AVD – The Flexible Solution for Remote Work and Business Continuity

One thing that we cannot deny is that remote work is a huge topic in business circles everywhere. It’s something that plenty are trying to evaluate so they can see whether it would be good for them or not. Although opinions and experiences may vary, there’s no denying the potential advantages that remote work could offer businesses. But, for you to get the most out of it, you need solutions with a proven track record. This includes Azure Virtual Desktop (AVD). It’s a solution that can offer employees greater flexibility in how they do their work. Additionally, it provides you with a solid business continuity strategy. Today, we’ll be discussing AVD and what you need to know about it.

Azure Virtual Desktop

A virtual desktop offers you the full desktop experience while running on a remote server. This means that you can access work applications and other organizational resources while working remotely. Azure Virtual Desktop is an app and virtualization service that runs on the cloud.

With this Azure cloud-based service, businesses can offer their employees an efficient and secure way of working remotely. It also allows for capabilities to deploy and manage desktops without too much difficulty. Some of the things you’ll get when running AVD include the following:

  • The ability to set up a multi-session Windows 11 or Windows 10 deployment that can give you the full Windows experience and scalability.
  • Presenting Microsoft 365 Apps for enterprise and optimizing it to run across multi-user virtual scenarios.
  • Bringing your existing Remote Desktop Services (RDS) and Windows Server desktops along with apps to any computer.
  • The ability to virtualize not only desktops but apps as well.
  •  Provides you with a unified management experience that simplifies the management of desktops and apps from different Windows and Windows Server operating systems.

Importance of remote work

Understandably, plenty of businesses may ask themselves why they would even need to be considering remote work. If what you’re currently doing is working well, then why change it right? Although this assertion may be true, we only have to look back a couple of years to a situation where people couldn’t go to work and were required to stay home.

In these kinds of scenarios, being able to leverage virtual desktop services means employees can remain productive, and your business suffers significantly less.

In addition, the greater flexibility that remote work can offer employees is something that can contribute to increased job satisfaction. Employees who have the option for a better work/life balance are likely to be more efficient in how they do their jobs.

Furthermore, this can also change the way businesses operate for the better. You can have the option of hiring people from anywhere, giving you access to the best talent available.

Features of Azure Virtual Desktop

There’s no question that there are several benefits that businesses can gain from utilizing virtual desktop services. But why pick Azure Virtual Desktop? After all, it’s not even the only option that Microsoft offers.

However, AVD does have several features that can make it the remote work solution of choice for many businesses. It’s going to provide you with the following capabilities:

  • It allows you to create a full desktop virtualization environment in your Azure subscription. And you won’t need to run any gateway servers to do it.
  • You can accommodate your diverse workloads by publishing host pools as and when you need them.
  • Bring along your own images for production workloads or test from the Azure Gallery.
  • The option to have pooled, multi-session resources is going to enable you to cut down on costs. Clients will benefit from Windows 11 and Windows 10 Enterprise multi-session capabilities, exclusive to Azure Virtual Desktop or Windows Server. By giving you this option, AVD allows you to massively reduce the number of virtual machines and operating system overhead. Additionally, it continues to provide the same resources to your user.
  • You’ll also get personal (persistent) desktops, and this will provide you with individual ownership.
  • There is an auto-scale feature that allows you to automatically increase or decrease the capacity based on variable factors. These include changing certain days of the week or a specific time of day. And all of which can help you keep expenditures under control.

DEPLOYMENT AND THE MANAGEMENT OF VIRTUAL DESKTOPS AND APPLICATIONS

  • You can create application groups, assign users, and publish resources by using the Azure portal, Azure CLI, PowerShell, and REST API for configuring the host pools.
  • Reduce the number of images by publishing a full desktop or individual apps from a single host pool, creating individual application groups for different sets of users, or even assigning users to multiple application groups.
  • In addition, Azure Virtual Desktop also recommends the use of built-in delegated access to assign roles and collect diagnostics to understand various configurations or user errors.
  • Another recommendation for environment management requires the use of built-in delegated access. This assigns roles and collects diagnostics to understand various configurations or user errors.
  • Whenever issues arise, and you need to troubleshoot errors, you can use the new diagnostics service.
  • Lastly, only the image and virtual machines should be managed and not the infrastructure. It’s not going to be necessary to personally manage the Remote Desktop roles as you do with Remote Desktop Services. Instead, just manage the virtual machines in your Azure subscription.

CONNECTED USERS

  • As soon as users have been assigned, they can launch any AVD client to connect to their published Windows desktops and applications. This scenario allows you to connect from any device using either a native application on your device or the Azure Virtual Desktop HTML5 web client.
  •  Furthermore, you can eliminate the need for opening inbound ports by securely establishing users through reverse connections to the service.

Why choose Azure Virtual Desktop?

As previously mentioned, AVD is not the only virtual desktop solution available for businesses to choose from. We’ve already discussed what AVD is and what features it can bring to your organization. But some may still be asking why this particular solution. The reality is, there are several reasons why you may want to choose AVD as your flexible remote work solution of choice.

SEVERAL USE CASES

AVD allows you to take advantage of several use cases to get the most out of your subscription. Arguably, the biggest of these benefits is that remote workers will get virtual desktops that they can securely access from anywhere using your existing Active Directory for authentication.

Additionally, if you want to publish legacy applications to certain users, you can install them on an AVD host and publish them to those users. To ensure a truly comprehensive remote working experience, you can deploy an AVD host in various regions across the world, thus enabling you to support your users globally.

DEVICE REFRESH EXPENDITURE

From our experiences of using personal devices, most of us are already aware that every few years, we’ll need to upgrade our devices. At a certain point, our devices will stop getting updates, the hardware will slow down, the battery may need replacing, etc. As one can imagine, the cost of refreshing devices for a business is going to be significant.

This is why taking advantage of solutions like AVD and shifting your computing model to the cloud can help businesses start reducing the money spent on hardware. With this solution, your business can use any number of devices, from tablets, laptops, and other mobile devices, for work-related purposes. Not only that, but even some so-called outdated devices may potentially be used to access virtual desktops.

Additionally, Azure Virtual Desktop is a cost-effective alternative to scaling a traditional virtual desktop environment within your own data center. This reduction in expenses leads to better ROI.

AVD can be an invaluable tool as well for companies because of how it lets organizations control various apps and data while still allowing employees access to those resources on their own unique devices. This means that you can also offer your workers greater flexibility in how they work. And you can still retain overall control and keeping security standards high.

Although you could expect some of these benefits from a traditional VDI environment. The service you get from Microsoft comes at a better price point with better security.

IMPROVED SECURITY

Anyone looking to migrate to the cloud will want to know how secure the platform is going to be. Fortunately, for Azure Virtual Desktop clients, you can rest assured that you’ll get the identity management, backup, and database security benefits that the Microsoft Cloud provides.

We already know that Microsoft spends over a billion dollars a year in developing its industry-leading security measures and has a few thousand security experts working hard to enhance the security of the Microsoft ecosystem. As a result, employees will get to have virtual desktops that they can access in a highly secure manner, regardless of where they’re working.

SIMPLIFIED MANAGEMENT

Another great reason to choose Azure Virtual Desktop is that it will allow IT admins to only manage users, applications, and virtual machines without having to worry about the RDS infrastructure. This is because the latter will be managed by the AVD service.

Therefore, since RDS components like Gateways, Brokers, and Licenses are provided by the AVD service, the task of managing them is undertaken by AVD.

Furthermore, clients will be happy to learn that the AVD infrastructure is set up in such a way as to provide a simplified experience, with everything being centrally stored, managed, and secured.

So, what the virtual desktop environment gives you is an easier management system where there is no need to install, update, and patch applications. In addition to the above, the need for backing up files or scanning for malware on individual client devices is negated.

Multi-session attraction

One of the great features of WVD infrastructure is its multi-session environment. This is something that goes a long way in drastically reducing the resources that are required when using single-user methods. With single-user sessions, there are two main disadvantages that can arise.

Firstly, when the machine is not running at peak, a lot of resources are going to waste, and secondly, when multiple users are working on single-user sessions, this is going to be extremely demanding in terms of resources. 

Getting set up

As we look at setting up Azure Virtual Desktop for your business, there are few requirements that you’ll need to consider before proceeding:

  • You need to have an active Azure account and subscription.
  • You need access to a global administrator Azure AD role within the Azure tenant that you plan on using.
  • Lastly, for your Azure subscription, you need to have a contributor and a user access administrator.

DEPLOYMENT STEPS

  • Log in with your administrator account in the Azure portal. Then, search for Azure Virtual Desktop and select it.
  • Proceed to set up host pools that contain virtual machines, application groups to assign the Remote Apps to users, the workspaces as logical groupings of application groups, scaling plans, and users to scope access to running AVD resources.

PROVISIONING

  • Select ‘Getting started‘ in the top left area and then check that the correct subscription is selected.
  • Then, for the identity provider, you’ll find that using an existing on-premises active directory or an existing Azure AD Domain Services instance is something that will be presented as a different option.
  • Select Azure AD domain services for identity service type.
  • Create a resource group with a unique name.
  • For the location, select a region that is closest to your users.
  • You can use your account for the Azure admin username if it has the necessary permissions to deploy resources and to grant access to them.
  • Enter a password for the account.
  • Use the next account to join virtual machines to the domain.
  • Go to the virtual machines tab and create your first session hosts.
  • The users for each virtual machine will determine whether you want more than one user simultaneously logged into a single VM. The multi-session capability, unique to Azure Virtual Desktop, is going to help you save costs and is compatible with both Windows 11 or Windows 10 client operating systems.
  • You also have the option of a single dedicated virtual machine for one user at a time.
  • Next, from Image, you can select from a number of supported Windows client and server virtual machine images for AVD.
  • In addition, you have the option to create and manage your own virtual machine images. You can also choose them in addition to the standard gallery images.
  • When it comes to virtual machine size, you can choose from hundreds of supported VM sizes in Azure.
  • Once you have configured host pool VMs, create an initial user assignment for this host pool in the assignments tab.
  • Once the core steps have been completed, the user will validate everything. You can then create all the necessary resources for AVD.
  • With this done, several resources and services will deploy including:
  • * 4 new Azure resource groups.
  • * Azure AD domain service that will be used for authentication.
  • * Storage account to store data.
  • * FSLogix profile containers to support multi-session environments.
  • * Host pool and virtual machines.

Accessing your virtual desktop

Once your virtual desktops have been set up, users will want to know how they can access them. For virtual desktop services to provide an attractive option, they need to be easy to access. Azure Virtual Desktop allows users additional access their virtual desktops with any modern device as long they have internet access.

This also means that it won’t matter what operating system you are using. Users can stick with the devices they prefer and don’t need to purchase new devices to access AVD.

For the best experience, however, Microsoft recommends using the Remote Desktop client app. Fortunately, this app is available on multiple platforms, including Windows, macOS, iOS, and Android. Apart from this app, users may also access their virtual desktops using any modern HTML5-compatible browser. 

Using the web client, users can access any session desktop or remote application inside of a browser window or tab. Also, be aware that the app you use to access RDS is a different one from the AVD remote desktop client. All this means is that you need to verify that you download the right version of the app.

Furthermore, users can access full desktop sessions and individual published applications when using the Remote Desktop client. This will be in addition to the automatic addition of remote apps and desktops to the local computer’s Start Menu for easier access.  

Enhance your business operations

Azure Virtual Desktop will not only give you an alternative technology solution. But it can also enhance the way your company operates. Plenty of businesses are looking at ways to increase revenue streams. And virtual desktops can help you achieve that by extending productivity to employees’ PCs, phones, tablets, or browsers. These devices might not be under the direct control of the IT team. Moreover, of the measures that Azure puts in place, users will have highly secure access to organizational resources from their various devices.

Another great thing that AVD will help you with is the level of support that end users will receive. When businesses are migrating workloads to the cloud, users are going to need increased support for a low-latency, optimized experience.

Fortunately, with AVD, you get a business-critical platform, and a cloud adoption plan can directly or indirectly impact cloud adoption for all the concerned workloads.

Run a greener operation

In today’s marketplace, it should not be news to anyone that our environment has suffered significantly. All of us to pitch in to start addressing the issues. Regardless of where you may stand on the matter, eco-friendly operations matter. One thing you can’t deny is that plenty of people are now choosing which businesses they deal with based on how sustainable they are.

We’ve already talked about how using virtual desktops will impact your device refresh cycle. However, needing to purchase fewer devices also means that your business will produce less electronic waste.

Because of the use of Microsoft’s highly efficient data centers, your business can potentially cut down massively on energy consumption. Coupled with the fact that you can have some employees working remotely, the total energy savings will be significant, especially when you also factor in commuting to work.

With virtual desktop users being able to work remotely, your business can improve productivity and efficiency. Users can access their virtual desktops wherever they are, allowing your business to run more sustainably while simultaneously increasing productivity.

Wrap up

When looking at remote work, we need to consider that there are plenty of advantages that both employer and employee can gain from this. Considering how virtual desktop services have grown in popularity over the last few years, businesses should at least be looking at these solutions to see what they can bring to their organizations. If there’s anything we’ve learned in that time, it’s that we need to be prepared for the worst. Otherwise, businesses may be forced to shut down.

The freedom and flexibility that a service like Azure Virtual Desktop can offer employees is something that can massively boost staff morale. Virtual Desktop users can maintain high levels of productivity whether they are in the office or working remotely.

In addition, Azure guarantees you industry-leading security measures, meaning that businesses don’t need to worry about where their employees are working. Ultimately, AVD can be the solution to take your business to the next level.

Windows Autopatch: Guide to Setup and Configuration

Most businesses have several technologies that they use to help their employees operate at the highest levels of efficiency. Without them, your ability to provide high-quality products and services would be severely hindered.

But, all these devices and the associated operating systems and applications need maintenance for them to work the way they were designed to. They need regular attention as well as updates and security patches. This is so businesses can fully benefit from their productivity tools.

Windows Autopatch gives you a great solution for your Microsoft products by automating the update process. Additionally, it simplifies the maintenance process for you. In this article, we’ll be going over how your business can set up this must-have solution.

What is Windows Autopatch?

Let’s start by explaining what exactly Windows Autopatch is and what it does. According to the Windows Autopatch page:

Windows Autopatch is a cloud service that automates Windows, Microsoft 365 Apps for enterprise, Microsoft Edge, and Microsoft Teams updates to improve security and productivity across your organization.”

One of the key reasons this solution is a much-needed tool is that the process of implementing updates is not entirely seamless for a lot of organizations. IT admins are responsible for ensuring your organization’s devices get all the necessary updates upon release. And they’re responsible for overseeing that everything is working as it should.

So, even though Microsoft provides regular updates for its products and services, the task can sometimes be challenging and very time-consuming. Therefore, with a solution like Autopatch, IT admins can save a lot of time on the update processes. They can additionally cut time in positioning the overall security posture of the business, leading to improvements.

I’m sure most would agree that this is an excellent feature to have, given the increasing sophistication of cyber attacks. Additionally, end users will be able to work more efficiently with fewer distractions. Moreover, your IT personnel will potentially have a lot more time on their hands for dedicating to more productive tasks.

The role of Autopatch services

From what we have seen over the last year, we know that Windows Autopatch can manage your updates for you. But, you still need to know what exactly Autopatch will be responsible for regarding those updates. This is why it’s not too surprising that a lot of IT admins are hesitant about using Autopatch. They have concerns about losing control over their devices.

To simplify the rollout of the different updates, Windows Autopatch will place devices into groups based on their software and hardware configurations. Doing it this way enables suitable test machines to receive updates first. And if all goes well, broader deployments can proceed as well. Not only is this a crucial step for evaluating updates, but it can help alleviate some of the concerns that IT admins have.

Below is a list of what Autopatch will be responsible for updating:

  • Windows 10 and Windows 11 quality
  • Windows 10 and 11 features
  • Windows 10 and 11 drivers
  • Windows 10 and 11 firmware
  • Microsoft 365 apps for enterprise updates

In addition to the above list, Windows Autopatch will also be responsible for patching drivers and firmware that are only published to Windows Update as automatic. Also, in terms of how Windows Autopatch operates, there are four deployment rings. The first one caters to a few of your company’s devices, and the second one is responsible for 1% of these devices. The third and fourth rings will contain 9% and then 90% of the organization’s devices respectively. 

Setting up Windows Autopatch

The process of setting up Windows Autopatch includes several steps that we will be discussing in this section.

PREREQUISITES

AreaRequirements
LicensingWindows 10/11 Enterprise E3 (or higher) in addition to Azure Active Directory Premium and Microsoft Intune.
ConnectivityAll Windows Autopatch devices require dedicated connectivity to multiple Microsoft service endpoints across the corporate network.
Azure Active DirectoryThe source of authority for all user accounts needs to be Azure AD. Or, the user accounts can be synchronized from on-premises Active Directory using the very latest supported version of Azure AD Connect to enable Hybrid Azure Active Directory to join.
Device managementAll devices must be registered with Microsoft Intune, be connected to the internet, have a Serial number, Model and Manufacturer, and must be corporate-owned. Furthermore, the target devices will need to have Intune set as the Mobile Device Management (MDM) authority or co-management must be turned on.

NETWORK CONFIGURATION

  • Proxy configuration – Windows Autopatch needs to reach certain endpoints for the various aspects of the Windows Autopatch service. Network optimization can be done by sending all trusted Microsoft 365 network requests directly through their firewall or proxy.
  • Proxy requirements – should support TLS 1.2, and if not, then you may need to disable protocol detection. 
  • Required URLs – mmdcustomer.microsoft.com

                         – mmdls.microsoft.com

                         – logcollection.mmd.microsoft.com

                         – support.mmd.microsoft.com

  • Delivery optimization – Microsoft recommends configuring and validating Delivery Optimization when you enroll into the Windows Autopatch service.

TENANT ENROLLMENT

The first step in this next stage will require you to verify that you’ve met all the requirements discussed at the beginning of this section.

With that done, you’ll now need to run the readiness tool. This checks the settings in both Intune and Azure AD and verifies that they work with Autopatch. To access this readiness assessment tool, head over to the Intune admin center and select Tenant administration in the left pane. Once there, go to Windows Autopatch > Tenant enrollment. When the check is done, you’ll get one of four possible results: Ready, Advisory, Not ready, or Error. And if this check is showing any issues with your tenant, then your next step will involve fixing the issues picked up by the readiness assessment tool.

If everything is in order and the readiness assessment tool has given you the “Ready” result, then you can proceed and enroll the tenant. You’ll find the “Enroll” button that you need to select within the readiness assessment tool. Once you select this option, it will start the process of enrolling your tenant into the Windows Autopatch service. You’ll see the following during the process:

  • Consent workflow to manage your tenant.
  • Provide Windows Autopatch with IT admin contacts.
  • Setup of the Windows Autopatch service on your tenant. This step is where the policies, groups, and accounts necessary to run the service will be created.

Your tenant will be successfully enrolled upon completion of these actions. And then, after all this is done, you can delete the collected data by the readiness assessment tool if you want. To do so:

  • Head over to the Microsoft Intune admin center.
  • Go to Windows Autopatch > Tenant enrollment.
  • Select Delete all data.

ADD AND VERIFY ADMIN CONTACTS

After you have finished the process of enrolling your tenant, you can move on to the addition and verification of admin contacts. Windows Autopatch has several ways of communicating with customers. And there’s a requirement to submit a set of admin contacts when onboarding. Each specific area of focus should have an admin contact. This provides that the Windows Autopatch Service Engineering Team has a contact for assistance with the support request. These areas of focus are given below.

Area of focusDescription
DevicesDevice registration Device health
UpdatesWindows quality updates Windows feature updates Microsoft 365 Apps for enterprise updates Microsoft Edge updates Microsoft Teams updates

To add the admin contacts, follow these steps:

  • Sign in to the Intune admin center.
  • Head over to the Windows Autopatch section, find Tenant administration, and then select Admin contacts.
  • Select Add.
  • Now, you need to provide all the necessary contact details. This includes name, an email, phone number, and language of choice.
  • Choose an area of focus and provide information about the contact’s knowledge and authority in this particular area.
  • Click Save and then repeat the steps for each area of focus.

DEVICE REGISTRATION

  • Windows Autopatch groups device registration

Autopatch groups will start the device registration process for devices that aren’t yet registered using your existing device-based Azure AD groups. This is instead of the Windows Autopatch Device Registration group. Windows Autopatch will support a couple of Azure AD nested group scenarios, namely Azure AD groups synced up from:

  • On-premises Active Directory groups (Windows Server AD)
  • Configuration Manager collections
  • Clean up dual state of Hybrid Azure AD joined and Azure registered devices in your Azure AD tenant

For an Azure AD dual state to occur, a device needs to be initially connected to Azure AD as an Azure AD registered device. And then, when you enable Hybrid Azure AD join, the same device will be connected twice to Azure AD as a Hybrid Azure AD device.

So, what you’ll find in the dual state is a device with two Azure AD device records with different join types. However, the Azure AD registered device record is stale because the Hybrid Azure AD device record will take precedence.

About the Registered, Not ready, and Not registered tabs

Device blade tabPurposeExpected device readiness status
RegisteredShows successful registration of devices with Windows AutopatchActive
Not readyShows successfully registered devices that aren’t yet ready to have one or more software update workloads managed by the Windows Autopatch service.Readiness failed and/or Inactive
Not registeredShows devices that have not passed the prerequisite checks and thus require remediation.Prerequisites failed.

Device readiness statuses

Readiness statusDescriptionDevice blade tab
ActiveShows devices that: +have passed all prerequisite checks +registered with Windows Autopatch +have passed all post-device registration readiness checksRegistered
Readiness failedShows devices that: +haven’t passed one or more post-device registration readiness checks +aren’t ready to have one or more software update workloads managed by Windows AutopatchNot ready
InactiveShows devices that haven’t communicated with Microsoft Intune in the last 28 days.Not ready.
Prerequisites failedShows devices that: +haven’t passed one or more prerequisite checks +have failed to successfully register with Windows AutopatchNot registered

Built-in roles required for device registration

Roles are permissions granted to dedicated users. And there are a couple of built-in users in Autopatch that you can use to register devices:

  • Azure AD Global Administrator
  • Intune Service Administrator

Less privileged user accounts can be assigned to perform specific tasks in the Windows Autopatch portal. You can do this by adding these user accounts into one of the two Azure AD groups created during the tenant enrollment process:

Azure AD group nameDiscover devicesModify columnsRefresh device listExport to .CSV
Modern Workplace Roles – Service AdministratorYesYesYesYes
Modern Workplace Roles – Service ReaderNoYesYesYes

Details about the device registration process

The process of registering your devices with Windows Autopatch will accomplish a couple of things:

  • Creation of a record of devices in the service.
  • Device assignment to the two deployment ring sets and other groups required for software update management.

Windows Autopatch on Windows 365 Enterprise Workloads

As part of the Windows 365 provisioning policy creation, Windows 365 Enterprise admins will have the option to register devices with Windows Autopatch. This means that Cloud PC users will also benefit from the increased security and automated updates that Windows Autopatch provides. The process for registering new Cloud PC devices is as follows:

  • Head over to the Intune admin center and select Devices.
  • Next, go to Provisioning>Windows 365 and select Provisioning policies>Create policy.
  • Type in the policy name, select Join Type, and then select Next.
  • Pick your desired image and select Next.
  • Navigate to the Microsoft managed services section, select Windows Autopatch, and then select Next.
  • Assign the ideal policy, select Next, and then select Create.
  • Your newly provisioned Windows 365 Enterprise Cloud PCs will then be automatically enrolled and managed by Autopatch.

Windows Autopatch on Azure Virtual Desktop workloads

Azure Virtual Desktop (AVD) workloads can also benefit from the features that Windows Autopatch has to offer. Your admins can use the existing device registration process to provision their AVD workloads to be managed by Autopatch.

One of the most appealing features of Windows Autopatch is how it offers the same quality of service to virtual devices as it does to physical ones. This ensures that if your business is looking to migrate to virtual devices or is already using them, then you won’t miss out on what Windows Autopatch offers.

It is worth noting, however, that any Azure Virtual Desktop specific support is deferred to Azure support unless otherwise specified. In addition, the prerequisites for Windows Autopatch for AVD are pretty much the same as those for Windows Autopatch and AVD.

The service will support personal persistent virtual machines. But, there are some AVD features that are not supported such as multi-session hosts, pooled non-persistent virtual machines, and remote app streaming.

Deploy Autopatch on Azure Virtual Desktop

Another great feature that you’ll get with Autopatch is that you can register your Azure Virtual Desktop workloads using the same method as your physical devices. Microsoft recommends nesting a dynamic device group in your Autopatch device registration group to simplify the process for your admins. And this dynamic device group is going to target the Name prefix defined in your session host while also excluding any Multi-Session Session Hosts.

Client support

Windows Autopatch provides businesses with excellent support services to ensure that any issues are addressed. You can access the appropriate support services through Windows 365, or the Windows Autopatch Service Engineering team for device registration-related incidents.

Device management lifecycle scenarios

Before you proceed and register your devices in Windows Autopatch, there are a few device management lifecycle scenarios that you may want to consider. These include the following:

  • Device refresh – devices that were previously registered in Autopatch and require reimaging will require you to run one of the device provisioning processes available in Microsoft Intune to reimage these devices. Subsequently, these devices will be rejoined to Azure AD (Hybrid or Azure AD only) and then re-enrolled into Intune. And because the Azure AD device ID record of that device will not be altered, neither you nor Windows Autopatch will need to perform any additional actions.
  • Device repair and hardware replacement – when devices require you to repair them by replacing certain hardware, then you’ll need to re-register these devices into Autopatch when you’re done. We are talking about the kind of repairs that include replacing parts such as the motherboard, non-removable network interface cards (NIC), or hard drives. And the reason why re-registration is necessary is that when you replace those parts, a new hardware ID will be generated, including:
  • SMBIOS UUID (motherboard)
  • MAC address (non-removable NICs)
  • OS hard drive’s serial, model, manufacturer information

So, even though you still practically have the same device, whenever you replace major hardware, Azure AD will create a new ID record for that device.

UPDATE MANAGEMENT

Software update workloads

Software update workloadDescription
Windows quality update – on the second Tuesday of every month, Autopatch deploys monthly security update releases. Autopatch also uses mobile device management (MDM) policies to gradually release updates to devices. These policies are deployed to each update deployment ring to control the rollout.Requires four deployment rings to manage these updates
Windows feature update – in this instance, you’ll be the one to inform Autopatch when you’re ready to upgrade to the new Windows OS version. The feature update release management process has been designed to make the task of keeping your Windows devices up to date much easier and more affordable. This also has the added benefit of lessening your burden, thus allowing you to dedicate more time to more productive tasks.Requires four deployment rings to manage these updates
Anti-virus definitionUpdated with each scan
Microsoft 365 Apps for EnterpriseFind information at Microsoft 365 Apps for Enterprise
Microsoft EdgeFind information at Microsoft Edge
Microsoft TeamsFind information at Microsoft Teams

Autopatch groups

Autopatch groups play an essential role in helping Microsoft Cloud-Managed services work with businesses according to their various needs. When it comes to update management, Windows Autopatch groups provide an excellent tool that allows for the combining of Azure AD groups and software update policies. These might include Windows Update rings and feature update policies.

Reports

If there are any Windows Autopatch managed devices in your environment that are not up to date, you can monitor and remediate them using Windows quality and feature update reports. Not only that, but you can also resolve any device alerts to bring Windows Autopatch-managed devices back into compliance.

Policy health and remediation

To enable the management of Windows quality and feature updates, Autopatch needs to deploy Intune policies. Windows Update policies must be healthy at all times should you plan to remain up to date and receive Windows updates. Microsoft ensures continuous monitoring to maintain the health of the policies, as well as raise alerts and provide remediation actions.

Wrap up

The threat of attacks against businesses is something that is always lurking. And as we have seen on far too many occasions in recent years, these attacks can be devastating. Business operations can be severely compromised. Additionally, the financial penalties can be massive. Therefore, there is a need to do everything within your power to fortify your system defenses. Windows Autopatch allows you to bolster your security by automating certain tasks.

Make sure that update and patch deployments occur in a timely fashion. It can significantly reduce the risk of attacks against your business. And this is precisely what Autopatch is ready to help you prevent.

It helps you by automating the update process and simplifying tasks that are sometimes difficult and time-consuming. As a result, you get an easier and less expensive way of equipping your business with all the latest security updates necessary. Ultimately, it allows you to enhance your operations.

Understanding The Microsoft 365 Stack For Cloud Security

Microsoft 365 (M365) provides businesses with a solution that empowers people to fully utilize their creativity while working together securely. The Microsoft 365 Stack is your IT security blanket.

All of the features that you get should enhance the productivity of your business. But, the key to all of this is keeping your data secure.

Incidents of security breaches have been steadily increasing over the last few years so data security should be a top priority for all businesses. By understanding how the Microsoft 365 stack operates, we can see how the available features can strengthen your cybersecurity.

What’s in it?

The first question that one may ask is what will you get with Microsoft 365? And is it actually any different from Office 365 or is this merely a rebranding exercise?

Firstly, clients get local apps and cloud-based apps, and productivity services. These include both M365 Apps for enterprise, the latest Office apps (such as Word, Excel, PowerPoint, Outlook, and others), and a full suite of online services.

Secondly, you’ll also receive Windows 10 Enterprise which is the most productive and secure version of Windows. It meets the needs of users and IT for both large and medium enterprises.

And finally, you also benefit from device management and advanced security services including Microsoft Intune. So all in all, Microsoft 365 is designed to be a more comprehensive solution and the name change is more reflective of the range of features and benefits in the subscription.  

Businesses are vulnerable

The importance of cloud security to a business cannot be overstated. Especially when you take into consideration the study by the University of Maryland showing that cybercriminals infiltrate business data about once every 39 seconds.

And as remote work continues to expand, the use of personal devices to access sensitive data can be a massive additional risk. This is why businesses need platforms like Microsoft 365 Stack to not only enhance productivity but safeguard business data as well.

Backing up your data

Arguably one of the first things to consider in your data protection strategy is cloud backup. Because there are so many threats – internal and external – to data security, having your data backed up is a must. Using the Microsoft 365 Cloud Backup comes with several benefits that you simply cannot ignore. And these include:

  • Protection against accidental deletion of data which is something that will happen occasionally.
  • Protection against data losses resulting from cyberattacks.
  • Threats don’t always come from outside actors so backups will also protect you from the nefarious actions of internal actors.
  • Backups can help you to manage legal and compliance requirements.

Working from anywhere

One of the key selling points of Microsoft 365 is how it enables people to collaborate on various projects from just about anywhere. And this is made possible because the responsibility of your data’s security lies with Microsoft.

Businesses can rest easy knowing that their data is highly secure on the OneDrive platform or when shared across Teams and SharePoint.

What this also means is that you have fewer expenses by eliminating the need to maintain expensive hardware.

Furthermore, built-in security features such as the robust data loss prevention policy, Advanced Threat Analytics, and Exchange Online Protection will enable your employees to work remotely as securely as possible.

Secure access to data

The Microsoft 365 stack ensures that even when employees are using personal devices, the security of your data is still maintained. This is possible because of features like multi-factor authentication (MFA) that add a layer of protection to the sign-in process.

So users will have to provide additional identity verification, such as scanning a fingerprint or entering a code received by phone.

Also, you can add solutions like Microsoft Intune to use advanced capabilities that can enforce mobile device encryption and enable the use of PIN numbers. Microsoft ­365 has several threat protection tools that all businesses should know:

  • Microsoft Defender ATP: offers clients excellent endpoint protection and prevents cyberattacks and data breaches. With the increase in use of personal devices, this feature works great on mobile devices, which are particularly vulnerable to attacks.
  • Office 365 ATP: this feature aims to secure your communications by dealing with phishing attacks, zero-day threats, and other types of malware that users may encounter in emails and links.
  • Microsoft Cloud App Security: detects abnormal usage and incidents, alerting you to threats to your cloud apps.
  • Azure ATP: makes use of on-site active directory to keep your identities secure and also reduce the attack surface.

Simplifying update processes

One of the major advantages of having cloud-based software is the ability to have regular updates. This is particularly necessary when we consider the sophistication of the constant cyber threats that businesses have to contend with.

And the great thing about these updates is that Microsoft allows organizations to sign up to an update schedule that is convenient for them. By doing this, regular updates will stop being a nuisance that people sometimes ignore.

Especially given how important they are for bug fixing and patching up security issues. When organizations can have the most up-to-date software versions in their hands, this can significantly enhance their cloud security.

Securing your business

Cyber threats are targeting all kinds of organizations and small businesses are no exception. Without effective solutions in place, you are at risk of being shut down by cybercriminals. But by using Microsoft 365 Stack, you get a robust solution that is designed to provide companies with all the features they need to run a more secure and efficient business.

All the available tools and features will help you to address the data security and compliance issues that you are bound to encounter as time goes on. It may just be time to utilize the enterprise-grade service and protection of the M365 stack. 

Microsoft Launches Windows 365

An argument could be made that the need for tools that not only simplify but improve remote work has never been greater than it is today. In an increasingly connected world, leveraging cloud computing can be the answer to a lot of the challenges that businesses are currently facing.

With Windows 365, Microsoft is aiming to improve on existing technologies to make the cloud experience even better. By enabling the computing to be done remotely in a data center and then streamed to users’ devices, Microsoft can offer something that can be compared to game streaming.

As a new way of using a computer as hybrid Windows for a hybrid world, there’s plenty that we need to look into.

What are we looking at?

Just when people were thinking that Windows 10 would be the last in the line of Windows versions, Microsoft gives us another one.

A platform that in Microsoft’s own words is going to take the operating system to the Microsoft cloud and stream the full Windows experience to personal or corporate devices.

This will include settings, data, and apps. It’s what Microsoft calls the Cloud PC. Simply put, this is a service that allows business clients to access cloud PCs from anywhere.

So technically speaking, we should not look at this service as a new version of Windows. Rather, we should take it for what it truly is — a platform that is designed to stream the full experience of Windows 10 or 11 to any browser.

Regardless of which operating system your device may be running. If we are to consider how Microsoft’s Software-As-A-Service (SaaS) model has evolved over the last decade, this move was probably going to be the next step.

Launch date

The announcement from Microsoft was made on the 14th of July and in that statement, it was made known that we should expect Windows 365 on the 2nd of August. This, however, will be for businesses. Chances are that at some point, Microsoft may eventually avail the service to consumers and small shops — sole proprietorships.

Giving clients virtual PCs

By providing this service, Microsoft can potentially cut partners out and provide virtual PCs directly to its clients. Rather than only offering operating systems, applications, productivity suites such as Microsoft Office, etc. Windows 365 can give Microsoft an even bigger slice of the pie. Because of the massive cloud system available with Azure servers, Microsoft won’t have a problem running virtual machines.

This can provide a great tool for the evolution of the Desktop-As-A-Service (DaaS) offering. As Microsoft CEO Satya Nadella said in a statement, “Just like applications were brought to the cloud with SaaS, we are now bringing the operating system to the cloud, providing organizations with greater flexibility and a secure way to empower their workforce to be more productive and connected, regardless of location.”

How does it work?

According to the information that has been made available so far, we know that there will be two versions of Windows 365 — Business and Enterprise. Both of these will be powered by Azure Virtual Desktop. Users will be able to use Windows 365 on any modern web browser or through Microsoft’s Remote Desktop app.

What this means is that users can gain access to their Cloud PC from a variety of devices. In a statement by one of Microsoft 365’s general managers, Wangui McKelvey, he says, “Windows 365 provides an instant-on boot experience.”

This capability simplifies how users can easily stream their Windows sessions. And Windows 365 enables them to do that with all of their same apps, tools, data, and settings across Macs, iPads, Linux machines, and Android devices. As McKelvey goes on to explain, “You can pick up right where you left off, because the state of your Cloud PC remains the same, even when you switch devices.”

Advantages to businesses

Windows 365 can enable your businesses to create Cloud PCs within minutes and assign them to employees. And this can be done without the need for expensive, dedicated physical hardware.

Without a doubt, this could prove to be a very attractive option for plenty of businesses. Especially those that may need to hire remote workers or even temporary contract staff that need to securely access a corporate network.

Because your entire Windows PC is in the cloud, your employees can work comfortably on a very secure platform. Furthermore, they won’t need to navigate VPNs or worry about security on personal devices.

Other advantages that you can get include lower maintenance costs, better protection against cyberattacks and malware, faster provisioning, less downtime in case of cyberattacks, easier patching, and far less disruptive updates.

Licensing concerns

Expectedly, clients are going to have some concerns with regards to how this will affect their current licenses. Will you have to pay more, for potentially the same services? The way Microsoft puts it, that’s not what will happen.

For instance, if you already have a Microsoft 365 E3 license, then you have paid for that service and you won’t need to do so again. This means that you can continue to use the software you have paid for and that includes Windows 10.

When it comes to Windows 365 licenses, what you’ll need to pay for is access to the virtual PC service. The latter will be maintained by Microsoft on its vast network of servers with the aim of running the software that you already have.

In a way, you could consider it similar to purchasing a computer and then purchasing the operating system and applications that you need. As a new offering, things are still hazy but hopefully, Microsoft will further clarify the concerns and confusion that people may have.

One thing that we do know are the licensing requirements and they are as follows:

  • On Windows Pro endpoints: Windows 10 Enterprise E3 + EMS E3; or Microsoft 365 F3, E3, E5 or BP (Business Premium),
  • On non-Windows Pro endpoints: Windows VDA E3 + EMS E3; or Microsoft 365 F3, E3, F5, or BP (Business Premium).

In addition, you also need to know the non-licensing requirements:

  • Azure subscription,
  • Virtual Network (vNET) in Azure subscription,
  • Hybrid Azure Active Directory (AAD) join-enabled.

Cost of service

With the licensing issues out of the way, clients need to know just how much they will need to pay to use Windows 365. Unfortunately, despite the service launching so soon, Microsoft has yet to officially provide a guideline with regards to how much clients will pay. But, during a session at its Inspire partner conference, Microsoft did inadvertently mention how much Business plans would cost. And that came down to $31 per user, per month.

For this, you will get support for 2 CPUs as well as 4GB of RAM and 128GB of storage. However, it is worth noting that we can expect at least one other plan that will cost less. Clients can look forward to having an option for 1 PC, 2GB of RAM, and 64GB storage, aimed at small businesses.

Furthermore, there will also be Enterprise plans that can offer support for 4 or 8 different PCs, in addition to 8/16/32 GB of RAM and 128/256/512GB of storage. For now, however, clients can only guess how much they will have to fork out to access these plans.

Enhancing the capabilities of hybrid work

The global pandemic has changed the way that enterprises look at some of their business practices. With people having had to spend long periods of time at home, businesses had to increase their dependence on virtual processes and remote collaboration. It was necessary to keep businesses running and retain employees.

Although the situation is getting under control in several regions across the globe, the way businesses operate may potentially change. With Windows 365, businesses can tackle head-on the challenges that cloud computing and remote work has often presented.

Organizations will be able to provide employees with greater flexibility and more options to work from different locations. All of this while still ensuring the security of the organization’s data. This is because by taking advantage of the Cloud PC, you get hybrid personal computing that can turn all of your devices into a personalized, productive, and secure digital workspace.

Having this capability will simplify the process of managing seasonal workers without the challenges of issuing new hardware or securing personal devices. As said by Microsoft itself, Windows 365 offers you a better, more modern way to deliver a great productivity experience with increased versatility, simplicity, and security.

Are we getting two Windows versions?

As mentioned above, most people were of the belief that Windows 10 would be the last version we would get. And then in June, Microsoft announced Windows 11. Barely a few weeks after that announcement, along came Windows 365. So not one, but two new versions? But, it’s not quite as simple as that.

Windows 11 is the actual successor to Windows 10. It’s a new operating system packed with new features such as a brand new Start menu that no longer uses Live Tiles. It also comes with new system requirements such as CPUs based on the x64 architecture since there is no 32-bit version of Windows 11. That’s in addition to the 4GB of RAM and 64GB of storage you’ll need to install Windows 11.

So basically, Microsoft has only actually provided one new product, Windows 11 to succeed Windows 10. Windows 365, on the other hand, is something of a hybrid between a virtual machine and Microsoft Remote Desktop.

It’s the subscription service that allows you to create Cloud PCs that run Windows 10 or eventually Windows 11. So the platform is not tied to a particular operating system version therefore you pay a monthly fee based on the hardware configuration you want your PC to have.

What about Azure Virtual Desktop?

Another point that requires clarification is with regards to Azure Virtual Desktop (AVD). Why does Microsoft feel the need to have another VDI? For starters, Windows 365 appears to be more user-friendly than AVD.

Navigation has been made easier and the process of setting up an Azure Virtual Desktop system in the Azure cloud is also significantly less complicated. This is because Windows 365 focuses more on simplicity as compared to Azure whose goal is flexibility.

With Windows 365, you can let Microsoft handle the core infrastructure and platform piece. This is because the platform comes in the form of Software-As-A-Service. On the other hand, with AVD, clients need to manage a supporting Azure subscription, configure and implement the platform services required to allow a thin-client or Remote Desktop client to connect in.

So basically Windows 365 is an automated version of AVD that is aimed at companies of all sizes, including small businesses. Unlike AVD which targets the enterprise market. Below are some guidelines that Microsoft provides for you to choose the product that best suits you.

Azure Virtual Desktop:

  • Windows 10 personalized and multi-session desktops and remote app streaming.
  • Full control over management and deployment plus options for Citrix and VMware integration.
  • Flexible consumption-based pricing.

Windows 365:

  • Windows 10 personalized desktops.
  • Management and deployment with familiar desktop tools and skills.
  • Predictable per-user pricing.

Wrap Up

Windows 365 is introducing a whole different concept to both the Software-As-A-Service and Desktop-As-A-Service environments. This new platform seeks to set the tone for a more modern computing experience that can benefit businesses as well as individuals.

It’s still early stages and there is still a lot that we don’t know.

However, what is certain is that this is more than just a cloud-based version of Windows and can offer ersatz hardware as well. All of this is definitely going to make the future of cloud computing a lot more interesting.