Microsoft Windows 365: Introducing a New Product to End-user Computing

Windows-365_-Introducing-a-New-Product-to-End-user-Computing-2

On July 14th, 2021 at the annual Inspire conference, Microsoft announced a new service that holds the promise to establish Windows desktop virtualization as a modern, cloud-native way to deliver Windows applications to users on any device.  Coming on the heels of Azure Virtual Desktop (AVD), Windows 365 is a service that is complimentary to AVD rather than its replacement.  The key differences are its simplified management and commercial model. 

In September 2019, Microsoft made history with the release of Windows Virtual Desktop (now Azure Virtual Desktop) and finally embraced desktop virtualization as a legitimate, modern way to deliver Windows applications from the cloud.  AVD grew rapidly in popularity, much faster than anyone anticipated, largely fueled by COVID-related remote work requirements.  AVD is an Azure-based VDI service designed for maximum flexibility and is wildly popular with end-user compute (EUC) veterans.

There are more than a billion devices running Windows, but only a small fraction are virtualized.  Even with Azure Virtual Desktop, there is significant expertise required to set up and maintain a virtual desktop environment.  Managing virtual desktops requires an understanding of desktop imaging, multi-session OS application management, auto-scaling, and other advanced concepts.  Most importantly, AVD desktops are built on top of the Azure cloud, which is priced based on consumption.  This means that predicting the cost of a user’s virtual desktop is challenging because it depends on usage; some months the Azure bill may be higher than others.

Windows 365 aims to significantly grow the virtual desktop market by solving the technical and commercial complexity challenges.  While today desktop virtualization penetration is likely around 10% of the total Windows market, with Windows 365 this number can grow fast over time.

What Exactly is Microsoft Windows 365?

Windows 365 is a virtual desktop service that’s part of Microsoft 365.  It offers organizations a fixed-price monthly subscription to a cloud PC that is dedicated to a user and can be managed using the exact same tools as a traditional Windows PC. Making a cloud PC available to a user (once the initial environment is set up) is a matter of assigning a M365 license.  Three key properties of Windows 365 are worth repeating and emphasizing.  A cloud PC is dedicated to a user, fixed price, and part of the Microsoft 365 cloud rather than Azure.

Dedicated and Persistent

A cloud PC is a complete replacement of a user’s traditional Windows machine.  Therefore, it behaves exactly as a physical device would.  Each cloud PC is a persistent VM that is dedicated to a specific user.  Any applications that are installed on the cloud PC do not disappear when the user logs off.  The user profile is not offloaded to a file share using FSLogix.  All security software agents, licensed applications or patches recognize the VM as a single-user, traditional Windows device running the same Windows 10/11 Enterprise operating system.  Windows 10 EVD (multi-session) is not currently supported.  All this is important to make cloud PCs behave and be managed together with physical devices and over time replace physical machines with cloud PCs.

Fixed Monthly Price

Windows 365 cloud PCs are monthly product SKUs in Microsoft 365 just like M365 E3 or other M365 products.  There is no consumption-based pricing, as with Azure Virtual Desktop.  Purchasing physical Windows devices is predictable from a pricing perspective and Windows 365 delivers the same predictability when buying cloud PCs.  There are several SKUs for different sizes of cloud PCs that vary in CPU, RAM, and storage specs.  A user’s license can be upgraded to a larger cloud PC size at any time.

Microsoft 365 Cloud, Not Azure

Microsoft 365 is the most popular SaaS platform in the world.  Being part of M365 means that cloud PCs are purchased through the same channels as E3 and E5 that most organizations are already using.  Cloud PCs are delivered as a SaaS offer and managed through Microsoft Endpoint Manager and the M365 admin portal, rather than through the more complex Azure portal like AVD.

Think of the virtual desktop evolution from on-premises RDS to Azure Virtual Desktop to Windows 365 in the same way as Exchange messaging evolved from on-premises Exchange server to hosted Exchange to Office 365.  Once Office 365 solved technical and transactional complexity challenges adoption exploded.  Microsoft is hoping the same will happen with desktop virtualization now that Windows 365 is part of the same Microsoft 365 SaaS platform.

How Much Does Windows 365 Cloud PC Cost?

There are two cost components to a cloud PC: compute license and software license.

Compute capacity is purchased via a cloud PC license.  At general availability there will be 12 cloud PC sizes ranging from 1 vCPU to 8 vCPUs, 2 GB to 32 GB of RAM, and 64 GB to 512 GB of storage.  

From a licensing perspective, you need a Windows 10/11 Enterprise subscription and Intune license (if using Enterprise cloud PCs).  The Windows subscription license requirement is the same as in Azure Virtual Desktop.  A physical device license (e.g. OEM) doesn’t qualify.  Only a M365 subscription to Windows can be used for cloud PCs.  Some popular M365 SKUs that include a Windows Enterprise subscription are M365 Business Premium, E3, E5 and Windows 10 Enterprise E3/E5/VDA.

To manage cloud PCs via Microsoft Endpoint Manager (MEM) an Intune license is required.  These licenses come with M365 E3, E5 and Business Premium subscriptions and can also be purchased stand alone.

How Does Windows 365 Work?

There are two versions of cloud PCs: Enterprise and Business.

Enterprise cloud PCs are designed for organizations who have invested in Microsoft Endpoint Manager and are using this powerful platform to manage their existing physical Windows 10 desktops.  Enterprise cloud PCs require an Intune license for each user who is assigned a cloud PC M365 SKU.

Business cloud PCs are designed for individual users and very small businesses who typically go to their local Best Buy when they need a new computer.  Now, instead of Best Buy, they can go to Microsoft and subscribe to a new cloud PC and have it ready to use in an hour.  Business cloud PCs do not require MEM/Intune license and are managed entirely by the user, just like a standalone physical PC.

The diagram below depicts the deployment architecture of both Enterprise and Business cloud PCs.

Enterprise Cloud PC Architecture

Enterprise cloud PCs are Azure and Active Directory dependent.  An Azure subscription with a properly configured network is required with access to Active Directory that has Azure AD Hybrid Join enabled.  Azure AD DS is not currently supported and cloud-only, Azure AD join is not currently supported either.

The VM itself runs in a Microsoft-managed Azure subscription, which means admins don’t have access to it directly and are not incurring the cost of this VM in their own Azure subscription.  However, the VM’s network interface card (NIC) is “injected” into a vNet in customer’s Azure subscription.  All network traffic enters and leaves the VM via the customer-managed vNet.  Egress transfer costs are incurred by the customer.

Since admins don’t have direct access to the VM running in Microsoft’s Azure subscription, all management tasks (e.g. software installation, patching, policies) are performed through the Microsoft Endpoint Manager portal.   

Enterprise cloud PC pre-requisites:

  • Azure subscription with vNet
  • Azure vNet can access Active Directory domain controller (i.e. a PC can be joined to the domain). Custom DNS servers, necessary routing, and firewall access to AD.
  • Azure AD Connect configured and running within Active Directory with Azure AD Hybrid Join enabled
  • Intune enabled on Azure AD tenant (each cloud PC user needs Intune license assigned)
  • Admin setting up the initial deployment must be an Owner of this Azure subscription
  • Azure AD DS is NOT supported

Enterprise cloud PC high-level setup steps (without Nerdio Manager):

  • In Microsoft Endpoint Manager create an “on-premises network connection” pointing at the vNet and provide AD credentials to join new VMs to domain. The network connection and AD credentials will be validated automatically.  This process may take a while.
  • Upload an existing custom Windows 10 Enterprise image or use a clean, Microsoft-provided gallery image
  • Create a cloud PC “provisioning policy” that combines an “on-premises network connection” with a desktop image. Assign this provisioning policy to an Azure AD security group.
  • Add users to the Azure AD security group that the provisioning policy is assigned to

Enterprise cloud PC user entitlement:

  • Once the above pre-requisites and setup steps are completed, entitling a user to a cloud PC is very easy. Simply assign a cloud PC license to the user via Microsoft 365 Admin portal.
  • As long as the user is a member of a security group that’s assigned to a cloud PC provisioning policy and the network connection is “healthy” a new cloud PC will start provisioning. It will take up to an hour for the cloud PC to be ready for the user to log into.

Business Cloud PC Architecture

Business cloud PCs are VMs that run entirely in Microsoft’s Azure subscription, including the network interface cards.  There is no Azure subscription needed to be provided by the customer. There is also no Active Directory dependency since Business cloud PCs natively join Azure AD.  There is also no requirement of an Intune license.

Business cloud PCs route all network traffic through Microsoft-controlled network infrastructure and there is no way for admins to control the inbound or outbound connectivity to/from these VMs.  There is currently no way to assign static IPs to Business cloud PCs.  Since these cloud PCs run in Microsoft’s Azure subscription and are not Intune-enrolled, there is no admin interface to manage them.  They can only be managed directly by the user, just like a standalone physical Windows device.

There are no pre-requisites and no setup steps needed for business cloud PCs.  Simply assign a Business cloud PC license to a user in the Microsoft 365 Admin portal and the new desktop gets provisioned within an hour.  The user will get an email notification with login instructions to start using their new cloud PC.

End-user Experience

Windows 365 is built on top of Azure Virtual Desktop global infrastructure and will be familiar to those with AVD experience.  The end-user client apps are the same as AVD and are available for Windows, MacOS, iOS, Android and HTML.  When connecting to a cloud PC, a user will authenticate to Azure AD using the AVD client and all cloud PCs that the user is entitled to will appear in the feed.

Leveraging the same infrastructure as AVD provides users the advantage of a unified experience across Windows 365 and Azure Virtual Desktops.  Admins can control the resources visible to individual end-users and the user will see everything in a single feed using the same app.  The authentication and multi-factor experience will also be very familiar since it leverages Azure AD, which is used for M365 and AVD authentication.

Step 1: Go to https://cloudpc.microsoft.com and log in

Step 2: Connect to cloud PC in browser or download the Remote Desktop client app

How Nerdio Supports Windows 365 

By introducing Windows 365, Microsoft has expanded the available options for virtual desktops.  Now there is the flexible, Azure-based AVD with single-user, multi-session, and RemoteApp options and the simplified, M365-based Windows 365 with Enterprise and Business cloud PC alternatives.

For the past year, Nerdio worked closely with Microsoft Engineering to help develop Windows 365 and provide support for cloud PCs in Nerdio Manager for MSP and Nerdio Manager for Enterprise on Day 1 of availability.  Nerdio’s mission is to empower MSPs and IT professionals to build successful virtual desktop cloud practices in the Microsoft cloud.  We do this by helping our customers choose the right Microsoft service for the right use-case, automate the deployment, simplify ongoing management, and optimize to reduce ongoing costs. 

Nerdio Manager for MSP provides Manage Services Providers with a unified console to price, deploy, manage, and optimize all types of virtual desktops in the  Microsoft cloud – both AVD and Windows 365 – across multiple customers.  Selecting the right technology for the right use-case and deploying it with ease, using best-practices, and in the most cost-effective manner.

Nerdio Manager for Enterprise helps IT pros enable Windows 365 in their existing Azure environment and manage both AVD and Windows 365 from a unified console leveraging powerful and automated image management, monitoring, auto-scaling, and scripted actions.  Nerdio Manager will enable migration scenarios from AVD to Windows 365 and vice versa so each user can get the right type of virtual desktop in the most cost-effective way.

AVD is a flexible, Azure-based VDI solution while Windows 365 is a simpler cloud PC service.  Nerdio Manager integrates the two services into the simplest, most cost effective, and automated way to deploy, manage and optimize virtual desktops and applications in the Microsoft Cloud.

Free White Paper Download!

HOW TO Lift and Shift Migration Strategy for Managed Service Providers (MSPs)

Introduction

As a quick overview and definition of terms, a “lift and shift” is where existing resources are migrated from the on-premises environment into Azure. A close cousin of this is a Greenfield deployment where new VMs are provisioned in Azure and only the data is moved from on-premises. In this white paper, we will use lift and shift (L&S) to reference both since in most cases, partners will be doing a little bit of each when migrating their on-premises environment to Azure. 

Before we get too deep into the L&S strategy, let’s also discuss its counterpart which is known as a Hybrid Active Directory configuration. Hybrid AD is the process of extending an on-premises internal domain into the Azure environment, allowing you to keep existing infrastructure in place, as well as providing new resources in Azure under the on-premises internal domain. 

 In some cases when we bring up the idea of migrating the on-premises environment into Azure, our partners become a little overwhelmed at the prospect of moving everything. They say something like “we’ve spent a lot of time and energy building the existing environment, we don’t want to go through the headache of migrating everything or starting over.” This is definitely a valid argument, however, when we break down the process and go over exactly what’s included, most partners actually get excited about the L&S Azure migration option and elect to go this route. 

Lift and Shift Concerns

In order to do this topic justice, let’s begin by bringing up the top three concerns we hear partners raise when considering the L&S strategy, and we’ll break down exactly why those concerns are largely unfounded.

Concern #1: Changing the Active Directory management from on-premisesises to Azure

 “Transferring user data sounds like more work than it’s worth, plus it could cause major disruptions for the end-user.”

To address this effectively, we’ll break down both concerns in turn.

 Active Directory

The process of severing the user’s connections with the on-premisesises AD and transferring ownership of those users to the AD in Azure is pretty straightforward. What’s, even more, is that the process of transferring ownership shouldn’t cause any disruptions to the end-user. Nothing is physically migrated (i.e.. email, contacts, calendar appointments, etc.); you’re only changing who has the rights to manage those user objects. 

Transferring User Data

Since users will be moving to the cloud anyway, we see the process of transferring user data as the first step to get users thinking in that direction. Although there are several options for this, we normally see partners leverage something like SharePoint or OneDrive to easily backup the user’s data, and then copy that to the AVD environment. We’ve even seen this as something the end users appreciate because it gives them the option to do some house cleaning on their local session. Our partners will hand this task over to the end-user and have them decide what’s important to bring over to the cloud environment, and what on their computer is old or redundant data that can be cleaned up or left on the old environment. Once the users have synced their data with an application like OneDrive, the data migration phase is essentially over since the users will simply authenticate to OneDrive in Azure and have all their critical data ready and accessible. 

 As you can see, when we break down both of these concerns, the actual transition for the users won’t cause much disruption at all and can take place during standard work hours if necessary. The process of severing the user’s connections with the on-premisesises AD and transferring ownership of those users to the AD in Azure is pretty straightforward. What’s even more is that the process of transferring ownership shouldn’t cause any disruptions to the end-user. Nothing is physically migrated (i.e.. email, contacts, calendar appointments, etc.); you’re only changing who has the rights to manage those user objects. 

Concern #2: Group Policy/On-premisesises Domain

 “Our group policy and on-premisesises internal domain have been in place for years. It would be too difficult to start over in Azure.”

Since both the GPOs and the internal domain have sometimes existed for over a decade, it’s understandable why partners are initially hesitant to transition away. What makes matters worse is that most MSPs have inherited the domain and GPO from a previous provider, which adds another layer of uncertainty. In these situations, there are two options we see most often utilized by partners.

Option 1: Export/Import

The first option is to simply export the GPOs from the on-premisesises environment into Azure. This can be a good option, but one thing to keep in mind is that both the good and the bad get migrated over when going this route. If this environment had been operating for over a decade, it’s likely a mess and you’re bringing that mess into the Cloud with you. As a result, partners will frequently decide to go with option two.

Option 2: Clean Start with a Reference

The other option is to start over clean and fresh in the cloud but use the existing on-premises GPO as a template to build out the GPO in Azure. Although this sounds intimidating at first, once our partners think about it, they start to like the idea of having complete control and intentionality behind every rule and policy that’s in place in the environment. 

Tied into this conversation is the idea of moving away from the internal domain on-premises. This would be something like contoso.local. After working with many partners in similar scenarios, we’ve found that since they are moving all the infrastructure and users to the cloud, there isn’t a great reason to keep the on-premises internal domain. All the on-premises servers will be in the cloud and the users and their AVD desktops will be managed by AD and GPO in the cloud. The only thing left on-premises are the users’ physical workstations which, to a degree, become irrelevant. What I mean by this is that technically, the users could log in from any computer in the world, as long as they have their phone nearby to verify 2- factor authentication. They could be at home, in the office, at the local library, etc. 

In addition, given that AVD is now streamed to their local session, they could use something as simple as a Microsoft Surface Pro, Chrome Book, or some other low-level laptop. Once the connection is established, they’re then placed in the cloud with all the controls and restrictions that have been set via GPO. So again, being tied to an on-premisesises internal domain is really not necessary since there won’t really be anything left on-premisesises other than a few workstations.

Concern #3: Migration

 “It’s going to be too much of a headache to migrate all the On-premisesises infrastructure into Azure”

The final concern we see partners raise is related to the migration process of moving their on-premises infrastructure into Azure. This is especially true when they’ve spent an extended period of time configuring their Servers with applications and customizations that would take 8 to 12 hours to reconfigure from scratch in Azure. In these situations, we see them leverage Azure native tools like Azure migrate or Azure Site Recovery to lift their servers and place them into Azure. This allows for a transition of the entire server without going through the headache of reconfiguring it. They can then place it on the new internal domain in Azure and move forward as if nothing changed. The other option is to use something like our Nerdio built in data mirroring tool. This is effective when the on-premises server is end-of-life and has an outdated operating system. In this case partners don’t typically want to move, for example, a server 2008 R2, or 2012 machine into Azure. Instead, they’ll migrate individual files/folders using our data mirroring tool, and provision a brand-new server in Azure as the new host.

As you can see, if we break down the top three concerns and talk about the details of what’s included, then the L&S option becomes far more appealing, and the vast majority of our partners choose to go this Azure migration route.

Advantages of L&S

Now that we’ve addressed the top three concerns let’s talk about the top three advantages of going the L&S route.

Advantage #1: Reduces Overhead and Increases Security

As you can imagine, not having the on-premises infrastructure will immediately reduce costs when compared to the Hybrid AD setup. With the L&S strategy, you don’t have to worry about refreshing end-of-life servers or keeping them backed up. The other benefit is that the L&S option requires less infrastructure to run than the Hybrid AD setup. Hybrid AD out of the box includes an additional DC to manage the Domain Trust between on-premises and Azure.

In addition to the reduced overhead, the L&S option is far more secure as there are less opportunities for security breaches. With everything sitting in Azure the only thing left on-premises are the physical workstations used to establish a connection to user’s virtual desktops, and those are usually secured with 2-factor. The actual infrastructure in Azure and the security protecting it is backed my Microsoft’s trillion-dollar budget, which makes it infinitely more secure than anything the average MSP could create, both physical and virtual.

Advantage #2: Run LOB Applications in Parallel

One of the advantages of a L&S deployment is the ability to test and verify the cloud infrastructure before providing access for end-users. This is especially true with Database applications such as SQL. You can restore the on-premises database in the cloud and run it for a few weeks or for however long is necessary to ensure everything is working as it should. Then as the last step just take one final backup of the SQL database, migrate it into the cloud environment over the weekend, and then use the Cloud environment as the authority starting the next week. This provides ample opportunity for testing and helps to ensure an outstanding end-user experience once the environment goes live.

Advantage #3: Clean Start

Going the L&S route provides for a good refresh of the entire environment. You’re getting a new internal domain, fresh GPOs, new infrastructure, and a clean AD forest. In addition, you’ll be running all servers on the latest OS and user desktops will be running Windows 10 natively, rather than a Server OS built to look like Win10.

In summary, going the L&S route can be a good way of bringing a client who was running on a legacy environment into the modern age of technology.

Migration Path

Now let’s look at the practical order and steps we usually see these Azure migrations take. In order to provide the least amount of disruption to end-users, the Infrastructure & GPOs are typically pulled over to the new Azure environment first. After that’s been thoroughly tested and confirmed to work, the end-users are then migrated over to the new environment and everything on-premises is done away with.

Step #1: Infrastructure

The first step when migrating the infrastructure is to select which servers will be migrated as a whole and which server will get built new in Azure. After this you’ll migrate the servers specified to get lifted into Azure by leveraging the Azure Migrate tool. The servers you selected to build new in Azure, you’ll use the Nerdio native Data Mirroring tool to transfer the data from the older server onto the new server in Azure. During this phase, you’ll also configure the AVD pools and any dedicated desktops that will get provisioned for new users.

Step #2: GPO

Migrating the policies from on-premises into Azure is pretty straightforward. You can either export them from on-premises and import them into the Azure environment or use the on-premises GPOs as a template and build them new in Azure manually.

After migrating both the infrastructure & GPOs to Azure, the on-premises environment should still be fully functional. This means that from a quality assurance standpoint you’ll be able to setup and configure everything in the cloud before moving to the user import phase. This allows you to test LOB applications, ensure GPOs are applying, and overall thoroughly test the environment to ensure that end-users have a great first impression. Once this is complete, you’re ready to move to the User migration phase.

Step #3: Users

The final piece in the migration is to import users over into Azure. This includes breaking their connection with the current on-premises AD and adjusting the management piece to the AD in Azure. One thing to keep in mind is that the migration will require a password reset for each user and can take sometimes 72 hours to enable dirsync. We recommend initiating the process EOD Thursday or Friday (if doing it over the weekend) to provide enough time for the resync to conclude and users to get fully configured for the workday on Monday.

One important thing to note is that the process of breaking the user’s connection with the current on-premisesises AD does not cause any disruption, but that’s the piece that can take around 72 hours to complete. That timeframe is subjective and is something only Microsoft can speed up, however starting this on Thursday or Friday during work hours won’t cause any disruptions for the end-user. The only thing that will change is general user administration tasks such as password resets and user adjustments will need to be executed from the Office portal, rather than on-premises AD. 

Once users are syncing with the AD in Azure, they will populate as eligible users to be imported through the Nerdio Admin Portal. That piece is where the password reset comes in and is the first place where end-users might be negatively impacted if enough foresight hasn’t been applied.

That’s it! At this point you’ve configured the infrastructure in the environment, you have it managed by the appropriate GPOs, and users have been migrated over and are operating smoothly in the new environment. Everything has been fully tested and it’s all backed up and totally secure.

Helpful Tools

As the final section, I thought it would be beneficial to highlight a few Nerdio native tools that are quite helpful when transitioning from on-premises to the cloud.

Bulk Add/Update Tools

One of the most underutilized Nerdio tools is the Bulk Add/Update tools. These are used most effectively during the import/configuration phase and for bulk changes after the fact. Our bulk add/update tools provide a comprehensive Excel spreadsheet to populate with various changes including new resource assignments, password resets, and adjusting Office licensing. You can make all these changes on one sheet, then upload that to the Nerdio Admin Portal and our script will run through the list and make all the changes in an automated fashion. 

AVD Pool Templates

If you have an existing deployment with Nerdio then you realize how valuable our pool templates are for making bulk application/software changes for whole groups of users in a quick and automated fashion. 

Data Mirroring Tool
I’ve mentioned this several times already, but it’s worth mentioning again here because it makes the data migration piece of deployments so simple and easy. It can be located under the “Onboarding” tab in the Nerdio Admin portal. 

Final Thoughts

As we’ve seen, the L&S strategy for environment migrations is less expensive, more secure, and provides a more dynamic and flexible work environment than a Hybrid AD solution. When at all possible, we recommend utilizing this Azure migration strategy. 

Interested in learning more? Contact us to chat more about your L&S migration questions.

Free White Paper Download!

The Best Vendor Support for MSPs, Medium, and Enterprise-sized Businesses

The-Best-Vendor-Support-for-MSPs-Medium-and-Enterprise-sized-Businesses-300x169

If anything, support needs to be top notch when dealing with medium-sized and enterprise companies. You cannot afford any single points of failure, and preferably you have access to a team of experts you can rely on to do the heavy lifting when things go wrong or when you are looking for someone to have a chat with.

Our Enterprise support team at Nerdio is fantastic– they really are. They’re knowledgeable, swift in their response, and always put the customer first.

One of the things I like best, though, is that support is included with both Nerdio Manager for Enterprise and MSP. You don’t need to purchase and pay for a separate support contract, renew yearly, or anything like that. Having said that, take a look at our licensing options and monthly pricing and it almost seems too good to be true.

In fact, during the PoC phase (both solutions are available from the Azure Marketplace, up and running within 45 minutes), you can make use of support as well. During the PoC we always try to make sure that our (potential) customers get the best out of Nerdio during their 30 day free trial. This approach lowers the barrier, saves time, money, and makes sure we are all on the same page.

Proof of Concept Support

On a few occasions I’ve had some customers who ran into an issue, a misconfiguration, or an error of some sort during the PoC phase. Whenever I can, I will always try to help them personally. However, I don’t mind sending them over to Nerdio Support because I know they will be satisfied later that day – or that same hour in many cases.

Even before you start using Nerdio in production, you will have experienced all facets that come with using an Enterprise solution and building a long-term relationship, which is the ultimate goal, of course.

Online Resources

I always point out our first line of defense–our online Nerdio Academy for both Manager for Enterprise as well as MSP. The content is brief, to the point, and very easy to digest.

We have videos and Knowledge Base articles on just about any configuration option available within both solutions. What about the inner workings of the solutions and the permissions they need? What data is stored where? You name it, you’ll find it online.

Our release notes page let you know what’s coming up and enables you to view all previous released versions including all features and functionalities released with it. Again, links to videos and Knowledge Base (KB) articles will be included there as well.

We often get questions about licensing, how licenses are counted and invoiced, the types of licenses and their differences per solution. This is also out in the open.

What about security? How to harden underlying services and secure communication within your AVD environment, advanced app service configurations, that sort of thing. Backup your Nerdio/AVD configuration, how to make your deployment highly available if desired. That and more, you can find it all online. Including various best practices.

Visit the Nerdio Academy

Go Live Engineer

When it comes to Nerdio Manager for MSP we even take it one step further and offer our customers additional FREE support in the form of a Go Live Engineer, or GLE for short.

The GLE engagement is offered to new partners looking to accelerate their cloud entry with Nerdio as they work towards growing an Azure practice with their first two accounts. 

New partners are entitled to have two free GLE engagements. A GLEs primary goal with a partner is to help them bring a closed deal to its go live in a timely manner using best practice and methods aligned with giving their customers a positive and sustainable cloud experience. The following are the details of the process to achieve that goal. 

For direct partners, a GLE involvement will be scoped as follows:

  • Architectural and proposal (quote) validation
  • Nerdio Orchestration and best practices
  • Host and Golden Image/Template management
  • VPN Configuration
    • Including IKEv1 vs IKEv2
  • Office installation knowledge transfer (Nerdio to provide KBs)
  • Nerdio pool management and optimization features
  • Azure VM series evaluation and configuration
  • FSLogix review and walk through from Nerdio orchestration.

How about that?

Let us know if you would like to learn more or have a customer-case where you think this approach makes sense and we can set it up together.

What About Nerdio Manager for Enterprise?

Even though we do not have a similar service for Nerdio Manager for Enterprise, we always put in the effort necessary to make sure our clients and partners are successful. We often organize extensive deep(er) dive sessions, demos, one to many questionnaires, one-on-one meetings; you name it, it always works out!

Once we start a PoC, we make sure to discuss success criteria and act accordingly in the weeks that follow. We’ll schedule additional sessions, do a quick health check in between,  to make sure that together we get the most out of the 30-day free trial.

Partnerd Program

As part of our Partnerd program, we offer various benefits based on tiered partner levels, which can be achieved in multiple ways. This includes but is not limited to free Nerdio certifications, exclusive training and webinars, and an all-expense paid trip to NerdioCon (annual event) as you add more customers and move up in partner tiers.

From a marketing perspective, you can count on access to exclusive, white-labeled content, up-to-date product demo videos, e-guides and white papers, and monthly partner webinars.

Furthermore, you can gain access to the previously highlighted Nerdio’s Go Live engineering team and earn monthly training sessions with Nerdio leadership.

Learn more about the Partnerd program here

Next Steps 

As you can see, there is a wealth of free information and support available. We support our partners and customers in any way you can think of, and we always go the extra mile, as they say. I would like to invite you to become part of ecosystem as well, you won’t be disappointed, I promise!

Thank you for reading and until next time.

Get your first 10 users free

How Nerdio Enhances the Provisioning & Management of NEW Windows 365

How-Nerdio-Enhances-the-Provisioning-Management-of-NEW-Windows-365-300x169

Now that Windows 365 is out in the open, you might be wondering: what is the added value of Nerdio Manager on top of the native service? A fair question. Let’s dig in a bit more and see how Nerdio makes the life of a (future) Windows 365/AVD administrator easier and more efficient.  

First, it’s important to understand that Windows 365 has been built on top of the existing Azure Virtual Desktop architecture, meaning there are many similarities, even though most might be hidden to the end user.  

Second, Nerdio has a proven track record when it comes to automating, managing, and optimizing new and existing Azure Virtual desktop (AVD) environments. In fact, from a development and support perspective, Nerdio has been partnered with Microsoft even before day 1 of AVD availability. We go as far back as when it was still referred to as RDmi a few years ago.  

So, you could say that we have some experience in that area (understatement). Today, Nerdio Manager is recognized by thousands of companies globally as being the go-to management and automation platform regarding everything AVD (and now also Windows 365) related.  

When it comes to Cloud PC, history repeats itself, in a good way. For the past year,  Nerdio has  worked closely with Microsoft  Engineering to help  develop Windows 365  and provide support for  cloud PCs in  Nerdio  Manager for MSP and Nerdio Manager for Enterprise, and is once again ready to go on day 1 of availability.  

Nerdio is familiar with all the ins and outs, the pros and cons, limitations and flexibility of both platforms and we are well known for helping our customers pick the right solution for their unique use-case(s), which, needless to say, we’ll continue doing.   

Next to everything we have been building for AVD throughout the last couple of years, this has now been complemented by a complete, designed from the ground-up management suite for Windows 365  Cloud PCs.  

The Two Types of Windows 365 Cloud PC

As you might be aware, Windows 365 comes in two different SKUs: Enterprise (MEM-Managed) and Business. MEM stands for Microsoft Endpoint Manager. While this document is not meant as a deep dive into Windows 365, it’s important to understand the differences between these two models, including a few things to keep in mind in terms of evaluating both options.  

As a side note… For more details on the underlying architecture, license requirements, how to set things up, and such, see this article

Enterprise Cloud PCs are designed for companies that have invested in Microsoft Endpoint Manager and are using this powerful platform to manage their existing, physical Windows 10 desktops.  Enterprise cloud PCs require an Intune license for each user  who is  assigned a cloud PC M365 SKU.  

However, if you are new to MEM and still have not implemented it, this might come with a (steep?) learning-curve and some other forms of investment.  

On the other hand, Business Cloud PCs are designed for individual users and very small businesses that typically go to their local Best Buy (or European equivalent) when they need a new PC.  Now, instead of  visiting  a Best Buy, they can go to Microsoft and subscribe to a new Cloud PC and have it ready to use in an hour.  Business Cloud PCs do not require  an MEM/Intune license and are managed entirely by the user,  which is similar to  a stand alone physical PC.  

Depending on your requirements, knowledge level, and management capabilities, this may or may not be a good fit.  

Finally, Windows 365 VMs can best be compared to physical machines, meaning they are persistent to the user and everything a user does on that machine will be stored and saved on the underlying/attached hard disk.  

Overall Management of Windows 365

Enterprise  Windows 365 Cloud PCs  are  managed via  Microsoft Endpoint  Manager (Intune)  and via  the Azure portal  for networking.  Administration of  MEM-managed Cloud PCs  can also be unified  (together with AVD) via a single portal like the Nerdio Manager. MEM  allows management  of Cloud PCs at the OS  level and above.  

This means that  admins do not have access to  make changes to the underlying VM resources; they can  only make changes to Windows and applications.  As highlighted, virtual networking is managed  via the Azure portal, unless Nerdio is used, of course.  

We enable you to manage all of your Cloud PC network connections directly from Nerdio Manager.  

Business Windows 365 Cloud PCs are not  integrated with  Endpoint Manager  and do not have a dedicated management portal (except for the 365-license portal to assign licenses and kick-off the (re)provisioning process).  They can  only be managed  by the  end user assigned to the desktop while logged into it, much like a physical PC. 

Actions such as  PC restarts  can be performed by the user  from the cloud  PC  web portal. Nerdio Manager enables you to set up all pre-requisites, provision/re-provision your Cloud PCs, run scripted actions, and restart them as needed.

Applications and (Image) Updates 

Enterprise Cloud PCs can be updated via MEM or  manual methods. Image-based software deployments are not typical without  third-party tools like Nerdio Manager, as is the necessary user profile management that comes with it.   

Also, MSIX AppAttach application delivery  is not  currently supported with Windows 365, however, it wouldn’t be a surprise if this is introduced in the future, and when that happens, Nerdio has MSIX AppAttach support fully integrated and ready to go.  

Business Cloud PCs can be updated  with Windows update manually by the user or by using third-party management tools.  

Enterprise Cloud PCs support Microsoft provided images based on Windows 10 Enterprise (single-user only and persistent only, remember), or any custom images that the customer might have available in their subscription.  

Nerdio already offered unparalleled image management options for AVD and now offers the same functionality for Windows 365, all from a single management interface, side-by-side. This makes image-based software deployments, updating and patching your Enterprise Cloud PCs a breeze since everything can be automated and scheduled at will. The same image can be used to update both AVD and Windows 365. 

Azure Virtual Desktop and Windows 365 Go Hand-in-hand 

I already mentioned that both solutions are based on the same underlying architecture and thus have a lot in common. As such, we expect many organizations to be using some form of Windows 365 next to AVD.  

Click here for a comparison of Windows 365 and AVD.

By using Nerdio Manager, you’ll have it all in one place; one single management console to provision, manage, and optimize both AVD as well as Windows 365 – single and multi-tenant.  

Multi-tenant 

MSPs who are managing dozens, if not hundreds of customer tenants – and even more users-  might want to start exploring Windows 365 as well. Nerdio Manager for MSP offers a single management interface where you can build, manage, and optimize as many customer tenants as you would like globally and goes way beyond the concept of Azure virtual desktops, regardless of type.  

Spinning up a Windows 365 and/or an AVD host is one thing; taking care of everything else (users, identity, backup, networking, monitoring, autoscaling, and the list goes on) is something different altogether. What about all of your other virtual machines (outside of AVD and or Windows 365)? Are there any VPNs you might need? This could be a single environment or hundreds – all it takes is just a few clicks. 

In short, Nerdio Manager for MSP enables managed service providers to build their entire cloud practice around AVD, Windows 365, or both.  

The above partly applies to Manager for Enterprise as well. We tightly integrate with many other native Azure services often used in combination with AVD, and I can imagine Windows 365 as well going forward.   

Scripted Actions 

These have been a big hit as of day one. Extremely flexible and powerful at the same time. You can leverage Scripted Actions (100% PowerShell based) on your Windows 365 environments as well. Even though this might seem like a small matter, it’s huge! More info on this specific topic will be published soon.   

Windows 365 + Nerdio Feature Set Available as of Day One 

The below will be available using Nerdio Manager as soon as Windows 365 will enter General Availability (GA). Do remember, though, we have an extensive roadmap lined up and as you are used to from Nerdio, you can expect many more updates, features and functionalities to be added going forward – we’re just getting started.  

  • Prepare your environment with all pre-requisites for Windows 365
  • Create and manage on-premises network connections and provisioning policies
  • Create and manage desktop images, including backups and versioning
  • Manage Active Directory profiles
  • Assign users, groups, and licenses
  • Provision and re-provision cloud PCs
  • Restart cloud PC machines
  • Manage multiple environments from a single interface (multi-tenant) 
  • Manage cloud PC user settings (i.e., local admin role)
  • Consolidated view of all cloud PCs provisioned and their status
  • All Windows scripts scripted actions capabilities of Nerdio Manager
  • Everything is audited and can be viewed in detail
  • And a whole lot more (coming)

Differentiating Windows 365 and AVD

Nerdio  Manager for MSP provides Managed Service Providers with a unified console to price, deploy, manage,  and optimize  all types of virtual desktops  in  the  Microsoft  cloud – both AVD and Windows 365 – across multiple customers. Selecting the right technology for the right  use-case  and deploying it with ease, using best-practices, and in the most cost-effective manner.  

Nerdio  Manager for Enterprise  helps IT pros enable Windows 365 in their existing Azure environment and to manage both AVD and Windows 365 from a unified console leveraging  powerful and automated image management, monitoring,  auto-scaling,  and scripted actions.  Nerdio  Manager will also enable  migration scenarios from AVD to Windows 365 and vice versa so each user can get the right type of virtual desktop  in the most  cost-effective  way.  

AVD is a  flexible, Azure-based VDI solution , while Windows 365 is a  simpler  and more limited Cloud PC service.  Nerdio  Manager integrates the two  services  into the  simplest, most  cost effective,  and  automated  way to deploy, manage and optimize virtual desktops  and applications  in the Microsoft  Cloud.   

Conclusion 

These are exciting times. With Windows 365. Microsoft offers another, and in some cases more simplified way, to leverage cloud based virtual desktops at a fixed price. Though, before getting too excited, make sure to read through the details, prerequisites, and such — or come and have a talk with us; we’ll make sure to pick the right solution for your use-case while keeping a strong focus on ongoing manageability and the financial side of things.  

Thank you for reading.

Bas van Kaam

Nerdio Field CTO, EMEA

Learn more about Microsoft Windows 365 product by clicking here!

What Does Windows 365 Cloud PC Mean for MSPs? Here’s What You Need to Know

What-Does-Windows-365-Cloud-PC-Mean-for-MSPs_-Heres-What-You-Need-to-Know-300x169

If you are reading this, you are probably aware of Satya Nadella’s keynote speech at Microsoft Inspire on July 14th, 2021, where he announced Windows 365 Cloud PC. To read the detailed technical overview of the product, visit Microsoft Windows 365: Introducing a New Product to End-user Computing and Windows 365 vs. Azure Virtual Desktop (AVD) – Comparing Two DaaS Products.

What is Windows 365 a nutshell? It’s Microsoft’s Desktop-as-a-Service (DaaS) solution made to be sold in a SKU-based fashion. It’s an individual persistent desktop offering in a few canned sizes running in Azure. Just like Microsoft launched Office 365 almost a decade ago, which came to replace all Exchange servers running on-premises, Windows 365 is meant to replace all fat client desktops as we know them.

I know what you’re thinking…here we go again; Microsoft is coming after MSPs by selling PCs directly to customers. So, where does that leave the business of managing desktops, networks, and servers for your customers? Instead of fearing the change that Windows 365 cloud PC is going to make, I would look at it as a huge opportunity – just like M365 provided a huge opportunity for MSPs to provide management services around security, consulting services, and project labor to get clients migrated to it. Every year, VDI vendors like to say, “this year is the year of VDI”, but now may be that time.  Microsoft has just made VDI mainstream with this announcement. Offering a true apples-to-apples offering to compete with AWS Workspaces and making it easy enough that anyone, regardless of their technical capabilities (or lack thereof), can purchase a virtual desktop from their Microsoft 365 admin account.

Where is the MSP Opportunity?

As an MSP offering services to customers, there is tremendous opportunity over the next decade to transition and leap into the world of providing virtual desktop services. Windows 365 is built on top of the Azure Virtual Desktop (formerly Windows Virtual Desktop) stack running exclusively on Microsoft Azure. If you have a cloud practice around VDI, you are in a good position to take advantage of this free marketing that Microsoft will generate with this new service. If you are not yet considering offering VDI services, it is not too late to start. If you are not currently offering VDI services, start now. Do not get caught not knowing anything about the subject and worst of all, not leading with VDI as part of your service offering.

Windows 365 is meant to be easy to purchase and procure but it is still NOT the lowest cost solution when it comes to offering a virtual desktop solution to customers. Since it’s built on top of the Azure Virtual Desktop (AVD) stack of technologies, AVD, if built optimally, is still more economical than the MSRP of Windows 365. This means that MSPs who take the approach to offer VDI strategically can leverage native Azure Virtual Desktop and come in at a price much lower than your competitors who are just plain reselling Windows 365 as a SKU with the standard distribution discount.

Windows 365 will come in two flavors; a Microsoft Endpoint Managed (MEM) version (Enterprise) and a Standalone self-managed version (Business). Most MSPs will gravitate towards the Enterprise version of Windows 365 since it is a more flexible and can be tied in with the rest of their existing Azure infrastructure. For those not familiar with Microsoft Endpoint Manager, MEM is a rebrand of two existing products coming together, Microsoft Intune + SCCM = Microsoft Endpoint Manager. Endpoint Manager will be a skillset MSPs will need to rush to acquire knowledge about rather quickly as it is a model gives the MSP the opportunity to manage the entire customers’ environment (virtual and physical) without using legacy RMM.

Less mature MSPs may be content with the Business version of Windows 365 and continue using legacy RMM tools to manage those customers’ Cloud PCs. Use cases for Windows 365 Business may be limited since it lacks basic network management. The opportunity for MSPs is to leverage Microsoft Endpoint Manager and offer policy, compliance, and security management, as well as consulting around the M365 stack.

From our speculation, since Window 365 hasn’t been released into General Availability yet, AVD pooled model will likely comes in substantially lower than its new Windows 365 cousin, especially when leveraging auto-scaling.

What about Hardware?

Of course, endpoint hardware is still going to be required to access Windows 365. You’ll see VDI specialized hardware become mainstream. Vendors like 10Zig, IGEL, and nComputing, whom have all created a business around providing thin and zero clients for VDI brokers have also strategically aligned themselves with AVD since launch will now play in the big leagues as they had an early start with AVD. In a way, big box vendors will need to change their messaging to catch up. The opportunity here is for MSPs to provide hardware-as-a-service. Thin and zero client physical endpoints should cost less than your average PC and typically will last longer than your average PC lifecycle. Many MSPs will start bundling in Windows 365 and pair it with hardware to be sold as a monthly package. If hardware breaks, it simply gets replaced and dropped shipped directly to the client reducing a lot of onsite visits for hands on repair.

Nearly a decade ago, MSPs were unsure of Microsoft’s direction with Office 365. Many saw Microsoft coming after the livelihoods of MSPs. Where would the revenue come from if we don’t have our clients’ Exchange Servers to manage? Now, it’s not even a question to consider when deciding whether to migrate a customer to M365 or not. Microsoft is here again to break the status quo. The PC chip shortage may be a temporary issue, but this is just one small reason what everyone should pay attention to Windows 365 Cloud PC. It will open many doors for partners all around the world.

MSPs who already have a practice around Azure Virtual Desktop should also very excited about this news since this legitimizes going to market with your existing AVD solution. AVD is still the lowest cost and most flexible solution available. Windows 365 will be free marketing for your existing offering; however, this will wake up a lot of your competition as well, as they’ll likely start jumping onto this bandwagon.

We are here to say take advantage of the momentum of this announcement. Train your sales and technical teams to be prepared to sell and offer these services on day one! The VDI revolution has begun, for real this time. Unlike other public preview offerings from Microsoft Azure, Windows 365 will not be able to be trialed until early August. Take this small Window to learn about how Nerdio can help you start, grow, and enhance your Azure cloud practice with support for Azure Virtual Desktop and Windows 365 on day 1.

Nerdio has been working with Microsoft engineering in shaping Windows 365 for well over a year before its launch, and we are the trailblazers in the Azure space for MSPs.  Nerdio is the easy button for Azure, Azure Virtual Desktop, and Windows 365 Cloud PC. If you’ve looked at Nerdio in the past, I urge you to look again! Contact us to get a 1-on-1 demo of our newest product, Nerdio Manager for MSP.

Schedule a demo

Nerdio Manager for MSP Case Study: Chelsea Technologies

CASE STUDY 

Discover how this large US-based Managed Service Provider saves significant time and money using Nerdio Manager for MSP’s automatic management and deployment of AVD, and powerful backup and auto-scale capabilities. 

About Chelsea Technologies 

Chelsea Technologies is a Managed Service Provider (MSP) in the United States and has provided business technology solutions to the global financial industry for over 25 years. They help clients navigate complex technical issues and focus on creating the infrastructure that helps clients succeed. Typical clients include hedge funds, banking institutions, and private equity firms. From startups to those with billions of dollars under management, Chelsea Tech also serves clients in other sectors that rely on their technical and business expertise, such as aerospace, law firms, and many others. 

The Situation 

Working with clients in complex and often highly regulated industries, Chelsea Technologies needs to ensure the highest standards of network uptime, hardware reliability, data integrity, and application stability. 

As a trusted partner to their clients, Chelsea Technologies works tirelessly to meet clients’ business and technology requirements, creating solutions that meet their needs in an IT landscape that is constantly evolving. Building native Azure Virtual Desktop (AVD) environments was proving time and resource intensive. The complexities of Microsoft Azure resulted in a limit on the number of engineers who had the skills to deploy it correctly. Chelsea Technologies needed to be able to use those engineers’ time efficiently and expand their ability to bring the advantages of AVD to clients. As it became apparent that they would need a partner to help drive success, they researched their options, looking for the right tool to help drive its growth. 

“We were migrating everything to Azure, and we really needed a tool that was right for the job – powerful, yet easy for our team to deploy and manage,” said Justin Vashisht, Professional Services Director for Chelsea Technologies. 

The Solution

After previewing Nerdio Manager for MSP, it became clear to Vashisht and the Chelsea Tech team that the ease of deployment, auto-scaling technology, and potential for cost-savings were the kinds of solutions they needed to successfully leverage their engineering talent and manage internal resources. Nerdio Manager for MSP held other attractive features as well, including built-in backup and audit trail capabilities, which, Vashisht noted, would be helpful for clients in highly regulated industries, like financial services and aerospace, among others. “This is especially important to clients in financial services and highly regulated clients for whom everything must be tightly monitored and controlled,” said Vashisht. 

Since initially partnering with Nerdio over two years ago, the Chelsea Tech team has continued to work with Nerdio Manager for MSP, which launched in public preview in January 2021. This solution enables them to get the most from the technology and their most critical assets– their technical staff.  

“For example, we have a client with over 250 users with AVD, and our help desk is managing it through the Nerdio platform. I didn’t have to worry about creating a custom portal, spending time testing it, and all the associated details. Nerdio provides it all to me in a single pane of glass. That represents substantial savings and reduced burden right there.” 

“Nerdio Manager for MSP is seamless, and it will allow me to migrate the rest of my clients over. Nerdio hit the sweet spot for us,” – Justin Vashisht, Professional Services Director for Chelsea Technologies. 

The Results

Auto-scaling is a standout feature for the team at Chelsea Technologies. The ability to automate what can be a labor-intensive and costly process saves time and effort, and the cost savings is a game-changer.  

“We have several large, expensive VMs. With Nerdio Manager for MSP, I can scale them down at 7:00 pm and scale them back up at 7:00 am. I get savings by automatically detecting usage and demand. You can’t put a price on that. Actually, yes, you can! It makes a big difference,” Vashisht said.

“There are so many details that come into play when building a secure Azure infrastructure. With all that complexity, human error is a reality of life. Nerdio Manager for MSP handles all those intricacies. It does everything for me. To set up a VPN takes minutes, not hours.” – Justin Vashisht, Professional Services Director for Chelsea Technologies. 

The knowledge-sharing and resources made available by Nerdio have made a real impression on Chelsea Tech.  “The videos and blogs on the Nerdio Academy are clear,
concise, and very helpful. It’s almost like getting a graduate degree in Azure,” said Vashisht. “The Nerdio team has increased the value of the platform for us. They’re knowledgeable about the MSP space, and understand the challenges we face. That’s why we continue to invest in the platform.” 

During Chelsea Tech’s deployment of Nerdio Manager for MSP, the key differentiator has been the ease with which Nerdio was able to immediately onboard and scale its solution, especially considering the challenges the Chelsea Tech had faced with clients going through painful digital transformations. 

Implementing Nerdio Manager for MSP has been a great success for Chelsea Tech. “If you’re looking to take an organization from a legacy, on-prem, physical server mindset and looking to jump into the cloud and accelerate the process, it would normally take six months to a year to do it right,” he said.

“With Nerdio, you can dive right in. The console is great and Nerdio is very forgiving as a platform, so implementation is easy.” – Justin Vashisht, Professional Services Director for Chelsea Technologies. 

Vashisht has straightforward advice for anyone considering Nerdio Manager for MSP: “If you’re looking to get into Azure, look no further than Nerdio. It will make your life easier.”

DOWNLOAD THE CASE STUDY HERE

Find Nerdio in the Azure Marketplace: nerdio. co/nmm

 

What is Windows 365 & How Does Nerdio Fit In?

It’s here, Microsoft’s Windows 365, a new era in cloud-based end-user computing as announced during Microsoft Inspire on July 14th, 2021. Here at Nerdio, we couldn’t be more excited about this next step in delivering virtual desktops from the Azure cloud. Windows 365 will offer a simplified management and a slightly different commercial model.  

For the past year, Nerdio worked closely with Microsoft Engineering to help develop Windows 365 and provide support for Cloud PCs in Nerdio Manager for MSP and Nerdio Manager for Enterprise on Day 1 of availability. 

Windows 365 in a Nutshell

Windows 365 is a Microsoft 365 virtual desktop product. It offers organizations a monthly fixed-price subscription to a Cloud PC that is dedicated to a user and can be managed using the exact same tools as a traditional Windows PC. Making a Cloud PC available to a user (once the initial environment is set up) is a matter of assigning a M365 license.

Each Cloud PC is a persistent VM that is dedicated to a specific user at a fixed price per user per month and is part of the Microsoft 365 cloud rather than Azure. Any applications that are installed on the Cloud PC do not disappear when the user logs off or shuts down his or her machine. Also, the user profile is not offloaded to a file share using FSLogix; it is local to the (virtual) machine. The Cloud PC is based and built upon the existing global Azure Virtual Desktop infrastructure as part of the Azure Cloud.

All security software agents, licensed applications or patches recognize the VM as a single-user, traditional Windows device running on the same Windows 10/11 Enterprise operating system. Windows 10 EVD (multi-session) is not currently supported. All this is important to make Cloud PCs behave and be managed together with and like physical devices, and over time replace physical machines with Cloud PCs. 

Being part of M365 means that Cloud PCs are purchased through the same channels as E3 and E5 that most organizations are already using – and use to leverage Azure Virtual Desktop as well.

Cloud PCs are delivered as a SaaS offer and managed through Microsoft Endpoint Manager and the M365 admin portal, rather than through the more complex Azure portal like AVD (unless you are using Nerdio Manager, of course).

Management Options

Windows 365 Cloud PCs come in two flavors; Enterprise (MEM-managed) and Business (self-service), as always both have pros and cons.

Companies who might have already invested in Enterprise (Microsoft Endpoint Manager) for managing their physical devices, for example, would be able to dip their toes into Windows 365 without too much trouble. All you need is an additional Intune license for each user assigned to a Cloud PC – these can be purchased separately as well, also see below.

The Business edition works a bit differently. Business Cloud PCs do not require a MEM/Intune license, though they need to be managed entirely by the end-user, just like a standalone physical PC. Depending on what you are used to or are looking for this might or might not fit your needs.

If you do not have Enterprise in place, using the Business model might be an easy way to start exploring if Windows 365 fits your needs. Setting up and getting started with MEM takes time and Enterprise Windows 365 needs some additional attention when it comes to setting up your Azure tenant and network, Active Directory, etc. and there are a few other things to keep an eye on. 

Business Cloud PCs, however, run entirely in Microsoft’s Azure subscription. You won’t even need your own tenant/network, no Intune license, no Active Directory prerequisite, etc. Simply assign a Business Cloud PC license to a user in the Microsoft 365 Admin portal and the new desktop gets provisioned within an hour. 

There’s a big difference from a networking perspective as well. While Enterprise Cloud PCs have the same capabilities as with AVD, meaning customers can fully manage and control things like routing, VPN, firewall, etc, this is not the case with Business Cloud PC VMs. Their network interfaces are part of a Microsoft-managed network, which as a consumer, you have no control over whatsoever.

There are more details to cover but this should at least give you an idea on some of the options available.

Licensing

From a licensing perspective, you need a Windows 10/11 Enterprise subscription and Intune license (if using Enterprise cloud PCs). Meaning, you’ll need the same Windows subscription license requirement as with Azure Virtual Desktop. 

A physical device license (e.g. OEM) doesn’t qualify. Only a M365 subscription to Windows can be used for Windows 365 Cloud PCs. Some popular M365 SKUs that include a Windows Enterprise subscription are M365 Business Premium, E3, E5 and Windows 10 Enterprise E3/E5/VDA.  

To manage Windows 365 via Enterprise, an Intune license is required. These licenses come with M365 E3, E5 and Business Premium subscriptions and can also be purchased as standalone licenses. 

In short, if you are already leveraging AVD or are thinking of doing so, Windows 365 can easily be leveraged alongside. And since it is al subscription based and no minimums apply you should be up and running in no time and if it doesn’t work out, you’ll just hand them back over to Microsoft – one of the main advantages of leveraging cloud technologies.

Where Nerdio Comes In

As you’ve probably noticed, while Windows 365 does address various challenges it also comes with restrictions, limitations, and potentially introduces a (steep?) learning curve when it comes to setting up and operating MEM, for example.

Simplicity also comes with less flexibility, unfortunately.

In an upcoming blog post I will share some of the main differences, things to consider and think about before choosing Azure Virtual desktop over Windows 365 or vice versa, it could also be both, of course.

With Windows 365, Microsoft aims to ease management by leveraging the same tools used to manage existing physical desktop and other types of virtual desktops. Of course, if you’re already using AVD, or have been thinking about doing so, this means you would now be using the Azure portal for AVD ongoing management and to manage the network settings of Enterprise Windows 365 alongside Microsoft Endpoint Manager.

Business Windows 365 PCs do not have a dedicated management portal, except for the 365 portal to hand out licenses and starting the provisioning process. But that’s where it ends. Ongoing management will need to be done by the end user or by using some other form of third-party management tool.

This is where Nerdio shines (again)!

As we do for Azure Virtual Desktop, Nerdio Manager now also offers additional management capabilities on top of the native Windows 365 service (Enterprise and Business), making it extremely simple to manage and optimize alongside AVD; they go hand-in-hand, you could say. This applies to both the MSP and Enterprise version of Nerdio Manager.

Enterprise Cloud PCs support Microsoft-provided images based on Windows 10/11 Enterprise (single-user only and persistent only, remember), or any custom images that a customer might have available in their subscription.

Nerdio already offered unparalleled image management options for AVD and now for Windows 365 as well, all from a single management interface, side-by-side. This makes image-based software deployments, updating and patching your MEM-managed Windows 365 machines a breeze since everything can be automated and scheduled at will.

While you might not necessarily need a File Server or an Azure Files file share, for example, if you do; all this can be auto provisioned, autoscaled, and fine-tuned from Nerdio Manager as well. This would apply only to Enterprise Windows 365 as they offer the same networking flexibility compared to AVD.

A few options are available as of day one:

  • Prepare your environment with all pre-requisites for Windows 365
  • Create and manage on-premises network connections and provisioning policies
  • Create and manage desktop images, including backups and versioning
  • Manage Active Directory profiles
  • Assign users, groups, and licenses
  • Provision and re-provision cloud PCs
  • Restart cloud PC machines
  • Manage multiple environments from a single interface (multi-tenant) 
  • Manage cloud PC user settings (i.e., local admin role)
  • Consolidated view of all cloud PCs provisioned and their status
  • All Windows scripts scripted actions capabilities of Nerdio Manager
  • Everything is audited and can be viewed in detail
  • And a whole lot more (coming)

In Short…

Nerdio Manager for MSP provides Manage Services Providers with a unified console to price, deploy, manage, and optimize all types of virtual desktops in the Microsoft cloud – both AVD and Windows 365 – across multiple customers. Selecting the right technology for the right use-case and deploying it with ease, using best practices, and in the most cost-effective manner. 

Nerdio Manager for Enterprise helps IT pros enable Windows 365 in their existing Azure environment and to manage both AVD and Windows 365 from a unified console leveraging powerful and automated image management, monitoring, auto-scaling, and scripted actions. Nerdio Manager enables migration scenarios from AVD to Windows 365 and vice versa so each user can get the right type of virtual desktop in the most cost-effective way. 

AVD is a flexible, Azure-based VDI solution while Windows 365 is a simpler and more limited cloud PC service. Nerdio Manager integrates the two services into the simplest, most cost-effective, and automated way to deploy, manage and optimize virtual desktops and applications in the Microsoft Cloud. 

 CLICK HERE TO LEARN MORE ABOUT WINDOWS 365

These are exciting times. With Windows 365 Cloud PC, Microsoft offers another, and in some cases more simplified way, to leverage cloud-based virtual desktops at a fixed price. Though, before getting too excited, make sure to read through the details, prerequisites and such, or come and have a talk with us, we’ll make sure to pick the right solution for your use-case while keeping a strong focus on ongoing manageability and the financial side of things.

Thank you for reading!

Nerdio Manager for Enterprise Case Study: Petrofac

Case Study

Learn how an energy company deploys, manages and cost-optimizes Azure Virtual Desktop company-wide with Nerdio Manager for Enterprise quickly and easily.

 

About Petrofac

United Kingdom-based global company Petrofac provides services to energy companies that deploy large teams across the globe. The company helps design and build complex structures for deployment on job sites, providing engineering, construction, procurement, and administrative services. In its quest to support remote work, Petrofac began planning an Azure Virtual Desktop deployment in late 2019. Little did the company know that the project would become a bedrock for its remote workers when the COVID-19 crisis forced widespread remote work practices a few months later. Even though employees at some locations are now able to access their office buildings, the engineering team continues to use Azure Virtual Desktop with Microsoft Azure NetApp Files, a fully managed cloud service. Petrofac attributes survivability during a multinational lockdown, enhanced performance, and falling costs to its deployment of these critical Microsoft services. 

Petrofac was working on digital transformation when the COVID-19 crisis increased the urgency of the initiative. The compute demands created by thousands of engineers working on bulky 3D image files on specialized desktop devices added complexity. But the company’s pivot to remote work with Azure Virtual Desktop solved that problem and created other benefits. The resulting performance gains sped up timelines, and engineers can now work anywhere. Increased scalability saves operational budget, too. Most importantly, business continues smoothly regardless of challenging times. 

 

Meshing complex needs across the globe 

Petrofac is largely an engineering company, depending on its talent to deliver construction plans and schema for complicated processes. Those 3D workloads are complex enough in isolation: they’re demanding, comprise large files, and engineers generally need graphical interfaces to work on them. Add globally distributed engineering teams to this data-intensive enterprise, and it’s easy to understand the challenges of supporting that functionality at scale. Vladimir Krdzic, Chief Digital Officer at Petrofac, decided to set the organization on a digital transformation path. “Many of our engineers had been doing the same work for decades and were entrenched in very traditional methods,” he says. “I wanted Petrofac to become a more agile and flexible company that would also attract millennial workers to join our team.” 

The complex 3D models that engineers create require specialized desktop devices that cost at least four to five times that of a standard office device often much more. An even bigger challenge lies in the demanding workloads inherent to those models millions of central processing unit (CPU) and graphics processing unit (GPU) cycles. That dictated a culture of working onsite because every office that works on the same engineering model must sync to the application database daily. This requires bandwidth that isn’t available in many homes in India, where most of the Petrofac engineering team is based. Many engineers don’t have fiber connections, and productivity can suffer in regions where frequent power outages take down internet connections at inopportune moments. 

Adding to these demands, large 3D files must be shared between teams that are spread across the globe. Every revision must go through a review cycle, from engineering teams in Mumbai to reviewers in Dubai, possibly cycling back and forth tens to hundreds of times. Other external parties such as Petrofac joint venture partners or clients also need to access the files, and when they store them on personal devices, the amount of data in play grows further. 

With multiple concurrent joint ventures, Petrofac often found itself in the position of having to work with companies across multiple continents, creating what Krdzic considers an operational and security burden. “It was time-consuming and unstable; it had the potential to increase cyber-exposure issues,” he says. 

We’re using Azure Virtual Desktop to spin up projects very quickly and add as many users as we need without file synchronization issues. That means faster time to market for us. – Vladimir Krdzic: Chief Digital Officer Petrofac

Coordinating people and data 

While version control issues might be annoying when collaborating on a Microsoft Word document, getting out of sync when collaborating on a 3D file can result in unnecessary costs for Petrofac if engineers need to rework files. “Our files ping pong between departments and offices, with people in different disciplines layering their contributions to the work on top of each other,” explains Krdzic. “It’s essential that we have everyone focused on the same version to avoid errors and the high cost of rework.” 

That need for tight coordination is complicated by the need for highly skilled contract engineers during peak periods of engineering demand. Petrofac relies on contractors to keep projects on schedule when its own teams are at capacity. Because Petrofac engineering teams depended on onsite infrastructure, the company’s choice of contractors has until now been dictated by their proximity to a Petrofac office. If no one in the vicinity was available, that could affect deadlines. 

Krdzic needed power and flexibility to bring his vision for agility and centralized governance home. “My strategy was to create an engineering platform that would enable our engineers to work from anywhere, anytime,” he says. When his team began to deploy Azure Virtual Desktop, the Petrofac transformation took off. 

Deploying not just a solution, but a better way of working 

The team immediately went to work to deploy Azure Virtual Desktop with an FSlogix user profile, the recommended user profile for the service. It added Microsoft 365 management and set up Azure NetApp Files to enable file storage on Azure—a perfect fit for the bulky 3D engineering files that require a high-performance environment. Because Azure NetApp Files is a high-performance, low-latency, and scalable solution, it’s highly cost-effective for Petrofac’s demanding but fluid production needs. Petrofac specified NVv3-series virtual machines, which are designed to support GPU-accelerated graphics and virtual desktops. The increased RAM in the series gives engineers the performance they need for graphics-intensive work. 

We definitely see the positive impact on performance, especially with the complex setups inherent to our business. The flexibility to scale to demand and keep business continuity is helping us navigate through difficult times. – Vladimir Krdzic: Chief Digital Officer Petrofac

The team added Nerdio Manager for Enterprise to automate Azure Virtual Desktop management, which further contributed to cost savings. Nerdio Manager for Enterprise fits perfectly into the Petrofac platform as a service environment because it runs in the company’s tenant, helping ensure that data never leaves its Azure subscription. The team uses the dynamic host pool feature to quickly deploy vast pools for user data, easily scaling to demand with Azure Auto-scale. The team set it to scale in resources after business hours, taking advantage of its ability to scale out as needed during business hours for maximum cost savings storage costs through its advanced auto-scaling capabilities. 

Finding that old habits might die easily, after all 

If Petrofac management had any misgivings about converting engineering teams to Azure Virtual Desktop, they were soon put to rest. Krdzic describes the former method for setting up a 3D-modeling project for engineers as a lengthy, complicated, and expensive endeavor. Separate instances of the project had to deploy to multiple geographic locations with secure connections between those instances and strictly controlled user access. Petrofac made an immediate impact with its Azure Virtual Desktop deployment. “We no longer need to replicate the same model between four or five different offices with our new environment,” says Krdzic. “We’re using Azure Virtual Desktop to spin up projects very quickly and add as many users as we need without file synchronization issues. That means faster time to market for us.” 

The solution is popular not just for all these reasons. No longer facing often lengthy commutes, the engineers are delighted with the new freedom to work anywhere and better work-life balance. It’s a game-changer for them and the company. Krdzic’s team has received rave reviews for the solution and its fast work in rolling it out. “Within three weeks, we had all our projects and engineers up and running because we had already tested Azure Virtual Desktop,” says Krdzic. “It was a big win because we achieved a lightning-fast deployment of something that had been culturally and technically unimaginable four or five months earlier.” 

The project received an unexpected nudge to hasten the timeline when much of the world went into lockdown. The Petrofac IT team had just completed a series of successful proof of concepts and simulations. “The COVID-19 crisis forced our hand,” says Krdzic. “It made us run faster, and we got much more sponsorship and support for our digital transformation. 

That was the silver lining in a very gray cloud. Now we’ve achieved our number one goal of mobility for our engineering teams.” Petrofac was perfectly placed to achieve the survivability it needed when the world abruptly changed. It was realizing significant cost savings at the same time while also taking advantage of better performance. “We definitely see the positive impact on performance, especially with the complex setups inherent to our business,” adds Krdzic. “The flexibility to scale to demand and keep business continuity is helping us navigate through difficult times.”

Within three weeks, we had all our projects and engineers up and running because we had already tested Azure Virtual Desktop. It was a big win because we achieved a lightning-fast deployment of something that had been culturally and technically unimaginable four or five months earlier. – Vladimir Krdzic: Chief Digital Officer Petrofac

Download the application today from the Azure marketplace and begin a free 30-day trial: nerdio.co/nme 

DOWNLOAD THE CASE STUDY HERE

Find Nerdio in the Azure Marketplace: nerdio.co/nme