Guest Christiaan_Brinkhoff Posted July 25, 2021 Posted July 25, 2021 Today we introduced Windows 365. Find out what you need to know to jump into this new service and make it even easier for your users to connect to Windows running in the Microsoft cloud. Before I start explaining the steps required to get your environment up to speed, I’d like to start by outlining what Windows 365 is. Let’s get started! What is Windows 365? Users want technology that is familiar, easy to use and always available so they can work and create fluidly across devices. Cloud PC makes this possible by combining the power and security of the cloud with the familiarity of the PC. Only Microsoft can bring together the PC and the cloud with a consistent and integrated Windows experience. Introducing Windows 365. Windows 365 is the world’s first cloud PC. With a cloud PC, Windows evolves from a device-based OS to hybrid personalized computing. A cloud PC is your personalized desktop, apps, settings, and content streamed securely from the cloud to your devices. It enables you to decrease costs while lowering the complexity of your environment as you deploy and manage virtual endpoints in Microsoft Endpoint Manager. No additional virtual desktop infrastructure (VDI) expertise or resources are needed. In addition, Windows 365 enables you to: Procure, provision, and deploy in minutes, with optional automated OS updates. Offers user anywhere access to their personalized Windows desktop experience. Tailor compute and configurations for an elastic workforce. Pick up where you left off on the device of your choice. Optimize experiences on Windows endpoints. Scale confidently with per-user pricing. Removes the complexity of traditional VDI deployments With Windows 365, all the building blocks are automated for you and we make sure that the service scales with you in the most optimized way possible to use Microsoft 365 apps. It is Microsoft’s best expression of Windows and Microsoft 365 and is always secure and up to date. The Cloud PC can be accessed anywhere from any device and can scale with a user’s changing compute needs, meaning that the user could receive the self-service privileges to release an IT admin from assigning a license that provide more compute resources. The same applies for storage upgrades and Cloud PC reboots, more about this later. Completely integrated with Microsoft Endpoint Manager Everything works together with Microsoft Endpoint Manager. From within the Devices blade, you will get access to the Windows 365 – Cloud PC service. Quickly see the status of your environment (e.g. provisioning, connection health, etc.) with the Overview dashboard. Devices blade in the Microsoft Endpoint Manager admin center All the steps must be done inside the Microsoft Endpoint Manager admin center portal. When you go to Devices inside the menu and scroll down to provisioning you will find the spot to start creating your Windows 365 - Cloud PCs. All the pre-steps as well the main steps to provisioning Cloud PCs are covered later in this post. Windows 365: Image gallery Image selection option is part of the provision policy. There’s also the option to select a gallery image with pre-baked images per workload type. For example, the images for Medium, Heavy, Power and Premium include Microsoft 365 Apps + Teams AV optimizations out of the box where the Lite image offers an optimized OS experience for a specific workload type to get the best experience possible. Part of provisioning is to select an image Custom images Some organizations prefer to use own pre-build custom images, or also known as golden images. This approach is also supported within Windows 365 as option to select during the provisioning policy configuration wizard. Pick the solution fits best for your needs. Some organizations prefer the more modern management approach, meaning a baseline image with the latest Windows updates and baseline apps and the rest added via Microsoft Intune app delivery profiles. Select a gallery or pre-built image Watchdog service We shared earlier already the vision of Windows 365, in making things easier to use as replacement for complex VDI related infrastructure. The watchdog service is the canary in the coalmine – and is a great example of taking care of work that you normally must troubleshoot yourself. After your finished with the configuration of the on-premises network connection (explained later in this chapter in more detail) the Watchdog service is going to check your environment for all the pre-requirements to use Windows 365, so think about the following items: Azure Active Directory (Azure AD) Connect configuration Network access DNS resolution Rights to create computer accounts in the right organizational unit Subnet range – if there are enough IP addresses available for your deployment The other great piece of this feature/service is that it constantly runs on the background. For example, when something changes in your environment it will try to fix it for you – or send you as IT admin a notification with the resolution of the problem! The Watchdog service checks your environment for pre-requirements to use Windows 365 Self-service user settings Releasing your IT support department and IT admins from work, that’s the main goal while using the self-service options within Windows 365. When the users have permissions for self-service upgrades (shown below) – they can perform reboots of their Cloud Desktops as well as upgrades to larger VM sizes for a better performance that fits their needs. Enable self-service upgrades for users by adding group(s) to the below list. Self-service upgrades allow users to upgrade performance and storage capacities of their cloud PCs without admin approval. This will NOT incur any additional costs on your organization. Users have permissions for self-service upgrades Microsoft Endpoint Configuration Manager support Configuration Manager is an on-premises management solution to manage desktops, servers, and laptops that are on your network or internet-based. You can cloud-enable it to integrate with Intune, Azure AD, Microsoft Defender for Endpoint, and other cloud services. Use Configuration Manager to deploy apps, software updates, and operating systems. You can also monitor compliance, query and act on clients in real time, and much more. Co-management and Windows 365 As part of Endpoint Manager, continue to use Configuration Manager as you always have. If you're ready to move some tasks to the cloud, consider co-management. Co-management combines your existing on-premises Configuration Manager investment with the cloud using Intune and other Microsoft 365 cloud services. You choose whether Configuration Manager or Intune is the management authority for the seven different workload groups. Fixed-price licenses: sizes and performance The way how Windows 365 works is a little different from other virtualization services. The performance of your Cloud PC is defining per-user-assigned license via the Microsoft 365 admin center portal in the same manner as you would assign other licenses, such as a Microsoft 365 E3/E5 license, to users. There are multiple licenses that reflect a different VM size, think about more vCPUs, RAM and OS and profile storage. Graphical enhanced sizes will be added in the near future. VM / OS disk size Example scenarios Recommended apps 1vCPU / 2GB / 64GB Frontline workers, Call centers, Education/training/CRM access. Office light (web-based), Microsoft Edge, OneDrive, lightweight line-of-business app (e.g. call center application – web-apps), Defender support. 2vCPU / 4GB / 256GB 2vCPU / 4GB / 128GB 2vCPU / 4GB / 64GB Mergers and acquisition, Short-term and seasonal, Customer Services, Bring-Your-Own-PC, Work from home Microsoft 365 Apps, Microsoft Teams (audio-only), Outlook, Excel, PowerPoint, OneDrive, Adobe Reader, Edge, Line-of-business app(s) , Defender support. 2vCPU / 8GB / 256GB 2vCPU / 8GB / 128GB Bring-Your-Own-PC, Work from home, Market Researchers, Government, consultants Microsoft 365 Apps, Microsoft Teams, Outlook, Excel, Access, PowerPoint, OneDrive, Adobe Reader, Edge, Line-of-business app(s) , Defender support. 4vCPU / 16GB / 512GB 4vCPU / 16GB / 256GB 4vCPU / 16GB / 128GB Finance, Government, consultants, Healthcare services, Bring-Your-Own-PC, Work from home Microsoft 365 Apps, Microsoft Teams, Outlook, Excel, Access, PowerPoint, PowerBi, Dynamics 365, OneDrive, Adobe Reader, Edge, Line-of-business app(s), Defender support. 8vCPU / 32GB / 512GB 8vCPU / 32GB / 256GB 8vCPU / 32GB / 128GB Software developers, engineers, Content Creators, Design and Engineering workstations Microsoft 365 Apps, Microsoft Teams, Outlook, Access, OneDrive, Adobe Reader, Edge, PowerBi, Visual Studio Code, Line-of-business app(s), Defender support. VM SKU upgrades As an IT admin, you will be able to upgrade the Cloud VM to a new higher size. This means that the user will go e.g. from 1vCPU/2GB RAM to 2vCPU/4GB RAM to have more resources available for their workload. Users will not lose any data while moving to a larger size. Windows 365 technical requirements To use Windows 365, you have to have the following requirements: Licenses need in order to use Cloud PC/Windows 365: Users with Windows Pro endpoints: Windows 10 Enterprise E3 + EMS E3 or Microsoft 365 F3/E3/E5/BP Users w/non-Windows Pro endpoints: Windows VDA E3 + EMS E3 or Microsoft 365 F3/E3/F5/BP [*]Azure subscription Subscription Owner (setup network connection) [*]Virtual Network (vNET) in Azure subscription Azure vNET virtual Network must route to a DNS server that can resolve Active Directory records either on-premises or on Azure. [*]This AD must be in sync with Azure AD to provide hybrid identity in Azure AD [*]Microsoft Intune supported licenses (e.g. Microsoft 365 E3) Intune Service Admin Azure subscription Make sure that you have an Azure subscription for the purpose of configuring the Azure virtual network – for the On-premises connection within Windows 365. Most likely you already have one setup – and can skip this step. Azure: Subscription Owner (setup network connection) Azure Virtual Network One of the requirements of using Windows 365 is that you need to have an Azure Virtual Network ready as this network will be used as gateway to the internet as part of your Cloud PCs. Most likely you already have one – so it’s therefore an easy task to perform! Azure Virtual Network DNS configuration As part of the Hybrid Azure AD join requirement, you need to have a line-of-sight connection to one of your DNS servers that can talk with your Active Directory domain. Always make sure to change your DNS to custom and enter in the IP address of your own DNS service environment that can resolve your AD DS domain. Lind-of-sight connection to a DNS server Microsoft Endpoint Manager service URLs The following URLs and ports are required to use the Windows 365 services, the service will not function properly when some are not added correctly. Network endpoints for Microsoft Intune Azure Virtual Desktop required URL list Hybrid Azure AD Join Before you start configuring Windows 365, you must make sure that your environment is Hybrid Azure AD join enabled. It’s relatively simple to activate if you aren’t already using it already. Simply utilize Azure AD Connect setup and select the Configure Hybrid Azure AD join option as part of the Device options menu. To learn more, see Configure hybrid Azure Active Directory join for managed domains. Note: Azure AD native support is coming soon available. The self-service version of Windows 365 small business is already supported for Azure AD only. Ensure your environment is Hybrid Azure AD join enabled Purchase and assign Windows 365 licenses via Microsoft 365 admin center As mentioned already, purchasing and assigning Windows 365 licenses is done through the Microsoft 365 admin center. Simply. Go to admin.microsoft.com and purchase Windows 365 licenses per size. Select Users. Select Active users. Note: Make sure that the Azure AD user location has been set in Azure AD before moving forward. Set the Azure AD user location Search for the user that you want to assign a Windows 365 license. Search for a specific user Assign the Windows 365 license. Note: The steps are also possible to perform from the Azure Portal or automatically via Azure AD group assignment. You can perform the same steps from the Azure Portal On-premises network connection On-premises network connections are required so that we can create your Cloud PCs, join them to your specified domain, and let you manage them with Microsoft Endpoint Manager. First create the connection to on-premises environment for your line-of-sight connection to AD DS. You should have Network Contributor Rights on the VNET to perform the steps above. Note: The Organizational Unit (OU) section is optional. If you enter in the OU location make sure you enter in the distinguished name (DN). Select On-premises network connection. Select Create connection. Creating a connection Enter the Azure vNET connection information and suggested subnet to create your Cloud PCs in. Enter connection Azure vNET information Enter the AD DS required information. Domain name fields When all the information is reviewed and correct, select Review + Create. Finishing creating a connection Provisioning a Cloud PC Before we start, make sure that the account your using has at the Intune Service Admin role assigned, after provisioning you can set the rights back to standard MEM RBAC. Navigate to the Cloud PC blade in the Microsoft 365 admin center and navigate to the Provisioning policies tab. Select Create policy. In the Provisioning policies tab, create a policy Give your policy a name (e.g. East US – Office users). Select your on-premises network connection (location) to place your Cloud PCs in. Your on-premises network connection location Select your image type, either a Gallery or Custom image. Select your Windows 10 Enterprise version e.g. version 20h2 with Microsoft 365 apps and Teams pre-installed for the best out-of-the-box experience. After selecting image type, select your Windows 10 Enterprise version Select Next. Note: You can also select a custom made image, steps to create one are explained in the next section of this chapter. Select the Azure AD (Azure AD) group to apply the provisioning policy. Note: Every user in that group with a Cloud PC licenses assigned will receive a Cloud PC provisioned based on the image and on-premises network connection configuration. I’m using the Finance users – Azure AD group. Select the appropriate Azure AD group Confirm the group configuration, and select Next. Review your policy settings and select Create. Before finalizing, review your policy settings When everything runs successfully, you’ll see the new Provisioning Policy in the list. The new Cloud PCs start to provision directly for the Azure AD group members that you assigned to the provisioning policy. After 20 – 30 minutes your Cloud PCs are ready to use and the status has changed to Provisioned. Windows 365 web portal To simplify access – we created the Information Worker Portal that you can see in the screenshot below. The portal allows end-users to choose between accessing their Cloud PC via the browser, macOS, Android or via the Remote Desktop (MSRDC) client. If the user has the permission to provide self-service upgrades, they will also see the Restart workspace option while clicking on the 3 digits to reboot their Cloud PC in case of emergency – or performance related issues that require an reboot of the machine. To access the web portal, users must go to cloudpc.microsoft.com Logon with their Azure AD credentials, just like you do for other Microsoft Cloud services. Use your Azure AD credentials to logon When the logon process proceeds after verification of your credentials, the IWP portal will be presented to the end-user – including all the Cloud PC sizes – ready to logon. Window 365 works with multi-factor authentication (MFA) and passwordless authentication when these are activated by the IT administrator. When you enable MFA for Windows 365, make sure that the Cloud App ID for Cloud PC is 0af06dc6-e4b5-4f28-818e-e78e62d137a5. Cloud App ID for Cloud PC Approve the sign in via your phone, either through an authenticator app or other means. Select your Cloud PC – for example, open in browser. You can also perform Restart, rename and troubleshooting connection actions as self-service options from here. Select your Cloud PC Tip: Looking for the different endpoint clients we support within Windows 365? Select the download icon under the home icon in the left corner. Choose your local resources redirection preference. Add your preference for local resources redirection Note: You can now also redirect your local drive via the web portal, enable the File transfer option to make this possible. A network share will show up in This Computer within your Cloud PC. Once you verified credentials, you are logged on to your Cloud PC – clientless via your browser! Here’s a Cloud PC session running full screen in a browser. You can also run your session full screen in your browser via the button in the righthand corner. Note: You can also see that my background wallpaper and icons are pre-loaded from my physical desktop PC. This is the result of using OneDrive Known Folder Move, Enterprise State Roaming and Microsoft Edge sync settings which are default enabled. You can see that all my apps and configuration policies are automatically assigned via Microsoft Endpoint Manager. No need to install any applications beforehand, all for the best out-of-the-box experience! We also support the Windows Remote Desktop Client. Therefore, you should download and install the client via https://aka.ms/CPCClient and subscribe with your Azure AD user in the app. Support for Windows Remote Desktop client included Launch your Cloud PC from your Windows endpoint. It will also add your Cloud PC into the local start menu of your endpoint for a smoother and quicker entry path. Launching your Cloud PC We support a variety of endpoints, see below the differences in support in device redirection features to pick the best endpoint for your scenario. Windows desktop Store client Android iOS/iPadOS macOS Web Keyboard X X X X X X Mouse X X X X* X X Touch X X X X X Serial port X USB X Teams AV Redirection X Multi-media redirection Coming soon Multi-monitor 16 monitors Dynamic resolution X X X X Screen capture protection X Cameras X X X X Start menu integration X Clipboard X X Text Text, images X text Local drive/storage X X X X Accessibility X Location X Microphones X X Coming soon X X In preview Printers X X (CUPS only) PDF print Scanners X Smart Cards X X Speakers X X X X X X Need help? Visit the Windows 365 Tech Community! Visit the new Windows 365 Tech Community to gather with other people that are seeking to learn and help each other while adopting Windows 365 and Cloud PC. Have ideas on what features you'd like to see in this service? Submit them through the Windows 365 feature requests board! Continue reading... Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.