w

indows 365 is a cloud-based service introduced by Microsoft that allows users to experience Windows 10 or Windows 11 (once it's available) on any device, even on Mac, iPad, Linux, and Android. It's essentially a full Windows desktop in the cloud, with all the apps, data, and settings you'd typically have on a physical PC. Here are some of its advantages, features, and best use cases:

Advantages:

  1. Accessibility: You can access your Windows 365 cloud PC from anywhere, anytime, and on any device. All you need is an internet connection.
  2. Performance: The performance of your cloud PC doesn't depend on your local device. This means you can run high-performance applications even on lower-end devices.
  3. Security: Microsoft manages all the updates and security patches, ensuring your cloud PC is always up-to-date and secure. Plus, since all data is stored in the cloud, there's less risk of data loss if your local device fails.
  4. Scalability: You can easily scale up or down the processing power, RAM, and storage of your cloud PC based on your needs.

Features:

  1. Personalized Experience: Windows 365 provides a full Windows experience that's personalized to you. It includes all your apps, settings, and files, just like a regular PC.
  2. Multiple Configurations: You can choose from various configurations based on your needs, including different amounts of CPUs, RAM, and storage.
  3. Integration with Microsoft 365: Windows 365 is deeply integrated with Microsoft 365, providing seamless access to your emails, files, and Office apps like Word, Excel, and PowerPoint.
  4. Support for Business Apps: Windows 365 supports all business apps that run on Windows 10 or 11, including line-of-business (LOB) apps, Microsoft Store apps, and third-party apps.

Best Use Cases:

  1. Remote Work: Windows 365 is perfect for remote workers, providing them with a secure, fully equipped PC that they can access from anywhere.
  2. Education: In educational settings, Windows 365 can provide students with a consistent and powerful computing environment, regardless of the device they're using.
  3. Software Development: Developers can use Windows 365 to create a cloud-based development environment that's accessible from anywhere.
  4. Testing and Demos: Windows 365 can be used to create demo or testing environments that can be easily set up and torn down.
  5. High-Performance Computing: For tasks that require high computational power, like data analysis or graphics rendering, Windows 365 can provide a cost-effective solution.

Remember, while Windows 365 offers many benefits, it may not be the best solution for everyone. Factors like internet connectivity, cost, and specific use cases should be considered when deciding if it's the right fit for you or your organization.

Windows 365 is available in two main types: Windows 365 Business and Windows 365 Enterprise. Each of these types is available in various configurations, allowing you to choose the right combination of processing power, RAM, and storage for your needs.

Types of Windows 365:

  1. Windows 365 Business: This is designed for small to medium-sized businesses and allows for easy setup, deployment, and management of cloud PCs. You can purchase directly from the Windows 365 website, set up your account without a domain, and manage your cloud PCs directly from the site. This option is suitable for organizations wanting to deploy cloud PCs for 300 users or fewer.
  2. Windows 365 Enterprise: This is designed for larger businesses and includes cloud PCs with centralized end-to-end management using Microsoft Intune. Customers can purchase directly from the Windows 365 website or from their account representative. This option is suitable for larger businesses that want to deploy cloud PCs across their organization for an unlimited number of users.

Pricing:

The pricing for Windows 365 depends on the configuration you choose. Here are some examples:

  • 2 vCPU, 4 GB RAM, 64 GB storage: $32.00/user/month
  • 2 vCPU, 4 GB RAM, 128 GB storage: $35.00/user/month
  • 2 vCPU, 8 GB RAM, 128 GB storage: $45.00/user/month
  • 4 vCPU, 16 GB RAM, 128 GB storage: $70.00/user/month
  • 8 vCPU, 32 GB RAM, 128 GB storage: $127.00/user/month

Find out the latest pricing details here - Windows 365 Business Plans and Pricing | Microsoft

Note: These prices are for monthly subscriptions that automatically renew. There's also a Windows Hybrid Benefit that offers discounted pricing for customers who have Windows 11 Pro or Windows 10 Pro.

Configuring Windows 365 Business:

Here are the steps to configure Windows 365 Business:

  1. Prerequisites: Before starting, make sure that your Azure AD device settings for "users may join devices to Azure AD" are set to all. There are no licensing prerequisites to set up Windows 365 Business.
  2. Buy Subscriptions: You can buy Windows 365 Business subscriptions for your users from the Windows 365 products site or Microsoft 365 admin center.
  3. If you don't already have a Microsoft 365 subscription, you can buy your Windows 365 Business subscriptions on the Windows 365 products site. Follow the steps to set up your account and purchase the subscription you want. After purchasing, you can assign licenses to users.
  4. If you have a Microsoft 365 tenant and are a global or billing admin, you can use the Microsoft 365 admin center to buy a Windows 365 Business subscription for your organization.
  5. Assign Licenses to Users: After purchasing your subscriptions, you can assign licenses to users through either the billing page in the Microsoft 365 admin center or windows365.microsoft.com. As soon as you assign a license to a user, Windows 365 will create a cloud PC for that user. This process can take up to 30 minutes.

Configuring Windows 365 Enterprise:

Here are the steps to configure Windows 365 Enterprise:

  1. Assign Licenses to Users: The first step in setting up Windows 365 Enterprise is to assign licenses to users. This can be done through the Microsoft 365 admin center.
  2. Create Azure Network Connection: After assigning licenses, you need to create an Azure network connection. This is necessary for your cloud PCs to connect to the internet and your organization's network.
  3. Add Device Images: Next, you need to add device images. These are the images that will be used to create your cloud PCs. You can add images for Windows 10, Windows 11, and other versions of Windows.
  4. Cloud PC Provisioning: After adding device images, you need to create a provisioning policy. This policy determines how your cloud PCs are created and configured.
  5. Security Guidelines: Microsoft provides security guidelines to help you secure your cloud PCs. These include deploying security baselines and setting conditional access policies.
  6. Apps in Windows 365: You can assign apps to your cloud PCs. This includes Microsoft Teams and other apps that your users need.
  7. Windows 365 Device Management: Finally, you can remotely manage your Windows 365 devices. This includes actions like reprovisioning a cloud PC.

Please note that these are high-level steps, and the exact process may vary depending on your organization's specific needs and setup. Always refer to the official Microsoft documentation for the most accurate and detailed instructions.

Configuring Windows 365 Business:

Here are the steps to configure Windows 365 Business:

  1. Prerequisites: Before starting, make sure that your Azure AD device settings for "users may join devices to Azure AD" are set to all. There are no licensing prerequisites to set up Windows 365 Business.
  2. Buy Subscriptions: You can buy Windows 365 Business subscriptions for your users from the Windows 365 products site or Microsoft 365 admin center.
  3. If you don't already have a Microsoft 365 subscription, you can buy your Windows 365 Business subscriptions on the Windows 365 products site. Follow the steps to set up your account and purchase the subscription you want. After purchasing, you can assign licenses to users.
  4. If you have a Microsoft 365 tenant and are a global or billing admin, you can use the Microsoft 365 admin center to buy a Windows 365 Business subscription for your organization.
  5. Assign Licenses to Users: After purchasing your subscriptions, you can assign licenses to users through either the billing page in the Microsoft 365 admin center or windows365.microsoft.com. As soon as you assign a license to a user, Windows 365 will create a cloud PC for that user. This process can take up to 30 minutes.

Configuring Windows 365 Enterprise:

Here are the steps to configure Windows 365 Enterprise:

  1. Assign Licenses to Users: The first step in setting up Windows 365 Enterprise is to assign licenses to users. This can be done through the Microsoft 365 admin center.
  2. Create Azure Network Connection: After assigning licenses, you need to create an Azure network connection. This is necessary for your cloud PCs to connect to the internet and your organization's network.
  3. Add Device Images: Next, you need to add device images. These are the images that will be used to create your cloud PCs. You can add images for Windows 10, Windows 11, and other versions of Windows.
  4. Cloud PC Provisioning: After adding device images, you need to create a provisioning policy. This policy determines how your cloud PCs are created and configured.
  5. Security Guidelines: Microsoft provides security guidelines to help you secure your cloud PCs. These include deploying security baselines and setting conditional access policies.
  6. Apps in Windows 365: You can assign apps to your cloud PCs. This includes Microsoft Teams and other apps that your users need.
  7. Windows 365 Device Management: Finally, you can remotely manage your Windows 365 devices. This includes actions like reprovisioning a cloud PC.
https://learn.microsoft.com/en-us/windows-365/enterprise/assign-licenses
https://learn.microsoft.com/en-us/windows-365/enterprise/add-device-images

Please note that these are high-level steps, and the exact process may vary depending on your organization's specific needs and setup. Always refer to the official Microsoft documentation for the most accurate and detailed instructions.

Configuring Windows 365 Enterprise: Cloud PC Provisioning

After assigning licenses to users, the next step is to create a provisioning policy. This policy holds key provisioning rules and settings that allow the Windows 365 service to set up and configure the right Cloud PCs for your users.

Create a Provisioning Policy
  1. Sign into the Microsoft Intune admin center.
  2. Select Devices > Windows 365 under Provisioning > Provisioning Policies > Create Policy.
  3. On the General page, enter a name and description (optional) for the new policy.
  4. Select a license type: Enterprise provision Cloud PCs for Windows 365 Enterprise.
  5. Select a join type: Hybrid Azure AD join or Azure AD join.
  6. Select a network: Azure Network Connection or Microsoft Hosted Network.
  7. Select a geography where you want your Cloud PCs provisioned. For region, you can select Automatic (recommended) or a specific region.
  8. If you selected Hybrid Azure AD join or Azure AD join with Azure Network Connection, you must select an Azure Network Connection (ANC) for your provisioning policy.
  9. On the Image page, select an image type: Gallery Image or Custom Image.
  10. On the Configuration page, choose a language region. The selected language pack will be installed on Cloud PCs provisioned with this policy.
  11. Optionally, apply a device name template to create a Cloud PC naming template.
  12. Under Additional Services, choose a service to be installed on Cloud PCs provisioned with this policy.
  13. On the Assignments page, choose the groups you want this policy assigned to.
  14. For Windows 365 Frontline, you must also select a Cloud PC size for each group in the policy.
  15. On the Review + Create page, select Create.

Please note that if you used Hybrid Azure AD join as the join type, it can take up to 60 minutes for the policy creation process to complete.

Secure Your Windows 365 Enterprise

After setting up the provisioning policy, it's important to secure your Windows 365 Enterprise. Here are some general guidelines:

  1. Apply Conditional Access policies to control the devices and apps that can connect to your email and company resources.
  2. Use Azure Active Directory (Azure AD) Multifactor Authentication to authenticate users.
  3. Use Microsoft Defender for Endpoint to identify threats and set devices as noncompliant.
  4. Apply device compliance policies to Cloud PCs and use Conditional Access to identify threats.
  5. Use Intune compliance policies with Conditional Access policies for Cloud PCs.
  6. Keep your OS updated to ensure that devices stay up-to-date and secure.
Manage Apps in Windows 365 Enterprise

After securing your Windows 365 Enterprise, you can customize the user experience by using Microsoft Intune to push apps to your users' Cloud PCs. Here are the supported application formats in Windows 365:

  1. Intune Win: The Intune Win format is a way to pre-process Windows classic (Win32) apps.
  2. MSI: Both the Line of Business and Windows app (Win32) options within Intune support MSI format installers.
  3. MSIX: MSIX is Microsoft's new Windows app package format.
  4. AppX: Also known as modern UWP apps, files with an AppX extension added are ready for distribution and installation within the Windows Store.

Remember, Windows 365 Cloud PCs only support the Microsoft 365 Apps version of Office. You can also use Universal Print with Windows 365 Enterprise to simplify your print infrastructure through cloud services from Microsoft.

After setting up your apps, you can assign them to a Cloud PC.

Please note that these are general steps, and the exact process may vary depending on your specific setup and requirements. Always refer to the official Microsoft documentation for the most accurate and up-to-date information.

Secure Your Windows 365 Enterprise

Securing your Windows 365 Enterprise involves setting up Conditional Access policies and enabling Azure AD Multi-Factor Authentication (MFA). Here are the detailed steps:

Assign a Conditional Access Policy for Cloud PCs
  1. Sign into the Microsoft Intune admin center.
  2. Select Endpoint security > Conditional access > Create new policy.
  3. Provide a name for your specific Conditional Access policy.
  4. Under Users, choose '0 users and groups selected'. Select the specific user or group you want to target with the CA policy. You can also exclude certain users or groups to fine-tune the assignment.
  5. Under Cloud apps or actions, select 'No cloud apps, actions, or authentication contexts selected'. Select 'Cloud apps > Include > Select apps > None'.
  6. In the 'Select' pane, search for and select both the following apps: 'Windows 365' (you can also search for 'cloud' to find this app) and 'Windows Virtual Desktop' (this may also appear as 'Azure Virtual Desktop'). By choosing both of these apps, you ensure that the policy applies to the Cloud PC end-user portal and the connection to the Cloud PC.
  7. If you want to exclude apps, you must also choose both these apps.
  8. Under Access controls, choose '0 controls selected'. Under 'Grant', choose the options that you want to apply to all objects assigned to this policy.
  9. If you want to test your policy first, under 'Enable policy', set 'Report-only' to 'Off'. If you set it to 'On', the policy will be applied as soon as you create it.
  10. Select 'Create' to create the policy. You can see your list of active and inactive policies in the 'Policies' view in the Conditional Access UI.
Enable Azure AD Multi-Factor Authentication
  1. Sign into the Azure portal using an account with global administrator permissions.
  2. Search for and select 'Azure Active Directory', then select 'Security' from the menu on the left-hand side.
  3. Select 'Conditional Access'.
  4. Select '+ New policy' and then select 'Create new policy'.
  5. Enter a name for the policy, such as 'MFA Pilot'.
  6. Under 'Assignments', select the current value under 'Users or workload identities'.
  7. Under 'What does this policy apply to', verify that 'Users and groups' is selected.
  8. Under 'Include', choose 'Select users and groups' and then select 'Users and groups'.
  9. Browse for and select your Azure AD group, then choose 'Select'.
  10. Under 'Cloud apps or actions', verify that 'Cloud apps' is selected.
  11. Under 'Include', choose 'Select apps'.
  12. Browse the list of available sign-in events. For this tutorial, select 'Microsoft Azure Management' so that the policy applies to sign-in events to the Azure portal, then choose 'Select'.
  13. Under 'Access controls', select the current value under 'Grant', then select 'Grant access'.
  14. Select 'Require multi-factor authentication' and then choose 'Select'.
  15. Under 'Enable policy', select 'On' to apply the Conditional Access policy.
  16. Select 'Create'.

Now, you have successfully secured your Windows 365 Enterprise by setting up Conditional Access policies and enabling Azure AD Multi-Factor Authentication.

Note to use Intune compliance policies with Conditional Access policies for Cloud PCs:

  1. Device-Based Conditional Access: Intune and Azure AD work together to ensure only managed and compliant devices can access your organization's email, Microsoft 365 services, SaaS apps, and on-premises apps. You can set a policy in Azure AD to only enable domain-joined computers or mobile devices that are enrolled in Intune to access Microsoft 365 services. With Intune, you deploy device compliance policies to determine if a device meets your expected configuration and security requirements. The compliance policy evaluation determines the device's compliance status, which is reported to both Intune and Azure AD. It's in Azure AD that Conditional Access policies can use a device's compliance status to make decisions on whether to allow or block access to your organization's resources from that device.
  2. App-Based Conditional Access: Intune and Azure AD work together to ensure only managed apps can access corporate email or other Microsoft 365 services.
  3. Intune Conditional Access for Exchange On-Premises: Conditional Access can be used to allow or block access to Exchange on-premises based on the device compliance policies and enrollment state. When Conditional Access is used in combination with a device compliance policy, only compliant devices are allowed access to Exchange on-premises. You can configure advanced settings in Conditional Access for more granular control, such as allowing or blocking certain platforms, immediately blocking devices that aren't managed by Intune. Any device used to access Exchange on-premises is checked for compliance when device compliance and Conditional Access policies are applied. When devices don't meet the conditions set, the end user is guided through the process of enrolling the device to fix the issue that is making the device noncompliant.

Remember, the user who's using the device must have a compliance profile and Intune license assigned to them so the device can be evaluated for compliance. If no compliance policy is deployed to the user, the device is treated as compliant, and no access restrictions are applied.

For more detailed steps, you can refer to the following resources:

keep your OS updated in Windows 365 Enterprise:
  1. Windows Update for Business: Windows Update for Business is a free service that enables IT administrators to keep the Windows client devices in their organization always up to date with the latest security defenses and Windows features by directly connecting these systems to Windows Update service. You can use Group Policy or Mobile Device Management (MDM) solutions such as Microsoft Intune to configure the Windows Update for Business settings that control how and when devices are updated.
  2. Manage Deployment of Windows Updates: By using Windows Update for Business, you can control which types of Windows updates are offered to devices in your ecosystem when updates are applied and deployment to devices in your organization in waves.
  3. Manage When Updates are Offered: You can defer or pause the installation of updates for a set period of time. Enroll in pre-release updates. The branch readiness level enables administrators to specify which channel of feature updates they want to receive. Today, there are branch readiness level options for both pre-release and released updates.
  4. Manage the End-User Experience: Windows Update for Business provides controls to help meet your organization's security standards as well as provide a great end-user experience. We do this by enabling you to set automatic updates at times that work well for people in your organization and set deadlines for quality and feature updates.
  5. Update Baseline: The large number of different policies offered can be overwhelming. Update Baseline provides a clear list of recommended Windows Update policy settings for IT administrators who want the best user experience while also meeting their update compliance goals.

Remember, the process of keeping your OS updated is a continuous one. Your security team should regularly review and update your settings to ensure that your organization remains protected against new and evolving threats.

For more detailed steps, you can refer to the following resources:

Conclusion

In conclusion, Windows 365 is a revolutionary product by Microsoft that brings the operating system to the cloud. It offers numerous advantages such as flexibility, scalability, and security, making it an ideal solution for businesses of all sizes. With its diverse types, namely Windows 365 Business and Windows 365 Enterprise, it caters to unique needs and use cases.

The pricing of Windows 365 is based on the type and the configuration of the Cloud PC, offering a range of options to suit various budgets and requirements. Moreover, the platform is designed with user-friendliness in mind, making the configuration process straightforward and manageable.

Security is a paramount concern in today's digital landscape, and Windows 365 addresses this with robust features and guidelines. From setting up Conditional Access policies to enabling Azure AD Multi-Factor Authentication and applying device compliance policies, Windows 365 provides comprehensive tools to ensure the security of your data and operations.

Keeping the OS updated is also crucial for maintaining the security and efficiency of your operations. With Windows 365, you can easily manage the deployment of Windows updates, control when updates are offered, and manage the end-user experience.

In essence, Windows 365 is a comprehensive, secure, and user-friendly solution that brings the power of the cloud to the Windows operating system, offering businesses a flexible and efficient way to manage their operations.

Posted 
Jul 13, 2023
 in 
Microsoft
 category

More from 

Microsoft

 category

View All

Join Our Newsletter and Get the Latest
Posts to Your Inbox

No spam ever. Read our Privacy Policy
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.