Cloud Backup comes with several benefits that you simply cannot ignore. And these include:

  • Protection against accidental deletion of data which is something that will happen occasionally.
  • Protection against data losses resulting from cyberattacks.
  • Threats don’t always come from outside actors so backups will also protect you from the nefarious actions of internal actors.
  • Backups can help you to manage legal and compliance requirements.

Working from anywhere

One of the key selling points of Microsoft 365 is how it enables people to collaborate on various projects from just about anywhere. And this is made possible because the responsibility of your data’s security lies with Microsoft.

Businesses can rest easy knowing that their data is highly secure on the OneDrive platform or when shared across Teams and SharePoint.

What this also means is that you have fewer expenses by eliminating the need to maintain expensive hardware.

Furthermore, built-in security features such as the robust data loss prevention policy, Advanced Threat Analytics, and Exchange Online Protection will enable your employees to work remotely as securely as possible.

Secure access to data

The Microsoft 365 stack ensures that even when employees are using personal devices, the security of your data is still maintained. This is possible because of features like multi-factor authentication (MFA) that add a layer of protection to the sign-in process.

So users will have to provide additional identity verification, such as scanning a fingerprint or entering a code received by phone.

Also, you can add solutions like Microsoft Intune to use advanced capabilities that can enforce mobile device encryption and enable the use of PIN numbers. Microsoft ­365 has several threat protection tools that all businesses should know:

  • Microsoft Defender ATP: offers clients excellent endpoint protection and prevents cyberattacks and data breaches. With the increase in use of personal devices, this feature works great on mobile devices, which are particularly vulnerable to attacks.
  • Office 365 ATP: this feature aims to secure your communications by dealing with phishing attacks, zero-day threats, and other types of malware that users may encounter in emails and links.
  • Microsoft Cloud App Security: detects abnormal usage and incidents, alerting you to threats to your cloud apps.
  • Azure ATP: makes use of on-site active directory to keep your identities secure and also reduce the attack surface.

Simplifying update processes

One of the major advantages of having cloud-based software is the ability to have regular updates. This is particularly necessary when we consider the sophistication of the constant cyber threats that businesses have to contend with.

And the great thing about these updates is that Microsoft allows organizations to sign up to an update schedule that is convenient for them. By doing this, regular updates will stop being a nuisance that people sometimes ignore.

Especially given how important they are for bug fixing and patching up security issues. When organizations can have the most up-to-date software versions in their hands, this can significantly enhance their cloud security.

Securing your business

Cyber threats are targeting all kinds of organizations and small businesses are no exception. Without effective solutions in place, you are at risk of being shut down by cybercriminals. But by using Microsoft 365 Stack, you get a robust solution that is designed to provide companies with all the features they need to run a more secure and efficient business.

All the available tools and features will help you to address the data security and compliance issues that you are bound to encounter as time goes on. It may just be time to utilize the enterprise-grade service and protection of the M365 stack. 

Cloud Computing Gets Better With Windows 365

Cloud technology has evolved rapidly over the last few decades. Right now, it is very much integral to the operations of many businesses. Especially as we consider the unprecedented disruptions that have been brought about by the global pandemic since early 2020. Moving forward, a hybrid work environment is increasingly becoming the norm.

And Windows 365 looks to provide clients with the digital solutions necessary to bring about technological transformation. This will make it even simpler for employees to remain connected and collaborate regardless of whether they are working from home or are in the office. Cloud computing can undoubtedly be a key driver in the success of any business.

Windows in the cloud

Microsoft’s latest offering is certainly looking to take cloud technology to a higher level. Just to recap, Windows 365 is a subscription-based cloud PC service. In a way, you could describe it as an Operating System-as-a-Service solution.

All you need to do is purchase a subscription and you can remotely access a Windows desktop in any modern web browser. The service will provide you with a consistent experience across any device.

So if you happen to be working on a project with several application windows open and then you disconnect, that exact same state will be restored when you reconnect, regardless of whether you’re using the same device. Built on Microsoft’s Azure Virtual Desktop technology, Windows 365 could just be a game-changer.

Explaining cloud computing

Cloud computing refers to the delivery of on-demand computing services over the internet that are paid for according to your needs. These services can include servers, storage, applications, databases, networking, intelligence, analytics, and processing power. Because you only pay for the services you need, your business can lower its operating costs, run infrastructure more efficiently, and scale accordingly as per your needs.

The most common types of cloud services that you’ll come across include Infrastructure as a Service (IaaS), Platform as a Service (PaaS), and Software as a Service (SaaS). IaaS allows you to rent IT infrastructure such as servers and virtual machines from a cloud services provider.

PaaS can help developers to work more efficiently when creating web or mobile apps. This is because users can rent an on-demand environment to develop, test, deliver, and manage software applications. And then with SaaS, service providers can deliver software applications to clients over the internet on a subscription basis.

And Microsoft is looking to enhance the technology even further. As Satya Nadella, chairman and CEO of Microsoft put it, “We are building the cloud for the next decade, expanding our addressable market and innovating across every layer of the tech stack to help our customers be resilient and transform.”  

He went on to further explain, “With Windows 365, we’re creating a new category: the Cloud PC. Just like applications were brought to the cloud with SaaS, we are now bringing the operating system to the cloud, providing organizations with greater flexibility and a secure way to empower their workforce to be more productive and connected, regardless of location.”

Modern computing

Constantly changing technology means that businesses need to embrace digital transformation processes to remain competitive. Integrating new forms of technology such as Windows 365 can have a significant impact on a business by speeding up, automating, and improving processes.

By leveraging the capabilities of the cloud, organizations can easily achieve the goals of digital transformation. This is because the cloud provides the natural solution to the heavy computational and storage needs that are required to implement these digital solutions.

If you are still on the fence about cloud technology then you should also consider that according to a study by 451 research, you are already behind 90% of companies. Cloud technology is clearly not a passing phenomenon, it’s here to stay. And it’s not hard to see why, when looking at just what businesses stand to gain:

  • Cloud services are scalable and flexible enough to adapt to any business’ needs,
  • Businesses can make significant savings by eliminating the need for massive investments in on-premises infrastructure,
  • Companies stand to gain a competitive advantage from the valuable insights they get from the huge volumes of big data available,
  • The cloud also ensures business continuity in the event of a disaster, cyber attack, etc. A case in point being how businesses have remained operational despite the pandemic.

What does Windows 365 add?

We all know that cloud computing is not a new phenomenon. Neither is virtual technology. In fact, Microsoft itself already has Azure Virtual Desktop available. So naturally, one would wonder what does Windows 365 bring to cloud computing that isn’t already there? Apparently, quite a bit.

Windows 365 promises to provide clients with an alternative to their physical PCs. An alternative that lives permanently in the cloud and runs Windows 10 or (once it’s available later this year) Windows 11. The service would also allow you to sign in to that alternative PC on any desktop PC, Mac, or mobile device and pick up exactly where you left off.

With Windows 365, at least according to Microsoft, setting up, maintaining, and managing Windows will become easier. In addition, the Cloud PC provides a secured place to store apps, files, and documents that your employees will have access to at any time and on any device with an internet connection.

This creates a situation where your location doesn’t matter and you can easily switch between devices without losing your work. Also, unlike Azure Virtual Desktop’s consumption-based rate, Windows 365 offers flat subscription rates.

Functionality

Having seen what Windows 365 can bring to the table, you’ll probably need to know how the service functions. Firstly, you’ll need to determine what the needs of your organization are and then select a plan from the ones available.

And once you purchase a subscription, you can then link your Windows 365 product to an existing Microsoft account. With this done, all your apps, tools, data, and settings will become accessible from any device anywhere.

Moreover, Windows 365 is a fully customizable platform that allows you to customize the amount of power and storage that your Cloud PC uses both at the point of subscription and once you start using it.

One of the major challenges with existing cloud computing technology is the difficulty that one faces with scaling. So the fact that Windows 365 essentially eliminates this issue is a fantastic advantage. 

Another great tool that you have is the integration with Azure AD and Microsoft Endpoint Manager (MEM). For organizations that are already leveraging Azure virtual desktop infrastructure, Windows 365 will automatically integrate itself with your Azure AD infrastructure. In addition to your other virtual assets as well. Also, management and security policies can be applied to your Cloud PCs.

Cloud PC capabilities

The Cloud PC is designed to offer a better cloud experience than other services on the market. Including Windows traditional devices. Developed for hybrid working, Windows 365 can offer the kind of flexibility that allows seamless device changes without affecting the status of the work.

Not only that, but users will be happy to know that Windows 365 is compatible with other Microsoft 365 business applications. This means that you won’t miss out on your favorite apps such as Word, Planner, or SharePoint.

According to Wangui McKelvey, general manager for Windows 365, “However, the ability to work anytime, anywhere has become the new normal. All employees want technology that is familiar, easy to use, and available across devices. In the most complex cybersecurity environment we’ve ever seen, organizations need a solution that helps their employees collaborate, share, and create while protecting their data. We have the opportunity to develop the tools that enable this new world of hybrid work with a new perspective and the power and security of the cloud.“

Windows 365 also aims to tackle the security issues that organizations have been facing. And this can be done through integration with the security and identity management policies that you already have in place such as Azure AD.

Major features

There’s plenty to like about Windows 365 from the information that we have about the service so far. Features that enable this service to be a game-changer in the world of cloud computing. And these features include:

  • Instant boot to a personal Cloud PC,
  • Clients get the full Windows experience in the cloud,
  • Clients can also stream various applications, tools, data, and settings directly from the Microsoft cloud across any device,
  • You get a choice of running either Windows 10 or (once it’s available later this year) Windows 11,
  • Secure by design, and fully compliant with Microsoft’s Zero Trust principle,
  • Flexible per-user, per-month pricing plans at flat subscription rates,
  • A scalable set of virtual hardware parameters that lets you adjust to changing conditions whenever necessary,
  • Fully compliant with Azure AD and MEM,
  • Fast setup process that provisions your Cloud PC within minutes.

Addressing security concerns

Remote access has been essential during the pandemic in helping plenty of businesses to remain operational. But, the concern with working from home has always been how to maintain the security of an organization’s network.

This is why Windows 365 is attempting to resolve some of those security challenges by using a Zero Trust architecture. A service that also comes with multi-factor authentication (MFA). This means that login or access attempts to the Cloud PC will be verified using integration with Microsoft Azure Active Directory.

Furthermore, you will get options to delegate specific permissions such as licensing, device management, and cloud PC management using specific rules. This is in addition to getting to use Microsoft Defender for Endpoint to improve your overall security posture.

And then to make things even more secure, there is going to be high-level encryption for all stored data at rest, all managed disks running Windows 365-based Cloud PCs, as well as all network traffic to and from the PCs.

What else should you know?

One of the first questions you may be asking yourself as you find out more about Windows 365 is, is this for me? And according to Microsoft, Windows 365 is for all businesses regardless of size. As long as you need secure and agile hybrid work solutions for elastic workforces, distributed employees, etc, then this service can help you.

What about Windows Hybrid Benefit? This will also be available to you if you have a device with a valid Windows Pro 10 license. Each person assigned a Windows 365 Business license with a Windows Hybrid Benefit license must be the primary user of a Windows 10 Pro licensed device, and that device must be their primary work device.

Another thing that Microsoft says clients need not worry about is their apps. All apps that worked on Windows 7, Windows 8.1, and Windows 10 should have no issues on Windows 365.

In case of any issues, Microsoft will help you to fix them at no cost. And as far as devices are concerned, as long as you have an internet connection then most modern devices will work with the service. Also, with regards to bandwidth, how much you need will depend on the workload. The requirements for Windows 365 are as follows:

  • HTML5 browser,
  • DSL connection or a wireless internet connection capable of streaming a video.

Wrap up

When all is said and done, there is no escaping the fact that cloud computing has grown to become essential to how businesses operate. The endless possibilities that hybrid work environments can create can only mean good things.

But, the key to all of this is having a service that offers a great user experience as well as unquestionable cybersecurity. This is what Windows 365 claims to bring to the table.

An enhanced, modern cloud computing experience that is built on the foundation of other already successful Microsoft services. By leveraging the latter, Windows 365 has the potential to create a whole new paradigm.

Windows 365: What You Should Know

When Windows 365 was unveiled by Redmond at its Microsoft Inspire 2021 event in July, there was expectedly a lot of buzz around it. And as always happens with such announcements, there were a lot of questions mixed in with the excitement. Questions to which there have been more speculation than clear answers. Until now.

With the launch of Windows 365, clients can start to look into what exactly Microsoft is offering and why their businesses may need it. You can now take Windows 10 or eventually Windows 11 with you on your travels, wherever those may lead.

As the workplace environment continues to evolve, this capability offers businesses a better solution to some of the challenges they have been facing. So, with that said, let’s take a deeper look into Windows 365.

Getting set up

Windows 365 Business: You’ll have to start by accessing the virtual operating system and acquiring Windows 365 licenses. To do that, you would need to go to the admin center in the Microsoft 365 account, navigate to the ‘Billing’ section, and select ‘Purchase services’. Once there, proceed to select the configuration that is most ideal for your needs. You can then complete the ordering process as you would when purchasing other Microsoft services.

With that done, head back to the Microsoft 365 admin center console and begin assigning licenses to users. Go to the ‘Users’ section, and select ‘Active users’. From here, you can assign users in your organization a Windows 365 deployment.

For each user, select ‘Licenses and apps’ on their profile, assign a Windows 365 license and then save the changes. After this, users can start using Windows 365 by going to the Windows 365 web portal and logging in with their details.

Windows 365 Enterprise: For the most part, the process for setting up the Enterprise version is not a lot different. But, because this version has extra features and tools that the Business version does not have, the process does have some variations.

To start, once you have purchased and assigned licenses, you’ll need an on-prem network connection to create Cloud PCs, join them to your specific domain, and allow you to manage them via MEM.

After that, you need to create a group policy in the Microsoft 365 admin center. Then, choose an image, select the Windows 10 Enterprise version, and assign the Azure AD group to apply to the provisioning policy. After this, you can save these settings and create the policy.

It’s at this point that the Azure AD group members that you’ve assigned to the policy will directly receive the Cloud PC licenses that you add. The Cloud PCs will need about 30 minutes before they are ready to use. And then, just like the process for the Business edition, users can start using Windows 365 by going to the Windows 365 web portal and logging in with their details.

Plans and pricing

Over the last few weeks, this has been one of the areas of great interest. Despite all the information about Windows 365 that Microsoft had made public, this key area had not been addressed. But now, with the product having been launched, that confusion has been cleared up.

There are two subscription options on offer, Windows 365 Business and Windows 365 Enterprise. The former is targeted at companies with no more than 300 employees while the latter is meant for larger organizations. However, they both share the same range of features with a total of twelve Windows 365 cloud PC configurations to choose from.

At the lower end, is a subscription aimed at frontline and call center workers that costs $20 per user per month. On offer is 1vCPU, 2GB RAM, and 64GB storage. This should be adequate for the lightweight computing tasks that this group performs.

And at the other end of the pricing spectrum you get support for 8vCPU, 32GB of RAM, 512GB of storage, and 70GB of outbound data as an option. This will cost $158 per user per month and is for users that need to perform compute-heavy tasks.

The pricing and configuration options are consistent across both Windows 365 Business and Enterprise.

The launch has gone well

If the first few days after the launch are any indication, then Microsoft may potentially have a winner on their hands. As expected, there were doubts as to whether clients would be interested in Windows 365 when they already had Azure Virtual Desktop. But, the demand for free trials has already been so overwhelming that Microsoft has had to press pause. After only a single day of sign-ups, the service had reached maximum capacity. 

Thus, Microsoft has had to come out and address the situation. “Following significant demand, we have reached capacity for Windows 365 trials,” reads a statement from the Microsoft 365 Twitter account. “We have seen an unbelievable response to Windows 365 and need to pause our free trial program while we provision additional capacity,” explains Scott Manchester, director of Windows 365 program management. It obviously would be far too premature to call Windows 365 a success, but if it delivers what it has promised then we can expect interest in the service to grow even more.

Business or Enterprise?

As already mentioned, Windows 365 has two versions on offer, Business and Enterprise. But, is the difference as simple as one is targeted at smaller businesses and the other at larger organizations? Truth is, it’s a little more than that.

Windows 365 Business is the simpler version of the two and is aimed at businesses with no more than 300 users. Because everything works with Azure AD natively, and all the components run inside the Microsoft cloud, prerequisites are kept simple. There are no technological prerequisites and no need for an Azure subscription or a domain controller.

Windows 365 Enterprise, meanwhile, is meant for larger organizations and offers a wider range of tools and features for maintenance and security. As a result, it’s more complex and requires greater technical expertise to deploy and manage. Features that come with the Enterprise version include the following:

  • self-serve upgrades,
  • universal print integration,
  • partner and programmatic enablement,
  • custom images and image management.

Impact of Windows 365

Windows 365 is designed to be a simple, secure, and versatile solution that can transform your IT operations for the better. It utilizes the power of the Windows operating system and the strength of the cloud to offer businesses greater peace of mind in three key ways:

Powerful: Users can instantly boot on to their personal Cloud PCs to stream apps, tools, data, and settings from the cloud across any device. This will give you the full PC experience in the cloud. And because of the capabilities of the cloud, you’ll get versatility in processing power and storage and this enables IT to scale up or down, based on their needs.

Simple: Windows 365 provides an all-around simplified cloud computing experience. Users can log in and pick up right where they left off across devices. And for IT pros, deployment, updates, and management are a lot less complicated to perform. Mostly because Windows 365 doesn’t require any virtualization experience.

Since the service is optimized for the endpoint, it makes the job easier for IT to procure, deploy, and manage Cloud PCs for their organization just as they manage physical PCs through Microsoft Endpoint Manager.

Secure: By leveraging the power of the cloud as well as Zero Trust, Microsoft has made Windows 365 a highly secure platform. This enables businesses’ data to be kept secure on the cloud and not on devices.

Additional user information

Before signing up for Windows 365, there are a few things that clients need to be aware of. Things that they can and cannot do. For instance, you only get allowance for 1 user per license and so there is no support for multiple users on a single Cloud PC.

Another thing is that if you need to cancel your Windows 365 subscription, all you need to do is go to the Microsoft 365 admin center. However, you should know that when you cancel a subscription, all associated data will be deleted.

If you are an Enterprise client and you want to upgrade to another Windows 365 plan, use the Resize feature to upgrade RAM, CPU, and storage size to meet the users’ needs. This can be a great benefit for users who may need a more powerful Cloud PC to run CPU-intensive apps.

On the other hand, though, you cannot as yet perform a downgrade. Also, if you have a Windows 365 Business license, you cannot convert it to Windows 365 Enterprise. The only way around it would be to purchase the Enterprise license.

Hybrid benefit

Microsoft also offers another feature known as Windows Hybrid Benefit that is meant to make the Windows 365 experience even better. The former is a licensing benefit that helps reduce the cost of Windows 365 Business. In actual figures, what Windows Hybrid Benefit offers clients is a discount of up to 16 percent. And this will apply to your Windows 365 Business subscription for clients that are already using Windows 10 Pro on a device.

Therefore, Windows Hybrid Benefit is a feature that you have access to if you have devices with valid Windows 10 Pro licenses. A couple of things are necessary from all users that are assigned a Windows 365 Business license with a Windows Hybrid Benefit license:

  1. The user must be the primary user of a Windows 10 Pro licensed device,
  2. The device in question needs to be their primary work device.

However, you’ll need to maintain your discounted pricing during the subscription term in which you access the Windows 365 service. And to do that you must access the service from your Windows 10 Pro licensed device at least once during that term.

What about Microsoft partners?

Over the years, Microsoft partners have played a key role in the delivery of Microsoft services to clients across the globe. The broad range of products and services in Microsoft’s portfolio has meant that partners have the power to build innovative, industry-specific solutions. And Windows 365 should continue that trend.

The new Cloud PC offers Microsoft partners plenty of opportunities to deliver new Windows experiences in the cloud. Whether you’re an independent software vendor (ISV), managed service provider, or an original equipment manufacturer, there are opportunities to take advantage of.

Businesses still need systems integrators and managed service providers to get the best from their Microsoft products. ISVs can still create Windows apps that can enhance how businesses operate while OEMs have the opportunity to better integrate Windows 365 into their wide array of products and services. By doing this, Microsoft partners can facilitate the creation of innovative, new ways of doing business that can bring about digital transformation. Therefore, the decades-long partnership that has benefited clients so immensely will not be ending.

Conclusion

Microsoft is looking for ways to constantly improve the work experience by leveraging the power of the cloud. And with Windows 365, the idea is to provide employees with technology that is secure, efficient, and easy to use. All this while enabling employees to remain productive anywhere and using any device.

Also, by giving users a familiar experience and IT simple processes for managing and deploying Cloud PCs, this cloud-based service will optimize IT operations for everyone. However, as a recently launched service, only time will tell how exactly and to what extent Windows 365 will affect the way businesses operate.

Once most clients have had an opportunity to use and review it, then conclusions can be made. But, the early signs point towards a positive, modern transformation that will boost most businesses.

Microsoft Launches Windows 365

An argument could be made that the need for tools that not only simplify but improve remote work has never been greater than it is today. In an increasingly connected world, leveraging cloud computing can be the answer to a lot of the challenges that businesses are currently facing.

With Windows 365, Microsoft is aiming to improve on existing technologies to make the cloud experience even better. By enabling the computing to be done remotely in a data center and then streamed to users’ devices, Microsoft can offer something that can be compared to game streaming.

As a new way of using a computer as hybrid Windows for a hybrid world, there’s plenty that we need to look into.

What are we looking at?

Just when people were thinking that Windows 10 would be the last in the line of Windows versions, Microsoft gives us another one.

A platform that in Microsoft’s own words is going to take the operating system to the Microsoft cloud and stream the full Windows experience to personal or corporate devices.

This will include settings, data, and apps. It’s what Microsoft calls the Cloud PC. Simply put, this is a service that allows business clients to access cloud PCs from anywhere.

So technically speaking, we should not look at this service as a new version of Windows. Rather, we should take it for what it truly is — a platform that is designed to stream the full experience of Windows 10 or 11 to any browser.

Regardless of which operating system your device may be running. If we are to consider how Microsoft’s Software-As-A-Service (SaaS) model has evolved over the last decade, this move was probably going to be the next step.

Launch date

The announcement from Microsoft was made on the 14th of July and in that statement, it was made known that we should expect Windows 365 on the 2nd of August. This, however, will be for businesses. Chances are that at some point, Microsoft may eventually avail the service to consumers and small shops — sole proprietorships.

Giving clients virtual PCs

By providing this service, Microsoft can potentially cut partners out and provide virtual PCs directly to its clients. Rather than only offering operating systems, applications, productivity suites such as Microsoft Office, etc. Windows 365 can give Microsoft an even bigger slice of the pie. Because of the massive cloud system available with Azure servers, Microsoft won’t have a problem running virtual machines.

This can provide a great tool for the evolution of the Desktop-As-A-Service (DaaS) offering. As Microsoft CEO Satya Nadella said in a statement, “Just like applications were brought to the cloud with SaaS, we are now bringing the operating system to the cloud, providing organizations with greater flexibility and a secure way to empower their workforce to be more productive and connected, regardless of location.”

How does it work?

According to the information that has been made available so far, we know that there will be two versions of Windows 365 — Business and Enterprise. Both of these will be powered by Azure Virtual Desktop. Users will be able to use Windows 365 on any modern web browser or through Microsoft’s Remote Desktop app.

What this means is that users can gain access to their Cloud PC from a variety of devices. In a statement by one of Microsoft 365’s general managers, Wangui McKelvey, he says, “Windows 365 provides an instant-on boot experience.”

This capability simplifies how users can easily stream their Windows sessions. And Windows 365 enables them to do that with all of their same apps, tools, data, and settings across Macs, iPads, Linux machines, and Android devices. As McKelvey goes on to explain, “You can pick up right where you left off, because the state of your Cloud PC remains the same, even when you switch devices.”

Advantages to businesses

Windows 365 can enable your businesses to create Cloud PCs within minutes and assign them to employees. And this can be done without the need for expensive, dedicated physical hardware.

Without a doubt, this could prove to be a very attractive option for plenty of businesses. Especially those that may need to hire remote workers or even temporary contract staff that need to securely access a corporate network.

Because your entire Windows PC is in the cloud, your employees can work comfortably on a very secure platform. Furthermore, they won’t need to navigate VPNs or worry about security on personal devices.

Other advantages that you can get include lower maintenance costs, better protection against cyberattacks and malware, faster provisioning, less downtime in case of cyberattacks, easier patching, and far less disruptive updates.

Licensing concerns

Expectedly, clients are going to have some concerns with regards to how this will affect their current licenses. Will you have to pay more, for potentially the same services? The way Microsoft puts it, that’s not what will happen.

For instance, if you already have a Microsoft 365 E3 license, then you have paid for that service and you won’t need to do so again. This means that you can continue to use the software you have paid for and that includes Windows 10.

When it comes to Windows 365 licenses, what you’ll need to pay for is access to the virtual PC service. The latter will be maintained by Microsoft on its vast network of servers with the aim of running the software that you already have.

In a way, you could consider it similar to purchasing a computer and then purchasing the operating system and applications that you need. As a new offering, things are still hazy but hopefully, Microsoft will further clarify the concerns and confusion that people may have.

One thing that we do know are the licensing requirements and they are as follows:

  • On Windows Pro endpoints: Windows 10 Enterprise E3 + EMS E3; or Microsoft 365 F3, E3, E5 or BP (Business Premium),
  • On non-Windows Pro endpoints: Windows VDA E3 + EMS E3; or Microsoft 365 F3, E3, F5, or BP (Business Premium).

In addition, you also need to know the non-licensing requirements:

  • Azure subscription,
  • Virtual Network (vNET) in Azure subscription,
  • Hybrid Azure Active Directory (AAD) join-enabled.

Cost of service

With the licensing issues out of the way, clients need to know just how much they will need to pay to use Windows 365. Unfortunately, despite the service launching so soon, Microsoft has yet to officially provide a guideline with regards to how much clients will pay. But, during a session at its Inspire partner conference, Microsoft did inadvertently mention how much Business plans would cost. And that came down to $31 per user, per month.

For this, you will get support for 2 CPUs as well as 4GB of RAM and 128GB of storage. However, it is worth noting that we can expect at least one other plan that will cost less. Clients can look forward to having an option for 1 PC, 2GB of RAM, and 64GB storage, aimed at small businesses.

Furthermore, there will also be Enterprise plans that can offer support for 4 or 8 different PCs, in addition to 8/16/32 GB of RAM and 128/256/512GB of storage. For now, however, clients can only guess how much they will have to fork out to access these plans.

Enhancing the capabilities of hybrid work

The global pandemic has changed the way that enterprises look at some of their business practices. With people having had to spend long periods of time at home, businesses had to increase their dependence on virtual processes and remote collaboration. It was necessary to keep businesses running and retain employees.

Although the situation is getting under control in several regions across the globe, the way businesses operate may potentially change. With Windows 365, businesses can tackle head-on the challenges that cloud computing and remote work has often presented.

Organizations will be able to provide employees with greater flexibility and more options to work from different locations. All of this while still ensuring the security of the organization’s data. This is because by taking advantage of the Cloud PC, you get hybrid personal computing that can turn all of your devices into a personalized, productive, and secure digital workspace.

Having this capability will simplify the process of managing seasonal workers without the challenges of issuing new hardware or securing personal devices. As said by Microsoft itself, Windows 365 offers you a better, more modern way to deliver a great productivity experience with increased versatility, simplicity, and security.

Are we getting two Windows versions?

As mentioned above, most people were of the belief that Windows 10 would be the last version we would get. And then in June, Microsoft announced Windows 11. Barely a few weeks after that announcement, along came Windows 365. So not one, but two new versions? But, it’s not quite as simple as that.

Windows 11 is the actual successor to Windows 10. It’s a new operating system packed with new features such as a brand new Start menu that no longer uses Live Tiles. It also comes with new system requirements such as CPUs based on the x64 architecture since there is no 32-bit version of Windows 11. That’s in addition to the 4GB of RAM and 64GB of storage you’ll need to install Windows 11.

So basically, Microsoft has only actually provided one new product, Windows 11 to succeed Windows 10. Windows 365, on the other hand, is something of a hybrid between a virtual machine and Microsoft Remote Desktop.

It’s the subscription service that allows you to create Cloud PCs that run Windows 10 or eventually Windows 11. So the platform is not tied to a particular operating system version therefore you pay a monthly fee based on the hardware configuration you want your PC to have.

What about Azure Virtual Desktop?

Another point that requires clarification is with regards to Azure Virtual Desktop (AVD). Why does Microsoft feel the need to have another VDI? For starters, Windows 365 appears to be more user-friendly than AVD.

Navigation has been made easier and the process of setting up an Azure Virtual Desktop system in the Azure cloud is also significantly less complicated. This is because Windows 365 focuses more on simplicity as compared to Azure whose goal is flexibility.

With Windows 365, you can let Microsoft handle the core infrastructure and platform piece. This is because the platform comes in the form of Software-As-A-Service. On the other hand, with AVD, clients need to manage a supporting Azure subscription, configure and implement the platform services required to allow a thin-client or Remote Desktop client to connect in.

So basically Windows 365 is an automated version of AVD that is aimed at companies of all sizes, including small businesses. Unlike AVD which targets the enterprise market. Below are some guidelines that Microsoft provides for you to choose the product that best suits you.

Azure Virtual Desktop:

  • Windows 10 personalized and multi-session desktops and remote app streaming.
  • Full control over management and deployment plus options for Citrix and VMware integration.
  • Flexible consumption-based pricing.

Windows 365:

  • Windows 10 personalized desktops.
  • Management and deployment with familiar desktop tools and skills.
  • Predictable per-user pricing.

Wrap Up

Windows 365 is introducing a whole different concept to both the Software-As-A-Service and Desktop-As-A-Service environments. This new platform seeks to set the tone for a more modern computing experience that can benefit businesses as well as individuals.

It’s still early stages and there is still a lot that we don’t know.

However, what is certain is that this is more than just a cloud-based version of Windows and can offer ersatz hardware as well. All of this is definitely going to make the future of cloud computing a lot more interesting.

How Microsoft Endpoint Manager is Bringing Intune and Configuration Manager Together

As people get access to more and more devices, the way that businesses operate has been rapidly evolving to keep up with the technology. And with more of these devices having access to a business’ data, this can help to improve productivity.

The problem, however, is that this can easily create a situation that puts the entire organization’s network at risk.

 So a solution is necessary.

One that can enable a business to get the most it can from the devices that are available to its employees without compromising data security. This is why you need a platform like Microsoft Endpoint Manager that can bring together the most effective device management tools.

Creating the solution

Microsoft already had plenty of products available to help businesses with device management. And these products included the two that we’ll be focusing on today: Intune and Configuration Manager. So why did they feel the need to change things, to add yet another product?

What Microsoft Endpoint Manager (MEM) seeks to address is the need for a comprehensive management solution. MEM can help to reduce client confusion over the multiple products that are available by giving you a unified platform for all your devices including Windows 10, macOS, iOS, and Android. By using MEM, businesses can among other things:

  • proactively manage all of their devices,
  • maintain systems and software,
  • limit exposure and respond to security threats,
  • distribute settings, and much more.

Microsoft Intune

With Intune, what you are getting is a 100% cloud-based mobile device management (MDM) and mobile application management (MAM) provider for your apps and devices. Using it enables you to have control over the features and settings on Windows 10, Apple, and Android devices.

Also, if you have on-prem infrastructure, there will be Intune connectors available. Namely the Intune Connector for Active Directory and the Intune certificate connector.

And by making it a part of MEM, Microsoft allows you to use Intune to create and check for compliance, as well as deploy apps, features, and settings to your devices using the cloud.

Configuration Manager

Whereas Intune is a 100% cloud-based solution, Configuration Manager gives you the on-premises management solution. With this, businesses can manage desktops, servers, and laptops that are on their network or internet-based. It is a flexible solution that you can cloud-enable if you want to integrate with Intune, Azure Active Directory (AD), Microsoft Defender for Endpoint, and other cloud services.

Furthermore, Configuration Manager gives you a great tool for the deployment of apps, software updates, and operating systems. Not only that, but you can also stay on top of queries and compliance issues so that you can act in real-time.

What are the requirements?

The beauty of Microsoft Endpoint Manager is that there is no complicated configuration or migration that you need to worry about. And this goes for the licensing as well.

If you have an existing Configuration Manager license then you can continue to use it, while simultaneously taking advantage of the Microsoft cloud-based security and compliance benefits of Intune.

Combining these two solutions has allowed Microsoft to avail Configuration Manager to clients with Intune licenses and vice versa. All of this without the usual roadblocks that you previously had to deal with.

This simplifies the process of giving clients a more comprehensive management platform. For management of non-Windows devices, however, you will need an Intune license, an Enterprise Mobility & Security (EMS) license, or a Microsoft 365 E3 or higher license

Taking advantage of MEM

There are plenty of reasons why any business should consider using MEM to improve the way it operates. As mentioned above, people now have access to plenty of different devices and businesses should benefit from that.

But, with the complexities that are involved in device management, there is no single tool that can meet all the requirements.

This is why bringing together Intune and Configuration Manager can work so well. By supporting a diverse BYOD ecosystem, MEM makes it easy to manage all endpoints. Whether they are on-premises and remote, corporate-owned and personal, desktop and mobile, MEM can handle them.

In addition, MEM is flexible enough to meet you where you are in your cloud journey and will not disrupt your existing processes. Your business can also leverage the integrations with other platforms such as Microsoft 365 and Azure AD to enhance productivity.

Combining products gives clients a lot to look forward to. Especially when you consider the simplified licensing arrangement. Overall, this combination will vastly improve the end-user experience and also allow IT teams to save costs and function more efficiently.

Addressing concerns

We all have our preferred tools that we use and that enable our businesses to operate optimally. So naturally, there will be concerns about combining Intune and Configuration Manager. What exactly does it mean for these products?

By bringing these products together under one umbrella, Microsoft is not doing away with Configuration Manager as many think. And the choice of name allows Microsoft to keep adding features to the platform.

Therefore if you have solutions that are built on Configuration Manager and want to continue using it, you are free to do so. But, the difference is that you’ll also get to leverage the intelligence of the Microsoft 365 cloud.

Basically, starting in version 1910 Configuration Manager now falls under the Microsoft Endpoint Manager branding. And as for the other components of the System Center suite, there are no changes to report.              

Wrap up

The solutions that businesses use need to continuously evolve to allow us to boost productivity and enhance data security. We need solutions that can offer the deployment of a seamless, end-to-end management solution.

And by combining Microsoft Intune and Configuration Manager into Microsoft Endpoint Manager, we can get just that. A solution that gives clients modern management and security while integrating with other Microsoft products in a way that optimizes device management.