Windows 365 Cloud PC

Windows 365 Cloud PC

Windows 365 Cloud PC is Microsoft’s latest addition to the VDI scene. Announced at Inspire back in July, and then released General Availability on 2nd August 2021. On a basic level, you provision a Windows 10 (or 11) VM to a user, and it’s dedicated to that user – so effectively the same as a standard PC in that you’re not sharing resources in a multi-user environment as you may do with Azure Virtual Desktop. Licensing is made simple as it’s a fixed price per user, per month, regardless of how much usage they make. There’s a variety of different SKUs which correspond to different VM specifications.

Windows 365 comes in two versions – Business and Enterprise. Business is limited to 300 users and designed to be much simpler to set up and configure. Enterprise does not have a user limit and integrates with Endpoint Manager (Intune). The core difference here is Business could be implemented by anyone at the company, Enterprise will most likely require an IT department to manage it.

This does not replace Azure Virtual Desktop – it runs along side it. Azure Virtual Desktop requires more technical expertise to set up and manage, and can be more expensive or less expensive than Windows 365 depending on your host sizes, whether you share devices with Windows 10 multi-user, and whether you shut them down or not. Windows 365 is a fixed price with no knowledge of Azure Virtual Desktop and RDS required.

I’m going to look at the setup process for Business and Enterprise and give my thoughts.

Windows 365 Enterprise has some licensing and other technical requirements:

  • Users licensed for Windows 10/11 Enterprise
  • Users licensed for Endpoint Manager (Intune)
  • Users licensed for Azure AD P1
  • Connectivity to an existing Active Directory infrastructure (on-premise via VPN or Azure VM)
  • Azure AD Connect sync with hybrid domain join enabled

The licenses required can be obtained by the user being licensed for Microsoft 365 E3 or higher, or Microsoft 365 Business Premium, they don’t have to be obtained separately. The AD connectivity is required because Windows 365 Enterprise requires hybrid Azure AD joined machines – this requirement isn’t going to be around forever and Azure AD join is “coming soon” – but for now, it’s something we need to set up.

Windows 365 Business does not have any of these requirements and is Azure AD joined.

First step for both of these is to buy the licences – you can do this through the Microsoft 365 admin portal “Purchase Services” section, or via whatever route you currently use to licence M365. There are 60 day trial licences available however at time of writing they were no longer available due to the level of demand.

The available plans (vCPU, RAM, Storage) are the same for both Business and Enterprise. The Business licensing is roughly £3.40 per month more than the Enterprise, unless you bring your own Windows licence via the Windows Hybrid Benefit – in which case, the pricing is the same. The three core plans are shown with pricing below:

Windows 365 core plan pricing: Basic £26.40/month, Standard £34.90/month, Premium £56.20/month
Pricing for the core plans assuming Windows Hybrid Benefit. This set shows the Enterprise version, although the vCPU/RAM/Storage and pricing is the same for the Business edition.

There’s loads more plans available, their details and pricing can be found at Windows 365 Plans and Pricing | Microsoft.

If you’re using the Business version, once you’ve assigned the licence to a user in either M365 Admin Centre, or Azure AD all you have to do is wait a few minutes and direct the user to windows365.microsoft.com where their Cloud PC should be provisioning itself and will soon be ready for use. You’re finished and can go relax!

For the Enterprise version, you will need to head over to Microsoft Endpoint Manager (Intune) and run through a few setup tasks. Navigate to Devices > Windows 365 and you should see the overview screen.

Intune Windows 365 overview page
There’s a new Windows 365 item appeared in Intune > Devices

As a lot of the setup we will be doing uses the standard Intune assignment screen, we’ll need to put the Windows 365 licensed users into a group in Azure AD. In my case I’ve just made a single group called “Cloud PC Users”, but if you have sets of users you wish to assign different profiles to, you could create groups accordingly.

Enterprise: Set up On-premises network connection

Now we need to set up the on-premises network connection. This does not need to actually connect to anything physically on-premises, it can just be an Azure VM running Windows Server with Active Directory set up. Click on Create connection

Windows 365 On-premises network connection page
Click on Create connection to get started

Fill out the wizard with your network details – in this case I’ve picked my existing Azure Virtual Network and Subnet in which my Azure VMs and VPN gateway are located – and your AD domain details, including an account which can join devices to the domain. This does not need to have Domain Administrator privileges, just sufficient to join devices to the domain. I’ve just used administrator as this is a lab demo.

Windows 365 On-premises Network Connection - network details and AD domain screens
Fill out your network details, and AD domain join details.

Once that’s complete, you should see your connection showing with the status “Running checks”. This takes a good 5-10 minutes to complete, once done you’ll see this change to “Checks successful”. If there are any warnings, you can click on the status text to bring up the detail:

Windows 365 On-premises network connection - connection check detail screen showing mostly green ticks
Detail of the connection status – here I’ve got a warning around Azure AD sync, once I have confirmed that hybrid domain join is set up correctly I can retry these checks or ignore this error.

Enterprise: User Settings

You can configure user settings if you wish – click on User settings tab then Add, and follow through the wizard and assignment details, choosing to assign this to one of the groups of Cloud PC users created earlier. At the moment the only setting here is whether the Cloud PC user receives local admin rights or not.

Windows 365 User Settings - showing local admin toggle
Adding a user setting – all we can do at the moment is toggle local admin rights on or off.

Enterprise: Provisioning policies

Now we’re on to the fun bit, provisioning the Cloud PCs. Click on the Provisioning policies tab and Create policy. Work through the wizard, setting a policy name and selecting your On-premises network connection on the General screen. On the Image screen you’ll select which image you want to use – this can be a Gallery Image, or a Custom Image. I’ll cover uploading custom images later on, so for now we’re going to look in the gallery and pick a Windows 10 + M365 apps image.

Selecting an image from the gallery in your provisioning profile
Browse the gallery to find the image you want to deploy.

Finally assign this to the Cloud PC Users group created earlier, and complete the wizard. Now going to the All cloud PCs tab you should see that your Cloud PCs are provisioning.

All Cloud PCs screen showing 2 Cloud PCs which are in provisioning state
Your Cloud PCs should now be provisioning (assuming you have targeted the correct user group).

Enterprise: Managing Cloud PCs

As the Enterprise Cloud PCs are integrated into Endpoint Manager, you can manage them as you would any Windows device – assigning policies, profiles, applications etc. These devices show up with names such as “CPC-test-M93-ZD” where test is part of the username. I’m not sure how these are generated, but when looking in MEM just look out for devices beginning CPC.

When viewing the device in MEM, you’ll notice a couple of extra items on the toolbar – Reprovision and Resize. Resize will allow you to change to any of the other SKU, provided you already own a licence for it.

Endpoint Manager device page for a Cloud PC, with Resize options showing
Managing the Cloud PC as if it were any Windows 10 device from within Endpoint Manager

Enterprise: Custom Images

You can add custom images if you wish. You will need to prepare these on Hyper-V generation 1 VM, and your disks must be VHD form (not VHDX) and they must be fixed size (not dynamic). They must be running Windows 10 Enterprise, and once you’ve done your customisations you need to run Sysprep on the VM and tick Generalize.

Once you’ve got your VHD ready, you will need to upload it to an Azure storage account, and then go to Images > Create within the Azure portal. When it’s uploaded, you can go to the Device images tab within the Windows 365 section of MEM, and add your image. This image can then be selected in the provisioning policy.

End-User Experience

Once you’ve got the Cloud PC provisioned (either by simply assigning the licence for Business, or completing the setup and provisioning for Enterprise), the end user simply goes to windows365.microsoft.com and logs in with their credentials. They’ll first go through a few Welcome screens and finally be shown their assigned Cloud PCs.

Windows 365 screen showing an end user their Cloud PCs
Windows 365 Cloud PC

You’ll notice on the settings menu you can Restart/Rename/Troubleshoot – for the Business version you’ll also get the option to Reset – this will erase and re-provision the Cloud PC. Enterprise users will need an administrator to reprovision their Cloud PC from within MEM.

Using a modern browser, you can connect to your Cloud PC via the HTML5 client by clicking Open in browser. You’ll be asked to log in to the VM (hopefully they will introduce SSO for this step in the future, as it adds a second login to both Azure Virtual Desktop and Windows 365). When it’s finished logging on you’ll just see a standard Windows desktop, and you can make this full screen via the toolbar buttons.

Windows 365 cloud PC session running in the browser, showing the Windows desktop with About screen displayed
Windows 365 in the browser

Other connection routes are via the various Remote Desktop apps, which can be downloaded from the windows365.microsoft.com portal for Windows, Mac, iOS and Android.

My thoughts

Overall the setup process for this was quite straightforward, especially the Business version which can be set up by anyone who can work their way round assigning licences in M365. I don’t see this replacing Azure Virtual Desktop at all – but for people new to VDI, there’s now an option they may be able to implement with their existing skillset with a fixed monthly cost.

There’s a couple of things that I’d like to see in future – Azure AD join for the Enterprise version, removing the need for the on-premises connection and a traditional Active Directory infrastructure – the good news is that this feature is coming soon. I’d probably still keep the on-premises connection so that you can place the Cloud PCs on the same virtual network as your other infrastructure if you want, but remove the requirement for hybrid join. I’d also like to see the User Settings section expanded – although I’d expect most of the configuration you might like to do can be done through existing policies and profiles within MEM/Intune.

Having set up both this and Azure Virtual Desktop I think it is a welcome addition to the market and hopefully will do well. I’ve not done any of the maths to work out quite how it differs from an equivalent sized Azure Virtual Desktop setup in costing but that can be a future post.

 

 

 

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.