Windows 365 Flexible Pricing – Control Your IT Costs

Cloud computing has been evolving at a very impressive rate over the last few decades. It is now becoming an integral part of how a lot of businesses perform their operations. As you would expect, tech giant Microsoft has contributed a lot to the development that we have witnessed.

More recently, we have seen this with Windows 365, which is a virtual desktop service that Microsoft introduced a few years back. This solution gives businesses the ability to offer their employees desktops that run in the cloud and are always available. Having an option like this allows employees to remain productive wherever they may be.

And one of the best things about Windows 365 is that it offers flexible pricing terms that make it accessible to businesses both large and small. In this article, we’ll be discussing these flexible terms that Microsoft offers and how your business can benefit.

Flexible Pricing Features of Windows 365

To attract large numbers of businesses, Microsoft has had to ensure that Windows 365 has several flexible pricing features that you will find appealing. These features allow you to select the computing resources you need that will fit your unique business strategy. So, let’s take a look at some of these features.

Monthly Subscription

The flexibility that users get from their Windows 365 Cloud PCs does not only apply to how and where they can use their virtual desktops. It also applies to the subscription terms that are available to your organization. Clients that use Windows 365 get to pay for the service on a month-to-month basis.

As you can imagine, this gives you the advantage of not having to make a longer-term commitment that you may not be willing to make. You get to assess the benefits that Windows 365 gives your business every month and make adjustments to your strategies as you need.

Additionally, this also helps you to more efficiently manage your computing resources based on your changing needs. Therefore, if you need to increase or decrease the computing resources that you are using, Windows 365 allows you to do so without any problems. And all of this you can do quickly and seamlessly without having to commit to a long-term subscription that may not suit your business strategy.

Customizable Plans

Within your organization, employees working in different departments can have different computing resource needs. For example, individuals working in human resources departments are unlikely to need the same computing power as people working in an engineering department.

And fortunately for Windows 365 clients, Microsoft appreciates this and enables you to select a plan that can be uniquely tailored to precisely fit your specific computing requirements. That way, you don’t need to worry about getting more or less than your business needs.

Right at the beginning, there are two subscription options available depending on the size of your business. If you are a relatively smaller organization requiring less than 300 Cloud PCs, then you have the Windows 365 Business Edition.

Larger enterprises with employees that require a greater number of Cloud PCs have the option of Windows 365 Enterprise. The great thing about all this, however, is that these options all offer the same range of features. Therefore, small businesses get to have a similar Windows 365 experience to the larger businesses without having to break the bank.

Pay-As-You-Go

This next feature provides businesses with a lot of flexibility relevant to how they can manage their budgets. With a pay-as-you-go arrangement in place, plenty of businesses, especially the smaller ones, will find it a bit easier to take advantage of what Windows 365 can offer without compromising their budget structures.

As already mentioned before, for some businesses, long-term commitments may not currently be financially viable, so having a service that allows you to only pay for what you are using can be a great solution.

One of the most obvious differences between Windows 365 and Azure Virtual Desktop (AVD) is the payment structure. AVD offers its services on a consumption-based model, whereas Windows 365 uses a fixed per-month/per-user licensing arrangement.

The benefit that Windows 365 clients get from this is that it allows them to plan long-term, knowing exactly what their IT expenditure will be. And in the case of changing computing resource needs, they can easily scale up or down to meet demand without being worried about having to face massive costs to do so.

Self-Service Portal

Windows 365 prides itself on being a service that is easy to deploy and use for any business. By designing it this way, Microsoft has been able to offer clients a product that doesn’t require any additional financial investment to set up and use.

According to Microsoft, you should not need additional IT resources to help you set up your Windows 365 environment. And this is clearly something that is meant to help your business reduce expenditure. But, it’s not only setting up the Cloud PCs that is meant to be simple, but maintaining the environment should be as well.

Hence the availability of a self-service portal. This feature is perfect for helping your IT staff maintain your Windows 365 environment without needing to be dependent on support services. Moreover, if your business needs to add or remove virtual desktops, then your IT admins can leverage the self-service portal to do so easily and securely.

Ultimately, what Microsoft is giving you with this feature is a tool that enables you to adjust your computing resources as your business continues to evolve. Most importantly, you can do this in-house without needing to invest in additional IT resources.

Benefits of Windows 365’s Flexible Pricing

The various features that we have gone over above have several benefits that they can offer your business. In this section, we’ll be looking at some of those benefits.

Cost Control

Having effective cost control measures is essential for any business to minimize the progressive growth of expenses. Implementing such measures can help your business grow with minimal issues. One of the biggest things that a lot of businesses see as a great cost control measure is cloud computing.

Not only is this something that will help your employees remain productive from remote locations, but it can reduce IT expenses. If you consider setting up an on-premises infrastructure, you’ll quickly realize how costly an undertaking that would be. And that’s before considering the additional expenses for maintaining and potentially scaling the environment.

With Windows 365’s flexible pricing options, Microsoft wants businesses to have a virtual desktop service that can help to keep their IT expenses manageable. By signing up for only the computing resources that you need, you avoid having to overpay, especially for unnecessary resources.

This also gives you the advantage of planning an accurate budget well in advance. Moreover, you can also make allowances in your budget that will enable you to scale your computing resources if necessary.

Scalability

Windows 365 offers two subscription plans to businesses, the Enterprise 365 edition and the Business 365 edition. As mentioned already, this gives large and small businesses options that can meet their unique needs.

Within these two editions of Windows 365, you’ll also find several different options offering different levels of computing resources. This allows businesses to subscribe to options that will suit their needs without being concerned about potentially costly, long-term commitments.

In addition to this, as the needs of your business continually evolve, Windows 365 allows you to easily and quickly adapt to those changes. If your business is experiencing significant growth, you can scale your computing resources accordingly without incurring significant costs to do so.

The pay-as-you-go model that Windows 365 uses gives your IT staff the flexibility to adapt to the business environment when the need arises. Because of this, you can operate at optimal efficiency levels with exactly the computing resources you need at any given time.

Reduced Overhead

Another massive benefit that Windows 365 provides is the ease with which you can deploy, use, and maintain your virtual desktop environment. This gives businesses an excellent cloud computing service that doesn’t require you to bring in additional or specialized IT professionals.

The simplicity of Windows 365 is meant to enable your in-house IT staff to easily set up Cloud PCs for all employees that need them without necessarily bringing in external support. As you can imagine, the potential reduction in overhead can be massive.

By leveraging Windows 365, you already have plenty of benefits gained by providing employees with the flexibility to work from any remote location. And then, the reduced demands on IT admins will also free them up to dedicate more time to essential value creation for the organization. All of this, when put together, provides an excellent foundation for improving the efficiency of the business, increasing productivity, and ultimately keeping your expenses down.

Improved Productivity

Windows 365 can provide greater security for their clients’ virtual desktop environment because of the measures that are in place in the Microsoft Cloud to safeguard data. This will have an additional positive impact on productivity because of how employees can do their work securely regardless of where they are. And unlike with on-premises systems, where you may occasionally have hardware issues, the redundancies in place for Windows 365 Cloud PCs are designed to keep your data accessible at all times.

The flexible pricing terms that you get with Windows 365 are what make this a great productivity tool for a lot of businesses. It’s especially advantageous when you consider that plenty of businesses, particularly the smaller ones, may otherwise find it financially difficult to offer employees this level of flexibility in their work conditions with the security that Microsoft provides. In addition, your Cloud PC environment is regularly updated so that you always have the best features available without the need to increase your IT expenditure.

Customizable Plans

A small startup company is going to have significantly different needs to those of a massive Fortune 500 company, for example. However, that is not to say that Windows 365 can’t be as equally beneficial to the business operations of both.

It’s this need to avail virtual desktops to all who need them that has led Microsoft to allow businesses to pay monthly subscriptions for only the computing resources that they’ll be using. So, businesses can choose between Windows 365 Enterprise and Windows 365 Business, depending on their various computing resource needs.

And within these two editions, you get several customizable and flexible plans that can be tailored to your unique needs and pocket. Therefore, all you have to do is determine the number of Cloud PCs you want and the amount of storage you’ll need. This is all you have to pay for, no more, no less.

Furthermore, having a pay-as-you-go model in place also makes it a lot easier for your business to adapt to a changing business environment. Thus, if the need arises, you can scale up or down with little to no trouble, and this increased control over computing resources will help improve your efficiency.

Conclusion

Most people will probably agree that there has been a massive increase in the acceptance of cloud computing by all businesses, both large and small. It’s not surprising as we have come to realize all the benefits that our businesses stand to gain. Not to mention the work that Microsoft has put into services like Windows 365 to improve security and reliability.

Although not the first of its kind, Windows 365 has been a game-changer for businesses because of its ease of use and favorable payment terms. Having access to a cloud computing environment that can potentially lower your IT expenses while boosting productivity is a great solution for any enterprise. And with all the development efforts that Microsoft continues to pour in, the Windows 365 Cloud PC will only get better.

Windows 365 – Always Up-to-Date Computing for Your Business

Over the last few years, we have witnessed an alarming increase in cybercrime across the globe. Attacks are becoming more sophisticated, and businesses are suffering massive losses. As we take all of this into consideration, it makes us realize the importance of maintaining a secure and always up-to-date environment. Microsoft’s latest cloud computing platform, named Windows 365, is a solution that is meant to provide businesses with a flexible computing environment that adheres to the strictest security measures available.

By providing clients with excellent always-up-to-date features, Microsoft can ensure that clients always have the latest security updates and software versions.

So, in this article, we want to go over the various always-up-to-date features that you get with Windows 365 and why this cloud computing service can give your business the necessary security and reliability.

What Is an Always-up-to-date Computing Environment?

Malicious actors out there are constantly coming up with new tricks. They’re always looking to perpetrate data breaches, hacks, cyber attacks, and identity theft. They are always looking to exploit any potential vulnerabilities that may exist in your network. So, to counter this threat, one of the best tools that services like Windows 365 can offer clients is an always-up-to-date computing environment. This is something that allows businesses to run Cloud PCs that are always up-to-date with not only the latest features but important security patches as well.

Most of us have already experienced the challenges that one can face when trying to maintain an up-to-date computing environment. Although various updates and security patches are regularly availed, it can still prove to be a challenging task.

Hence the need for a system that provides an always-up-to-date environment. It ensures that your business is running the software versions you need to maximize productivity. Additionally, this also enhances organizational security in a way that reduces the risk of successful attacks.

Windows 365 Always-up-to-date Features

To ensure that businesses will consistently have a computing environment that is running on the latest updates, Windows 365 takes advantage of several features. Combining these features helps to ensure that businesses will get an effective and comprehensive updating system. In this section, we’ll take a look at those various features.

Automated Updates

Chances are high that for most people when you encounter that “would you like to update now” prompt, you’ll click on “no.” No one wants the disruption to their workday, especially not knowing how long this update process could take. Even being aware of the security risks of ignoring updates, people will regularly continue without installing them. Actions like this are the reason behind the need for automated updates. Windows 365 can ensure that your devices are updated at a time that is convenient and doesn’t affect any ongoing work.

This gives you the scheduling flexibility to plan for the installation of automated updates. It works for both the operating system and applications on your Cloud PCs to be done during non-working hours. And since these updates are applied automatically, it helps reduce the workload for your IT staff by eliminating some of those sometimes daunting manual tasks. All of this while your business gets to use the latest features and maintain high-security levels.

Patch Management

Patch management involves the scanning and detection of security patches before they can be downloaded and installed. Using this tool helps IT admins to keep the devices that are under their control constantly up-to-date with the latest security patches. Leverage the patch management capabilities that Windows 365 provides. And eliminate the need for IT admins to manually check each virtual device to see if it has the necessary patches applied.

Having feature updates and security patches applied automatically means that you reduce the risk of hackers getting sufficient time to exploit any known vulnerabilities and security threats. This helps your business significantly reduce attack surfaces and keep employee productivity levels unaffected by potential security breaches. Moreover, businesses will also get to reap the benefits from reduced expenses for device lifecycle management as well as repairs.

Centralized Management

Centralized management can play a key role in simplifying your organization’s IT operations. It can help to make user access and data storage easier. It additionally contributes to saving IT admins plenty of time that could be used more productively.

As a result, your security posture can be expected to improve because of how admins can monitor the entire network from a single console. Doing this allows them to quickly detect any issues that may arise and implement the necessary solutions without delay.

This is particularly important in the area of updates and security patches. As already mentioned, manually updating devices can often be a nightmare of a task. So automated updates will come as a welcome relief. Having an always-up-to-date environment means IT admins will get their desired secure computing environments. It also allows the freeing up some of their time. All in all, taking advantage of centralized management for your Cloud PCs gives you a more secure and stable environment from top to bottom.

Integration with Microsoft Azure

One of the things that Microsoft was keen to highlight when it first introduced Windows 365 was this new product’s foundation of existing Azure infrastructure. As such, it could benefit from the tools and features that Microsoft clients would already be familiar with. This means that Windows 365 clients have access to the excellent computing resources that Azure infrastructure can provide.

And we cannot talk about these resources without mentioning security. This includes the highly reliable security measures of the Azure cloud infrastructure. It also includes the identity management protocols that significantly reduce the chances of unauthorized access to devices and, by extension, to your organization’s network.

Industry-leading security is what makes Azure such a great and reliable product. This ensures the protection of all your virtual machines and sensitive data. Most importantly, by keeping the environment always up-to-date, businesses will have any of their security concerns alleviated.

Role-based Access Control

Role-based access control (RBAC) is a method that improves your organization’s security by restricting network access based on the roles and unique responsibilities of employees within your organization. Using this tool helps your business by seeing to it that employees can only access what they need to perform their duties and no more. In addition, it doesn’t just regulate what resources an individual can access. It also determines what they can do with those resources.

By providing Windows 365 users with RBAC, Microsoft enables IT admins to assign permissions to users based on the needs of their duties within the organization. Restricting access to critical software and data is important for protecting the integrity of your network. Moreover, IT admins can enforce compliance especially concerning updates and security patches. And it ensures the organization is operating at optimal efficiency.

Benefits of Windows 365 Always-up-to-date Features

The features that we discuss above are integral to ensuring that your computing environment is kept up-to-date at all times. The benefits of this are several, and we’ll be exploring them below.

Enhanced Security

Cyber attacks have been a thorn in the backside of a lot of businesses in recent years. Take eyewear giant Luxottica as an example, a business that suffered a data breach that exposed the information of over 70 million clients. This kind of attack will be very damaging to any business, and others may not recover from the consequences. As we consider incidences like these, it becomes abundantly clear why businesses must try, by all means, to implement the best security measures available.

A big part of that is maintaining an always-up-to-date computing environment. The features that Windows 365 gives you to achieve this will provide you with security against known security threats. Malicious actors are constantly searching for vulnerabilities, so it’s important to apply the latest security patches and updates. Moreover, having these updates and security patches installed as soon as they become available is important. It will significantly reduce your risk of suffering at the hands of hackers.

Improved Productivity

Anyone who remembers using older devices or any device with older software will probably also notice that they are not as efficient as one would like. They will often run slower than is ideal, and applications may crash far too many times. Undoubtedly, this can be a very frustrating experience for anyone simply trying to get their work done.

As a business, this is something that will cause a noticeable drop in the efficiency of your employees. Individuals cannot be as productive as they want when they have to waste time dealing with software bugs.

The Windows 365 always-up-to-date features are designed to provide your virtual devices with the best available updates. With the improvements that you get from these updates, employees can work better and more efficiently. In some cases, applications will stop working entirely without the necessary updates. Furthermore, the application of security patches reduces your chances of downtime that may be caused by cyber-attacks.

Reduced IT Overhead

Microsoft has designed Windows 365 to be a service that is available to both big and small enterprises. As such, the cost of using the service is meant to be affordable enough to potentially lower your IT expenditure. To begin with, setting up and deploying Cloud PCs is simple enough for you not to require additional IT personnel. So you immediately have fewer costs to worry about. Because of the benefits of features like automated updates and centralized management, maintaining your IT environment is a lot less complex.

The tasks that your IT staff needs to perform become simpler. And they no longer have to spend as much time with manual updates and security patches. As a result, there is a lot more time available to dedicate to better value creation for your business.

Not only that, but with an always-up-to-date environment, IT admins will know that organizational security will significantly improve. This is something that will help them by also reducing the time that could potentially be spent dealing with software bugs or security breaches.

Scalability

Every business needs to ensure that they have the necessary tools to scale as and when necessary. If your business experiences a sudden surge in customer interest, you need to be well-placed to adequately deal with the traffic. Windows 365 has several tools available that enable businesses to scale up quickly and seamlessly without compromising service delivery. And one of the biggest advantages of this process is that the tools you use are the same ones you’re already familiar with. So the process is a relatively straightforward one.

Most importantly, however, is that this task can be carried out very securely, and your IT environment will remain well-protected. So, utilizing the always-up-to-date features means that your business will always have the best tools for your computing environment. Although we mostly talk about expanding a business, the same also applies to scaling down operations.

If the need arises to reduce the computing resources you are using, then you can scale down just as easily and securely, as well. Microsoft provides a service that can accommodate the needs of your business in a way that allows you to operate under ideal conditions.

Wrap-Up About Windows 365

The security of your computing environment is not something that you can afford to take lightly. As we have discussed in this article, several businesses have been breached. The result is the compromising of information of millions of clients. Windows 365 provides you with a cloud computing platform with the objective to adapt to your organization’s needs. And it simultaneously offers you industry-leading security measures.

With the always-up-to-date features that you get, your computing environment can perform with optimal efficiency. Not to mention the enhanced security posture you’ll benefit from because of the automated security patches available. So, if you’re looking for a cloud computing solution that is secure, won’t break the bank, and is relatively easy to maintain, then Windows 365 deserves consideration.

How Windows 365 Helps Achieve Sustainability

The need for greater focus on more sustainable practices is something that has become of significant importance to most nations. And it’s clear to see why as we look at our environment and see the danger for future generations. Microsoft takes this responsibility very seriously and considers sustainability as part of the organization’s culture. Therefore, it’s important to develop products and services with sustainability in mind. This is why a platform like Windows 365 is so great because of the potential it has. In this blog, I’ll be looking at just how Windows 365 can help in the development and implementation of more sustainable solutions. 

Importance of sustainable practices

Over the twentieth century, we witnessed incredible advances in technology and innovation. And no one can deny the benefits that humanity has reaped from all this development. However, a lot of the time these developments occur without any concern for the environment around us. All around us the results are evident in the depletion of natural resources, pollution, deforestation, poor air quality, etc. If we consider just the United States alone the CO2 emissions are already concerning and could potentially reach very dangerous levels in a few more decades.

Fortunately, over the last few decades, people have become increasingly aware of how terribly our planet has suffered. And now organizations like Microsoft are working tirelessly to develop sustainable technologies that can limit the negative impact that we humans have on the environment. Ideally, these technologies should limit environmental degradation during the manufacturing stage as well as during usage. Unfortunately, a lot of the environmental damage cannot be reversed. But with services like Windows 365, Microsoft is looking to protect our environment from further destruction.  

Impact of technology on the environment

For a lot of folks, when you think about technology what comes to mind are computers, cellphones, tablets, smart gadgets, and anything else that has become a must-have, integral part of our lives. Not many will consider the environmental impact of their cellphone or PC. But, the reality is that the devices we use all require various materials to make them and these include finite natural resources, precious metals, and more. 

MINING

Also, we cannot ignore the environmental impact of the mining process itself. It is responsible for deforestation, landscape destruction, and water pollution. And this is long before we even address the often incalculable loss suffered by entire communities that may face displacement.

GAS EMISSIONS

And then there is the colossal energy consumption and production of gas emissions that are involved. Unfortunately, this doesn’t end with the mining process. We find that manufacturers as well will require huge amounts of energy to turn the products of mining into the modern high-tech devices that end up in our homes. 

After the manufacturers are done, businesses will rely on vast transport networks to get the various products delivered to clients all across the globe. So, as we move along the chain, more and more energy is required and gas emissions keep increasing. To add to all of this, the cost to the environment will keep growing for the lifecycle of these gadgets. Because every time you plug a device into a non-renewable energy source there is a carbon cost incurred. 

ELECTRONIC WASTE

Unfortunately, however, the cycle doesn’t end once a device is no longer in use. Tens of billions of dollars (yes, billions) worth of electronic waste is thrown away annually, with most of its remains ending up in landfills or burned. As much as recycling may be gaining traction, not enough old electronic devices are being recycled. 

The carbon emissions from dumping electronics are massive. But we additionally have to worry about the leaching of chemicals which is going to worsen environmental degradation and potentially pollute water. This can be extremely frustrating especially when considering how beneficial it would actually be to the environment if we could reclaim valuable materials through recycling. Not to mention the potential employment creation and economic benefits. 

Why is Windows 365 important?

Windows 365 is a platform that Microsoft has designed to offer an innovative, virtualization service that can help minimize our negative impact on the environment. Announced in 2021, Windows 365 enables users to access Cloud PCs from anywhere.

As businesses increasingly continue to embrace the idea of a hybrid work environment, Windows 365 wants to be the solution and hybrid platform of choice for those workers looking to migrate to the cloud. By streaming Windows 10 or Windows 11 to almost any available device, Microsoft will offer users the ability to take their desktops anywhere. And Microsoft assures clients that Cloud PCs are highly secure so users can work remotely with greater peace of mind.

ENVIRONMENTAL ADVANTAGES

Immediately you begin to see how Windows 365 is hugely beneficial to the environment. Because all your computing needs are taken care of on the Microsoft Cloud, you don’t necessarily need a powerful device. As a result, it means that organizations may not need to keep purchasing devices for new employees. And they also won’t need to keep refreshing devices every few years. To make accessing Cloud PCs convenient and easy, Microsoft allows you to use most devices.

All you need is a decent internet connection and you’ll be able to operate a reasonably powerful Windows PC using just about any device. So, all Windows 10 and Windows 11 devices should be compatible with Windows 365. The best part, however, is that clients will be able to easily stream a Windows 365 session to hardware running macOS, iOS, Linux, and Android. Ultimately what this will mean is that businesses won’t need to be potentially throwing away PCs as often as they do now. In addition to the environmental benefits, the financial upside for businesses would be massive.

FOOTPRINT REDUCTION

Network servers are key infrastructure and have a tendency of taking up a lot of on-site space. That’s not all but the hassle of maintaining said servers including the security personnel to oversee and monitor them can drive costs sky high. Fortunately, Windows 365 has made it possible for organizations to reduce both this expenditure and the business’ physical footprint.

The fact of moving operations to the cloud means the amount of office space needed is significantly decreased. A modest business premise will probably be all that’s necessary instead of the vast swathes of corporal real estate typical of pre-pandemic offices. 

Furthermore, thanks to the remote working models adopted by companies during the pandemic and the flexibility Windows 365 affords, it may be possible for a sizable part of the workforce to continue working remotely full-time. 

Reducing consumption

One of the biggest selling points when it comes to Windows 365 is that you pay only for what you need. Organizations, both big and small, can pick the subscription model that best fits them.

The subscription models available are Windows 365 Business for smaller businesses and Windows 365 Enterprise for larger ones. Regardless of which you choose, you get the same range of features and an extensive 12 Cloud PC configurations from which to make your selection. For those looking for a bargain, the first configuration is worth considering. For just $20 you get 1vCPU, 2GB RAM, and 64GB storage. If your employees are frontline workers or only require access to basic CRM software then this configuration is ideal. For more demanding operations, the $158 option gives you access to 8 vCPUs, with 32GB RAM and 512GB storage. This setup works best for those dealing with heavy computing scenarios like software engineers. Whether you’re looking for a lightweight or heavy-duty option, there is a solution for you.

The reason why this is so important is that having access to the computing resources you need and no more can help to reduce electricity consumption. When you look at traditional data hardware systems, they require a consistent power supply to run the infrastructure efficiently. Not to mention things like cooling fans, alarm systems, etc. All these elements combined consume a significant amount of electricity. 

LARGE ENTERPRISES BENEFIT, TOO

And the bigger the organization, the larger the infrastructure will be, and consequently the greater the electricity consumption. Windows 365 offers organizations the option to migrate their operations to the cloud and start saving energy. Some reports have suggested that cloud migration has the potential to reduce energy consumption by up to 65%. If accurate this would undoubtedly be a great step towards achieving sustainability goals. And if you can reduce energy consumption by that much then that will also reflect very favorably in the organization’s finances.

STATS TO SUPPORT A REDUCTION IN ENERGY CONSUMPTION

In addition to the potential reduction in energy consumption, there is some research that appears to suggest that organizations can reduce their carbon emissions by 72 to 98% by moving their IT infrastructure from traditional data centers to the cloud. In this Microsoft white paper, we are told:

“Microsoft Cloud is between 22 and 93% more energy efficient than traditional enterprise data centers, depending on the specific comparison being made. When taking into account our renewable energy purchases, the Microsoft cloud is between 72 and 98% more carbon efficient.” 

Typically, we expect cloud data centers to help reduce carbon emissions because they will generally have newer, more efficient equipment and are increasingly relying on renewable energy. Although measuring and reducing carbon emissions presents significant challenges, a lot of research is still going on to aid the development of more sustainable solutions.   

Assessing your sustainability

With an increasing number of organizations being concerned about sustainability, it may be time for your business to start planning an assessment. Especially considering the public interest in sustainable businesses. Before you start looking at sustainable solutions and how to implement them, you need to do an assessment of your business operations and the impact on the environment. Once you have that information and a clear picture of your business’ operations, you can develop baselines that you can build on. There are various assessments that can be carried out and below are some of them.

EVALUATION OF ENERGY USAGE AND EFFICIENCY

Businesses often have massive energy consumption, although some will obviously utilize far more than others. By doing a thorough assessment, you can see how your business is operating and this will enable you to not only reduce energy consumption but greenhouse gas emissions as well, among other things. A good way to complete this assessment may include working alongside engineers and other experts in sustainable practices.

EVALUATION OF YOUR ORGANIZATION’S CARBON FOOTPRINT

When looking at how businesses emit greenhouse gases that list is often a very long one. The most obvious would be powering your premises, manufacturing processes, transportation of staff, distribution of products, etc. As we can see from the few listed examples, carrying out this assessment is far from a simple exercise. However, it’s an extremely important process if you want to see what your business carbon footprint looks like.

Unlike with the energy audit, measuring your carbon footprint requires the calculation of the greenhouse gases emitted by your business premises and the various operations. The energy audit and carbon footprint measurement work hand in hand since they expectedly affect each other. And similar to the energy audit, measuring your greenhouse gas emissions is easy when executed by a professional team/service.

Working remotely

A lot of businesses have been adopting hybrid working setups in the last few years. After the pandemic, as things slowly started to return to normal, businesses were discovering that some employees still preferred to work from home. And the great thing about the Windows 365 Cloud PC is that it allows users to work easily from anywhere without compromising the organization’s security. 

BENEFITS

But, the benefits of the Cloud PC go beyond the flexibility afforded to employees. If people are given the option to work from home, they will. And this reduces their need for commuting and consequently the demands on the transportation sector. In a report by The Global Workplace Analytics, they made the assessment that remote workers can contribute massively to the reduction in greenhouse gas emissions by removing over half a million cars from the road. In addition, they go on to state that even working from home half the week can see an emissions reduction of up to 54 million tons every year.

Something else that we could potentially benefit from is a cleaner atmosphere. There’s no denying that the fuel used by cars or the emissions from buses have played a massive role in the rapidly declining quality of the air we breathe. So sustainable solutions that can help improve the quality of air would be most welcome. 

At the height of the pandemic during the lockdowns, a lot of people would have noticed how the quality of air appeared to improve, albeit temporarily. Therefore, adopting platforms like Windows 365 could do a lot to mitigate the effects of environmental degradation. In addition to the environmental benefits, there’s plenty more to like when you look at the features of Windows 365.

ATTRACTIVE FEATURES

And it’s these features that enable this service to be an attractive option for organizations looking to minimize their environmental footprint.  Among these features we can list: 

  • Instant boot to a personal Cloud PC.
  • Clients get the full Windows experience in the cloud.
  • Clients can also stream various applications, tools, data, and settings directly from the Microsoft Cloud across any device.
  • You get a choice of running either Windows 10 or Windows 11.
  • Secure by design, and fully compliant with Microsoft’s Zero Trust principle.
  • Flexible per-user, per-month pricing plans at flat subscription rates.
  • A scalable set of virtual hardware parameters that lets you adjust to changing conditions whenever necessary.
  • Fully compliant with Azure AD and MEM.
  • Fast setup process that provisions your Cloud PC within minutes.

Sustainability solutions

Microsoft is clearly playing a significant role in trying to help businesses achieve their sustainability goals and accelerate that progress. And another key element is the Microsoft Cloud for Sustainability which combines environmental, social, and governance (ESG) capabilities across the Microsoft cloud portfolio to enhance the way businesses are operating. This is in addition to the solutions from Microsoft partners who they’re working with to enable organizations to get the necessary transparency and insights for the effective management of their environmental footprint.

These efforts should also allow organizations to implement sustainability throughout their entire organizations and value chains. As a result, businesses will be able to develop new value in this changing landscape. By leveraging Unify data intelligence, you’ll be able to get the visibility required for you to push business transformation, sustainability efforts, and sustainability reporting. What this means is that your organization can streamline data ingestion, integration, and calculations as well as analyze and report environmental impact and sustainability progress.

SOLUTION CAPABILITIES

Next, we can talk about how to build a sustainable IT infrastructure. This approach enables businesses to identify opportunities to swap out their existing suite of solutions for cleaner versions that increase the business’ overall value. Leveraging this option you can:

  • Establish carbon and energy efficiencies within cloud infrastructure.
  • Evaluate, track, and assist with enhancing compliance with international, regional, and industry policies and standards.
  • Incorporate sustainable technologies designed with environmental impact in mind.

Another key thing you’ll want to do is reduce environmental impact of operations. Businesses need to assess their operations, systems, tools, etc, to determine how they can reduce their environmental footprint. This is important so that you can:

  • Promote energy efficiencies and move towards renewable energy sources.
  • Upgrade transportation systems and improve fleets.
  • Minimize the environmental impact of buildings, spaces, and equipment.
  • Facilitate streamlined collaboration regarding targets and objectives.

Furthermore, we cannot ignore the issue of creating sustainable value chains. This is a critical area that allows you to put in place measures for transparency and accountability throughout the entire value chain. So that means from the businesses where you source your materials right through the end of use. Ultimately, this should enable you to optimize materials and thus create more sustainable products and services.

What else does Windows 365 offer?

Meeting sustainability goals is a wonderful target to have but organizations need to know what else Windows 365 can offer.

SECURE HYBRID WORK

As attractive as the idea of achieving sustainability is, without top-notch security migrating to the cloud would not be a good idea. So, Microsoft has enhanced security measures by implementing Zero Trust principles enabling each request to be fully authenticated, authorized, and encrypted before access is granted. Add to that the fact that data is not stored on the physical devices but on the cloud and you have even more protection around your data. These measures should help to assuage concerns about the security of remote work as well as the risk of security breaches. Not to forget as well that Windows 365 clients can benefit from the already existing solutions that are part of Microsoft Endpoint Manager.

SIMPLE TO USE

Microsoft boasts that the user-friendliness of this service means organizations won’t have to hire additional IT specialists to configure and supervise Cloud PCs. This effortless management model and instant start-up capacity means that even the less tech-savvy members of your team can perform their duties without too much trouble. This is something that may also help you to lower overall operating costs. Furthermore, your IT staff can manage, deploy, and configure the PC environment just as they have done all along.

Wrap up

Change is something that is rarely easy to accomplish but is often necessary. As our environment continues to suffer, individuals and organizations need to start working towards sustainable goals. And the IT sector can do a lot to help the cause of this planet. Microsoft has taken a huge interest in sustainable development and we see that with services like Windows 365. The solutions it offers can play a big role in reducing energy consumption, greenhouse gas emissions, and waste. Undoubtedly this will not be an overnight process but progress needs to be swift because of the situation we already find ourselves in. Fortunately, as the push for more eco-friendly products and services gathers momentum, we are seeing greater participation from all industries. And this can only be a good thing for the planet.

Introducing the Microsoft Inclusive Tech Lab

As we all know, over the years Microsoft has already put in a lot of work towards the development of more inclusive solutions for all its customers. So when we talk about the Microsoft Inclusive Tech Lab, we’re not talking about something new but rather a significant update on the lab that had previously been at the center of this work. 

According to Microsoft, this new lab which is designed “to learn and develop specifically for people with various types of disabilities” will provide a facility that can greatly enhance the work being done to provide more inclusive solutions. In this blog, I will take an in-depth look at this new Microsoft Inclusive Tech Lab and what it could mean for inclusivity going forward. 

Why we need inclusive solutions

In this modern era that we live in, no one can deny the significance of technology in all our lives. Regardless of which sector we can look at. Whether it’s the health sector, education, engineering, etc. The applications of various types of technology are limitless in any sector.

And this is exactly why it’s important to ensure that technology can be accessible to everyone. So what do we imply when we say “inclusive technology?” Simply put, all this refers to is ensuring that the technology available is accessible to everyone including groups that may previously have had difficulty accessing it such as those living with disabilities.  

By having facilities such as the Microsoft Inclusive Tech Lab, we will witness significant strides being made in providing inclusive technology solutions for everyone. And this is something that would be crucial not just in the work environment but beginning in early education. 

This will help to provide all students with a similar platform for engaging with learning material and enhancing the learning experience. With a setup like this in place, we can expect to see the benefits of this go beyond the educational phase and into the work environment.  

Introducing the Inclusive Tech Lab

Arguably the most important aspect of the Microsoft Inclusive Tech Lab is that it not only develops inclusive solutions but that these solutions are made by people living with disabilities. As such, the objective for Microsoft is to show just how great the potential can be when you bring in people with disabilities in the development process. 

The facility itself is a representation of how committed Microsoft is to developing inclusive solutions. Especially when considering how sensitive a lot of individuals may be to their environment. This then creates the ideal environment where introductory tours and collaborative workshops can be held to further the work being carried out.

The lab gives you an opportunity to view just how Microsoft’s products as well as those of its partners can work together to good effect. Therefore, this is the place to go when searching for the best assistive solutions that Microsoft and its partners are putting together. 

This kind of work clearly demonstrates how Microsoft and its partners are determined to ensure that the fruits of all their development work can benefit all who require access. Expanding the realm of possibilities can significantly alter what the future of the technology industry can look like.

According to Microsoft:

The space is purpose-built to continue this work. It is highly modular and will adapt to specific needs over time and across different projects, allowing discussion and design sessions on products and services intended for home, the workplace, schools, and remote connections. It is a place designed to demonstrate what is possible when you intentionally and proactively include people with disabilities in the product-making process and strive to build products that are genuinely inclusive by design.

The Inclusive Tech Lab is intended to be an embassy for people with disabilities, not a space about them. It will include a showcase of Microsoft’s accessible hardware, software, and services, as well as experiences created by our partners. Primarily, however, it is an inclusive design incubator where Microsoft and disability communities can ideate and evaluate product design and direction. It is a space where our designers can challenge assumptions while learning to recognize the exclusions and constraints faced by people with disabilities. We harness that understanding to create new ideas, designing for “one” and extending to many.”

Inclusive involvement

The teams of individuals working on various projects are encouraged to use the ideas they have received from people with disabilities and find ways to apply them to the technologies they are working on. By providing teams with this lab and all its capabilities, the people here literally have the sky as the limit. They can imagine and work on ideas that are driven toward making a fully accessible environment for everyone across the globe. 

The full involvement of people with disabilities means that the Microsoft Inclusive Tech Lab seeks to do more than just create a product. As good as that may be, the project wants those working on solutions to be able to relate on a deeper level to those who they are designing products for and how it will affect their lives.  

Principles of Inclusive Design

So now that we’ve looked at why seeking to develop inclusive solutions is such an important objective, we can consider the principles that Microsoft will lean on during this endeavor. Firstly, we can talk about the recognition of exclusion. What this simply refers to is the fact that all of us, regardless of where we’re from, have our own inherent biases that determine how we view the world and therefore live our lives. 

The key then at Microsoft is to acknowledge that these biases exist and this gives you an opportunity to explore these issues. As you recognize what they are and how detrimental they’ve been, you can start engaging the affected communities and coming up with inclusive solutions to bridge all the necessary gaps.

Learning from diversity

The next principle that Microsoft looks at is that of learning from diversity. This is because there is an appreciation of just how different and divergent perspectives can positively impact a learning or work environment. We actually find that in some schools of thought, it is believed that within diverse work and learning environments cognitive skills and critical thinking can improve. 

What causes this is that the interactions that go on in these diverse communities can challenge you as an individual with different views and perspectives that you might not have previously considered. 

Therefore, Microsoft wants to have its Inclusive Tech Lab be a place that will promote learning from diversity. Especially considering the wide reach of its products and services across all continents.  

The last principle I’ll talk about is that of trying to solve challenges for one in a way that will extend to others. When looking at developing solutions from this perspective, the idea is that most people have abilities but as human beings there will always be limitations to those abilities. 

So, when we start considering creating inclusive technology solutions what we can ultimately come up with are systems that will enhance accessibility for people living with disabilities. However, we can also expect to see other users of these products being able to benefit as well. 

Microsoft’s Adaptive Accessories

At the heart of the work that Microsoft is doing with inclusive technologies are the adaptive accessories. These accessories, which have significant input from disability communities, are highly adaptable and have been designed with the intention of making them customizable to suit individual needs. The product line features an Adaptive Mouse, Adaptive Hub, and Adaptive Buttons. 

All of the accessories can be configured as necessary and will support everything. And so this includes first-party add-ons such as Thumb Supports or Mouse Tails, as well as custom 3D-printed add-ons that enhance the various use cases. These devices leverage the foundation that was laid by the Xbox Adaptive Controller and aims to eliminate the challenges that the disability community has faced with the traditional mouse and keyboard setup. 

Adaptive Hub

This product is designed to enable users to turn traditional keyboards into a central hub with several wireless buttons. It is in the form of a small, box-shaped device that is meant to enable the devices to offer accessibility. What this entails is that users can augment traditional keyboards and create custom inputs. You’ll notice that the Adaptive Hub has five 3.5mm ports, three USB-C ports, as well as a Bluetooth pairing button. The aforementioned ports are where you connect the adaptive buttons and switches. Furthermore, it can connect to your current assistive technology, such as third-party digital buttons and switches, through the 3.5mm ports.

Adaptive Mouse

This adaptable mouse is built to be accessible. You can personalize the device by attaching the Microsoft Adaptive Mouse Tail and Thumb Support. By leveraging these attachable parts, Microsoft offers users the chance to have a mouse that is designed to fit their unique needs. Also, I’m sure users will gladly discover that the adaptable and customizable attachments help to make the device lighter and more portable. Unlike other accessories, the Adaptive Mouse will connect directly to your PC. The two buttons that it has are easily clickable which adds to the ease of use. And it also features a similarly clickable scroll wheel. In addition, you get the option to configure the buttons and scroll wheel for action/function shortcuts and for both short presses and long presses. 

Adaptive Button

With the Adaptive Button, users will get a small, square-shaped wireless button. It is designed to give you eight digital inputs that can be uniquely customized in the Microsoft Accessory Center and an easy-to-press design. And each Adaptive Hub can connect with up to four Adaptive Buttons. In addition, because of the partnership with Shapeways (which is a 3D-printing company that creates other 3D-printed toppers), users can customize their devices by custom-printing their own button toppers. So, if the button toppers that Microsoft can offer you out of the box are not suitable for you then you can get something more personalized. The design of the button including its small size means that it’s relatively easy to hold and place according to your usage needs. 

Inclusive Design for Gaming

As already mentioned above, a significant amount of the work being done at the Microsoft Inclusive Tech Lab has to do with gaming consoles. There has been a growing realization of just how much need there is for inclusive solutions for gaming systems. 

For instance, the typical controller that comes with the vast majority of consoles requires two hands, two thumbs, and fine motor control for you to operate comfortably. Quite simply, this will mean the exclusion of a significant number of people who are living with disabilities. 

With this in mind, the teams of individuals working on the development of inclusive solutions need to recognize the exclusion that has existed with gaming consoles in the past. We can appreciate that these devices’ designers worked with certain assumptions about the users of these devices and how they would be using them. 

Unfortunately, that has created a scenario where plenty of potential users can use these devices but with great difficulty or may not be able to use them at all. So, Microsoft now appreciates that if users can’t use their products because of how they were designed then that creates a massive barrier. And this is what a lot of the work at the Inclusive Tech Lab is based around, developing solutions that can eliminate these barriers. 

Learning from diversity

Another important key area for gaming is learning from diversity. Microsoft has been able to do this over the years by engaging with the various gaming communities to seek their insights on a variety of issues. The teams working on these products have received feedback on the functionality of the devices, their ease of use, and any changes that users may want to see to improve accessibility. 

And all of this feedback combined with the development work being done has been central to the creation of inclusive gaming solutions such as the Xbox Adaptive Controller. Products like these will mean that can be something all users can potentially enjoy even more. 

Creating solutions that enhance inclusivity can be of great benefit to all. Why should individuals living with disabilities be restricted from the gaming experience that countless others across all continents get to enjoy? As Microsoft was working on the adaptive controller, there was a need to take into consideration the unique ambulatory abilities of users in the targeted communities. 

Not only that but looking at people’s situations such as Gamer, CareGiver, Maker, etc, allowed for the development of a product that could be tailored to address various needs. Going forward, we would fully expect the Xbox Adaptive Controller to play a key role in shaping inclusive solutions and significantly enhance the ease of use for all users. 

Inclusive Solutions

Microsoft has been working on several inclusive technologies for a while now. In fact, the Inclusive Tech Lab isn’t exactly something completely new. It’s something that the Xbox team has had in place since 2017 as they were working on the Xbox Adaptive Controller

Now, Microsoft has provided a designated space, extended the lab, and is looking to develop integrative design by working closely with the disability community. The work being done in this environment is producing a great variety of accessibility tools. In the table below we’ll go over some of the possibilities available.

Vision

Adapt Windows to your vision

  • use the available color filters
  • change the color contrast
  • make Windows easier to see
  • use Magnifier to enhance the visibility of what’s on the screen
  • use color and contrast for accessibility in Microsoft 365

Listen instead of watch

  • use Narrator to hear text read aloud
  • use the screen reader with Microsoft 365 apps
  • listen to your Outlook email messages
  • listen to your Word documents
  • converting text to speech in Excel
  • seeing AI narration (hear descriptive audio everywhere)
  • Microsoft Soundscape (experience maps in 3D sound)

Use Immersive Reader

  • use Immersive Reader in Microsoft Edge
  • open Immersive Reader for Outlook
  • use Immersive Reader in Word
  • use Immersive Reader in Microsoft Teams
  • use Immersive Reader in PowerPoint
  • use Immersive Reader for OneNote
  • use Immersive Reader in Microsoft Forms

Improve the efficiency of keyboard use

  • take advantage of keyboard shortcuts for accessibility

Hearing

Adapt Windows to your hearing

  • with mono audio, you can hear all sounds in one channel
  • change caption settings
  • make notifications stick around longer
  • display audio alerts visually

Watch instead of listen

  • instead of listening to sounds you can use text or visual alternatives
  • you can autogenerate captions for videos
  • you can use captions and subtitles during Skype calls
  • in Microsoft Teams meetings you can make use of live captions
  • add closed captions and/or subtitles to media in PowerPoint

Improve the efficiency of keyboard use

  • take advantage of keyboard shortcuts for added accessibility
  • use the Search/Tell Me feature (find the command you want)

Neurodiversity

Adapt Windows to suit your needs

  • make the Start menu simpler
  • declutter your taskbar and make it clean
  • focus on a task by minimizing distractions
  • customize the taskbar

Improve reading comprehension and writing skills

  • enable text suggestions in Windows
  • make reading easier by downloading and using fluent fonts
  • customize text spacing
  • take advantage of learning tools in OneNote
  • use Microsoft Editor to polish grammar and more

Customize your reading experience and read without distractions

  • when using Microsoft Edge, take advantage of Immersive Reader
  • use Immersive Reader in Word
  • open Immersive Reader for Outlook
  • use Immersive Reader in PowerPoint
  • use Immersive Reader for OneNote

Maintain focus and organization

  • improve your PowerPoint slides
  • by keeping your Microsoft 365 files in OneDrive you can prevent the loss of your work
  • make use of the calendar board view to organize things according to your needs
  • go paperless with Microsoft Lens

Improve the efficiency of keyboard use

  • take advantage of keyboard shortcuts for added accessibility
  • use the Search/Tell Me feature (find the command you want)

Learning

Improve writing quality

  • you can use Microsoft Editor as your writing assistant in documents, mail, on the web, etc. Also, you can use it to check your grammar, spelling, and more in Word.
  • you can type with your voice to dictate documents, to talk instead of type on your PC, as well as for troubleshooting.

Reading comprehension and skills improvement

  • use the Immersive Reader
  • practice reading fluency with the Reading Progress tool
  • if you want to eliminate distracting content from the web you can make use of the Reading view
  • hear text read out loud

Improve math skills

  • you can benefit from inclusive math interactive training
  • you can use Microsoft 365 apps to write equations or formulas
  • use Microsoft Forms to create math quizzes
  • use OneNote to create math equations
  • use OneNote Math Assistant to help you solve equations, draw graphs, and more.
  • replay ink strokes in OneNote for Windows
  • draw straight lines or measure with the ruler in OneNote

Communicate confidently with inclusiveness

  • create an inclusive communication environment. You can do this with the use of Reflect in Microsoft Teams as well as live captions during Teams events.
  • create inclusive PowerPoint presentations. This can be done by doing this such as using the Accessibility Checker to enhance accessibility and making presentations with real-time, automatic captions or subtitles in PowerPoint, among others.
  • use Microsoft Translator

Configure Windows for effective learning

  • make the Start menu simpler
  • declutter your taskbar and make it clean
  • focus on a task by minimizing distractions (Turn off animation and transparency effects)
  • use Magnifier to enhance the visibility of what’s on the screen
  • customize the taskbar
  • block alerts and notifications by using Focus assist

Mobility

Configure Windows to meet your mobility needs

  • Make your keyboard, mouse, and other input devices easier to use. You can do this by controlling your mouse pointer with the numeric keypad or making use of the Filter Keys to set the sensitivity of the keyboard, among other things.
  • As an alternative to typing on the physical keyboard, you can use the on-screen keyboard.

Type and navigate with your voice

  • use voice recognition in Windows
  • Windows Speech Recognition commands
  • dictate your documents in Word

Control Windows and apps with your eyes

  • take advantage of eye control features to enhance ease of use

Improve the efficiency of keyboard use

  • take advantage of keyboard shortcuts for added accessibility
  • use the Search/Tell Me feature (find the command you want)

Mental health

Configure Windows to meet your needs

  • make the Start menu simpler
  • declutter your taskbar and make it clean
  • focus on a task by minimizing distractions (Turn off animation and transparency effects)
  • use Magnifier to enhance the visibility of what’s on the screen
  • customize the taskbar
  • block alerts and notifications by using Focus assist
  • enable text suggestions

Improve your focus

  • using Immersive Reader can help you work with fewer distractions
  • stay on track with your tasks by creating Outlook tasks in OneNote or using the Tasks app in Microsoft Teams.
  • customize the look and feel of Office to your liking
  • use Microsoft Viva Insights to help you develop more efficient work habits

Improve the efficiency of keyboard use

  • take advantage of keyboard shortcuts for added accessibility
  • use the Search/Tell Me feature (find the command you want)

Tactile Port Indicators

Having tactile indicators placed on devices can be a great feature that can enhance ease of use for countless people. And for an example of this, we can look at the work that Microsoft has put into devices such as the Xbox Series X game console, Microsoft Audio Dock, and the Surface Thunderbolt Dock among others to improve accessibility for the visually impaired. 

The reason this came about is that when we consider a lot of devices out there, ports like the USBA and the HDMI can feel pretty similar to the touch. And so people working at the Microsoft Inclusive Tech Lab have been seeking feedback from those who are visually impaired on how best to develop a system that can offer them greater ease of use.

How it works

So how does this work exactly? Well, what this new system is designed to do is provide little bumps over the various ports on these devices to aid with discerning what’s what without the need for sight. This means you will no longer have to feel for just the shape of the ports, but with this additional system, it should become easier to determine which port is which. As we can all imagine, the potential for what this could offer visually-impaired individuals across countless devices is massive.  

It’s no surprise when you consider the devices that Microsoft has been working on initially. Gaming is a huge part of the work that takes place at the Inclusive Lab.

However, this system is something that everyone out there should be looking at considering what it offers. The objective is for the idea to grow even more and become even better because it is not meant to work alone but help improve ease of use. And ideally, it would be great to see this applied to various other types of devices so they benefit as well. 

Surface Also Making Changes

The teams working on the various Surface products have also had to look at their products and consider how they could improve accessibility. Unfortunately, the reality is that a lot of products have been previously developed without any consideration of the needs of those living with disabilities. 

For example, on older Surface devices you’ll find that F4 and mute shared a key and the only indicator for FN lock was a light. When you consider the needs of those without sight you can quickly spot how this would present challenges. When screen reader users were trying to close an app, they could inadvertently mute their PCs and thereby leave them cut off from their devices. 

Fortunately, teams working on Surface products are now developing systems that will enhance the ease of use for visually-impaired individuals. By sitting down with the blind, listening to their experiences, and hearing their suggestions, Microsoft can now come up with more inclusive tech solutions for their products. 

Going forward, starting with the Surface Laptop 3, you will see changes such as the separation of mute and F4. Additionally, FN lock is going to be made accessible via Windows Narrator and tactile bumps will be added to the F4 and F8 keys to simplify keyboard navigation. These wonderful improvements will be made to all Surface keyboards in the future as part of an ongoing effort to provide better inclusive technology. 

More is yet to come and discussions with the visually-impaired community have also uncovered the need for customizable tactile indicators. With this in mind, Microsoft has been able to develop the Surface Adaptive Kit. This is something that should enable the development of even better solutions by looking to overcome the limitations on hardware with enhanced software, better accessories, and more. 

Wrap Up

For far too long technology did not do enough to address the needs of the disability community. Plenty of individuals faced significant barriers when it came to using technology comfortably. As a giant in the tech industry, Microsoft could not ignore the responsibility. Hence, we have the Microsoft Inclusive Tech Lab. This facility is doing phenomenal work that aims to take down barriers and provide solutions that are accessible to all. And the great thing about all this is that this is not a place that simply comes up with solutions for the disability community but it has members of the community greatly involved in development. Undoubtedly, the work going on here will massively enhance technology inclusiveness going forward.

Top 10 reasons Why Windows 365 is a great choice

Windows 365 is a great choice for your business. As the world becomes more digital, it is important to have the right tools to stay productive and competitive. Subsequently, with this Windows solution, you can take your desktop anywhere you go, work from any device, and access your files and apps from anywhere with an internet connection.
Here are the top 10 reasons why Windows 365 is a game changer for businesses of all sizes:

To expand on each topic, simply click on the item.

Each topic will be released over the next couple of weeks, stay tuned for updates

  1. Secure and reliable: Windows 365 is built on top of the Azure platform, which provides top-notch security and reliability for your business. Additionally, your data is stored in the cloud and protected by Microsoft’s advanced security protocols, so rest assured knowing your information is safe.
  2. Scalable: Windows 365 allows you to scale up or down your computing power as your business grows or changes. Consequently, this means you can quickly add or remove users, adjust your storage capacity, and scale your resources according to your needs.
  3. Always up-to-date: With Windows 365, you will always have the latest version of Windows and Office applications. Moreover, this means you won’t have to worry about updates, patches, or upgrades. You’ll always have access to the latest features and improvements.
  4. Flexible pricing: Windows 365 offers flexible pricing options that allow you to pay only for what you need. You can select different plans based on the number of users, the amount of storage, and the computing power you need.
  5. Accessible from anywhere: With Windows 365, you can access your desktop and files from anywhere with an internet connection. For example, you can work from home, on the go, or from a remote location without any interruptions.
  6. Easy to set up: Setting up Windows 365 is easy and straightforward. You can quickly provision virtual machines, assign users, and set up policies and permissions. Additionally, you don’t need any special skills or knowledge to get started.
  7. Simplified management: Windows 365 offers a centralized management console that allows you to manage all your users, devices, and applications in one place. You can easily monitor performance, track usage, and enforce security policies.
  8. Collaborative: Windows 365 makes it easy for your team to collaborate and share files. You can set up shared folders, access permissions, and collaborative tools that allow your team to work together in real-time.
  9. Support for legacy applications: Windows 365 supports legacy applications that may not be compatible with modern operating systems. For example, you can continue using your existing applications without any compatibility issues.
  10. Green computing: By using Windows 365, you can significantly reduce your company’s carbon footprint and contribute to a greener planet. Since your desktop is in the cloud, you don’t need to have a physical machine running all the time. This can help reduce your energy consumption and lower your carbon emissions.

Conclusion

In conclusion, Windows 365 offers a secure, scalable, and flexible solution for businesses of all sizes. Moreover, it allows you to work from anywhere, collaborate with your team, and stay up-to-date with the latest technology. If you’re looking for a more effective way to streamline your business operations, improve your productivity, and reduce your costs, it’s definitely worth considering.

Azure Virtual Desktop’s Latest Capabilities

Using virtual desktop services enables you to have secure access to work applications and other organizational resources from remote locations. This is something that vastly increases your capabilities beyond the traditional desktop in the office. Microsoft offers Azure Virtual Desktop (AVD) as a desktop and app virtualization service that runs on the cloud.

And as the work environment consistently evolves, desktop virtualization services are becoming an integral part of the way that organizations operate. It can make it easier to have employees working remotely without worrying about the security of your network.

Unlike in the past when running a virtual desktop environment would have been an extremely complex and expensive undertaking, AVD simplifies the process and also makes it affordable. Additionally, you can expect guaranteed, regular updates and new capabilities that continuously improve the service.

Azure Virtual Desktop main features

Azure Virtual Desktop comes with a lot of capabilities, designed to optimize the use of virtual desktops. By using this service, you can have an environment that perfectly meets the needs of your organization, is scalable when necessary, and is flexible. Below are the key capabilities that you will benefit from:

  • You can create a full desktop virtualization environment in your Azure subscription. And you can do so without having to run any gateway servers.
  • You can publish host pools as you need so that you can adequately accommodate your various workloads.
  • Allows you to have your own image for production workloads or test from the Azure Gallery.
  • The availability of pooled, multi-session resources is something that will help you to lower your costs. You can see this even more with the new Windows 10 and Windows 11 Enterprise multi-session capability that will enable you to cut down on the number of virtual machines as well as the operating system overhead costs without having to make compromises about the resources that your users have. (This capability is exclusive to Azure Virtual Desktop and Remote Desktop Session Host (RDSH) role on Windows Server).
  • Users can get individual ownership through personal (persistent) desktops.
  • You can manage costs further by leveraging autoscale to handle the automatic increasing or decreasing of capacity and this can be based on time of day, specific days of the week, or changes in demand.

For the deployment and management of virtual desktops:

  • You can do it through the Azure portal, Azure CLI, PowerShell and REST API for the configuration of host pools, the creation of app groups, the assignment of users, and the publishing of resources.
  • From a single host pool, it’s possible to publish full desktop or individual remote apps. You can also create individual app groups for different sets of users, and you could even cut down on the number of images by assigning users to multiple app groups.
  • You can gather diagnostics that will help you understand the various configuration or user errors by taking advantage of the built-in delegated access when assigning roles.
  • Troubleshooting errors is easier when using the new Diagnostics service.
  • The infrastructure will not require any managing, only the image and virtual machines will. Unlike with other Remote Desktop Services, you won’t have to personally manage the Remote Desktop roles. You only need to manage the virtual machines in your Azure subscription.

Assigning and connecting users to your virtual desktops is also something you can do:

  • Once assigned, users will be able to launch any Azure Virtual Desktop client to connect to their published Windows desktops and applications. Conveniently, you can use any device to connect and you can do so through the native applications on your device or you could use the Azure Virtual Desktop HTML5 web client.
  • Opening any inbound ports is not necessary because you can securely establish users through reverse connections to the service.

New multi-session capabilities

The features I’ve gone over above are key in delivering a virtualization experience that eliminates the complexities of traditional virtual desktop solutions. However, Microsoft is adding to those capabilities to give users an even better Windows experience by introducing Azure Virtual Desktop multi-session with Microsoft Intune.

With this addition, you’ll now be able to use Microsoft Intune to manage Windows 10 or Windows 11 Enterprise multi-session remote desktops in the Microsoft Endpoint Manager admin center the same way as you would for your regular shared Windows 10/11 client device.

Consequently, you can now manage these virtual machines using either device-based configurations meant for devices or user-based configurations meant for users. Windows 10 or Windows 11 Enterprise multi-session is a new Remote Desktop Session Host and it is exclusive to AVD on Azure. It has some very attractive features:

  • You can have several concurrent user sessions.
  • It offers users a familiar Windows 10 or Windows 11 experience.
  • It delivers great convenience by allowing you to use existing per-user Microsoft 365 licensing.  

Microsoft has introduced user configuration in Microsoft Intune for Windows 11 multi-session VMs and this will mean that:

  • You’ll be able to use the Settings catalog for the configuration of user scope policies and then assign them to groups of users. To simplify this, there is a search bar that you can use to locate all the configurations with scope set to “user”.
  • You can configure user certificates and then assign them to users.
  • You’ll also be able to configure PowerShell scripts. These are installable in the user context and then assigned to users.

Pre-requisites

  • For Windows 10 multi-session, you need to be running version 1903 or later, or you should be running Windows 11 multi-session.
  • Your Azure Virtual Desktop agent needs to be version 1.0.2944.1400 or later.
  • You need to have the right Azure Virtual Desktop and Microsoft Intune license if the user is benefitting whether directly or not from the Microsoft Intune service. This includes access to the Intune service through a Microsoft API.
  • You’ll need to set up the VMs as remote desktops in pooled host pools. And deployment is through Azure Resource manager.
  • The VMs should also be Hybrid Azure AD-joined, as well as enrolled in Microsoft Intune via the methods below:
  • Configuration done with Active Directory group policy and then set to use Device credentials. Also, be sure to set credentials to enroll devices that are Hybrid Azure AD-joined automatically.
  • Configuration Manager co-management.
  • In addition, the VMs should also be Azure AD-joined and enrolled in Microsoft Intune by enabling Enroll the VM with Intune in the Azure portal.

You’ll need to remember that Windows 10 or Windows 11 Enterprise multi-session VMs are essentially different editions of the OS. Therefore, you can expect some Windows 10 or Windows 11 Enterprise configurations that aren’t supported for this edition. However, using Intune won’t interfere with AVD management of that VM nor does it depend on it.

Create the configuration profile

The Settings catalog in the MEM admin center is what you are going to have to use for configuring the configuration policies for Windows 10 or Windows 11 Enterprise multi-session VMs. Additionally, the following device configuration profile templates receive support for the Windows 10 or Windows 11 Enterprise multi-session VMs:

  • Trusted certificate – when targeting devices, it’s Device (machine) and when targeting users, it’s User.
  • SCEP certificate – when targeting devices, it’s Device (machine) and when targeting users, it’s User.
  • PKCS certificate – when targeting devices, it’s Device (machine) and when targeting users, it’s User.
  • VPN – Device Tunnel only

Except for the template above, the rest of the existing device configuration profile templates won’t have support. Unsupported templates will not be delivered to multi-session devices. And they will appear as Not applicable in reports.

Also, you’ll need to set the workload slider for Resource Access Policies to Intune or Pilot Intune. This applies if you use co-management for Intune and Configuration Manager. This is a necessary step that will enable Windows 10 and Windows 11 clients to begin the process of requesting the certificate.

Policy configuration

  • Navigate to the MEM admin center and sign in. Then, proceed to select Devices > Windows > Configuration profiles > Create Profile.
  • Next, you’ll want to choose Windows 10 and later for Platform.
  • For Profile type, you should select Settings catalog. However, you’ll need to select Templates as well as the name of the supported template if you’ll be deploying settings with a template.
  • Select Create.
  • Next, you’ll get to the Basics page where you need to give a Name and (optionally) Description > Next.
  • And when you get to the Configuration settings page, choose Add settings.
  • Next, we get to the Settings picker . Here you need to select Add filter and then pick the options below:
  • Key: OS edition
  • Operator: ==
  • Value: Enterprise multi-session
  • Select Apply. With this done, all the configuration profile categories that support Windows 10 or Windows 11 Enterprise multi-session will now appear on the filtered list.
  • You can now choose the categories that you want from this filtered list.
  • Every category you select will require you to choose the settings. These settings will apply to your new configuration profile.
  • In addition, you need to pick the value that you want for this configuration profile for each of your chosen settings.
  • After you’ve finished adding all the settings you want, select Next.
  • When you get to the Assignments page, you have to select the Azure AD groups that have the devices to which you want this profile assigned > Next.
  • Additionally, on the Scope tags, you have the option to add the scope tags you want > Next.
  • With all the above configured, you’ll then go to the Review + create page and select Create to create the profile.

Administrative templates

Administrative Templates for Windows 10 or Windows 11 are supported for Windows 10 or Windows 11 Enterprise multi-session through the Settings catalog. Addtionally, there are some limitations worth noting.

  • There are certain policies not available in the Settings catalog. However, ADMX-backed policies do have support.
  • ADMX-ingested policies also have support. And this includes the settings for Office and Microsoft Edge that are available in the administrative template files of both Office and Microsoft Edge. It’s also important to note that not all ADMX-ingested settings are applicable to Windows 10 or Windows 11 Enterprise multi-session. You can view the complete list of ADMX-ingested policy categories in the Win32 and Desktop Bridge app policy configuration.
  • At the time of writing, ADMX-ingested policies are supported for user targeting, only on Windows 11.

Compliance and Conditional access with Azure Virtual Desktop

Protecting your Windows 10 or Windows 11 Enterprise multi-session VMs will be of great importance to everyone. And to secure these VMs, you can go to the Microsoft Endpoint Manager admin center. There, you can configure the appropriate compliance as well as Conditional Access policies. Below is the list of compliance policies, supported on Windows 10 or Windows 11 Enterprise multi-session VMs:

  • Minimum OS version
  • Maximum OS version
  • Valid operating system builds
  • Simple passwords
  • Password type
  • Minimum password length
  • Password Complexity
  • Password expiration (days)
  • Number of previous passwords to prevent reuse
  • Microsoft Defender Antimalware
  • Microsoft Defender Antimalware security intelligence up-to-date
  • Firewall
  • Antivirus
  • Antispyware
  • Real-time protection
  • Microsoft Defender Antimalware minimum version
  • Defender ATP Risk score

These are the only policies you can use. And those not on this list will not be applicable.

Endpoint security

Without a doubt, endpoint security is one of the greatest concerns for most organizations today. Cyberattacks are growing in number and sophistication meaning that endpoints can easily become the weak point in your network. For multi-session VMs, you’ll have the ability to configure profiles under Endpoint security by choosing Platform Windows 10, Windows 11, and Windows Server. Any Platform that you will find unavailable will be for a profile that does not have support on multi-session VMs.

Deployment of applications

Having access to the applications that you need is essential to maintaining productivity and working efficiently. So naturally, I would want to know whether Windows 10 or Windows 11 apps will work for multi-session. Fortunately, all Windows 10 or Windows 11 apps are deployable to Windows 10 or Windows 11 Enterprise multi-session. However, it does come with certain limitations:

  • You should install the configuration of the apps within the system/device context. And aim to target specific devices. Additionally, web apps won’t apply to multi-session VMs because of how by default they always apply in the user context.
  • The next requirement involves the configuration of all the apps. They must indicate Required or Uninstall app assignment intent. As far as the Available apps deployment intent goes, it’s not going to have support on multi-session VMs.       
  • For any Win32 apps with configuration to install in the system context, and have dependencies relationships on any apps configured, to install in the user context, their installation is not possible. Instead, you’ll need to create a separate instance of the system context app if you intend to apply to a Windows 10 or Windows 11 Enterprise multi-session VM. Alternatively, you must verify all the app dependencies are configured to install in the system context.
  • At present, there is no support in Microsoft Intune for MSIX app attach and Azure Virtual Desktop RemoteApp.

Script deployment

When it comes to script deployment, those configured to run in the system context, with assignment to devices, will have support on Windows 10 or Windows 11 Enterprise multi-session.

To configure this, navigate to Script settings and turn the Run this script using the logged on credentials to No. On the other hand, scripts configured to run in the user context and with assignment to users, will have support on Windows 11 Enterprise multi-session. Similarly, you can configure this by going over to Script settings. But this time, turn the Run this script using the logged on credentials to Yes.

Windows Update for Business

Managing the Windows Update settings for quality (security,) updates for Windows 10, or Windows 11, Enterprise multi-session VMs uses the settings catalog. Finding the supported settings that are necessary is pretty straightforward. You’ll first need to configure a settings filter for Enterprise multi-session. After that, you can expand the Windows Update for Business category. See the settings you can find in the catalog below:

Remote actions

When it comes to Windows 10 or Windows 11 remote actions, there are several that will not be supported. As a result, they will appear grayed out in the UI as well as disabled in Graph for Windows 10 or Windows 11 Enterprise multi-session VMs. These remote actions are as follows:

  • Autopilot reset
  • BitLocker key rotation
  • Fresh Start
  • Remote lock
  • Reset password
  • Wipe

Retirement

If you decide to delete certain VMs, then you can do so. But the device records will still remain in the Microsoft Endpoint Manager admin center. However, depending on the cleanup rules configured for the tenant, they will still automatically clean up.

Security baselines

Although security baselines are currently not available for Windows 10 or Windows 11 Enterprise multi-session, it’s still a good idea to go over those available. Having done that, you can then go to the Settings catalog and configure the recommended policies and values. This is vitally important as Windows security baselines intend to reinforce security for users and devices.

Using security baselines means that you can leverage the best practices and recommendations for enhanced security. And even though these security baselines come as groups of pre-configured Windows settings, you get the option of customizing each baseline that you deploy to enforce only the settings and values needed.

This is particularly important because the vast majority of the time the default settings in the security baselines are very restrictive. So, it would be good practice to adapt the baselines to meet your needs so that they do not conflict with any of your other pre-existing settings or features.

Unsupported configurations

There are some additional configurations that are not supported on Windows 10 or Windows 11 Enterprise multi-session VMs. Hopefully, this will change sooner rather than later. But currently Out of Box Experience (OOBE) enrollment isn’t available nor does it have support.

The unavailability of this option means that both Commercial OOBE and Windows Autopilot are not supported. And the same also applies to the Enrollment status page. Furthermore, as for the China Sovereign Cloud, Windows 10 or Windows 11 Enterprise multi-session is not as yet supported.

Troubleshooting common issues

Enrollment IssuesDetail
Failure to enroll hybrid Azure AD-joined virtual machineNormally, auto-enrollment is set up to use user credentials. However, for Windows 10 or Windows 11 Enterprise multi-session virtual machines, the enrollment requires using device credentials. You need to use an Azure Virtual Desktop agent that is version 2944.1400 or later. Another issue is having more than a single MDM provider, which isn’t supported. You’ll also have issues with Windows 10 or Windows 11 Enterprise multi-session VMs configured outside of a host pool. This is because Microsoft Intune only supports VMs that are provisioned as part of a host pool. If your Azure Virtual Desktop host pool hasn’t been created through the Azure Resource Manager template, then that will present a problem. 
Failure to enroll Azure AD-joined virtual machineIt could be as simple as you using an Azure Virtual Desktop agent that is not updated. You should be using an agent that is version 2944.1400 or later.If your Azure Virtual Desktop host pool hasn’t been created through the Azure Resource Manager template then that will  present a problem. 

More about configuration

Configuration issuesDetail
Failure of Settings catalog policyStart by verifying whether the VM is enrolled using device credentials because at present enrollment with user credentials is not supported for Windows 10 or Windows 11 Enterprise multi-session.  
Configuration policy didn’t applyWith the exception of Certificates, know that templates aren’t supported on Windows 10 or Windows 11 Enterprise multi-session. Therefore, the creation of all policies must be done via the settings catalog.
Configuration policy reports as Not applicableIt’s not all policies that are applicable to Azure Virtual Desktop VMs.
When applying the filter for Windows 10 or Windows 11 Enterprise multi-session edition, the Microsoft Edge/Microsoft Office ADMX policy is not showing upThe application of these settings is dependent on having those apps installed on the device, not on the Windows version or edition. In addition, the removal of filters applied in the settings picker may be necessary if you want to add these settings to your policy.  
App configured to install in system context didn’t applyStart by checking that the app doesn’t have a dependency or supersedence relationship on any of the apps configured to install in the user context. As of yet, Windows 10 or Windows 11 Enterprise multi-session doesn’t support user context apps.
Update rings for Windows 10 and later policy didn’t applyAt the time of writing, Windows Update for Business policies aren’t yet supported.

Availability of FSLogix Profiles

Another exciting new feature recently announced, is the availing of FSLogix Profiles for Azure AD-joined VMs for hybrid users in Azure Virtual Desktop. You can make use of Azure AD Kerberos with Azure Files to access file shares from Azure AD-joined VMs. This means you can then use to store your FSLogix profile containers. This new feature is going to provide you with the following capabilities:

  • You can now configure Azure Files with Azure AD Kerberos by using only a single checkbox.
  • Azure AD-joined Session Hosts can now achieve configuration with Azure AD Kerberos.
  • You can leverage Azure AD Kerberos to store FSLogix profile containers in Azure Files shares.
  • Access permissions for hybrid users, managed in Active Directory are also configurable.
  • The network line-of-sight from the Session Host to the Domain Controller can now be removed.

Getting started with Azure Virtual Desktop

This new release will be available on Windows 10, Windows 11, and Windows Server 2022 session hosts. Before you proceed, you first need to check the requirements to configure Azure Files with Azure AD Kerberos authentication.

A network line-of-sight from the session host to the domain controller is not necessary for FSLogix profiles in Azure Virtual Desktop. It will still be a requirement for configuring the permissions on the Azure Files share.

Configure your Azure storage account and file share

You will need to follow the steps given below to store your FSLogix profiles on an Azure file share:

  1. Start by creating an Azure Storage account if you don’t already have one.
  2. Next, you go to your storage account and create an Azure Files share where you can store your FSLogix profiles.
  3. To enable access from Azure AD-joined VMs you need to enable Azure AD Kerberos authentication on Azure files.
  • For the configuration of the directory and file-level permissions you need to go to Configure the storage permissions for profile containers. And go through the recommended list of permissions for FSLogix profiles.
  • It’s possible for users to accidentally delete the user profile or access the personal information of different users. This is common if you do not put in place adequate directory-level permissions. Such mishaps are costly and need to be avoided by ensuring all users have the proper permissions.

Configure the session hosts

Configuring the session hosts is required for you to be able to access Azure file shares from an Azure AD-joined VM for FSLogix profiles. To do this, you can follow the steps below:

  1. You first need to enable the Azure AD Kerberos functionality and there are a few methods you can use to do this:
  2. Configure this Intune Policy CSP and apply it to the session host Kerberos/CloudKerberosTicketRetrievalEnabled.
  3. You can also configure the Group policy and use it for the session host: AdministrativeTemplates\System\Kerberos\Allow retrieving the Azure AD Kerberos Ticket Granting Ticket during logon
  4. Lastly, you can create the following registry value on the session host: reg add HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Parameters /vCloudKerberosTicketRetrievalEnabled /t REG_DWORD /d 1 
  • If you want to use Azure AD with a roaming profile solution such as FSLogix, then the credential keys in Credential Manager should be from the currently loading profile. Having it set up this way means that you’ll be able to load your profile on many different VMs. By simply running the command below, you can create a new registry value. This enables the setting: reg add HKLM\Software\Policies\Microsoft\AzureADAccount /v SLoadCredKeyFromProfile /t REG_DWORD /d 1   

Configure FSLogix on the session host

  • Configuring a VM with FSLogix is possible by following a set of instructions whenever you configure a session host. You have several options available to make sure that the registry keys are set on all session hosts. These images can be set in an image or you could configure a group policy. See the steps for configuring FSLogix below:
  • If necessary, start by updating or installing FSLogix on your session host. In instances where you want to create the session host using the Azure Virtual Desktop service, you’ll need to have FSLogix already pre-installed.
  • To create the Enabled and VHDLocations registry values you should follow the instructions in Configure profile container registry settings. The value of VHDLocations should be set to: \\<Storage-account-name>.file.core.windows.net\<file-share-name>

Test your deployment

The final step, after completing the necessary steps for the installation and configuration, is to test the deployment. This allows you to verify everything is working properly. You can do this by signing in with a user account with assignment to an application group on the host pool.

Before you sign in, make sure that the account that you are going to use has the necessary permission to use the file share. For any users that have previously signed in, you’ll find available existing local profiles that the service is going to use during the session.

If you don’t want to create a local profile, then you can create a new user account to use for your tests. Alternatively, you can enable the DeleteLocalProfileWhenVHDShouldApply setting by using the configuration methods that you can find in Tutorial: Configure profile container to redirect user profiles.         

With these steps complete and the user sign-in successful, you can go ahead and check the profile in Azure Files.

Directions

  • Navigate to the Azure portal and sign in with an administrative account.
  • Next, go to the sidebar and choose Storage accounts.
  • You’ll need to then select the storage account that you had configured for your session host pool.
  • Once again, go to the sidebar and this time choose File shares.
  • Find the file share that you configured to store the profiles and select it.
  • What you should now see depending on whether everything has been configured correctly is a directory with a name formatted in the following manner: <user SID>_<username>.   

In addition to testing your deployment, you may occasionally encounter issues with FSLogix products. Below is a table demonstrating some actions you can take, should you encounter challenges.

Issues

IssueActions you can take
Profile ContainerPerform a comparative analysis between the data from this documentation and the current values of Status, Reason, and Error. Identify non-zero codes by looking at the log files. Verify you’ve met all requirements. The FSLogix Profiles product can only work properly if this patch is installed for users of Windows 7 or Windows Server 2008 R2. Additionally, check that the Enabled setting is set to 1. Check the ‘VHDLocations’ setting for a valid file system location. Check on the file server to see if the user has the necessary permissions to the VHD(X). Verify that the user is on the local FSLogix Profiles Include group rather than the Exclude groups there a pre-existing local profile for the user?
Office ContainerPerform a comparative analysis between the data from this documentation and the current values of Status, Reason, and Error. Check for non-zero codes being returned by looking at the log files. Check that you’ve met all requirements. Check that the Enabled setting is set to 1. Check the ‘VHDLocations’ setting for a valid file system location. Verify that the user is on the local FSLogix ODFC Include group rather than the Exclude group. You should expect to NOT see OneDrive icons when using Windows Server 2016 as this is intended. When FSLogix is virtualizing Outlook Search you should also expect to NOT see Outlook in the windows indexing options.
Application MaskingCheck that the rules have been moved to the Rules folder. Using sc query frxsvc and sc query frxdrv verify that the service and driver are running.  Check for non-zero codes being returned by looking at the logs. Verify in the assignment files that the user is included in the assignment: Open the rule in the rule editor. Next, click the manage assignments button. Check that the concerned user is on the list and that the rule applies. In cases where folders or files are hidden from an excluded user then check that the Apply Rules to System button is not clicked.
Java Version ControlVerify that rules are loading properly by checking the IE Plugin for errors. From Tools > Manage Add-ons, check that FSLogix Internet Explorer Plugin is installing and enabling. Also, check that the rules move to the Rules folder. Additionally, check that you’re using 32-bit Java. Ensure that the Service and Driver are running.

Wrap Up About Azure Virtual Desktop

Organizations are witnessing a rapid change in the work environment as well as the preferences of employees. And as the popularity of cloud-based solutions grows organizations are having to invest in technology that supports a hybrid working model. This has plenty of potential benefits for any organization. Also, these include employee satisfaction garnered from some now preferring to work from home when possible.

By leveraging Azure Virtual Desktop, you can get a secure and cost-effective solution that eliminates the complexities of legacy virtualization infrastructure. This means no more fretting over managing licensing, RDS gateways, load balancing, and more.

In addition to the already extensive list of capabilities, Microsoft is now introducing Azure Virtual Desktop multi-session with Microsoft Intune and FSLogix Profiles for Azure AD-joined VMs. These new capabilities are going to further enhance the user experience and potentially increase productivity. Users will get an improved experience that gives them the familiar Windows 10 or Windows 11 experience. Without a doubt, these new features will help your organization to have a more efficient hybrid environment.

Script to add a Windows 365 Cloud PC User – Add-CloudPCUser.ps1

Script prerequisites for Windows PowerShell:

1. A minimum Windows PowerShell version of ‘7.2’ is required to run this script. The script automatically checks for and installs module if needed.

2. Windows 365 Cloud PC Management PowerShell Module must be installed on local machine. The script automatically checks for and installs module if needed.

3. Microsoft Graph PowerShell Module must be installed on local machine. The script automatically checks for and installs module if needed.

4. An Azure AD user that has an admin consent permission, if needed, to approve the following permissions in Microsoft Graph application in Azure AD apps:

CloudPC.ReadWrite.All, DeviceManagementConfiguration.ReadWrite.All, DeviceManagementManagedDevices.ReadWrite.All, Directory.Read.All

.PARAMETER Username

Username to add to Windows 365 Cloud PC

.PARAMETER UsersListPath

CSV file path containing a list of users to add to Windows 365 Cloud PC. Sample file contents:

———- Windows PowerShell Continued

upn

[email protected]

[email protected]

[email protected]

[email protected]

.PARAMETER Group

Azure AD group name to add users to

.EXAMPLE

.\Add-CloudPCUser.ps1 -Username [email protected] -Group IT -Verbose

.EXAMPLE

.\Add-CloudPCUser.ps1 -UsersListPath c:\temp\users.csv -Group Sales -Verbose

Direct link: Add-CloudPCUser.ps1
Github – https://github.com/ThomasMarcussen/assortedScripts/

Taking A Closer Look At Windows 365 Security

The idea of having a desktop that you can access from just about anywhere is an incredible option to have. Not only that but you can do so using your PC, tablet, or smartphone. As can be seen by the disruptions we witnessed to business activities at the height of the pandemic, the lack of viable options can be disastrous. Hence why the Windows 365 Cloud PC has been very well received by organizations since coming onto the scene in 2021. It gives organizations a solution that they may not have had a few years back.

You can provide desktops for employees regardless of where they are working from. Be it at home or in the office, the Cloud PC remains accessible and productivity levels can be maintained.

But, the key question is how secure is Windows 365? Can the corporate network remain secure with the use of Cloud PCs?

Getting started with Windows 365

Organizations that use Windows 365 will benefit from an end-to-end connection flow for all their employees thus allowing them to work in a secure environment. Windows 365 has been designed with Zero Trust principles being integral to the security structure.

What this means is that clients have a great foundation that allows them to apply controls that help them to better secure their environments across the 6 pillars of Zero Trust. Microsoft allows you to implement Zero Trust controls in the following areas:

  • Securing access to the Cloud PC – this is something that is crucial to Identity and it enables you to set the specific regulations concerning who can access the Cloud PC and under which conditions.
  • Securing the Cloud PC device itself – the actual Cloud PC devices that one uses to access corporate resources require extremely high security. So this is an important category that allows for the securing of the Endpoint by placing extra security measures on the devices themselves.
  • Securing the Cloud PC data and other data available while using the Cloud PC – this last area allows you to place additional security measures to secure the data itself that users will need to access. Also, you can place extra measures on how Cloud PC users can access the data.

Default features

Microsoft has a few features that are enabled on all new Cloud PCs by default. These include:

  • Virtual Trusted Platform Module (vTPM): a vTPM is a virtualized version of a hardware Trusted Platform module and is designed to be compliant with the TPM2.0 spec. What it offers you is a dedicated secure vault for keys and measurements. With trusted launch, your virtual machine will get its own dedicated TPM instance that will run in a secure environment outside the reach of any VM.
  • Secure boot: this next feature could be described as something that provides the foundation of trusted launch. Secure boot is a mode that is implemented in platform firmware and enhances the overall security posture by protecting against the installation of malware-based rootkits and boot kits. Basically, what you get is a system that ensures that only signed operating systems and drivers can boot. Therefore, any image that Secure Boot fails to Authenticate will be restricted from booting.

As a result of having the above features enabled, Windows 365 will support the enabling of the Windows security features below:

  • Hypervisor Code Integrity (HVCI)
  • Microsoft Defender Credential Guard

Automatic enrollment

Another key thing that Microsoft has advised clients to secure their Windows 365 Cloud PCs is to configure devices to enroll into MEM using automatic enrollment. However, to do that, you need to meet the following requirements:

Sign in Intune in Microsoft Endpoint Manager

Start by signing in to the MEM admin center as a Global administrator. If you are using the Trial subscription, then the account you used to create the subscription becomes the Global administrator.

Set up Windows 10/11 automatic enrollment

If you want to enroll both corporate and bring-your-own-devices, you’ll have to use MDM enrollment. In addition, you have to sign up for a free Azure AD Premium subscription.

  1. Navigate to the MEM admin center. Select All services > M365 Azure Active Directory > Azure Active Directory > Mobility (MDM and MAM).
  2. Choose Get a free Premium trial to use this feature. This enables auto-enrollment using the Azure AD free Premium trial.
  3. Select the Enterprise Mobility + Security E5 free trial option.
  4. Click Free trial > Activate the free trial.
  5. Choose Microsoft Intune to configure Intune.
  6. Go to the MDM user scope and select Some. This enables you to use MDM auto-enrollment to manage enterprise data on your employees’ Windows devices. This will configure MDM auto-enrollment for AAD joined devices and bring your own device scenarios.
  7. Click Select groups > Contoso Testers > Select as the assigned group.
  8. And then for data management on your workforce’s device, choose Some from the MAM Users scope.
  9. Choose Select groups > Contoso Testers > Select as the assigned group.
  10. And then, for the remaining configuration values, you’ll use the default values.
  11. Choose Save.

Windows 365 Business

Windows 365 comes in two different options to cater to the various businesses and their different needs. Microsoft intends for Cloud PCs to be available for both small and large enterprises. Therefore, smaller organizations have Windows 365 Business that can meet the needs of the business.

If your organization does not have an IT department/staff or central IT management solutions then this is the option for you. This option gives end users local admin rights to their Cloud PCs in a way that is typically seen with smaller businesses.

In instances where IT would like to use Windows 365 Business for a particular scenario, Microsoft recommends sticking to standard IT protocols. That is, of course, if you intend to set users as standard users on their devices. You can use Microsoft Endpoint to carry this out and to do so you need to follow the steps below:

  • The process starts with device configuration to enroll the devices in MEM using automatic enrollment.
  • The next step involves the management of the Local Administrators group. This can be done using Azure Active Directory (Azure AD) or using Microsoft Endpoint Manager.
  • In addition, it would be a good idea to have Microsoft Defender Attack surface reduction (ASR) rules enabled. This would be very useful because these rules are in-depth defense mitigations for specific security concerns, such as blocking credential stealing from the Windows local security authority subsystem.

Windows 365 Enterprise

When it comes to Windows 365 Enterprise, the process is slightly easier for IT admins. This is because, for the Enterprise license, Cloud PCs are automatically enrolled. Not only that but they also get reporting of Microsoft Defender Antivirus alerts as well as optional onboarding into Microsoft Defender for Endpoint capabilities.

By default, Enterprise users are automatically set up as standard users. However, admins still retain the option to make per-user exceptions when necessary. The guidelines for users of Windows 365 Enterprise Cloud PCs are as below:

  • Users should stick to standard Windows 10 security practices. This also means restricting access to your Cloud PC using local administrator privileges.
  • You need to deploy Windows 365 security baselines to your Cloud PC from MEM. Furthermore, you should utilize Microsoft Defender to protect your endpoints, especially all Cloud PCs.
  • Taking advantage of Azure AD conditional access is a must. With features such as multifactor authentication (MFA) and user/sign-in risk mitigation, you can significantly reduce the risk of unauthorized access to your Cloud PC.

Enhancing your security posture with Windows 365

Microsoft offers organizations security recommendations that are meant to enable you to improve your security. These guidelines are as follows:

Conditional Access

Microsoft recommends the use of Conditional Access policies to improve your authentication processes. These policies are central to the zero trust strategy and help to secure your corporate network by putting strict controls concerning which devices can access it and how. You can even configure Conditional Access policies to meet the specific needs of your business and your Windows 365 environment.

Microsoft Defender for Endpoint

Microsoft Defender for Endpoint (MDE) has been described as an enterprise endpoint security platform designed to help enterprise networks prevent, detect, investigate, and respond to advanced threats. Organizations can connect MDE to their Cloud PC devices and thus have access to security procedures that are an industry standard for endpoint protection.

You can significantly improve your security because of how MDE can easily integrate with other Microsoft security tools. Clients with Windows 10 or Windows 11 licenses will get Microsoft Defender and Microsoft Defender Firewall as part of Windows Security which comes with their subscriptions. This also includes firewall and network protection, account protection, virus and threat protection, and device security among others.

Another thing to be aware of is that if you have a Microsoft 365 E5 plan then you’ll also get Microsoft 365 Defender. This service, which may also be purchased as an add-on for other Microsoft 365 subscriptions, compiles security data from the Microsoft 365 ecosystem and organizes it into a centralized dashboard.

And the way this dashboard has been designed simplifies the task for admins by making it easier to detect and respond to threats while setting aside the non-urgent. Ultimately, leveraging this security platform will help organizations to provide next-generation cybersecurity for their Windows 365 environment.

Intune compliance

The use of Intune compliance policies is highly recommended as a way to set the requirements and settings that users and devices must abide by to be considered compliant. These policies can be used in conjunction with Conditional Access policies for your Windows 365 environment. This means that you can block any non-compliant devices from accessing corporate resources until any issues have been resolved.

Regular updates

Another recommendation that Microsoft gives has to do with OS updates. Devices need regular updates to not only maintain high levels of security but to keep enhancing performance as well. Occasionally, vulnerabilities are discovered that may be exploited so updates will help mitigate those issues and provide new features as well. And when it comes to Cloud PCs, IT admins can use Endpoint Manager to configure Intune Windows 10/11 update rings and policies for Windows Update for Business.

Admin rights

With regard to Windows 365 Business, the target market is small businesses that may not have an IT team to manage the environment. So it makes sense that users are granted local admin rights. For Windows 365 Enterprise, on the other hand, users will not get those same privileges. And this is by default so as to be in line with Windows 10/11 security guidance.

Integration

Microsoft further enhances the overall security by having an integration between Microsoft Defender for Endpoint and Windows 365. What this means is that security and endpoint admins can collaborate on the management of the Cloud PC environment just like for any regular physical endpoint. If subscribed, Cloud PCs will:

  • Send data through to Microsoft 365 Secure Score.
  • Have the option to view unhealthy PCs on the Microsoft Defender for Endpoint Security Center and threat analysis dashboards.
  • The response of Cloud PCs to remediation measures will replicate that of any other managed devices.

Deployment of security baselines

Every organization needs specific security controls that can help to address its cybersecurity needs. To ensure the highest level of security, Microsoft recommends using industry-standard security measures that have been well-tested.

With Windows 365 security baselines, you’ll be getting Microsoft-recommended security measures that are based on best practices and expert feedback. This will help to improve the security of your Cloud PCs because of the recommendations you benefit from. Windows 365 security baselines are going to affect the following areas:

  • Windows 10 settings: 1809
  • MDATP settings: version 4
  • Edge settings: April 2020 (Edge version 80 and later)

Applying Windows 365 baselines

Microsoft also optionally allows you to apply Windows 365 security baselines to the Azure AD groups containing Cloud PC devices in your tenant. Once you are ready to deploy the security configurations, you’ll follow the steps below:

  1. Navigate to the Microsoft Endpoint Manager admin center and sign in. Then select Endpoint Security > View Security Baselines
  2. Select Cloud PC Security Baseline (Preview).
  3. Next, you select Create Profile and then give a name for the profile.
  4. The groups of settings for the baseline you chose can now be viewed on the Configuration settings tab. If you want to view the settings in a particular group as well as the default values for those settings in the baseline, all you need to do is expand the group. And if you want to see specific settings:
  5. Select a group to expand and from there you can review the available settings.
  6. You can use the search bar to type in specific keywords so that you get results displaying only the groups that match your search criteria.

Default configurations

All the settings in a baseline will have default configurations for that particular baseline version. To cater to varying business needs, Microsoft gives you the option to reconfigure the default settings. You will also notice that depending on the intent of the baseline, some baselines will have the same setting but will use different default values for that setting.

  • Next, go to the Assignments tab and select a device group with Cloud PCs to include. After that, you’ll need to assign the baseline to one or more groups with your Cloud PCs. You can use Select groups to exclude to fine-tune the assignment.
  • After completing the above and you’re ready for deployment, go to the Review + create tab and review the details for the baseline. To save and deploy the profile click on Create.

Application of the baseline to the assigned group is carried out immediately following the creation of the profile.

Implementing Conditional Access

Conditional Access is a system designed to enhance the security of corporate networks by restricting access to verified and compliant devices. Being a policy-based approach allows you to configure the specific conditions that you want to apply to the access controls. As Microsoft puts it, these policies are basically “if-then” statements. If a user needs to access certain resources on the corporate network then it follows that he/she will need to meet certain requirements. Using Conditional Access can help you to accomplish the following:

            ◆ Enable users to maintain productivity levels wherever they may be.

            ◆ Safeguard corporate resources.

Assigning conditionalcccess policies to cloud PCs

Windows 365 Enterprise admins should be aware that Conditional Access policies aren’t set for tenants by default. So to assign policies to the Cloud PC first-party app you’ll need to use either of the following services:

            ◆ Azure

            ◆ Microsoft Endpoint Manager by performing the steps below:

  1. Navigate to the MEM admin center and sign in. Proceed to select Endpoint Security > Conditional Access > New Policy.
  2. The specific Conditional Access policy that you want will require you to provide a name for it.
  3. Go to the New Policy tab and select Specific users included which you’ll find under Users and groups. Next, you need to pick the specific user or group that you want to target with the policy. You also get the option to Exclude certain users or groups if that’s the way you want to set up.
  4. Select No cloud apps, action, or authentication contexts selected. You can find this option under Cloud apps or actions.
  5. Select Cloud apps > Include > Select apps.
  6. Next, head over to the Select pane. Here you’ll need to search for and select the apps below:
  7. Windows 365 (you can also search for “cloud” to find this app).
  8. Windows Virtual Desktop (this may also appear as Azure Virtual Desktop)

More to know about Windows 365

Ensuring that the policy is applied to the Cloud PC end-user portal as well as the connection to the Cloud PC.is achieved by choosing both of the apps above. Choosing both of these apps is also necessary if you want to be able to exclude apps.

  • Fine-tuning a policy can be performed by going over to Access and then choosing the options that you want to apply to all objects assigned to this policy.
  • Before you proceed any further you may want to test the policy. This can be done by going to Enable Policy and turning the setting Report-only to Off. This will prevent the policy from being applied as soon as you’ve completed the creation process.
  • All that’s left now is for you to select Create and you’ll complete the creation of the policy.

If you want to see the list of your active and inactive policies, navigate to the Policies view in the Conditional Access UI.

Windows 365 wrap up

Remote desktop services offer countless benefits to businesses that can help enhance the overall performance of the business. Businesses can easily have hybrid workforces without having to sacrifice productivity. Not only that but services like Windows 365 ensure that if an unexpected event such as the COVID-19 pandemic occurs, the disruption to business activities can be minimized.

However, all of this doesn’t mean much without the best security features you can get to safeguard corporate data as well as the physical devices that employees use. And Microsoft has provided Windows 365 clients with a wide array of security features to ensure that Cloud PCs have next-generation protection. This will make it such that the user experience becomes significantly better.

Getting Set up With Windows 365

Cloud computing and Cloud PC has come a long way in the last couple of decades. As a way of delivering various on-demand IT resources over the internet, cloud computing has an endless list of applications. These can then offer individuals and organizations alike access to resources that may otherwise be beyond their means.

As you can imagine, the cost of running an on-premises IT environment can be very steep. This is why cloud computing is being adopted by a lot of organizations as they realize the benefits and convenience you get. And Microsoft has been providing these services for a long time but with Windows 365, the company is looking to make cloud computing even better.

Windows 365

Windows 365 is a Desktop as a Service offering that was introduced by Microsoft in 2021. It is designed to provide both small and large organizations with a cloud computing environment that can adequately meet the various needs. And when you consider that Microsoft already had other virtualization technologies on offer, you can trust that this new service will give you some of the best of those other technologies.

In fact, Windows 365 is built on the Azure infrastructure so that already breeds confidence in the service. Microsoft has basically leveraged its existing products and gone for a new approach to delivering virtual desktop infrastructure. Organizations can use the Cloud PC to increase security as well as productivity. In addition, having a cloud-based Windows PC can also help employees collaborate better regardless of where they physically are.

By using the Windows 365 Cloud PC, users will be able to stream their Windows PC to any supported device. And this is something that you can do using either a browser or a native RDP client.

Rooted in simplicity

Arguably the key foundational concept of Windows 365 is simplicity and so Microsoft has designed the service to be relatively easy to set up and use. In line with that, you’ll get to use all your favorite tools such as Microsoft 365, Microsoft Dynamics 365, Microsoft Power Platform, and plenty more.

Furthermore, Windows 365 comes in two editions to cater to both small and large enterprises. The Windows 365 Business edition targets the small to medium enterprise sector that may only need a few desktops. Organizations can get up to 300 desktops and will be charged a fixed rate that depends on the selected hardware configuration.

For larger enterprises, there is Windows 365 Enterprise which can help you to integrate the desktops with your existing Azure virtual network.

Simplifying virtual desktop infrastructure

One of the things that Windows 365 aims to do is to ensure that it can avail cloud computing to as many people as possible. With traditional VDI environments, you would need to set up a server, install applications, and then provide access to users.

But, Windows 365 does away with all of that. Microsoft has designed a product that has all the building blocks automated for you and will take care of all the virtualization. In addition, the service can scale with you in a highly optimized way to use Microsoft 365 apps.

Your organization doesn’t need to worry about the hardware and software configurations of the devices that your users have. Admins will be particularly glad to hear this because it means that deployment will become significantly easier and faster.

Traditional VDI may sometimes have limitations regarding where one can get access. This is not so with Windows 365 as users can access their Cloud PCs from anywhere on almost any device. The kind of freedom that Windows 365 gives its users is what makes it the ideal product for an increasingly hybrid world.

Device requirements

So, before you get started with setting up your Windows 365 environment, you’ll need to find out what the device requirements are. Are there any specific devices that your organization needs to purchase if you want to use Windows 365? Fortunately, there’s not much to worry about in this regard because Microsoft wants to make accessing Cloud PCs convenient and easy.

Therefore, Windows 365 will do this by allowing you to use most devices which Microsoft also hopes will help you reduce your IT costs in the hardware department. Because Windows 365 is essentially PC hardware that runs in the cloud, the importance of your actual physical device is significantly less.

As long as you have an internet connection, you’ll be able to operate a reasonably powerful Windows PC using just about any device. To access this Cloud PC, you can use any modern browser or the Remote Desktop app.

Additional benefits of Cloud PC

A setup like this is going to be extremely beneficial for organizations that have a sizeable remote or seasonal workforce. Your organization won’t need to make a massive investment in hardware for all those employees. Even better is the fact that they’ll be able to easily access these Cloud PCs anywhere without losing any progress.

In short, all Windows 10 and Windows 11 devices should be compatible with Windows 365. The best part, however, is that clients will be able to easily stream a Windows 365 session to hardware running macOS, iOS, Linux, and Android.

However, for the best experience, Microsoft recommends devices that have a traditional keyboard and mouse. For the most part, as long as your device has an HTML5 browser and a DSL connection or a wireless internet connection capable of streaming a video you will be just fine. The amount of bandwidth that you’ll need, however, will depend on your workload.

How much does it cost?

Microsoft offers Windows 365 at varying prices to cater to the different needs of the target organizations. From the small outfit needing only a handful of PCs to the larger enterprises that may require unlimited options. Not only that but it also helps to ensure that users will only pay for what they need.

So, support staff can get a Cloud PC that works for them, and individuals such as engineers that have heavier computing needs can also get something that suits them. You can get Cloud PCs in multiple configurations from $20 per user per month for the lowest-end SKU, to $162 per user per month for the most expensive one.

This fixed per month pricing model is something else that distinguishes Windows 365 from Azure Virtual Desktop which is consumption-based. And if the need to scale up ever arises then you have the option of doing that by getting a different subscription.

Windows 365 Business Edition

For the Windows 365 Business edition, the $20 per user per month fee is going to get you a single virtual core, 2GB of RAM, and 64GB of storage. Although you will require Windows Hybrid Benefit, which is Microsoft’s Bring-Your-Own license model that is designed to help clients to apply existing (or new) licenses toward the cost of a product.

Otherwise, if you don’t have Windows Hybrid Benefit then the cost goes up to $24 per user per month. At the other end of the spectrum, clients will be able to purchase the Business SKU that offers eight virtual cores, 32GB of RAM, and 512GB of storage for $158. And similar to the previous one, without Windows Hybrid Benefit the cost goes up, this time to $162.

Larger organizations have the Windows 365 Enterprise edition designed for them and the pricing range is similar. Users that have lighter computing needs can get a single virtual core with 2GB of RAM and 64GB of storage for $20 per user per month. And for the other users that require virtual machines that can deliver significantly more, you can get an option that gives you eight virtual cores, 32GB of RAM, and 512GB of storage for $158 per user per month.

Provisioning with Cloud PC

The provisioning process is going to create a Cloud PC virtual machine and then set it up for a user. Provisioning also enables the completion of other tasks that will prepare the machine for use as well as the sending of access information to the user. To start the process, admins will have to provide configuration details to set up the process.

Once that’s been done, users that have a Windows 365 license that matches the configuration details will automatically get Cloud PCs provisioned for them. However, each user and license pair can only have one Cloud PC provisioned for them because the provisioning setup works on a one-time per user and per-license basis. The steps of the provisioning process are given below:

  • A provisioning policy is created to manage access to the Cloud PCs. These provisioning policies are integral to the process because they are responsible for building, configuring, and availing Cloud PCs to end-users. As such, each policy needs you to provide information about the on-premises network connection, the image used to create each Cloud PC, and an Azure AD user group.
  • The provisioning process will begin with the assignment of a Windows 365 license to users in the Azure AD user group. Subsequently, Windows 365 will then proceed with the automatic provisioning of the Cloud PC. And after doing that, the necessary access information will be sent to the user. The automation is performed in 3 phases that will remain invisible to the administrator.
  • Once all the above has been carried out successfully, what only remains is for the end user to get the access data that will provide them with access to sign in to the Windows Cloud PC from anywhere.

Improving the Cloud PC setup process

In the first few months of 2022, Microsoft announced that it was implementing a few changes meant to make setting up Cloud PCs even easier. The announcement informed us about how Windows 365 was going to get the “join” feature. Azure AD joined devices are those whose computer object is no longer stored in the on-premises Active Directory Domain Services environment.

Instead, it is now located in Azure Active Directory. By using Azure AD Join you’ll be able to join devices directly to Azure AD without the need to join to on-premises Active Directory. And all this can be done while keeping your users productive and secure. Your admins can easily leverage Azure AD Join for both at-scale and scoped deployments. According to Microsoft, this feature was highly requested by organizations who wanted to simplify the onboarding process.

Microsoft’s announcement

When Microsoft made the announcement, it was said that Azure AD join had been the most requested feature since Windows 365 reached general availability. So, admins will be glad to know that they now have the possibility of using Azure AD join as a Cloud PC join type option.

Therefore, what this means for organizations is that you no longer need to have an existing Azure infrastructure to use the service but just your Azure AD users. All of this has been done to make it easier for admins to onboard users using Azure Active Directory.

Expectedly, this presents a massive upgrade, especially when looking at how integral Azure AD is to Microsoft’s identity and security services. Bringing the ‘join’ feature to the Windows 365 platform will go a long way in maintaining the theme of ease of use that Microsoft has described for its Cloud PC.

Before this upgrade, the ‘join’ feature had helped businesses that use the on-premises version of Active Directory by functioning as a device-joining bridge. Simply put, adding Azure AD Join to the Windows 365 platform is going to enable admins to enroll devices without the need to have on-premises Active Directory. Now all you need to do is use your Azure AD users.

Accessing your Cloud PC

After everything has been set up it’s time for users to learn just how they can connect to the Cloud PC. We need to clarify what clients can be used as well as what options the end-users will have. Also, we need to know how administrative credentials can be provided to the end-user. Microsoft has provided two ways for users to connect to the Cloud PC:

  1. Web browser – the first method that users have for accessing the Cloud PC is via a web browser. All you have to do is simply navigate to windows365.microsoft.com. Once there, you can log in with the user credentials that have a desktop provisioned. The portal will show you an overview of the desktops available to you. However, to access the Cloud PC using this website, users’ devices need to meet the following requirements:
  2. supported operating systems: Windows, macOS, ChromeOS, Linux,
  3. a modern browser like Microsoft Edge, Google Chrome, Safari, or Mozilla Firefox (v55.0 and later).

Task management

When using windows365.microsoft.com, end users can carry out various tasks on their Cloud PCs. They only need to select the gear icon on a Cloud PC card.

  • rename: doing this will change the name of the Cloud PC that the user sees on the website. But, performing this action doesn’t change any name in Microsoft Endpoint Manager. Nor does it change Azure Active Directory, on the device, or in the Remote Desktop Apps.
  • restart: this will restart the Cloud PC.
  • troubleshoot: whenever a user is encountering challenges with connecting to the Cloud PC, this will help to resolve those challenges. A few checks will verify that all the files and agents necessary for connectivity have been properly installed. There will also be a check for the availability of Azure resources.
  • Remote desktop – the second method that Microsoft offers clients for connecting to the Cloud PC. This works by using the Microsoft Remote Desktop app. This is designed to enable users to access and control a remote PC, including a Cloud PC. So, for those who have been using Azure Virtual Desktop, this is an app they will already be familiar with. Setting up the Remote Desktop is a relatively simple process that requires you to follow a few steps:
  • first, you’ll have to download the Remote Desktop app. You can find it on the Download App page at www.microsoft.com/windows-365?rtc=1.
  • next, you select Subscribe.
  • the next step will require you to enter your Azure Active Directory credentials.
  • you will then see the Cloud PC appear on a list. Simply double-click it to launch.

Cloud PC security

Microsoft provides Cloud PCs with good security measures straight out of the box. And just like you have with your physical computers, Windows 365 Cloud PCs will come with Microsoft Defender. This helps to ensure that your device is secure from the first-run experience.

Also, the provisioning of the Cloud PCs is done using a gallery image. To ensure improved security, the image will have the latest updates for Windows 10 through Windows Update for Business. However, there are a few differences between what exactly you’ll get for Windows 365 Business and for Windows 365 Enterprise.

Windows 365 Business

Since Windows 365 Business is a service aimed at smaller organizations, particularly those that may not have IT staff, users on this edition are granted local admin rights to their Cloud PCs. So, this situation basically replicates what happens with a lot of small businesses. And users purchase computers and retain local admin rights.

For IT departments that want to use Windows 365 Business for particular cases, they need to follow standard security practices. These intend to make those users standard users on their devices. To use MEM for this approach, you’ll need to follow the guidelines below:

  • The process starts with device configuration to enroll the devices in MEM

               using automatic enrollment.

  • The next step involves the management of the Local Administrators group.

               This can be done using Azure AD or MEM.

  • In addition, it would be a good idea to have Microsoft Defender Attack Surface Reduction (ASR) rules enabled. This would be very useful because these rules are in-depth defense mitigations for specific security concerns. These include blocking credential stealing from the Windows local security authority subsystem.

Windows 365 Enterprise

When it comes to Windows 365 Enterprise, you’ll start to see some significant differences right away. This edition intends to serve organizations that have dedicated IT teams. This makes things slightly easier for IT, too. It provides a system that is bases on the management and security that Microsoft Endpoint Manager provides. All Cloud PCs in Windows 365 Enterprise configure users as standard users by default.

However, admins still have the ability to make exceptions on a per-user basis. Furthermore, all Cloud PCs will be enrolled in MEM with reporting of Microsoft Defender Antivirus alerts. You’ll also get the ability to onboard into the full Microsoft Defender for Endpoint capabilities. Microsoft makes the following security recommendations for users of Windows 365 Enterprise:

  • Users should stick to standard Windows 10 security practices. This also means restricting access to your Cloud PC using local administrator privileges.
  • You need to deploy Windows 365 security baselines to your Cloud PC from MEM. Furthermore, you should utilize Microsoft Defender to protect your endpoints, especially all Cloud PCs.
  • Taking advantage of Azure AD conditional access is a must. With features such as MFA and user/sign-in risk mitigation, you can significantly reduce the risk of unauthorized access to your Cloud PC.

Wrap up about Cloud PC

There has been a lot of talk about remote work and hybrid work environments in recent years. And with the growing interest, a product like Windows 365 is perfec to meet the needs of most organizations. The flexibility and scalability of the platform offer an endless list of benefits. And it makes it valuable to users both at home and in the office.

Additionally, Microsoft built the product to be simple to configure. It’s additionally easy for businesses that don’t have specialist IT professionals on staff. All of these benefits, among many others, combine to give you an incredible virtual experience that runs on the highly secure Microsoft Cloud.

What You Need To Know About Windows 365 Lifecycle

Organizations have countless products that they have to enable them to optimize the productivity of staff members. These products can come from different vendors and so it’s extremely important to guarantee the quality of these tools. And when there is a lifecycle policy available, like with Windows 365 lifecycle, organizations are confident. They can be certain that the products they are purchasing have been rigorously tested, are built extremely securely, and will meet any necessary compliance and security regulations. With Windows 365, clients know that they are using a product that meets all of the above and can perform to very high standards.

Windows 365 Lifecycle Policies

Microsoft gives its customers products that come with industry-leading lifecycle policies. These ensure that when purchasing a product, you’ll be receiving something with consistent, transparent, and predictable guidelines for software support and servicing.

And these policies are valid for all Microsoft customers regardless of where they are across the globe. However, it’s important to remember that how these policies are used will depend on the regulatory requirements in other countries. Also, the application of these policies may differ according to the industry sector.

The level of quality that customers get is a result of the development process. Microsoft puts into high-quality methods into these Windows 365 lifecycle policies. In addition to the specialists at Microsoft, the process also involves customers, partners, and analysts to produce a policy that meets all expectations.

Because of this, customers can plan better and manage their support requirements effectively. Microsoft provides Fixed Lifecycle policies for products that have defined end-of-support dates at the time of release. Then, for products that will receive continuous support and servicing, there are Modern Lifecycle Policies.

Fixed Windows 365 Lifecycle Policy

This type of policy is aimed at plenty of commercial and some consumer products. Customers can acquire through retail purchase and/or volume licensing. It is a policy that offers:

  • Defined support and servicing Lifecycle timeline at the time of product launch.

Receiving the support may possibly require you to deploy the latest Service Pack or update.

Modern Windows 365 Lifecycle Policy          

This type of policy is designed for products that will be serviced and supported continuously. However, there are certain conditions that need to be met for products and services to remain in support. These requirements are as follows:

  • It will be the customer’s responsibility to ensure that they stay current. This includes servicing and system requirements that are defined for a particular service or product.
  • Customers also need to verify that they are licensed to use the service or product.
  • It’s again necessary to check that Microsoft currently offers support for that service or product.  

Microsoft provides a modern lifecycle policy for Windows 365. This ensures Cloud PC users will have a great product that has continuous support.

The Cloud PC lifecycle

Microsoft has developed a setup whereby Windows 365 will coordinate and manage the lifecycles of all Cloud PCs. And due to the fact that Cloud PCs exist only in the cloud, the management of their lifecycles will be significantly easier than that of physical Windows devices. The lifecycle of the Cloud PC comprises 5 stages which are:

  1. Provision
  2. Configure
  3. Protect
  4. Monitor
  5. Deprovision

Provision

In keeping in line with the goal of making things simple, Windows 365 provides clients with an optimized experience for Cloud PC deployment. Microsoft has integrated the admin experience for setting up deployments into the MEM admin center.

The provisioning process will prove to be easier than one may imagine because it is an automated one. All you need to do is assign a Windows 365 license to a user. Then, add them to a group targeted with a provisioning policy, and the provisioning of the user’s Cloud PC will proceed automatically. The process will:

  • create a Cloud PC virtual machine.
  • set it up for the end-user.
  • perform any other necessary tasks to ready the Cloud PC for use.
  • send access information to the user.

A simplified admin experience

What Microsoft has done is create a simplified admin experience that makes the provisioning much simpler and more straightforward. Once you’ve finished providing a few configuration details, Cloud PCs will be automatically provisioned for all users who have a Windows 365 license and matching configuration details.

Because this process is a one-time per user and per license process, a user and license pair can only have a single Cloud PC provisioned for them. The complete process is going to follow the steps below:

  • Starts with the creation of a provisioning policy to manage access to the Cloud PCs. Provisioning policies are key to the entire process as they are responsible for building, configuring, and availing Cloud PCs to end-users. Each policy requires you to provide details regarding the on-premises network connection, the image used to create each Cloud PC, and an Azure AD user group.
  • Assignment of a Windows 365 license to users in the Azure AD user group will begin the provisioning process. And the provisioning of the Cloud PC will be carried out automatically by Windows 365. After which it will then send the necessary access information to the user. The automation is going to proceed in 3 phases that will be invisible to the administrator.
  • The last part of the process involves the end-user receiving the necessary access information. This will allow them to sign in to the Windows Cloud PC from anywhere.

Configure

As for Cloud PCs, they need to be configured and secured similarly to any other endpoint in your environment. Microsoft integrates configuration into the provisioning process thus making it simpler. Every Windows 365 Cloud PC will either be:

  • Azure AD joined or
  • Hybrid Azure AD joined.

Azure AD joined devices can be deployed by any organization regardless of the size or sector of a business. Moreover, Azure AD join will work in hybrid environments. This gives you access to both cloud and on-premises apps and resources. These devices can be signed into using an organizational Azure AD account.

To enhance the security of corporate resources, access can be controlled depending on the Azure AD account as well as the Conditional Access policies that govern the device. You also get Mobile Device Management (MDM) tools. These include Microsoft Intune or Microsoft Endpoint Configuration Manager. Both allow admins can use to enhance security and establish greater control over Azure AD joined devices.

Great for hybrid organizations

Hybrid Azure AD joined devices are joined to your on-premises Active Directory and registered with Azure Active Directory. This scenario can be a good option for hybrid organizations that already have on-premises AD infrastructure. The hybrid Azure AD joined devices can be signed into with organizational accounts. This works by using a password or Windows Hello for Business for Win10 and above. The key capabilities available include:

  • Configuration Manager standalone or co-management with Microsoft Intune
  • SSO to both cloud and on-premises resources
  • Conditional Access through Domain join or through Intune if co-managed
  • Self-service password reset and Windows Hello PIN reset on lock screen.

Once the Cloud PCs have been joined they will then be enrolled into Microsoft Endpoint Manager. Because of this enrollment, every Cloud PC will be instantly ready for Azure AD Conditional Access. And management through Microsoft Endpoint Manager granted. And this also includes co-management if necessary.

Microsoft Endpoint Manager plays the vital role of using compliance policies. They enable you to verify that your Cloud PCs are compliant. Understandably, when it comes to cloud computing, security is of very great concern. Windows 365 does a great job of addressing that through the optimized security baseline that is available for Cloud PCs. Leveraging this baseline would be a good way to securely configure your Cloud PCs with minimal overhead.

However, in case you have concerns, the baseline is optional. Additionally, you’ll find that these baselines have been optimized to ensure that remote connectivity won’t be affected.

Protect

The integration between Windows 365 and the rest of Microsoft 365 intends to ensure that you can secure your Cloud PCs to meet your standards. Similar to physical devices that come with Microsoft Defender for Endpoint, the Windows 365 environment will also get the same security.

Because of Microsoft Endpoint Manager’s integration with Microsoft Defender for Endpoint, your Cloud PCs will get instant protection as soon as they provision occur. As a result, Cloud PCs get excellent security measures in place from the first-run experience.

Gallery imagery

Also, it’s worth noting that the provisioning of Cloud PCs uses a gallery image. And to further strengthen your security, the image will have the latest updates for Windows 10 through Windows Update for Business. Among the available features include the ability to use the endpoint detection and response capabilities of Microsoft Defender for Endpoint to determine device risk.

Similarly, you can also get protection for your Windows 365 environment through Azure AD Conditional Access. This protection comes with an option that would be of great interest to certain users whereby you can exclude Windows 365 itself from device compliance policies.

The advantage that this has is that it allows your end users access to their Cloud PCs from any supported device they choose. However, to ensure that those users are securely authenticated, Windows 365 offers multi-factor authentication, sign-in risk, and various other controls.

Updates are another key element in ensuring a highly secure Cloud PC environment. With that in mind, Windows 365 will carry out the installation of the latest quality updates using the Windows Update auto-scan ability.

It’s important to verify that your end users sign in to their newly provisioned Cloud PCs as soon as possible so that the necessary updates can install swiftly. Another thing that you can do to strengthen security is to disable the clipboard and drive redirection so that you optimize data loss prevention. By disabling this feature, users won’t be able to:

  • Copy or paste information from their Cloud PCs to other unmanaged locations.
  • Save files to their personal devices from Cloud PCs.

Monitor

For Windows 365 to work effectively for its users, it’s extremely important to verify that the end user gets a virtual machine that can adequately meet their needs. To aid in this operation, Windows 365 integrates with the Endpoint analytics in Microsoft Productivity Score

These analytics are important for providing you with insights that allow you to measure how your organization is working as well as the quality of the experience that you are delivering to your users.

Leveraging the data on offer can help you identify policies or hardware issues that are causing problems for end users such as long boot times or other disruptions. All of this generally stems from IT not having enough feedback or visibility into the end user experience.

So to resolve this, Endpoint analytics aim to improve user productivity while simultaneously reducing IT support costs thanks to the provision of insights into the user experience.

Additionally, Endpoint analytics gives you a measurement of the compute and memory load on your Cloud PCs. Following this, you can use Windows 365 to resize those Cloud PCs so that they can meet the needs of different users and their apps.

A seamless experience

Along with other device actions, the resize is available in Microsoft Endpoint Manager. And setting it up this way allows you to have a seamless experience between your Cloud PCs and other endpoints.

Another tool that you can use to enhance Cloud PC monitoring and remediation is Proactive Remediation. These remediations are script packages that can detect and fix common support issues on a user’s device before users even realize there’s a problem.

By using these remediations, you can vastly improve the end user experience as well as reduce the load on support staff. They are also very flexible so you can schedule them to run hourly, daily, etc. Not only that but you can create your own script packages to perfectly meet your requirements.

Alternatively, you can deploy one of the provided script packages that should help you in reducing support tickets. Ultimately, by using Proactive Remediation, you can extend the built-in Microsoft 365 optimizations that are provided by Windows 365. Among these optimizations include those for a heterogenous IT environment.

Deprovision

Now and again a situation may arise that may require you to revoke a user’s Cloud PC access. And Windows 365 provides you with a couple of remedies. You can use these to remove anyone’s access.

The first method you can use involves removing the user’s license or targeted provisioning following which the Cloud PC will transition into a seven-day grace period. The potential benefit of this option is that it allows for errors and reinstatement in a way that does not affect the user.

Alternatively, if you need to block access immediately, you can disable the user account in the on-premises Active Directory. You can additionally revoke the user’s refresh tokens in Microsoft Azure Active Directory.

So, at the expiration of the seven-day grace period, Windows 365 will then deprovision the Cloud PC and its storage completely. The encryption of Windows 365 Cloud PCs using server-side encryption in Azure Disk Storage (platform-managed keys) helps to ensure that the devices deprovision securely.

However, if you find yourself in a situation whereby you determine that removing a user’s license was the right course of action and not a mistake, then you don’t need to wait out the seven days.

Windows 365 allows you to proceed with your action by clicking on the In Grace Period state and then selecting End Grace Period. Consequently, this will transition the Cloud PC to the state of Deprovisioning while the Cloud PC is deleted.

Cloud PC operating systems

As I’ve already gone over above, Windows 365 lifecycle policies govern operating systems’ servicing and support. And this also includes end of support. When we talk of lifecycle we are referring to the period during which Microsoft provides support for the operating system as well as releases regular security updates.

Also, we find that not all products share the same lifecycle timeline. The lifecycle timeline of each product will be determined by its respective lifecycle policy. And this will also be consistent by product family for new and future versions. With the older products, however, lifecycle timelines may differ so there will be a need to verify the necessary information.

Windows 365 Cloud PCs run on the Windows OS and are therefore governed by the Microsoft 365 Lifecycle Policy. When the operating system on a Cloud PC eventually reaches the end of support, it will no longer receive security updates, non-security updates, and assisted support.

Image status

Windows 365 keeps up to date of all necessary end of support information in Microsoft Endpoint Manager. There the information will be located on the Provisioning policies page under Image status. Below is information you can use to verify whether the OS on the image within each provisioning policy is supported or not.

Image statusGallery imageCustom image
SupportedThis lets you know that the Cloud PCs that have been created using this policy have a Windows operating system that is supported by Microsoft and can thus receive updates.Same as gallery image.
WarningIn this scenario, the OS would have expired within the previous six months. So the Cloud PCs that were created using this policy have an OS that is no longer supported. Because of this, those Cloud PCs are extremely vulnerable and don’t benefit from security updates.Same as gallery image.
UnsupportedThe Cloud PCs created using this policy would be running a Windows operating system that hasn’t been supported for over six months. So this is a policy that can no longer be assigned to any users. Consequently, you will need to resolve the issue by updating the OS image in the provisioning policy to an image with a supported OS. All Cloud PCs that were created using this policy are vulnerable and no longer receive security updates. Furthermore, they cannot be provisioned or reprovisioned. If you were to attempt to provision a Cloud PC using this policy you would not be successful and face a Windows Image out of Support message.Not applicable.

You can also find the status values for custom images under the OS support status column on the Device images page. Once we get to the end of support date, you’ll no longer be able to select gallery images that use the expired OS for newly created provisioning policies. In addition, those images also won’t be available for use when editing existing provisioning policies.

Wrap Up on Windows 365 Lifecycle

As with all Microsoft products and services, Windows 365 is governed by a Lifecycle policy enabling the delivery of industry-leading service to clients. In a world of rapidly increasing cybercrime, organizations are looking for products and services that get excellent support and regular security updates.

And as more and more organizations are migrating to the cloud and adopting Windows 365, the modern lifecycle policy that governs Windows 365 takes on even greater importance. It gives you a clear picture of what to expect from the provisioning of your Cloud PCs all the way to the deprovisioning protocols.

Leveraging the support that Microsoft provides will help your organization to run a more streamlined IT environment. Coupled with the ease with which you can deploy Cloud PCs to your users, this clearly highlights the principle of simplicity that Windows 365 is known for most. So, for any organizations that are considering a cloud computing environment, one such as Windows 365 would be a great option to consider.