About Thomas.Marcussen

Technology Architect & Evangelist, Microsoft Trainer and Everything System Center Professional with a passion for Technology

Advanced Security and Compliance Strategies for Cloud PCs: Windows 365 and Azure Virtual Desktop Integration

The evolution of powerful cloud computing has resulted in the development of platforms like Windows 365 and Azure Virtual Desktop (AVD). These services can offer numerous benefits to businesses including greater degrees of flexibility and efficiency.

Additionally, employees can get better computing performance by leveraging the resources that Windows 365 and AVD can offer. However, the key to getting the most from these solutions is implementing effective security and compliance strategies. Below, we’ll be looking at some of the strategies you can use to enhance organizational security and improve operations.

Introducing Windows 365 and Azure Virtual Desktop

WHAT IS WINDOWS 365?

Windows 365 is a cloud-based solution that offers users Windows virtual machines (Cloud PCs). Each of these Cloud PCs will be assigned to an individual user and this becomes their dedicated Windows device. Simply put, Windows 365 is your PC in the cloud accessible from anywhere.

WHAT IS AZURE VIRTUAL DESKTOP?

With Azure Virtual Desktop, Microsoft offers clients a desktop and app virtualization service that runs on Azure. By using this service, businesses get a virtual desktop infrastructure that provides multi-session Windows experiences. AVD is generally considered more technical than Windows 365 and this allows for more customization.

DIFFERENCES BETWEEN WINDOWS 365 AND Azure Virtual Desktop

 Identity ManagementSecurity PoliciesMulti-sessionBuilt-in Security
Windows 365Azure ADIntune and Endpoint securitySingle user Cloud PCFully Microsoft managed
Azure Virtual DesktopHybrid Azure AD or AD DS integration Group Policies, Intune, and NSGsOffers multi-session Windows experiencesCan be customized but this would require hands-on security setup

Why is Security and Compliance So Important?

Every organization needs to put in place strong security measures to minimize the risks of any data breaches or loss. Without advanced security and compliance strategies, malicious actors can take advantage and attempt to compromise your network. This is why it’s vital for organizations that are adopting cloud-based computing solutions to enhance their cybersecurity so that remote access does become a vulnerability.

Moreover, most industries such as finance and healthcare will have certain strict regulations that businesses must adhere to. Such regulations have been put in place to not only safeguard businesses but to ensure that sensitive client data remains protected. Some of the risks to protect against include Identity theft, unsecured endpoints, and malware attacks among others.

Utilizing Zero Trust Security with Windows 365 and Azure Virtual Desktop

Zero Trust security employs a system that strictly verifies the identity of every individual and device attempting to access the resources of an organization’s network. This security model is essential for providing a high standard of protection for Windows 365 and Azure Virtual Desktop.

By using Zero Trust, no one is trusted by default whether in or outside the organization’s network. This means that everyone needs to be authenticated and authorized before being granted access.

In addition to the above, those verified will only be provided the minimum level of access necessary for whatever tasks they may need to carry out. But, even with such a strategy in place, breaches may still occasionally occur. Fortunately, the Zero Trust model was built with this in mind and is designed to minimize the impact of a network breach.

Effective Advanced Security Strategies

CONDITIONAL ACCESS AND MULTI-FACTOR AUTHENTICATION

Conditional Access enforces security policies that determine who gets access to which resources and under what conditions. As an integral element of Azure AD security, Conditional Access can help organizations control access to Cloud PCs. To get the best from Conditional Access, organizations need to force all external connections to perform multi-factor authentication (MFA).

But, even with this in place, access from high risk locations still needs to be blocked. Furthermore, as an organization, you need to have strict compliance regulations governing which devices will be considered compliant and thus granted access to corporate resources.

ENDPOINT SECURITY POLICIES

Endpoint Security policies aim to help you improve the security of your endpoints and mitigate the risk of malicious attacks. One of the main Endpoint Security policies is Antivirus Protection which is responsible for ensuring that Microsoft Defender is functioning properly and regularly updated.

Another key policy is Disk Encryption which implements BitLocker on all Windows 365 devices. Furthermore, organizations also benefit from Firewall Rules that establish firewall policies designed to reduce attack surfaces.

MICROSOFT DEFENDER FOR CLOUD AND ADVANCED THREAT PROTECTION

These solutions will ensure that your organization gets high level security for both Windows 365 and AVD environments. With the availability of Threat Detection capabilities, you can rest assured that all suspicious activity will be identified and dealt with accordingly.

Moreover, you also have Compliance Monitoring which assesses security configurations before making the appropriate recommendations. In addition, integration with Azure Sentinel means centralized incidence response and monitoring.

Compliance Strategies

As mentioned earlier, different industries, including government departments, have certain regulations that they need to adhere to. For instance, there is the well known General Data Protection Regulation (GDPR), HIPAA for the healthcare sector, and PCI-DSS for the finance sector, among others. To ensure that these compliance regulations are met, organizations need to:

  • Put in place Data Loss Protection policies that safeguard sensitive data
  • Leverage Azure Policy to enforce regulatory requirements at the infrastructure level.
  • Conduct regular reviews of security strategies and baselines enabling you to make the appropriate changes when necessary.

Monitoring, Auditing, and Incident Response

The monitoring tools available include Azure Monitor which gives you insights into resource health and performance. Another tool is Microsoft Defender for Endpoint responsible for detecting and acting on endpoint threats. Additionally, Azure Sentinel is available to offer centralized logging and threat detection for Windows 365 and AVD environments.

To get the best incidence response, you can start by configuring Automated Playbooks in Azure Sentinel for swift responses. Furthermore, you should regularly test security policies and run tabletop exercises.

Managing Security and Compliance with Windows 365 & Azure Virtual Desktop

To effectively manage security and compliance, you need a complete understanding of an organization’s compliance requirements. With that done you can implement a Zero Trust model so that all policies align with Zero Trust principles. Then, you should select a small group of users to pilot and test security policies before expanding.

Additionally, you should also enable automated security updates and use Intune and Microsoft Defender for updates and patches. Another good practice would be using Azure Sentinel and Microsoft Defender to help you continuously monitor your environments. And then arguably the most important tool available to an organization is ensuring that end users have a comprehensive understanding of security policies.

Wrap up

Virtual computing environments offer countless benefits to organizations. Increased flexibility, potentially lowering hardware costs, and excellent computing performance, among others immediately come to mind. However, to get the most from solutions like Windows 365 and Azure Virtual Desktop, effective advanced security and compliance strategies are necessary. Without such strategies, organizations leave themselves open to malicious attacks.

The Go-To Guide for Setting Up SFTP Access with Azure Blob Storage and Microsoft Entra ID

Introduction

In today’s business environment, securely exchanging data with external partners is essential. Azure Blob Storage with native SFTP support offers a scalable, secure solution, while Microsoft Entra ID provides robust identity management. Together, these tools help organizations share data with external users while ensuring security and compliance.

This go-to guide will walk you through configuring Azure Blob Storage for SFTP, managing user access with Entra ID, and showcase three real-world use cases—payment reconciliation, logistics data sharing, and healthcare data exchange.

Why Use Azure Blob Storage with SFTP and Entra ID?

Azure Blob Storage with native SFTP support simplifies secure file transfers without the need for third-party SFTP servers. Integrating Microsoft Entra ID enhances security by enforcing multi-factor authentication (MFA), conditional access, and role-based access control (RBAC).

Benefits at a Glance

  • Scalable and Cost-Effective: Pay only for the storage you use.
  • Secure File Transfer: Use the SFTP protocol for encrypted data transfer.
  • Centralized Access Management: Use Entra ID to control and monitor external access.
  • Automation and Integration: Seamless integration with tools like Azure Logic Apps and Power Automate.

Step 1: Setting Up Azure Blob Storage with SFTP Support

Follow these steps to set up Azure Blob Storage for SFTP access.

1.1 Create an Azure Storage Account

  1. Sign in to the Azure Portal.
  2. Go to Create a Resource and select Storage Account.
  3. Configure the storage account:
    • Subscription and Resource Group: Choose your existing or create new ones.
    • Storage Account Name: Must be globally unique.
    • Region: Select the region closest to your users.
    • Performance: Choose Standard for general use or Premium for high-performance workloads.
    • Replication: Choose Locally Redundant Storage (LRS) or Geo-Redundant Storage (GRS) based on your redundancy needs.
  4. Under the Advanced tab, enable SFTP Support (Preview).
  5. Click Review + Create, then Create the storage account.

Step 2: Configuring SFTP Access for External Partners

  1. Navigate to your newly created storage account.
  2. Under Data Transfer, select SFTP Settings.
  3. Click Add Local User to create an SFTP user:
    • Username: Use a descriptive name like partner1.
    • Authentication: Choose SSH Key-based authentication for enhanced security.
    • Home Directory: Assign a specific container (e.g., /transactions).
    • Permissions: Grant appropriate permissions (Read, Write, List).
  4. Generate an SSH Key if you don’t have one:
    • Use ssh-keygen (Linux/Mac) or PuTTYgen (Windows).
  5. Save the configuration and take note of the SFTP endpoint.

Step 3: Integrating Microsoft Entra ID for Access Control

To ensure only authorized users access your SFTP service, use Microsoft Entra ID to manage identity and access.

3.1 Conditional Access Policies

  1. Go to the Azure AD Portal.
  2. Create a new Conditional Access Policy to enforce MFA and restrict access based on location.

3.2 Role-Based Access Control (RBAC)

Assign roles to external users to limit their access to only the relevant Azure Blob containers.

Step 4: Real-World Use Cases

Case 1: Payment Reconciliation – Mastercard Data Exchange

A retail company needs to securely exchange Mastercard transaction data with an external payment processor for daily reconciliation.

Workflow:

  1. The payment processor uploads transaction data to the SFTP endpoint.
  2. Azure Blob Storage receives and stores the files.
  3. Business Central or an ERP system processes the data for reporting and reconciliation.

Security Measures:

  • Use MFA and Conditional Access for external user authentication.
  • Configure audit logging to monitor access and activity.

Case 2: Logistics Data Sharing – Real-Time Inventory Updates

A manufacturing company needs to share real-time inventory data with its logistics partner.

Workflow:

  1. The logistics partner downloads inventory files and uploads shipping updates to the SFTP server.
  2. An Azure Function processes these updates and integrates them into the company’s ERP.

Security Measures:

  • RBAC ensures the logistics partner only accesses relevant files.
  • Data encryption protects information in transit and at rest.

Case 3: Healthcare Data Exchange – Secure File Transfers with External ClinicsA hospital exchanges patient data with external clinics, ensuring compliance with GDPR and HIPAA regulations.

Workflow:

  1. Clinics upload test results and patient data to the hospital’s SFTP endpoint.
  2. An Azure Logic App validates and integrates the data into the hospital’s EMR system.
  3. Doctors receive automatic notifications for new updates.

Security Measures:

  • Conditional Access restricts access by IP and enforces MFA.
  • Data masking during processing protects sensitive information.

Step 5: Automating Data Processing

Azure Logic Apps

Automate file processing with Logic Apps to trigger workflows when a file is uploaded.

Azure Functions

Run custom code to process files and integrate them with external systems.

Power Automate

Create simple automation workflows for notifications and approvals.

Step 6: Security Best Practices

  1. Enforce Multi-Factor Authentication for all external users.
  2. Use Conditional Access Policies to limit access by device and location.
  3. Encrypt Data at Rest and in Transit.
  4. Rotate SSH Keys Regularly.
  5. Audit and Monitor Access Logs for unusual activity.

Conclusion

Azure Blob Storage with SFTP support and Microsoft Entra ID provides a powerful and secure platform for exchanging data with external partners. Whether you are exchanging financial data, inventory files, or healthcare records, this setup ensures security, compliance, and scalability.

By following this step-by-step guide and using the real-world use cases as inspiration, you can create a secure, reliable solution for your organization’s external data exchange needs.

Further Reading:

Windows 365 Link Device Onboarding – All You Need to Know

The business environment today is constantly evolving and organizations that fail to adapt can quickly find themselves falling behind. And in this era of rapid technology changes, it can sometimes prove impossible to catch up. If we look back at just the last five years, for instance, we have witnessed significant change in hybrid work acceptance. Services such as Windows 365 have given organizations a secure, reliable platform that enables employees to remain productive anywhere.

With this kind of flexibility as well as the capability to access Cloud PCs from any device, business productivity can soar. By introducing Windows 365 Link, the advantages will be even greater.

Having gone over the process for setting up Windows 365 Link in a previous post, today we’ll be looking at how you can onboard Windows 365 Link devices to your organization’s environment. As you get started with this process, it’s important to remember that Windows 365 Link devices have been designed to be shared.

After unboxing and turning on your Link device, the first time it boots it will load the Out of Box Experience to guide you through a straightforward process. This process joins the device to Entra ID and enrolls into Intune management. With this complete, the device will display a sign-in screen from where any user can authenticate and connect to their own Cloud PC.

Any standard user can onboard Windows 365 Link devices using the OOBE process as long as they have the requisite permissions. However, organizations can also decide to have admins onboard Windows 365 Link devices and complete the onboarding before delivering the devices to users. Another option would be to split the tasks with admins onboarding some devices and users onboarding others. To help you decide, you can consider the following information:

ConsiderationsAdmin-driven OnboardingUser-driven onboarding
Device will be availed to multiple, different users.Yes. 
Device will be availed to one specific user. Yes.
Users will not be allowed to join or register devices.Yes. 
Users will get their devices shipped directly to them. Yes.

Admin-driven Onboarding

An account with the designation of a Device Enrollment Manager (DEM) can onboard devices shared by multiple users. Although this account doesn’t require admin privileges in the tenant, it can still enroll up to 1000 devices in Intune. DEMs remain subject to the limit on the number of devices allowed to join to Entra ID. With this in mind, you may want to consider increasing the maximum number of devices per user to a value you expect a DEM to enroll.

By using this DEM account to onboard Link devices, this will:

  • Enroll the Windows 365 Link devices in a shared device mode.
  • Bypass any Intune enrollment restrictions for platforms as well as any device limits that may be in place.
  • Eliminate the need for any changes to allow personal Windows devices.
  • Not require designating a primary user of the device. And with no primary user of the device, Windows 365 Link will not appear in a user’s list of devices in Intune, Entra, Company Portal, or other places.

This requires you to follow the steps below:

  • Create the account you’ll be using for Windows 365 Link device onboarding.
  • Assign the required licensing (Microsoft Entra Premium, Intune, Windows, etc ).
  • Verify that the user has the requisite permissions to join devices to Microsoft Entra ID.
  • The user will then need to be added to the list of Device Enrollment Managers.
  • Lastly, you need to provision a Cloud PC for this DEM account so that you can validate connectivity.

This requires you to follow the steps below:

  • Turn on the Windows 365 Link device.
  • Sign in with the DEM account. You can only join the device to Microsoft Entra and enroll in Intune by completing all the authentication steps.
  • After you’ve connected to the Cloud PC, you’ll need to then disconnect and restart Windows 365 so that any available updates can properly install.
  • Shut down Windows 365 Link.
  • Once the above steps have are complete, the Windows 365 Link device is now ready for use by anyone in the organization with a Cloud PC.

User-driven Onboarding

Organizations don’t need to have IT admins onboard each Windows Link and can instead have users complete the OOBE to join them to Microsoft Entra and enroll them in Intune. By using this method:

  • A user will need to be designated as the primary user of the device.
  • The Windows 365 Link will subsequently appear in their list of devices.
  • All users within the organization can then use the device to access their own Cloud PCs.

THINGS TO VERIFY

  • All users should have the necessary licenses.
  • All users need to have permissions to join devices to Microsoft Entra IP.
  • Users must not exceed the maximum number of devices that can be joined.
  • Users must not be blocked from Intune enrollment by any restrictions or device limits.
  • Each user should have a Cloud PC provisioned and consented to single sign-on.
  • Provide users with the Windows 365 Link devices.
  • Turn the device on.
  • Sign in with the user’s account. You can only join the device to Microsoft Entra and enroll in Intune by completing all the authentication steps.
  • After you’ve connected to the Cloud PC, you’ll then disconnect and restart Windows 365 so that any available updates can install properly.
  • Shut down Windows 365 Link.
  • Once the above steps have been successfully completed, the Windows 365 Link device is now ready for use by anyone in the organization with a Cloud PC.

Wrap up

Windows 365 Link is designed to make accessing Cloud PCs a faster and more secure process. It does this by addressing latency issues and complicated sign in processes to name but two problems. Windows 365 is all about being easy to use so it’s not surprising that onboarding Link devices to your organization’s environment is a relatively straightforward process. Whether you give the task to admins or the users do it themselves, getting your Windows Link devices up and running should be quick and hassle-free.

Windows 365 Link: Enhancing the Cloud PC Experience

Microsoft has recently announced a new product that is built to bring significant changes to how clients interact with Windows 365. The new Windows 365 Link device which is scheduled to be available from April 2025, will potentially show us which direction virtualization could take in the future.

With this thin client device, Microsoft is giving Windows 365 users a product that is purpose-built to connect to Windows 365. Once connected, users will get a seamless Cloud PC experience with easy access to all of the Microsoft 365 apps.

Windows 365 recap

A few years ago, Microsoft introduced a cloud-based service that automatically creates a new version or type of Windows virtual machine known as a Cloud PC. This service allows organizations to provide employees with the tools they need to be productive on any device regardless of where they physically are.

By subscribing to the Windows 365 service, end-users can get their desktops, with all files, apps, and settings included, streamed to whatever devices they are using.

Essentially, Microsoft has built a service that gives you your own personal PC in the cloud. Undoubtedly, one of the greatest advantages of Cloud PCs is getting access from anywhere.

This can fit in perfectly with the hybrid work approaches that many businesses are implementing. As long as there is an internet connection, employees can maintain their productivity levels from any location.

As an increasing number of organizations are adopting Windows 365, Microsoft has chosen the opportune moment to introduce the first Cloud PC device. Now in public preview, this small device has a Windows-based OS that will connect you to Windows 365 in seconds.

After quickly signing in to your Cloud PC, you can securely connect to your familiar Windows desktop in the Microsoft cloud.

To simplify use, Microsoft has designed it such that admins can leverage Intune to manage Windows 365 Link devices alongside other devices. This means that IT will benefit from a more streamlined management experience.

Additionally, IT can continue using the knowledge and policies they already have to ensure maximum efficiency regarding device management. Before you can use Windows 365 Link, you need to meet the following requirements:

  • Purchase a Windows 365 Link device.
  • Ensure management by your organization using Microsoft Intune.
  • Have a Windows 365 license for your Cloud PC.

Optimizing cloud performance

Although there has been a big push for organizations to migrate to the cloud, the simple reality is that inefficiency can often slow down adoption. Some of the more concerning problems that Microsoft has noted include latency issues, difficult sign-in processes, and peripheral incompatibility. These are exactly the types of issues that the Windows 365 Link device has been designed to address, especially in shared workspace situations.

The small, compact design means that you won’t have space concerns while taking advantage of faster access processes. Users should be happy with the few seconds the device takes to boot as well as the dual 4K monitor support, 4 USB ports, an Ethernet port, Wi-Fi 6E, and Bluetooth 5.3, that the devices comes with. Furthermore, the local processing capabilities on the device provide high-performance video playback and conferencing that is ideal for enhanced productivity.

Device description

As already mentioned, the Windows 365 Link device is a small, compact product that will be easy to move around the workplace as needed. Because of its size and light weight, you can easily place it anywhere on your desk or maybe even attach it to the back of a monitor. The dimensions of the device are given in the table below:

DimensionUnits metricUnits imperial
Length120mm4.72 inches
Width120mm4.72 inches
Height30mm1.18 inches
Weight418 grams14.75 ounces

The device will run on a small, Windows-based operating system known as Windows CPC and there will be no local applications or local users. In addition, there will be a strict application control policy that you cannot disable. To add to the convenience already on offer, updates will automatically download seamlessly in the background and then install at night.

Inside the computer, there will be an Intel chip that comes with 8GB of RAM and 64GB of storage. Even though the device has no moving parts, it will have the following ports:

  • Three USB-A 3.2 ports.
  • One USB-C 3.2 port.
  • One HDMI port.
  • One DisplayPort.
  • 3.5mm headphone jack.
  • Ethernet port.
  • Kensington lock slot.
  • A port for the power cord.

Enhanced security

One of the things that Microsoft has emphasized about Windows 365 Link is that not only will it provide quick access to Windows 365 but it will do so very securely. As one can imagine, this is a very important issue to address as secure access is arguably one of the biggest concerns that businesses have about virtual solutions. Fortunately, the Windows 365 Link device will come with multiple features that guarantee optimum security including:

  • Discrete Trusted Platform Model 2.0.
  • Secure boot.
  • Virtualization-based security.
  • Hypervisor-protected Code Integrity.
  • BitLocker drive encryption.
  • Strict Application Control policy.
  • No local user with administrative rights.
  • No local data storage.
  • No local apps.
  • Security baseline policies are enabled by default.
  • Microsoft Defender EDR Sensor.

Wrap up

One of the chief ideas that Microsoft has reiterated over the years is how Windows 365 should simplify the use of virtualization technology. The ultimate goal is to see organizations migrate to the cloud and have a service that is quick, easy to use, and secure.

Windows 365 Link offers an additional update to the innovative measures that Microsoft has introduced to enhance the Windows 365 Cloud PC experience even more. And with the devices being available in just a few month’s time, it’ll be interesting to see the client responses during this public preview period.

Latest Updates for Microsoft Intune and Windows 365

New features and updates are paramount to improving the functionality of the various devices and applications that businesses use. This is necessary, especially if companies expect high levels of performance. It’s also essential as the tasks that we deal with grow more complex.

Not only do companies want to maintain performance but they also need tech companies to address any existing issues. As a result, organizations like Microsoft will offer many new features. These updates are for services like Microsoft Intune and Windows 365.

Because of the updates, released in 2024, overall user experiences will greatly improve. Let’s discuss the recent additions and explore how they might help elevate, simplify, and improve your business operations.

Improvements to Microsoft Intune

2024 has been a year with a lot of innovation from Microsoft across its various products and services. Plenty of this effort prioritizes Microsoft Intune improvements, bringing us features such as:

New capabilities for Windows Autopilot

Windows Autopilot is a service that makes the device deployment process faster and less complex. Companies benefit immensely from Autopilot’s ability to do away with the labor-intensive process previously necessary to provision new devices. And, Microsoft has additional service improvements to share.

Earlier this year, an announcement introduced an exciting new release – device preparation. This brilliant new innovation will enable the accommodation of more devices and delivery of more efficient results. Moreover, it will allow for the provisioning of cloud instances such as Windows 365.

Still, Microsoft ensures customers that the original, existing Windows Autopilot architecture is still in place. Because of this, you still have access to all your favorite features. IT admins can now enjoy a faster and simpler addition of groups to devices. This is due to enrollment time grouping, which replaces dynamic grouping. This creates a process that assigns app policies and scripts to devices more efficiently.

NEW SECURITY BASELINE

A key reason for updating devices and applications is to strengthen security and address vulnerabilities. Companies want to make sure that their security measures can stay ahead of the methods being employed by cybercriminals.

Hence the introduction of an update to the Microsoft Defender for Endpoint security baseline. These one-click collections of policies can be applied to devices (and device groups) in Intune. They also provide you with a way to configure all your organization’s devices with the same security policies.

Setting up your security measures in this way makes it’s easier to maintain the same security levels across the entire enterprise. This particular update offers a much better way of implementing the configuration recommendations made by the Microsoft Defender for Endpoint team. Furthermore, because it’s based on the Windows unified settings platform, you also get:

  • Quicker turnaround for updates.
  • Improved reporting, including per-setting status reports.
  • Assignment filter support.
  • Improved UI.
  • Consistent names across Intune.

Platform single sign-on (SSO) has arrived for macOS device enrollment

Signing in to multiple applications and websites using different credentials can be a tedious task. It can also be difficult for many people to keep up with all their sign-in information and passwords. This is why Platform Single Sign On (SSO) is a wonderful solution for streamlining the authentication process.

Because of how local account credentials synchronize with an individual’s IdP, one will only need to log in once. Platform SSO can help your company improve its security posture and enhance productivity.

Owing to the integration of SSI with Apple’s Secure Enclave technology, your organization can enable phishing-resistant, hardware-bound, passwordless authentication on Mac through Intune. In addition to better security, end-users can enjoy a less complex and faster out-of-the-box experience. This is possible because all they’ll need to set up their devices are their Entra ID passwords.

End-users also get to work more efficiently. This SSO experience, unique to Intune, enables them to sign in to their Outlook, Teams, and other Microsoft 365 apps simultaneously.

Installation of macOS apps on demand via Intune

Microsoft has done plenty of work to develop systems that can provide more capable Mac management. Intune has made providing IT admins and end-users a better, more efficient platform one of its key objectives. And one of the main reasons they’ve been able to achieve that is by leveraging feedback from customers.

Of note among the latest developments, are options that admins can provide to users for downloading unmanaged applications. These specifically apply in PKG and DMG format via the Intune Company Portal app.

Furthermore, to reduce the reliance on line-of-business app workflow or third-party tools to deploy optional applications, Intune added the “available” assignment type to the well-known “required” type. As one of the most requested features by Mac device administrators, this should be a well-received development as it will help both end-users and admins save time.

Expanded support for Microsoft Managed Home Screen

Microsoft Managed Home Screen (MHS) is an enterprise launcher application that enables IT admins to customize their devices and restrict the capabilities that a user can access. If you configure in multi-kiosk mode in Intune, MHS launches automatically as the default home screen on the device. This customizable launcher serves as a key tool for IT admins to better manage devices. It also ensures that users are performing at the expected levels.

As organizations provide users with increasingly more powerful devices, they need to make sure that business operations improve accordingly. The availability of Managed Home Screen is expanding from just user-less kiosks or shared devices to corporate-owned, fully managed devices associated with a specific user as well. As a result, this means capabilities are will extend to a wider range of use cases and applications.

BitLocker RECOVERY KEY

Having access to a BitLocker recovery key allows you to unlock an Intune-enrolled PC if you have the misfortune of forgetting your sign-in password and getting locked out. The stored recovery key is accessible from the Intune Company Portal website. It’s also accessible in the Intune Company Portal app.

Without this key, users would typically need to contact the Help Desk for assistance. As one can imagine, it’s easy to see why this option is better. It offers greater support to users while lightening the load on IT professionals.

Going forward, this update will enable end-users to access their BitLocker recovery key directly from the Company Portal website. Because of this, your organization can expect to benefit from a more intuitive and streamlined path to recovery.

This should also help improve productivity because end-users won’t need to wait for the delays that sometimes occur while waiting for IT support to assist them. And with IT having this task taken care of for them, they will have more time to dedicate to more productive endeavors.

CORPORATE IDENTIFIERS

This feature aims to verify that corporate devices are labeled as corporate-owned as soon as they enroll. It does so by adding their corporate identifiers ahead of time in the Microsoft Intune admin center.

For businesses, corporate device management provides you with more capabilities than that for personal devices. This new change will help organizations restrict the application of the corporate-owned devices label only to authorized devices.

Adding corporate identifiers to Intune requires you to upload a file of corporate identifiers in the admin center or enter each identifier separately. Also important to note is the fact that you don’t need to add corporate identifiers for all deployments. During enrollment, Intune automatically assigns corporate-owned status to devices that join to Microsoft Entra via:

  • Device enrollment manager account (all platforms)
  • An Apple device enrollment program such as Apple School Manager, Apple Business Manager, or Apple Configurator (iOS/iPadOS only)
  • Windows Autopilot
  • Co-management with Microsoft Intune and group policy (GPO)
  • Azure Virtual Desktop
  • Automatic mobile device management (MDM) enrollment via provisioning package
  • Knox Mobile Enrollment
  • Android Enterprise management:
  • Corporate-owned devices with work profile.
  • Fully managed devices.
  • Dedicated devices.
  • Android Open Source Project (AOSP) management:
  • Corporate-owned user-associated devices
  • Corporate-owned userless devices
  • Google Zero Touch

Windows 365 Cloud PC security baseline updates

From the new, additional features and updates to Microsoft Intune, it’s clear to see that increasing efficiency matters. Strengthening security is also of utmost importance. And the same applies here.

Configuring security settings can often be a complex, time-consuming task that few will enjoy especially if you are still a novice. These deployed policy templates with Intune aim to establish Microsoft Security–recommended settings are central to the security strategies employed by Intune.

To ensure that you get the most from these measures, Intune has set it up such that these baselines can be tailored to your unique needs. Additionally, this particular update requires you to manually update your customizations, if any, from the previous baseline. This baseline, which comes highly recommended, will also give you:

  • Faster deployment of baseline version updates
  • Improved user interface and reporting experience (such as per-setting status reports)
  • More consistent naming across the Intune portal
  • Elimination of setting “tattooing”
  • Ability to use assignment filters for profiles

New updates and features for Windows 365

Similar to Microsoft Intune, Windows 365 has also introduced several updates to the Cloud PC service. Some of these include:

ADDITIONS TO DEVICE MANAGEMENT CAPABILITIES

UpdateWhat it offers
Windows 11 Cloud PCs now support EN-NZAs of September 2024, Windows 11 Cloud PCs now support EN-NZ.
Support for symmetric NAT with RDP ShortpathThe goal is to develop an RDP Short path in Windows 365 such that it can support setting up an indirect UDP connection using Traversal Using Relays around NAT (TURN) for symmetric NAT. Most are probably aware that TURN is a widely accepted standard for device-to-device networking for low latency, high-throughput data transmission.
Uni-directional clipboard support is now generally availableWith service release 2407 in July 2024, came the release of uni-directional clipboard support into general availability.
Closing port 3389 by default for newly provisioned and reprovisioned Cloud PCsGoing forward, expect to find the inbound port 3389 closed by default. This update has come about as a means to further safeguard your Windows 365 environment.
Chroma subsampling default change to 4:2:0This change has been made to help reduce monitor support issues. The Windows 365 service will now default to the chroma subsampling at 4:2:0. instead of the previous 4:4:4.
Windows 365 Boot and Windows 365 Switch now support battery status redirectionIn a move that should be welcomed by users, Windows 365 Boot and Windows 365 Switch will now offer support for battery status redirection. Therefore, you can now view your local PCs battery status on a Cloud PC.
Upgrade Windows 365 licenses in Microsoft admin centerAll clients with Modern Microsoft Cloud Agreements can now upgrade their existing Windows 365 licenses in the Microsoft Admin Center.
New Windows 365 Cloud PC images available in the galleryAs of May 2024, you can now access new Cloud PC gallery images for Windows 10 and Windows 11. These improved images have harmonized optimizations with Windows 365 apps images for better policy management:   Win 10 Enterprise Cloud PC: 21H2, 22H2,Win 11 Enterprise Cloud PC: 21H2, 22H2, 23H2
Manage redirections for Cloud PCs on iOS/iPadOS devicesThe Intune admin center can now be used to handle redirections for iOS/iPadOS users who access their Cloud PCs using Microsoft Remote Desktop and Windows App.

DEVICE SECURITY UPDATES

UpdateWhat it offers
Session lock experience configuration for single sign-onThis new update offers clients the ability to configure the remote session lock experience when single sign-on (SSO) is enabled between the default disconnect behavior and showing the remote lock screen. Enabling SSO allows you to use passwordless authentication and third-party Identity Providers that federate with Microsoft Entra ID to sign in to your Cloud PC. This tool offers an SSO experience when authenticating to the Cloud PC and inside the session when accessing Microsoft Entra ID-based apps and websites.
Windows 365 support for Microsoft Purview Customer KeyWindows 365 clients are also being given a feature that supports the encryption of Cloud PCs by setting up Microsoft Purview Customer Key.
Customer LockboxWith service release 2407 is new Windows 365 Government support for Microsoft Purview Customer Lockbox. The Customer Lockbox prevents Microsoft from accessing your content without explicit approval. This feature gets you integrated into the approval workflow process that Microsoft uses thereby restricting access to your content only to authorized requests.
Single sign-on Windows 365 clients authentication changeSingle sign-on for Windows 365 is switching to the use of the Windows Cloud Login Entra ID cloud app for Windows authentication. This change will begin with the Windows and Web clients.
FQDNs removed from requirement listSeveral of the required FQDNs have in the past been moved to the *.infra.windows365.microsoft.com wildcard FQDN. This move reduces the initial configuration requirements and the change rate of connectivity requirements. As of May 2024, the old FQDNs have been removed from the requirement list.  
Microsoft Purview Data Loss PreventionIn March 2024 (service release 2403), it was announced that Microsoft Purview Data Loss Prevention (DLP) will now support Windows 365 Enterprise. Getting access to DLP means that you can now monitor the actions that are being taken on items you’ve determined to be sensitive. Moreover, this also helps you block unintentional sharing of these items. As soon as you onboard devices into the Microsoft Purview solutions, data concerning what users are doing with sensitive items becomes available in activity explorer.
Windows 365 Boot shared mode supports FIDOThis change can help your business strengthen the security of your Windows 365 environment. Because Windows 365 Boot shared mode now supports FIDO, enterprises can leverage hardened authentication measures that minimize the risk of successful attacks.

MONITOR AND TROUBLESHOOT

UpdateWhat it offers
New Intune report and device action for Windows enrollment attestation (public preview)The device status attestation report gives you information about devices that have either Completed, Failed, or Not started enrollment attestation. With the new device attestation status report in Microsoft Intune, you can find out if a device has attested and enrolled securely while being hardware-backed.
Cloud PC utilization report for Windows 365 GovernmentThe Cloud PC utilization report offers you a useful tool for monitoring and optimizing Cloud PC usage in your organization. You can glean from it information such as how much time users are spending on their Cloud PCs or when they last connected. As of June 2024, support for this feature is now available to Windows 365 Government.
Cloud PC size recommendations reportThis Cloud PC recommendations report is now out of preview and generally available. The report is an AI-powered feature that enables administrators to determine the correct size for Cloud PCs. By assessing data such as end-user Cloud PC usage patterns, platform level resource utilization data, and performance needs, you can work out the best Cloud PC configuration for your users.
Cloud PCs that aren’t available reportGenerally available as of May 2024 (service release 2404). Simplifies the task for admins by helping them identify Cloud PCs that may be currently unavailable. The report will give you information concerning conditions up to 5 to 15 minutes ago. As a result, you could potentially find Cloud PCs in the report that have already recovered.
Improvements to Cloud PC connection quality reportSeveral upgrades to the Cloud PC connection quality report became generally available in March. The improvements that you can look forward to include:   A more comprehensive view of the overall performance of your Cloud PCs.A more detailed view of devices when they are in a state of poor performance due to high round trip times.Tenant level visibility to most recent/current for:Round Trip Time.Bandwidth.Connection Time.UDP Utilization.Connection specific detail on client IP and associated CPC Gateway.Filters for all columns.
Alerts for Windows 365 Frontline maximum concurrent Cloud PCsWindows 365 administrators will be getting even more information to help them better manage their Cloud PC environments. With this update, admins receive alerts notifying them when the maximum concurrent Cloud PCs are active for Windows 365 Frontline subscriptions.
Device action data kept for 90 daysYou get to view actions performed within the last 90 days. To access this information, navigate to the Overview page for individual Cloud PCs.

UPDATES TO WINDOWS 365 BOOT

UpdateWhat it offers
Shared and dedicated Windows 365 Boot deviceUsing Windows 365 Boot, admins can configure Windows 11 physical devices so that users can:   Avoid signing in to their physical device.Sign in directly to their Windows 365 Cloud PC on their physical device.   To add to the flexibility, Windows 365 Boot now supports both dedicated and shared PC scenarios.
Windows 365 Boot sign-in page customizationAnother update for Windows 365 Boot is the availability of sign-in page customization. Previously in preview, this feature became generally available in February.
Windows 365 Boot fail fast notificationsAdding to the previous new updates is fail fast notifications. Beginning in February as well, Windows 365 Boot detection and notification of network or application setup issues transitioned to general availability.
Management of local PC settingsThe last update for February allowed for changes regarding the management of local PC settings. Going forward, users will be able to manage local PC settings through their Windows 365 Boot Cloud PC.

Wrap up

Ensuring that your IT environment is operating at peak efficiency is a goal that every company should have. Optimizing the functions of applications and devices is integral to maintaining elevated productivity levels. This is why one cannot overstate the importance of the new features and updates. It’s why we regularly see them from Microsoft Intune and Windows 365.

Not only do they keep your business running smoothly. They constantly address any issues that may arise. As a business, your needs change as the operating environment evolves. Therefore, there is a need for services like Intune and the Cloud PC that can keep up with those changes.

Synology SSD Cache: A Comprehensive Guide

Synology NAS (Network Attached Storage) devices are known for their versatility, offering a wide array of features for data storage, sharing, and management. One feature that significantly enhances performance is the Synology SSD cache. This guide explores Synology SSD cache, its benefits, how to set it up, the importance of upgrading DiskStation Manager (DSM) versions, and how to verify if you’re running the latest DSM version.

What is Synology SSD Cache?

An SSD cache uses Solid-State Drives (SSDs) to accelerate data access on traditional Hard Disk Drives (HDDs). SSDs are much faster than HDDs due to their lack of mechanical parts, providing lower latency and higher throughput. In Synology NAS, SSD caching improves the performance of your storage pools without requiring a full SSD-only setup.

Types of SSD Cache in Synology NAS

  1. Read-Only Cache:
    • Speeds up frequently accessed data by storing it in SSDs.
    • Improves read performance but does not affect write operations.
  2. Read-Write Cache:
    • Boosts both read and write performance.
    • Requires at least two SSDs in RAID 1 for redundancy.

Benefits of SSD Cache

  • Enhanced Performance: Faster data access and improved application performance.
  • Cost-Effective: Combines HDDs and SSDs for performance gains without the expense of SSD-only setups.
  • Scalable: Easily added or removed as needed.
  • Optimized Utilization: Ensures frequently accessed data is quickly available.

When to Use SSD Cache

  • High I/O Workloads: For example, virtualization, databases, or file servers.
  • Mixed Storage Systems: Combining HDDs and SSDs for balanced performance.
  • Repetitive Access Patterns: Ideal for applications with predictable workloads.

How to Set Up SSD Cache

Prerequisites

  • A compatible Synology NAS model.
  • Supported SSDs (check Synology’s compatibility list).
  • An existing storage pool.

Configuration Steps

  1. Install SSDs:
    • Install SSDs in the designated bays or via an adapter card like the Synology M2D17 in PCIe Slot 1.
    • Verify installation using Synology DSM.
  2. Create SSD Cache:
    • Navigate to Storage Manager > SSD Cache.
    • Choose the storage pool and cache type (read-only or read-write).
    • Follow the on-screen instructions.
  3. Monitor Performance:
    • Use Resource Monitor to track cache efficiency.
  4. Optimize Cache:
    • Update DSM for the latest features.
    • Adjust settings as needed.

Why Upgrade DSM?

DiskStation Manager (DSM) is the operating system powering Synology NAS devices. Regular upgrades are essential for:

  • New Features: Improved functionality and usability.
  • Security: Patches to keep your system secure.
  • Performance: Enhanced efficiency with updated algorithms.
  • Compatibility: Support for new hardware and apps.
  • Bug Fixes: Resolves known issues.

DSM Upgrade Steps

  1. Prepare for the Upgrade:
    • Backup data using Hyper Backup.
    • Verify compatibility and system health.
  2. Upgrade DSM:
    • Use the Control Panel > Update & Restore for automatic updates.
    • Perform manual updates by downloading the update file from Synology’s website.
  3. Post-Upgrade Verification:
    • Test applications and review logs for errors.
    • Reconfigure settings as needed.

How to Verify DSM Version

  1. DSM Interface: Navigate to Control Panel > Update & Restore to check for updates.
  2. Synology Assistant: Use this tool to display the DSM version.
  3. Command-Line: Run cat /etc/VERSION via SSH.
  4. Mobile App: Use Synology’s DS Finder to check the version.

My Setup and Observations

I am using a DS1817+ with eight Seagate ST8000AS0002-1NA17Z 8 TB Archive HDDs, running without issues. Currently, I’m upgrading to 16 TB Western Digital WDC WD161KFGX-68AFPN0 HDDs. My SSD cache consists of two Samsung SSD 850 EVO M.2 (500 GB) drives installed using a Synology M2D17 adapter in PCIe Slot 1.

Hardware Highlights

Seagate ST8000AS0002 HDD:

  • Energy-efficient archival storage.
  • Reliable for long-term use.

Western Digital WDC WD161KFGX HDD:

  • High-capacity Ultrastar DC HC500 series.
  • Optimized for data centers with vibration resistance.

Samsung SSD 850 EVO M.2:

  • Advanced 3D V-NAND technology.
  • TurboWrite for faster write speeds.
  • High endurance and energy efficiency.

Best Practices for SSD Cache

  • Regular Maintenance: Monitor and optimize cache performance.
  • Stay Updated: Enable automatic DSM updates.
  • Evaluate Workloads: Periodically assess cache efficiency.
  • Use Compatible Hardware: Follow Synology’s compatibility guidelines.
  • Backup Data: Regularly back up to avoid data loss.

Conclusion

Synology SSD cache is a game-changer for optimizing NAS performance. Coupled with regular DSM upgrades, it ensures a reliable and high-performing system. Follow these best practices to maximize your NAS potential, enhance data security, and enjoy seamless compatibility.

Microsoft Intune and Windows 365 in 2025: What to Expect

As 2024 is drawing to a close, we can start to look back at the features that have been added to Microsoft Intune and Windows 365. These upgrades have enhanced the user experience, strengthened security measures, and enabled users to operate more efficiently.

As such, it will be exciting to look at what Microsoft could potentially add to these platforms in 2025. Businesses will be interested in seeing what Microsoft has on the horizon. They will also be eager to see what will improve these platforms even further while simultaneously addressing some common concerns they may have.

With this in mind, in this article, we’ll be going over the information Microsoft has released concerning features scheduled to be released in 2025.

What does 2025 hold for Intune?

Microsoft Intune: Managed device attestation for iOS/iPadOS and macOS device enrollment and ADE

When we consider the threat landscape that organizations constantly have to deal with, it’s easy to see why there is a great need for continually improving security measures. Hence why bringing ACME and managed device attestation support for eligible Apple devices to GA is a great move on Intune’s part. It should enable you to have better control over the verification processes of various devices.

Included in this update are device enrollment and ADE enrollments, notably AC2. Admins should note that this will apply to new enrollments with device enrollment (BYOD) and new enrollments with ADE or Apple Configurator tool. We can expect to see the rollout of this feature beginning in April 2025.

Microsoft Intune: Windows enrollment attestation

Staying with the same theme of enhancing security measures, businesses will also be getting this feature beginning in March 2025. You can expect to have physical devices attested at enrollment and enrollment credentials storage in the hardware of the device.

This can provide administrators with an extra bit of convenience. It will allow them to view device attestations in the new Device attestation status report. Additionally, they can force attestation from that report when necessary.

Microsoft Intune: Enhanced device inventory for Windows devices

Few things can increase work efficiency the way that easily having access to all the information you need when you need it can. This is what businesses will be getting when this service is rolled out in February 2025 enabling them to obtain more inventory information about their Windows devices. You get to specify which device properties you need to collect as well as from which devices. With this, you can view that information for your devices.

Microsoft Intune: Hardware-backed attestation – enhanced for Windows 11

This feature, which will be coming to you in January 2025, seeks to improve the Windows compliance policy. You should expect an improvement in device health due to the addition of five additional hardware attestation settings. These settings are specific to Windows 11 using advanced platform security features. The latter will include features such as firmware protection, virtualization-based security, Memory Integrity and Access Protection, and Early Launch Antimalware protection.

Microsoft Intune: macOS Platform SSO Support

Intune is constantly looking for ways to enhance the user experience for customers that use the macOS platform. To this end, features like this one in particular will give you better security and increase convenience. With the release planned for January 2025, customers should soon be able to log in on a managed Mac using their Entra ID password.

Microsoft Intune: Multiple managed accounts

Adding to the convenience that the upcoming Intune features will bring is this feature. As of January 2025, Microsoft plans on enabling users to use a single device with multiple company accounts to access company information through specific managed applications.

Microsoft Intune: Enrollment time grouping for Android Enterprise Corporate devices

Enrollment time grouping (ETG) for Android Enterprise Corporate devices is a feature that will help targeted apps and policies reach devices faster thus minimizing delays common with device setup. The rollout is slated for January 2025.

AI to boost the capabilities of the Cloud PC

Businesses cannot deny the immense potential that AI can offer them. This technology has vast applications that can positively impact business operations at just about every level. It’s therefore no surprise that Windows 365 is working on taking advantage of AI to improve the user experience for Cloud PC users. Already, Windows 365 can use AI to provide you with Cloud PC resizing recommendations that can help minimize costs and increase efficiency.

Windows 365 does this and more by leveraging AI to evaluate Cloud PC deployment and utilization. With this information in hand, companies can better plan their Cloud PC environments thus maximizing the value of their investment. These tailored, AI-powered insights will help you avoid several issues including:

  • Complex purchase discussions – when you lack specific information, your organization could spend vast amounts of time bogged down in discussions with vendors trying to figure out what’s most suitable for your needs.
  • Low productivity levels – if your environment operates with incorrect configurations, employees cannot perform at optimum levels and their output will be lower than it should be.
  • Fluctuations in usage and license churn – any discrepancies between your purchased licenses and actual use may cause irregular usage patterns which in turn negatively impacts cost management.

Wrap up

The various development teams at Microsoft appreciate the need to keep expanding the capabilities of the products and services they offer. As the modern work environment evolves, so too should the tools available to us. Companies need technologies that empower their employees, strengthen their security, and inspire business innovation.

Fortunately, the new features and capabilities that Microsoft Intune and Windows 365 are working on promise to deliver. Customers can plan excitedly for the future knowing that their platforms of choice will keep them ahead of the curve.

Enhancing Your Security Posture in Windows 365 and Azure Virtual Desktop

Setting up a virtual computing environment offers plenty of benefits for most organizations. But, businesses also need to understand the potential security issues involved and how best they can address them. Recently, Microsoft has been working on enhancing security measures for Windows 365 and Azure Virtual Desktop (AVD) clients. In addition to that, one of the key goals is to address the complexities that organizations often have to deal with regarding security policy management.

By doing so, Microsoft intends to provide clients with a robust suite of new security features. The new features will offer greater infrastructure protection.

Common security risks in virtual computing

Businesses are constantly dealing with various threats to their infrastructure and data breaches can be some of the most damaging. From huge financial losses to potential legal ramifications, data breaches pose serious threats to companies. Some organizations might even find it hard to bounce back from if left unprotected.

Another of the biggest challenges that businesses deal with on a daily basis is insider threat. What makes this such a tough issue to deal with is that it encompasses both negligent as well as malicious users. This kind of problem serves to highlight the importance of the new features Microsoft is launching. These latest features aim to strengthen identity and access management protocols.

Organizations can also get punished for a lack of due diligence. If one makes the mistake of engaging a virtual computing services provider without a full understanding of the security they have in place, it can end up being extremely costly.

Working with platforms, like Azure Virtual Desktop (AVD) and Windows 365, gives you the advantage of integrated services into the Microsoft security ecosystem. Not only do you get excellent security but you also get compliance with the appropriate regulations.

Ensuring security by default

One of the key things that Microsoft is doing to counteract security threats is putting in place features that provide security by default. This can be achieved by embedding Microsoft-recommended security settings right at the beginning when creating Cloud PCs or virtual machines. Putting in place measures like these serves to make security an integral part of these virtual services. It also provides you with robust security straight out of the box

SIMPLICITY with Azure Virtual Desktop

Implementing security by default also simplifies things by reducing the need for manual configurations. This allows you to have more productive time. IT admins will have even less to worry about, thanks to one of Microsoft’s newer updates. This update works by restricting Port 3389 by default on all newly provisioned and reprovisioned Windows 365 Cloud PCs. This update goes a long way in getting virtual services to the goal of automated, built-in security.

FLEXIBILITY with Azure Virtual Desktop

Despite the need for default security, Microsoft still appreciates that there may be times when IT admins may need to override these settings. For instance, think of a situation where IT admins have to customize security for their virtualization deployment to accommodate different devices and varying work models.

In anticipation of such scenarios, Microsoft gives clients the flexibility to override these security settings when the need arises. Ultimately, the key is to offer businesses solutions that are easy to use but not at the cost of improved security. Thus, the new features will simplify securing identity, data, and access. They’ll do so while simultaneously giving organizations the choice, flexibility, and control necessary to maintain a robust security structure.

Secure identity

Considering the threat landscape that businesses have to deal with, it’s extremely important to have the right technologies and processes to safeguard access to resources. Comprehensive solutions are necessary to secure identities ensuring that the right individuals get the right access at the right time.

Not only that, but end-users expect a seamless user experience that makes things easier for them. Needless to say, it’s equally or maybe even more important to have processes that curb malicious access.

FACILITATING SECURE ACCESS

In keeping with the goal of improved identity security, Microsoft recently preview launched Passkey support in Microsoft Entra for macOS and iOS devices with single sign-on and password-less authentication.

With this update, users can expect the end-to-end user experience to become more streamlined. Coupled with improved phish-resistant password-less security for Windows 365 and Azure Virtual Desktop, this launch will undoubtedly give organizations stronger identity processes.

Given that many individuals view Passkeys as not only easier to use but more secure than passwords, this move by Microsoft is bound to be very welcome. As a method of authentication reliant on cryptographic techniques combined with biometrics such as fingerprints, Passkeys can be a significant upgrade over conventional password-based authentication.

RE-AUTHENTICATION

In addition, clients can also look forward to new features. These include faster re-authentication (public preview) that will leverage sign-in frequency in Microsoft Entra Conditional Access policies. This is something that will give IT admins the necessary control to enforce secure, timely reauthentication based on their needs.

Users must re-authenticate only when needing to authenticate to a resource and also when a new access token is needed. Once a connection has been established, they won’t be prompted even if the connection lasts longer than the configured sign-in frequency.

Users also need to re-authenticate if a network disruption occurs that forces the session to be re-established after the configured sign-in frequency. Unfortunately, on unstable networks this probably means more frequent authentication requests.

Wrap up about Windows 365 and Azure Virtual Desktop

The threat landscape is constantly evolving thus creating new risks that organizations have to be prepared to face. With malicious actors working nonstop to expose vulnerabilities, businesses cannot afford to be lax in their approaches to data security. This is why Microsoft is committed to ensuring that clients using the Windows 365 and Azure Virtual Desktop platforms regularly receive new high-end security tools and updates. By doing so, organizations like yours can mitigate the risk of dangerous data breaches and financial losses with fortified security postures.

Windows 365 – Scalability

One of the major features that has driven the success of cloud computing is scalability. This particular feature is vital to businesses like yours. And it’s how businesses will be able to swiftly and efficiently scale their IT resources.

So, it’s not surprising that Microsoft’s Windows 365 environment supports this feature because of how easy it is to use. For starters, deploying Cloud PCs is going to be a relatively simple exercise. But, if your organization’s demands for computing resources such as storage and processing power change, then you’ll be able to address those demands with very little fuss. And with the growing interest in cloud computing, Windows 365 needs to be a top consideration as the service of choice.

What is Scalability?

So, what exactly is scalability with regard to cloud computing? Simply put, this refers to the ability to either increase or decrease your IT resources at your convenience. And it’s a valuable feature to have when your business needs require it.

Therefore, if your business is growing, you can swiftly make the necessary changes to your cloud computing environment. Gain additional resources such as storage, processing power, and bandwidth. And you can easily do this without the potentially huge financial outlay that may otherwise be required to upgrade your hardware or change your infrastructure. This will then translate t more cost-effective business operations. And it will boost your performance even further.

Whatever cloud services your business would like to use, scalability will be key in ensuring that you get the best possible experience. Fortunately, for clients of Windows 365, the system functions in a way that enables you to scale quickly so that businesses, regardless of size, can easily meet their computing needs.

Although we often think of scaling up for growing business, in some cases, you may find yourself needing to scale down. As a result, admins can also remove virtual desktops according to the needs of the business and not just increase the number.

Scalability Features of Windows 365

With Windows 365, Microsoft offers clients the next step in desktop virtualization technology. It gives organizations plenty of features that will help to optimize IT operations and increase productivity. Among these features include those that can help you to swiftly scale up or down according to your needs. In this section, we’re going to look at some of these scalability features.

FLEXIBLE PRICING

In addition to offering clients two versions of the service - Windows 365 Business and Windows 365 Enterprise - Microsoft has a flexible pricing arrangement in place to meet different needs. You can find the lowest-end SKUs costing $20 a month and the highest-end at just over $150. The pricing model is meant to ensure that both small and large enterprises can find something to adequately meet their requirements without having to pay for more than they need.

For instance, regular frontline workers will not need anywhere near the same computing power as web developers, software engineers, etc. And the benefit of having this fixed monthly subscription is that it makes it easier to plan accordingly for your IT expenditures.

Furthermore, despite there being two different editions to cater to different types of organizations, the range of features that will be available to clients is pretty much the same. This helps to alleviate any concerns about potentially getting an inferior service to clients paying for the higher-end subscription plans.

So, even if your organization is relatively small at the moment, Windows 365 allows you to pay only for what you need, and then as you continue to grow, you can eventually scale up as needed without worrying about significant additional expenses.

SELF-SERVICE PORTAL

The availability of self-service is something that can help to streamline business processes and enhance overall client satisfaction. Relying on manual processes as well as depending on external support, can massively hinder the efficiency with which your business can operate.

This is why Windows 365 provides clients with a self-service portal whose aim is to ensure that it eliminates as many obstacles as possible. Therefore, by giving clients the control needed to perform certain actions, we can expect to see fewer disruptions and faster implementation of important changes.

With this control, admins can create, manage, and deploy virtual desktops very quickly and without any trouble. And this will also help to minimize IT friction because of the reduction in downtime as well as dependency on help desks.

Simply put, getting greater control allows your business to run more smoothly and without needing any additional IT resources. This is something that will also benefit you financially as you can expect a reduction in IT expenses.

RESOURCE ALLOCATION

One thing that we should not forget is that virtual resources are similar to your regular traditional resources in that they are exhaustible. It’s important to remember that this ‘cloud’ that we so often talk about requires physical hardware on the other side. This means that when it comes to the allocation of resources, we should not abandon the principles that we have been using all along.

We’ve already discussed the flexible pricing that Windows 365 clients can leverage. But businesses can still have concerns about the cost of cloud computing resources. Hence the need for resource optimization to ensure that resources are being placed precisely where they are needed.

Microsoft wants Windows 365 to be as cost-efficient as possible for clients, which is why you can allocate resources in a way that maximizes usage and thus improves productivity. By directing resources such as memory, storage, and processing power to areas with the heaviest workload, you can enhance the efficiency of your business processes.

With the ideal resource allocation strategy in place, you can also reduce your cloud computing costs. And the best way to craft that strategy is to have a full understanding of how Windows 365 works, the workloads of various users, and the network your organization uses.

RAPID DEPLOYMENT

One of the things that can make businesses hesitate about implementing new technologies is the potential downtime. Whenever possible, businesses want to avoid spending several days or weeks deploying new software. Getting a new system set up as quickly as possible is the most ideal scenario. And Windows 365 is designed precisely for this purpose. One of the things that Microsoft constantly repeats about Windows 365 is its ease of use and deployment.

Even without bringing in additional IT resources, you can easily have a new Cloud PC within half an hour. As the age-old cliché goes, “time is money,” and so being able to set up new Cloud PCs this quickly only makes Windows 365 that much more attractive.

Therefore, whether it’s deploying new virtual desktops or scaling up your computing resources, Windows 365 can handle this in minutes, not hours or days. This means that when the need arises, businesses can make a swift response to changes in computing resource demands.

CENTRALIZED MANAGEMENT

Decentralized systems can breed a lot of chaos that can negatively impact how efficiently your IT staff can work. If a problem arises and is dealt with in one department but keeps occurring in other departments, then your organization’s productivity will expectedly suffer.

Centralized management capabilities such as those you get with Windows 365 will not only improve performance but will help to potentially reduce operating costs while simultaneously enhancing overall security. Administrators can utilize a single console to monitor and manage all virtual desktops, thus making the job easier. By leveraging these benefits, your business can scale its computing resources quickly and without compromising on security or efficiency.

INTEGRATION WITH MICROSOFT AZURE

An undeniable part of the success of Windows 365 is the fact that it exists on Azure infrastructure. Because of this, it can take advantage of components of the already successful Azure Virtual Desktop (AVD). This gives Windows 365 access to arguably the most secure platform you can get. Azure’s industry-leading security measures and identity management can provide Cloud PCs with more than adequate security.

Furthermore, businesses will benefit from exceptional computing resources, including virtual machines. There are also databases, computing power, and as much storage as companies need. And you get access to these vast resources. Moreover, as your business continues to grow, you’ll have the option to implement a secure upscale of your resources. The reason why all of this is achievable, with almost no difficulty whatsoever, is because of the tools and services. Essentially, you’ll be using the same arsenal of resources you usually use for the process.

Benefits of Windows 365 Scalability

As we’ve already discussed above, scalability plays a key role in how businesses can efficiently utilize their resources. The scalability features that Windows 365 avails to its clients come with several benefits:

REDUCED COSTS

Probably the biggest benefit your business stands to gain from the above-mentioned features is reduced IT expenditure. Because of how easy the scaling process is, you won’t need to bring in any additional IT personnel to do the job. Moreover, you also don’t need to make costly infrastructure changes or purchase additional hardware. All of this, combined with the flexible pricing plans and self-service portal, will help your business to reduce IT expenses. And this is something that will be particularly beneficial to smaller enterprises that could struggle with the costs of scaling their computing resources.

IMPROVED EFFICIENCY

Businesses know that occasionally unexpected opportunities will occur, and the ability to effect a swift response will be essential if they are to take advantage. The centralized management and rapid deployment features available with Windows 365 will give you just that. If you suddenly experience a significant increase in traffic, then you will need to respond with a quick and efficient scaling of your computing resources. And this should be done without compromising performance or quality of service. You can be certain that if you miss this opportunity, another business will be eagerly waiting to take advantage.

INCREASED FLEXIBILITY

Windows 365 is great for offering your employees increased flexibility in their working conditions. But this flexibility also extends to the entire organization. Setting up IT infrastructure is often a very costly endeavor for any business. So, having a service like Windows 365 helps businesses to purchase only what they need. And as the business grows, you won’t have to worry too much about scaling up or down, as necessary. This is because Windows 365 is flexible enough to do that quickly and cost-efficiently. Businesses, large or small, can easily adapt to a changing environment without the usual challenges that often accompany the task.

ENHANCED SECURITY

Remote work obviously comes with its fair share of security concerns. This is why a lot of businesses are apprehensive about migrating to the cloud. Windows 365, however, has a foundation built on Azure cloud infrastructure. And it offers excellent security. Organizations will know that users, regardless of where they are working, should be just as secure as those working on-premises. The security measures you put in place will significantly reduce the risk of malicious access to employees’ devices and your organization’s network. In addition, the centralized management capabilities simplify the management and monitoring of all virtual devices. This results in an ability to fortify your security posture even more.

Wrap up

Scalability should be a key priority for any business, regardless of sector. You need to have strategies in place to scale as needed without hindrance due to a lack of resources. As your business grows, new clients should be able to receive the same quality of service that has built your reputation thus far.

And this is why services like Windows 365 are offering businesses the kinds of capabilities that will adequately meet their needs at whatever stage of growth they may be. The ease with which you can scale allows your business to evolve efficiently and without incurring unnecessary costs. Windows 365 could just be the technology you need to help take your business to the next level.

Igniting The Future of AI With Microsoft

Every year, Microsoft holds its Ignite conference, which is open to all partners, IT professionals, developers, and IT enthusiasts. At this Ignite 2024 event, attendees will be treated to keynotes, sessions, and hands-on events. These will be delivered by Microsoft experts as well as other industry leaders.

This year, at Ignite 2024, the key focus will be AI, the role that Microsoft is playing, and what people can expect in the short and long term. We have all probably had some experience with the impact of AI and machine learning processes on how we conduct our business.

So, considering all the cutting-edge innovations currently in development, you can expect Ignite 2024 to be an exciting and informative affair.

The impact of AI on business

OPERATIONAL EFFICIENCY

The capabilities of AI have resulted in a positive impact being felt across different business sectors. With the transformative effect of AI, enterprises can significantly improve how they operate. As the age-old cliché goes, time is money.

By using AI, your organization can start to operate more efficiently by automating most of your time-consuming and repetitive tasks. The benefit is that employing a better and much faster process for dealing with these tasks. This will free employees up to focus on more productive tasks. Expectedly, this could give you an edge in today’s very competitive business landscape.

DATA ANALYSIS

There is no denying the importance of data in the success of any enterprise. But, with the availability of big data, organizations need reliable tools to quickly help them sift through that data and provide valuable insights. Due to the exceptional tools that AI provides, businesses can gather and swiftly analyze huge volumes of data in a very short time.

Consequently, this gives you valuable insights regarding client wants and needs. And when coupled with information about the general behavior of the market, you can immediately start implementing the necessary actions.

Moreover, AI can help minimize human error in the data analysis process while also picking up trends or anomalies that may have gone unnoticed.

IMPROVED SECURITY MEASURES

As businesses increasingly look to AI and cloud-based solutions to improve efficiency and productivity levels, the need for robust security measures becomes more apparent. Every organization needs to be adequately prepared when dealing with the sophisticated attack methods that cybercriminals are using.

Fortunately, AI can also play a key role in your security strategy. Similarly to how it analyzes data for improving your business operations, it can detect patterns or anomalies that could weaken your security posture. By helping identify these issues, AI enables you to reinforce your security measures. It also ensures that sensitive data remains out of reach for unauthorized access.

CUSTOMER ENGAGEMENT

AI can be an extremely useful tool that your organization can utilize to improve the customer experience. The efficient analysis of large amounts of information can give you incredible data insights that are necessary for developing an ideal personalized customer experience.

A lot of companies and brands are already using AI customer service automation to create a more efficient 24/7 customer support system. Not only can services such as these provide excellent feedback, but they can help customers resolve simple issues much faster.

Furthermore, having information that allows you to personalize customer engagement will help employees deliver higher levels of customer satisfaction.

Ignite 2024 Conference

This year, the Ignite conference will not only be focusing on all the latest Microsoft innovations. It will also be taking a deep dive into the power of AI. Attendees can additionally expect to learn about how the power of AI can drive productivity across different industries.

From Microsoft personnel to leading industry experts, the event will offer plenty for participants to choose from with a schedule packed with plenty of sessions and hands-on training. All of this will be taking place at the McCormick Place Convention Center, conveniently located in Chicago, Illinois.

Apart from those leading the sessions, you can expect to meet experts from various tech sectors whose expertise could be invaluable to your organization. However, it’s not just the leading experts who will be around. You also get to meet tech enthusiasts with different levels of experience.

Networking among various groups of people can provide you with greater information about all the amazing innovations happening around the globe. In addition to these groups of people, expect to see business leaders and Microsoft partners who will have plenty to add to the experience.

Why should you attend?

When it comes to tech conferences, one may wonder why they should bother attending. After all, with countless blogs, podcasts, and various other tech platforms, you have plenty of choices regarding where and how you get your tech news and updates. Despite this, however, there are some very good reasons why you should consider attending events like Ignite 2024.

UNIQUE OPPORTUNITIES

Attending tech conferences can give you learning opportunities that other platforms cannot deliver. You get to interact with Microsoft experts, industry leaders, and other professionals. The wealth of information available from keynote speeches, hands-on workshops, and breakout sessions can be instrumental to professional development. Both the learning experience and the engagement with top experts will give you an edge that will not only benefit you but your company as a whole.

CULTIVATE CONNECTIONS

We can all appreciate the value that networking can bring to our lives. From expanding your career prospects to professional development, cultivating mutually beneficial connections can often be the key to success. We’ve all heard the expression, “It’s not what you know but who you know.”

Granted, this doesn’t always ring true. But there’s no denying the impact that well-developed networks can have on one’s career and business endeavors. By connecting with like-minded individuals, you get the opportunity to interact with others who may inspire your creativity. It’s here that you’ll find those who can expose you to cutting-edge innovations. Moreover, you can learn insights that only individuals with certain expertise can provide.

LEAVE YOUR COMFORT ZONE

Another great thing about attending conferences like Ignite is that it takes you out of your comfort zone. Whatever you do and wherever you work, immersing yourself in an environment away from your typical daily routine can be a refreshing and motivational experience.

Take the time to learn about the latest AI and machine learning innovations. Also, commune with others and share ideas. See what other experts, professionals, and IT enthusiasts have to offer, and it might just inspire you to greater success. And if nothing else, enjoy the time off away from work and make the most of it!

Presence of sponsors

As already mentioned, in addition to Microsoft personnel, Ignite 2024 will have plenty to showcase from other industry experts. As the drive toward empowering companies with AI and machine learning technology gains momentum, plenty of tech businesses are pushing the boundaries with innovative solutions. Some of the sponsors you will be seeing at the event include:

  • Intel – a tech giant that is working on hardware and software solutions, designed to help enterprises benefit fully from AI. It should be exciting to see what products and services they are developing to enable organizations to support AI at scale.
  • AMD – one of the key things that AMD is doing is working on high-performance hardware and software products to leverage the full power of their AI solutions. Additionally, by tailoring the capabilities of their products and services to your unique needs, AMD contributes to more efficient operations.
  • Rubrik – with the threats that enterprises are constantly dealing with, solutions that can fortify your data security are necessary. Due to the capabilities of AI, Rubrik can do a lot to enhance your cybersecurity through swift threat detection and analysis, recovery, and resilience.
  • Kyndryl – businesses have much to gain with innovative solutions that speed up the development and implementation of AI-powered processes. Companies can learn how to simplify their operations while potentially scaling up productivity by leveraging generative AI at scale.
  • Dell Technologies – Dell is heavily invested in developing infrastructure that is optimized for AI. Businesses need to have products and services that are powered by AI and that can be deployed anywhere. Considering this, you can expect to learn about the work Dell is putting in to eliminate barriers and support companies with their AI strategies.
  • Fujitsu – Fujitsu is focused on providing companies with AI platforms and technologies uniquely tailored to their needs. The goal of this approach is to empower businesses to take advantage of the full power of AI technology and get the best ROI.
  • NVIDIA – NVIDIA plays a central role in the processing power of AI due to its GPUs, which are fundamental to AI computations. This allows us to benefit from more efficient AI processes. And this is crucial for the further development of AI and its applications across different industries.

Additional event information

The Ignite 2024 conference will be running from November 18-22, 2024. However, attendees should know that day one is an optional half-day. The conference will come to a close on the afternoon of the 22nd. For those attending online, the dates will be from November 19-21. And they also get live streams for keynotes and some sessions. Additionally, they will have access to the following features:

  • Session scheduler
  • Attendee and Featured Partner directory
  • Digital Favorites
  • On-demand access to keynotes and sessions
  • Digital swag, including wallpapers, Microsoft Teams backgrounds, and more.

DAY 1

In-person attendees who will be in Chicago for day one (November 18) with a Technical or Partner Business pass can take advantage of this opportunity to add a pre-day lab or workshop. Running officially from 1:00 PM to 5:00 PM CT, this will be available for an additional fee of USD $325. As a participant in these interactive sessions, you can start preparing yourself for what’s to come in the days ahead.

PLUS PASS

If you’d like to have exclusive access to the Microsoft Ignite room block at the Hyatt Regency McCormick Place and Marriott Marquise Chicago, then you’ll need a Plus Pass. This pass, previously known as a Premier or Convenience Pass, is available as an add-on to a full conference registration pass.

Those who are interested will need to move quickly, as this pass will be available on a first-come, first-served basis and only while rooms are still available. With the Plus Pass, you will have access to a dedicated check-in station on Level 3 of the West Building, from where you can pick up your name badge and official conference swag.

ACCOMMODATION

Reserving a hotel can be done during the registration process. In-person attendees will find that there are pre-arranged hotel room blocks at hotels offering exclusive rates to Microsoft Ignite 2024 registrants. However, only reservations made through the registration website will qualify for the event rate. This means that hotels won’t be able to book rooms at the event rate through their reservation offices.

Wrap up

Attending the Ignite 2024 conference promises to be quite an experience. One that everyone who wants to stay a step ahead of the latest in AI innovation should be excited about. Take advantage of the opportunity to commune with Microsoft experts, industry leaders, and multiple other professionals. And with an online platform available, even if you can’t make it to Chicago, you can still partake in plenty of events from wherever you may be.

Understandably, the world is bristling with excitement over the transformative effect of AI on industries across different sectors. We all want to see how these innovations will continue to impact our business operations. As such, the conference which we are now counting down to is one not to be missed.