Everything You Want To Know: The Anatomy of Windows 365

There is no denying how cloud-based solutions have evolved over the decades to become an integral part of most organizations’ operations. Businesses have grown to depend on these services to improve the ease of doing business as well as bolster their cyber security.

With Windows 365, Microsoft enables businesses to operate more effectively as well as offer their workforce greater flexibility.

The arrival of Windows 365 coincides with an increasing need in the workplace to offer employees more agility. Organizations can take advantage of virtualization technology to increase their talent pool by hiring the best people from anywhere in the world.

By using services like Windows 365, these individuals can easily communicate and collaborate with team members from across the globe. Given how much there is to gain from Windows 365, I will today be going through everything you may need to know about this platform.

Breaking new ground

In July of 2021, Microsoft announced a brand new service that would enable users to access Cloud PCs from anywhere. Although similar features have been available through virtualization and remote access software, Windows 365 has now become the first official service from Microsoft.

As businesses increasingly embrace the idea of a hybrid work environment, Windows 365 is aiming to be at the forefront of the services that potential clients will be looking into. By streaming Windows 10 or Windows 11 onto almost any device, Microsoft will offer users the ability to take their desktops anywhere.

And Microsoft has assured clients that Cloud PCs will be highly secure thus users will be able to work remotely with greater peace of mind.

Accessing your desktop on the cloud will also be relatively easy because all you need is a modern browser or Microsoft’s Remote Desktop app. So as long as your internet connection is good enough to stream videos then you’ll be able to access your Cloud PC on most devices.

Users will get instant access to their Cloud PCs and can stream Windows sessions with all of their same apps, tools, data, and settings across Macs, iPads, Linux machines, and Android devices.

And according to Wangui McKelvey, a general manager for Microsoft 365, “You can pick up right where you left off, because the state of your Cloud PC remains the same, even when you switch devices.

Windows 365’s solid foundation

Ideally, any service that you want to invest in needs to have a proven track record. However, given that Windows 365 is still less than a year old there’s not much of a track record to go over.

This is why it’s important to understand the foundation on which Windows 365 is built. Because the company that has given us Azure Virtual Desktop (AVD) is the same that is responsible for the Windows 365 Cloud PC.

And if there’s anything that AVD has shown us it is that Microsoft has a good handle on cloud computing services. This is vital for you when considering Windows 365 because Microsoft has built it on its Azure infrastructure.

So you can rest assured that if you go with Windows 365, you’ll be investing in a service that is founded on a tried and tested platform. Therefore, we can take a look at AVD’s track record and some of what it has been able to offer clients.

Azure Virtual Desktop has proven to be a cost-effective alternative to scaling up a traditional virtual desktop environment in your own data center. The reduction in expenses is something that could very well help you to have a better ROI.

AVD has also proven to be invaluable to companies because of how it lets organizations control apps and data while allowing their employees to access those resources on their own devices.

This means that you can offer your workers greater flexibility in how they work while still retaining overall control and keeping security standards high. Although you could get some of these benefits from a traditional VDI environment, the service that you get from Microsoft comes at a better price point with better security.

One of the greatest benefits that you will gain from investing in Windows 365 is that it will allow you to experience Windows 10 or Windows 11 at its very best. That’s in addition to having the full power of Microsoft 365 in your hands. AVD has built a reputation for offering clients a smooth experience when using these Microsoft products. And with Windows 365 being based on AVD, you can expect the experience to be even better.

Selecting an option

Microsoft wants to avail its Windows 365 services to as many organizations as possible. Obviously, that is not going to be a simple task considering the vast differences and needs between smaller companies and large enterprises.

However, Microsoft is determined to cater to the needs of the businesses that require this virtualization service. To that end, Microsoft offers us two different editions – Windows 365 Business and Windows 365 Enterprise.

The former is designed for smaller organizations while the Enterprise edition is aimed at larger ones. And the great thing about these options is that they share a lot of the same range of features.

Windows 365 Business

This edition of Windows 365 is going to be targeting smaller businesses that require no more than 300 Cloud PCs. The service allows these companies to get a simple way to purchase, deploy, and manage Cloud PCs.

So if you do sign up for Windows 365 Business, you can easily provide Cloud PCs to any of your users that need them. Doing so allows them to stream their apps, data, content, settings, and storage from the Microsoft cloud.

Purchasing Windows 365 subscriptions can be done either through the Windows 365 product site or via the Microsoft 365 admin center. And once you have purchased your subscription, you can assign licenses to users in your organization using the Microsoft 365 admin center. As far as sizing options are concerned, there are fixed-price licenses for the different Cloud PC sizes. During the assigning of licenses to users, you need to choose a size option. The options come with different numbers of CPUs, RAM, and storage to cater to the different work needs. The table below details this information:

* Microsoft is retiring the first option (1vCPU) so clients are encouraged to select the 2vCPU option as the minimum configuration going forward.

The Windows 365 Business edition doesn’t have any licensing pre-requirements to purchase and deploy. Also, Microsoft has simplified the provisioning process which will use the default configurations.

After Cloud PC licenses have been assigned, provisioning of those Cloud PCs will happen automatically using a standard image. When it comes to Windows updates, the default Windows Update for Business settings will be configured for users.

And if you have an Intune license then these settings can be edited. Moreover, device management is only going to be limited to the assigning and unassigning of licenses in the Microsoft Admin Center. Although, those that have Intune licenses may get some device management via Microsoft Endpoint Manager.

Users will be able to access their Cloud PCs from windows 365.microsoft.com or alternatively, they can use the Microsoft Remote Desktop app. During usage, users can restart, reset, rename, and troubleshoot their Cloud PCs.

Windows 365 Enterprise

The second option that Microsoft gives clients is for larger organizations that have significantly greater computing needs. Unlike with the Business edition, in this case, users will require licensing for Windows 10 or 11 Enterprise, Microsoft Endpoint Manager, Azure AD P1. The networking situation will see the networking go through a client’s Azure VNet since it’s not part of the license.

As the provisioning process goes on, each business can customize and configure the process to meet their specific needs. It’s the role of your admins to choose the network, configure user permissions, and then assign the policy to an Azure AD group.

With that done you can then provision the Cloud PCs using either standard gallery images or custom images. Microsoft Endpoint Manager can be used for managing Windows updates as well as for troubleshooting purposes.

Users can access their Cloud PCs in the same way as Enterprise clients from the Windows 365 website or via the Microsoft Remote Desktop app. Furthermore, users can restart, rename, and troubleshoot their Cloud PCs and will be assigned a standard user role by default.

However, the admin can change that in the Microsoft Endpoint Manager admin center. Windows 365 Enterprise offers high-end security measures through the use of features such as Conditional Access and integration with Defender for Endpoint.

In addition, for clients with E5 licensing, their Cloud PCs will respond to Defender for Endpoint policies and appear in MDE dashboards.

Cost of service

Regardless of how good a product may be, choosing whether or not to subscribe may ultimately come down to cost. As we’ve already discussed above, Microsoft offers two editions of Windows 365 and both of them have a range of configurations that clients can pick from. This should help all businesses that want Cloud PCs to find something that can fit within their budget.

So small businesses with less than 300 users and massive organizations with countless users can all potentially find a subscription that suits them. The pricing model has fees starting from $20 per user per month for the lowest-end SKU, up to $162 per user per month for the most expensive one. In addition, unlike with the consumption-based pricing model that you get with Azure Virtual Desktop, Windows 365 gives you fixed monthly subscriptions. And if you need to scale up then you are given the option of getting a different subscription as well.

Clients with the Windows 365 Business subscription can get a single virtual core, 2GB of RAM, and 64GB of storage for the starting price of $20.

However, this fee is only available for clients that have Windows Hybrid Benefit. The latter is Microsoft’s Bring-Your-Own license model that is designed to help clients to apply existing (or new) licenses toward the cost of a product. If not, then that cost goes up to $24.

But, if your organization requires a lot more, you can pay $158 for eight virtual cores, 32GB of RAM, and 512GB of storage. The same situation regarding Windows Hybrid Benefit applies here and so without it, the fee goes up to $162.

The pricing model is pretty much consistent and the range of prices remains the same for Windows 365 Enterprise clients. Those that aren’t looking for a lot of computing resources can get a single virtual core with 2GB of RAM and 64GB of storage for the same $20.

However, if your computing needs are a lot greater then you can get the option that offers eight virtual cores, 32GB of RAM, and 512GB of storage for $158 per user per month.

Cloud PC Provisioning

The provisioning process in Windows 365 is an automated one that is going to:

  • create a Cloud PC virtual machine.
  • set it up for the end-user.
  • perform any other necessary tasks to ready the Cloud PC for use.
  • send access information to the user.

Life is made easier for admins as they only need to furnish a few configuration details to get the provisioning process going. Once that’s done Cloud PCs will be automatically provisioned for all users who have a Windows 365 license and matching configuration details.

Because this process is a one-time per user and per license process, a user and license pair can only have a single Cloud PC provisioned for them. The complete process is going to follow the steps below:

  • Starts with the creation of a provisioning policy to manage access to the Cloud PCs. Provisioning policies are key to the entire process as they are responsible for building, configuring, and availing Cloud PCs to end-users. Each policy will require you to provide details regarding the on-premises network connection, the image used to create each Cloud PC, and an Azure AD user group.
  • Assignment of a Windows 365 license to users in the Azure AD user group will begin the provisioning process. And the provisioning of the Cloud PC will be carried out automatically by Windows 365 after which it will then send the necessary access information to the user. The automation is going to proceed in 3 phases that will be invisible to the administrator.
  • The last part of the process involves the end-user receiving the necessary access information that will allow them to sign in to the Windows Cloud PC from anywhere.

Windows 365 Architecture

Virtual network connectivity

All Cloud PCs are going to have a virtual network interface card (NIC) in Microsoft Azure. There are two available NIC management options:

  • Bringing an Azure subscription or managing the NIC won’t be necessary for those using Azure AD Join and a Microsoft-hosted network.
  • NICs are created by Windows 365 in your Azure subscription in instances where you bring your own network and use an OPNC.

The configuration of your OPNC is what will determine how the NICs are attached to an Azure Virtual Network. There are many regions in which Windows 365 is supported and to control which region is used you can:

  • Choose the Microsoft-hosted network as well as an Azure region.
  • Choose an Azure virtual network from your Azure subscription during the creation of the OPNC.

The region selected is what determines where the Cloud PC will be created and hosted. However, with your own virtual network access can be extended between your current Azure regions to other Azure regions supported by Windows 365.

Microsoft Endpoint Manager integration

Management of all Cloud PCs is handled with MEM. The latter along with associated Windows components have various network endpoints that must be allowed through the Virtual Network. If you don’t use MEM to manage Apple and Android devices then you can ignore the endpoints.

The system requires you to only grant access to a subset of endpoints based on your MEM tenant location. Microsoft recommends allowing access to an entire region and not just a specific endpoint to allow for the possible relocation of tenants within a region.

Identity services

Windows 365 relies on both Azure AD and on-premises AD DS. With Azure AD you get:

  • User authentication for Windows 365.
  • Device identity services for MEM via Hybrid Azure AD Join or Azure AD Join.

For the configuration of Cloud PCs to use Hybrid Azure AD Join, AD DS offers:

  • On-premises domain join for Cloud PCs.
  • User authentication for RDP connections.

And for the configuration of Cloud PCs to use Azure AD Join, Azure AD gives you:

  • The domain join mechanism for the Cloud PCs.
  • User authentication for RDP connections.

Azure AD

User authentication and authorization for the Windows 365 web portal and Remote Desktop client apps is provided by Azure AD. Azure AD Conditional Access can be included to offer.

  • multi-factor authentication
  • sign-in risk management
  • restrictions based on location
  • device compliance controls
  • session limits

Active Directory Domain Services

Microsoft gives you the option of having your Cloud PCs either Hybrid Azure AD Joined or Azure AD Joined. Your Cloud PCs will require domain joining to an AD DS domain if you want to use Hybrid Azure AD Join. And that domain should be synchronized with Azure AD. The domain’s domain controllers need to be hosted in Azure or on-premises.

If it’s the latter, connectivity should be made from Azure to the on-prem environment and the type can be either Azure Express Route or site-to-site VPN. The connectivity should be set up to enable communication from the Cloud PCs to the domain controllers needed by AD.

Hosted on behalf of” architecture

This type of architecture enables Microsoft services to attach hosted Azure services to a customer subscription. Using this type of connectivity model allows a Microsoft service to provide options other than the usual consumption-based services. These include software-as-a-service and user-licensed services.

All Cloud PC connectivity comes from the virtual NIC. Because of “hosted on behalf of” architecture, you have Cloud PCs that exist in the subscription owned by Microsoft. This basically means the costs for running and managing the infrastructure are borne by Microsoft.

Azure Virtual Desktop connectivity

AVD is responsible for the provision of Cloud PC connectivity. Thus, there aren’t going to be any inbound connections directly from the internet to the Cloud PC. Rather, the connections will be established from:

  • The Cloud PC to the AVD endpoints.
  • The Remote Desktop clients to AVD endpoints.

Microsoft recommends the use of Service Tags for AVD to identify these endpoints. By doing so you should be able to ease the configuration of network security controls. It’s also worth noting that configuring your Cloud PCs to make these connections is not a pre-requisite.

The integration of AVD connectivity components into gallery or custom images is seamlessly performed by Windows 365. Furthermore, third-party connection brokers aren’t going to be supported on Windows 365 Cloud PCs.

How businesses will benefit

Having a great-sounding service availed to you is one thing, but after looking into what Windows 365 is, you still need to know how exactly this product will help your business. After all, there are plenty of great services out there that just aren’t a good fit for your business. So just what are the benefits that Windows brings to an organization?

Remote access

Most people across the globe have probably familiarized themselves with remote work over the last couple of years. Although plenty of businesses saw the need for remote access during the pandemic, the need for it has grown beyond the pandemic scenario.

One of the things that some people may be looking at when considering career opportunities is the availability of remote access. This may just prove to be key in attracting as well as retaining the best people you can find for your organization.

The Windows 365 Cloud PC gives users the ability to carry their desktops with them wherever they may be. Therefore, access to the cloud is going to be simple and hassle-free because users won’t need to be at a workstation in the office to access corporate resources.

Lower hardware costs

If you tell any business that you can potentially help to lower operating costs then most would probably at least want to give you a few moments of their time. And this is what Windows 365 aims to achieve with the Cloud PC. The cost of purchasing high-end computers for the office that can meet the needs of the various users is no small one.

But, when your PC is running in the cloud then the actual device that you need is less important. Microsoft allows users to access their Cloud PCs from most devices including those running macOS, iOS, Android, and Linux.

This means that users don’t necessarily need to invest in new devices. Not only that, but in the long run, you may not need to refresh your hardware as often thus lowering your expenses even further.

Secure hybrid work

As attractive as the possibility of working remotely may be, without top-notch security the option is not viable. So Microsoft has enhanced security measures by implementing Zero Trust principles enabling each request to be fully authenticated, authorized, and encrypted before access is granted.

Add to that the fact that data is not stored on the physical devices but on the cloud and you have even more protection around your data. These measures should help to assuage concerns about the security of remote work as well as the risk of security breaches.

Not to forget as well that Windows 365 clients can benefit from the already existing solutions that are part of Microsoft Endpoint Manager. Microsoft has also made specific security recommendations that I will be addressing below.

Simple to use

Another feature that Microsoft puts forward as a highly attractive one for Windows 365 clients is how easy the service will be to use.

In fact, Microsoft has gone so far as to say that organizations won’t need to hire specialist IT professionals to set up and manage the Cloud PCs. Features such as easy management and instant start-up enable users to have the ability to work traditionally without any prior virtual work experience. This is something that may also help you to lower overall operating costs.

Furthermore, your IT staff can manage, deploy, and configure the PC environment just as they have done all along.

Windows 365 security measures

Continuing on from what I touched on above, there are other security features that are important to know. Microsoft gives Windows 365 certain capabilities straight out of the box that are meant to enhance your security. Just as you have with your physical computers, Windows 365 Cloud PCs will come with Microsoft Defender. This helps to ensure that your device is secure from the first-run experience.

Also, the provisioning of the Cloud PCs is done using a gallery image. To ensure improved security, the image will have the latest updates for Windows 10 through Windows Update for Business. There are some differences that must be noted regarding the security measures for Windows 365 Business and those for Windows 365 Enterprise.

Windows 365 Business

Since Windows 365 Business is a service aimed at smaller organizations, particularly those that may not have IT staff, users on this edition are granted local admin rights to their Cloud PCs.

So this situation basically replicates what happens with a lot of small businesses whereby users purchase computers and retain local admin rights.

For IT departments that want to use Windows 365 Business for particular cases, they need to follow standard security practices if they intend to make those users standard users on their devices. To use MEM for this approach, you’ll need to follow the guidelines below:

  • The process starts with device configuration to enroll the devices in MEM

               using automatic enrollment.

  • The next step involves the management of the Local Administrators group.

               This can be done using Azure AD or MEM.

  • In addition, it would be a good idea to have Microsoft Defender Attack

               Surface Reduction (ASR) rules enabled. This would be very useful because

               these rules are in-depth defense mitigations for specific security concerns,

               such as blocking credential stealing from the Windows local security

               authority subsystem.

Windows 365 Enterprise

When it comes to Windows 365 Enterprise you’ll start to see some significant differences because this edition was designed for organizations that have dedicated IT teams.

This makes things slightly easier for IT as you have a system that is molded on the management and security that Microsoft Endpoint Manager provides. All Cloud PCs in Windows 365 Enterprise configure users as standard users by default.

However, admins still have the ability to make exceptions on a per-user basis. Furthermore, all Cloud PCs will be enrolled in MEM with reporting of Microsoft Defender Antivirus alerts.

You’ll also get the ability to onboard into the full Microsoft Defender for Endpoint capabilities. Microsoft makes the following security recommendations for users of Windows 365 Enterprise:

  • Users should stick to standard Windows 10 security practices. This also means restricting access to your Cloud PC using local administrator privileges.
  • You need to deploy Windows 365 security baselines to your Cloud PC from MEM. Furthermore, you should utilize Microsoft Defender to protect your endpoints, especially all Cloud PCs.
  • Taking advantage of Azure AD conditional access is a must. With features such as MFA and user/sign-in risk mitigation, you can significantly reduce the risk of unauthorized access to your Cloud PC.

Communication and collaboration

Windows 365 not only provides a platform that facilitates remote work for your organization but also ensures that team members can work together regardless of location. Clients can take full advantage of the power of Microsoft Teams to ensure that communication in your organization happens smoothly.

By using Teams, your organization can set up your environment in a way that best suits you. And when you are ready to use Microsoft Teams, the users can download the Teams client from https://teams.microsoft.com/downloads. And just like Windows 365 itself, you can install the Teams client on various devices such as Windows, Mac, or Linux PCs as well as on your Android or iOS devices. However, you’ll need to ensure that all these users have the necessary Teams license.

Some of the more important elements in Teams include chat, teams, and channels. With chat, you can have one or more users talking, sharing files, or meeting privately. Teams will enable collaboration on any project at any time and it can be visible to the entire organization or just the relevant team members. And then channels can help segment topics, projects, or anything else within teams in a way that suits the way you would like to work. Meetings and conferences are two major things that businesses need to conduct to keep things moving smoothly. By using a Teams or Skype for Business client, individuals can participate in meetings to which they’ve been invited. Even if you happen to have a bad internet connection you can still participate in meetings via audio conferencing. All you need is your regular phone, the conference phone number, and the meeting ID. Although meetings are enabled by default, you can still retain control of the meeting experience.

For smaller businesses with fewer than 300 users, you can utilize Microsoft 365 Teams Phone with Calling Plan to establish an office phone system without having a complex, costly on-premises phone system. The system will include a phone system menu, caller ID, voice mail, and other great features. So all of these features are going to enable the Windows 365 Cloud PC experience to basically simulate the office experience. Those working remotely won’t miss out on collaborating with their colleagues, sharing ideas, and crucially maintaining social connections with others. Without this, working remotely could quickly become a difficult, isolated affair.

Easy administration management

As one is going through the information that we have on Windows 365, it becomes abundantly clear that there are countless benefits for end-users. But, your IT admins will also want to know if they’ll also see changes when compared to other services. And the reality is, the ease of use principle that Microsoft applies to Windows 365 extends to your IT team as well. From the management perspective, there is plenty to be excited about starting with the fact that there is no need to have headaches about the infrastructure you need to set up to get the Cloud PC experience. Microsoft handles that side of things. Also, admins won’t need to get certified in anything else or learn new management tools. This is because Windows 365 is designed for all organizations even those without expert IT pros on staff to be able to run it without difficulty. Furthermore, you’ll be happy to know that the way you currently manage your physical devices with Microsoft Endpoint Manager will for the most part be similar to the management of Cloud PCs. A good example of this is that if you navigate to the All Devices list in Microsoft Endpoint Manager, you’ll see both your physical and Cloud PCs listed side by side.

Admins will also find that the deployment process is not complicated at all. For users to get a Cloud PC assigned to them, there are pretty much just two requirements that need to be met. They need to have the necessary license in addition to being part of an Azure AD Group that’s assigned to a provisioning policy. The process starts in the Microsoft Admin Center where you assign licenses similarly to how you would for other Microsoft 365 services. You can have a licensing admin take care of this particular task. After that, you can head over to Active Users and perform the assignment. With that done, you can now give users Cloud PCs and set them up with Microsoft 365 as well. As soon as a user is added to a group, the Cloud PC provisioning process will be launched and it won’t be long before the Cloud PC is ready for use. And with Windows 365 using a fixed price per user per month model, there’s no extra workload involving tracking, utilization, or keeping idle resources running.

Wrap Up

Windows 365 is a service that has countless different applications that can help businesses, both large and small, to completely change their IT environment. Taking advantage of the Cloud PC can mean potential changes in policy about who and how your organization hires. The ability to give employees remote access without compromising collaboration gives you a far deeper pool of talent to choose from when looking to hire people. The cost of the service is something that can also help your business by reducing expenditure on hardware. Not having to provide employees with brand new high-end computers and reducing hardware refresh rates can go a long way in improving your bottom line. In addition, when you consider how Microsoft has designed Windows 365 to be easy to use then you begin to see a platform that can change the virtualization sector. Undoubtedly, there’s still a lot more to come as the service improves but for now, Windows 365 has certainly offered a lot to be excited about.

1 thought on “Everything You Want To Know: The Anatomy of Windows 365

  1. Pingback: Weekly Newsletter – 23rd to 29th April 2022 - Windows 365 Community

This site uses Akismet to reduce spam. Learn how your comment data is processed.