Azure Virtual Desktop vs. Windows 365 for Business

What is Azure Virtual Desktop?

If you’re interested in a deep dive comparing Windows 365 to Azure Virtual Desktop across several technical dimensions like architecture, IT administration, end-user experience, and licensing and infrastructure costs then take a look at Windows 365 vs. Azure Virtual Desktop (AVD) – Comparing Two DaaS Products

“Is Windows 365 an oversized iPhone or a small laptop without a keyboard?” 

This was the question many were asking when the iPad was first introduced by Steve Jobs in 2010.  Today, more than a decade later, we know that it is neither.  iPad created a brand-new tablet computing category.  It didn’t replace the smartphone and didn’t make the laptop obsolete.  It created new use-cases and markets for tablet devices.  

With the introduction of Windows 365 in July 2021, a similar question is being asked.   

“Is Windows 365 a new type of virtual desktop or a replacement for a physical PC?”  

On one hand, Windows 365 Cloud PCs are virtual desktops similar to those delivered by Azure Virtual Desktop and other similar services.  On the other hand, it is a personal Windows device that is managed and behaves the way a physical device does.  Cloud PC is likely to create a new category of computing.  One that will complement both the physical PC and virtual desktop. 

In this article, I will compare Windows 365 to the existing Azure Virtual Desktop service that many are already familiar with and analyze several use-cases where Windows 365 is the right choice and somewhere AVD is the way to go.  In a future article, we’ll compare Windows 365 Cloud PCs to their physical equivalents.   

6 use-cases where Windows 365 is a better fit than Azure Virtual Desktop

1. Fewer than 10 desktops 

If there are a small number of desktops in the IT environment, then Windows 365 Business is the perfect choice.  It does not require any pre-requisites like AVD does.  For example, there is no need for an Active Directory configuration or a storage location for FSLogix containers.  Therefore, from an ease of deployment, management, and cost-effectiveness perspective Windows 365 Business is a clear winner. 

2. No current/planned Azure footprint 

Some organizations have simple, cloud-only IT environments with Microsoft 365 and other SaaS products and no infrastructure footprint in Azure with no plans to add any such infrastructure.  In this scenario, Windows 365 Business is an excellent choice because it is easy to assign desktops to users and there is no administrative overhead for IT admins. 

3. No prior desktop virtualization experience 

Only a small fraction of Windows devices are virtualized today with technologies like AVD.  Desktop virtualization is a complex technology requiring a specialized skill set.  Many organizations do not possess such a skill set and are not looking to build it.  In this scenario, Windows 365 Enterprise is a great option.  It does not require knowledge of multi-session administration, profile encapsulation, auto-scaling, and other complex concepts found in AVD.  Instead, it provides a simpler way to deploy and manage Cloud PCs alongside existing physical PCs in much the same way.   

4. Current investment into Microsoft Endpoint Manager 

Organizations that have already made an investment into Microsoft Endpoint Manager to administer physical desktops and laptops will find Windows 365 an easy way to extend their existing environment with Cloud PCs.  Similar policies can be used to manage both physical and Cloud PCs. 

5. Personalized desktops and local admin rights 

Cloud PCs are designed to be dedicated, personalized VMs belonging to each individual user.  These users may need the ability to administer their own PCs by installing software or making other configuration changes that require local administrator rights.  Windows 365 Cloud PCs make it easy for IT to delegate administration of Cloud PCs to their users.   

6. Users need to access desktop 24/7 

Auto-scaling is a common way to save on Azure costs when using Azure Virtual Desktop.  Cloud PCs, on the other hand, run 24/7 and shutting them down does not save any costs.  If users need access to their Cloud PC on a 24/7 basis (or even more than 55 hours per week), then Windows 365 is not just easier to deploy and manage, it is also more cost-effective. 

3 scenarios where Azure Virtual Desktop may be a better fit than Windows 365 

1. RemoteApp application streaming 

Sometimes all that’s needed is a published application rather than a complete Windows desktop session.  In these scenarios using a full Cloud PC (or AVD desktop) would be overkill and a published RemoteApp application is a better way to go.  Since RemoteApps cannot be published from Windows 365 Cloud PCs, Azure Virtual Desktop is the preferred choice. 

2. High fluctuations of number of desktops needed throughout the month 

Windows 365 licenses are monthly subscriptions.  Once purchased, they are available for use and the cost is incurred regardless of users actually making use of their desktops.  In IT environments where numbers of virtual desktop users fluctuate throughout the month, AVD may be a better fit.  Azure Virtual Desktop infrastructure costs are only incurred when users are actually consuming the resources whereas Windows 365 costs are incurred as soon as a per-user license is purchased. 

3. Cost is primary consideration 

When cost is the primary consideration and pooled Azure Virtual Desktops can be used to consolidate several users on a shared VM, then AVD will be the better option since it will be more cost-effective than Windows 365 in this scenario.  On average, pooled AVD desktops are up to 58% less expensive than dedicated Cloud PCs.  Even auto-scaled personal AVD desktops can be up to 9% cheaper than Windows 365 equivalents if users only utilize their desktop 50 hours per week.  Finally, Windows 365 costs are determined by the number of users with assigned Cloud PCs, regardless of actual usage.  Azure Virtual Desktop infrastructure cost is determined by the number of concurrent users, which is often much lower than the total number of users assigned to desktops. 

Comparing Cloud PC license costs vs. AVD Azure consumption 

There are several considerations that come into play when deciding on the right virtual desktop technology for your organization.  Microsoft provides customers with ample choice and meets customers where they are in terms of admin tooling, existing licenses, and Azure expertise.  Here we’ll explore the cost efficiency of different virtual desktop use cases and determine when Windows 365 fixed-price licenses are more cost-efficient than usage-based AVD infrastructure costs.  For this discussion, we’ll assume that Windows OS licensing costs are the same in both AVD and Windows 365 scenarios and focus exclusively on the cost of the infrastructure. 

Windows 365 license costs depend on the hardware specs needed by a user.  Each desktop comes with a certain number of vCPUs, GB of RAM, and SSD storage.  If we align the vCPU and RAM configuration of each Cloud PC license with a comparable Azure VM size and managed disk we can then compare their costs side-by-side. 

Since Cloud PCs are dedicated, persistent desktops they are most similar to AVD personal desktops. If we compare Cloud PCs with equivalently sized personal AVD desktops, using a VM on a 3-year reserved instance, we’ll see that the prices are very similar and Windows 365 is slightly less expensive for some sizes and much more cost-effective for the largest VMs.  On average, Windows 365 is 11% cheaper than a comparably sized Azure VM and managed disk running 24/7 on a 3-year reserved instance. 


If we assume that users are using their personal AVD desktops 50 hours per week (10 hours X 5 weekdays) and the VMs are stopped the rest of the time, then there will be cost savings by using personal AVD desktops with pay-as-you-go VM pricing and powering them off outside of the 50 work hours (70% of the time).  There are a few scenarios when Cloud PC is about the same cost as an AVD personal desktop, but on average, Azure Virtual Desktop personal desktops are 9% cheaper than Cloud PCs in this use-case.  


Let’s take this a step further and assume that not all users need a dedicated personal desktop and groups of users can be pooled together on multi-session AVD session hosts.  We can see that there are significant per-user savings with AVD pooled desktops using Reserved Instances (RI).  On average, the cost of a pooled Azure Virtual Desktop user on VMs that run 24/7 using 3-year reserved instances is 53% lower than Windows 365


Combining pooled AVD desktops with auto-scaling provides the deepest savings when using Azure Virtual Desktop as compared to Windows 365.  Assuming that users are working 10 hours/day, 5 days/week the average savings is 58% when using pay-as-you-go VMs with auto-scaling. 


Another important consideration is that Cloud PCs are priced per-named user.  Meaning that a license is consumed for every user who is assigned to a Cloud PC – regardless of whether this user ever connects to the desktop.  AVD desktops, on the other hand, only consume infrastructure when concurrent users are logged in.  If no users are connected, no session host VMs need to be powered on.  As more users log in, more infrastructure is brought online to accommodate the demand.   

In most environments, user concurrency is a fraction of the total named users at any given time – often 50% or less.  This means that the cost savings in an AVD desktop environment will be even greater than presented in the tables above when concurrency is considered. 

In summary, we see that Windows 365 Cloud PCs are most cost-effective when users need dedicated, persistent desktops and will be using them more than 55 hours per week.  With users who do not need dedicated, persistent desktops, there is significant infrastructure cost savings by using pooled desktops and auto-scaling technology. 

Free White Paper Download!

Demystifying Microsoft Azure Site Recovery (ASR)

One of the most common questions we get from managed service providers (MSPs) who are in the process of building a cloud practice in Microsoft Azure is “what is Azure Site Recovery (ASR) and when should I use it?” 

Let’s review this important Azure service from Microsoft and its relevance to MSPs.  

Why does Azure Site Recovery exist? 

Azure Site Recovery (ASR) is Microsoft’s Disaster Recovery-as-a-Service (DRaaS) solution built specifically for Azure workloads. ASR enables companies to recover from catastrophes quickly with minimal downtime. ASR can also be used as a tool to migrate existing servers into Azure from an on-premises environment or migrate workloads between Azure regions and resource groups. 

Who is Azure Site Recovery designed for? 

  • Companies that need to meet specific requirements or regulations for their industry such as ISO 27001 
  • Companies who are sensitive to downtime or want to limit impact from region-specific Azure outages 
  • Companies who wish to migrate current workloads into Azure from an on-premises environment, between Azure regions, or between resource groups 
  • Anyone seeking a complete business continuity and disaster recovery (BCDR) strategy for their business 

When can Azure Site Recovery be used? 

  • Replication of Azure VMs from one Azure region to another 
  • Replication of on-premises VMware VMs, Hyper-V VMs, physical Windows and Linux servers, and Azure Stack VMs to Azure 
  • Replication of on-premises VMware VMs, Hyper-V VMs managed by System Center VMM, and physical servers to a secondary site. 
  • Replication of specific workloads running on a machine that’s supported for replication 

What are some of the key features of Azure Site Recovery? 

  • A simple BCDR solution – ASR is built into Azure and can be managed entirely from within a single location
  • Data Resilience – Data is replicated inside of Azure storage with all the resilience and security provided by Azure
  • RTO and RPO Targets – Manage and meet organizational RTO/RPO targets with continuous replication at intervals as low as 30 seconds for Hyper-V servers
  • Easy and Flexible Failover– Test failover and disaster recovery scenarios without disrupting replication
    • Failovers can also be planned for expected outages with zero-data loss
    • Unplanned failovers can happen with minimal data loss and fail back to your primary site can be done easily when it’s available again 

How do I setup a basic Azure Site Recovery replication?  

Enable replication for an Azure VM  

  • In the Azure portal, click Virtual machines, and select the VM you want to replicate 
  • In Operations, click Disaster recovery 
  • In Configure disaster recovery > Target region select the target region to which you’ll replicate 
  • For this QuickStart, accept the other default settings 
  • Click Enable replication. This starts a job to enable replication for the VM

Verify your settings  

  • After the replication job has finished, you can check the replication status, modify replication settings, and test the deployment 
    • In the VM menu, click Disaster recovery
    • You can verify replication health, the recovery points that have been created, source, and target regions on the map

Clean up resources/stop replication  

  • The VM in the primary region stops replicating when you disable replication for it:  
    • The source replication settings are cleaned up automatically. The Site Recovery extension installed on the VM as part of the replication isn’t removed and must be removed manually. 
    • Site Recovery billing for the VM stops

Stop replication as follows 

  • Select the VM 
  • In Disaster recovery, click Disable Replication

Where can I get more information? 

NerdioCon Nerd Icon: Jamie Moore, Blackpoint Cyber

NerdioCon Nerd Icon Jamie Moore

With just six weeks left until our in-person, all-inclusive user conference and industry event – excitement and anticipation are at an all-time high. And for good reason! We are bringing attendees the best content, sponsors and speakers to provide a well-rounded learning experience when it comes to leveraging Microsoft Azure, Azure Virtual Desktop and Windows 365, and give partners the tips and strategies that will allow them to grow their businesses in 2022.  

To share a taste of what you can learn at NerdioCon 2022, we’ve developed a new blog series to shine spotlights on our fantastic speakers. Kicking off the NerdioCon Nerd Icon series, we sat down with Jamie Moore, Director of Account Management at Blackpoint Cyber.  

What has your career journey been like and how did you come to be in your current role?  

I worked for an MSP in Cincinnati, Ohio for seven years. While there, I helped my clients develop strategic technology plans to provide strong foundations for their businesses. Over time, I began to appreciate the dramatic need for increased cyber security. Business leaders were struggling to understand how to keep their businesses safe from cyber criminals. Some overreacted and were afraid of everything; others seemed to completely dismiss concerns because they couldn’t see the impact on their own businesses. This interest in preventing cybercrime and specifically in educating business leaders about cyber security, brought me to Blackpoint Cyber. At Blackpoint Cyber I help managed service providers learn how to grow their revenue, secure their clients, and communicate the value of security.  

Can you share more about what you will be speaking about at NerdioCon 2022 and why the topic is so relevant for partners right now?  

It’s no question that cybercrime prevention is a massive motivator for businesses to invest in technology. And yet, MSPs are often hesitant to include managed security solutions in their base offerings because these solutions are perceived as complicated and expensive. As the cyber threat increases, the demands for practical solutions also increase. Join us to use managed security to increase your value and subsequently your revenue. Our breakout session will focus on the hacker timeline, the advantages of investing in a SOC, and how to sell the value of a SOC to your customers and how to make a profit while ensuring their security. 

What is one trend impacting MSPs you think will be an even bigger focus / topic in 2022?  

Based on what we’ve seen this year, Blackpoint recommends our partners to stay alert and watch out for the following cybersecurity trends:  

  • A continued cycle of ransomware with a primary goal of data exfiltration for extortion  
  • Increased offensive action from governments to take down threat groups regardless of borders  
  • Increased supply chain vulnerabilities from both threat groups and nation-states  
  • Remote working is here to stay. Individuals within their home network will continue to be at risk of spear phishing and becoming a key target used to gain footholds into larger organizations. 

Thanks so much, Jamie! Where can our audiences find + follow you on social?  

Follow Blackpoint’s LinkedIn page or follow/connect with me on LinkedIn.   

We hope to see you at the event, taking place in Cancun, Mexico from February 21-23, 2022! To view the NerdioCon 2022 agenda and register to attend, visit www.nerdiocon.com. 

MSP Guest Blog: 3 Advantages to Boost Your MSP’s Azure Practice

By: Jim Brennan, President, Managed Services IT

I own and lead an MSP in the greater Philadelphia area and have been providing custom IT support options for businesses of all types and sizes since 2008. We pride ourselves on customer loyalty and satisfaction, so much in fact that one of our trademark differentiators is our guaranteed one-hour response time.  

Upholding this rule and being a trusted and committed partner to our clients has been a key to our success, but it’s one of many. To deliver on our guarantee while scaling our practice and adapting to offer the best services, choosing the right vendors and technologies has always been one of my biggest priorities as President.  

While I could talk shop all day on this subject, I want to share with you three investments I’ve made into growing my Microsoft Azure practice that have paid off big time especially when it comes to time savings.  

StorageCraft OneXafe 

One common pain point MSPs encounter across client needs is navigating how to move large amounts of data, especially given the amount of digital transformation and cloud initiatives. After working in IT for nearly two decades, I understand this issue well. Which is why I was instantly hooked after using OneXafe, an easily managed backup and recovery solution which presents an incredibly easy way to move a large on-prem environment to the cloud.  

To use a real-life example, my team and I had recent client request in which they wanted a brand-new and scalable environment with all their files and data. This all included the migration 50 users, SQL Server file server and their domain controller. This migration was prepped using the OneXafe Solo device one week in advance and we were able to move 3TB of data in one weekend and completed the migration. This tool helps eliminate labor during server migrations. 

Nerdio

At Managed Services IT we understand and tell our clients all the time that IT is any company’s most valuable asset, but it requires enormous amounts of time, money, and manpower to manage effectively. I found the same to be true with Microsoft Azure until I found the “easy button,” Nerdio.  

In utilizing Nerdio’s multitenant Azure management platform for MSPs, my team has had three engineers doing the work of probably seven as we’ve scaled up our virtual desktop offerings to support the boom in remote work. We’ve got provisioning of Azure Virtual Desktop environments down to 27 minutes on average and have cut back significantly on the amount of nights and weekend hours logged because of Nerdio’s amazing support team and scripted actions. 

Pax8

Finding a strong distributor to partner with can often be one of the biggest advantages you can get over your competition. Pax8 has been an invaluable resource in helping us find the right technologies and vendors to support our growing Azure practice and provide timely and insightful advice for selling cloud solutions to our healthcare customers. Our team at Pax8 knows the Azure ecosystem, and its key players, so well and are tapped in across their network of amazing vendors like Nerdio and OneXafe.  

If you are looking to expand or establish a cloud practice in Microsoft Azure in the year ahead, the three companies I’ve profiled here are fantastic resources to get you started.

Azure Virtual Desktop (AVD) Application Management

The purpose of a virtual desktop deployment is to provide users access to applications.  Application and data access is the reason to build a virtual desktop, like AVD, in the first place.  Therefore, installing, updating, and delivering applications to end users is a critical component of a desktop virtualization strategy. 

Azure Virtual Desktop host pools can be deployed as “personal” or “pooled”.  In single-session, personal environments, each user is permanently assigned a dedicated VM as their desktop.  In pooled environments, both single-session and multi-session, multiple users are connected to a “random” VM for the duration of their session and may be connected to a completely different VM the following day.  The methods of managing applications on personal desktops are very different than those used with pooled desktops.  Personal desktops (and Windows 365 Cloud PCs) behave exactly like a physical endpoint device and can be managed using traditional application delivery tools like Microsoft Endpoint Manager (SCCM and Intune).   

Pooled desktops provide several advantages over personal desktops such as cost efficiency and ability to standardize the IT environment.  However, they also come with unique application management challenges since most existing tools are built for a one-to-one user-to-desktop assignment, which is not the case with pooled desktops. 

In this article, we’ll focus on the strategies available to manage applications in pooled AVD deployments. 

The challenge with app management in pooled desktop environment can be boiled down to this – multiple users are sharing VMs, any installed app is available to all users. This “all or nothing” approach creates many challenges in situations where specific apps must be available to certain groups of users, but not to others.  How can we selectively assign applications to individual users or groups of users?   

Delivering apps to AVD users on pooled desktops requires two steps:

  1. Installing the application on either the image or session host VM
  2. Delivering the app to some or all users

Let’s take a look at the available options for each of these steps.

List of Azure Virtual Desktop Installation Applications

Installing applications in a pooled AVD environment can be accomplished in several ways. 

  1. Manual install on image 
  1. Scripted action install on image 
  1. Microsoft Endpoint Manager (MEM) install on image 
  1. Scripted action install on session hosts 
  1. MEM install on session hosts 

1. Manual Install On Image 

The easiest way to install applications is by loading each app on the base image VM one at a time.  Once all apps are installed, the image is “sealed” and can be used to build new session hosts or update existing ones.  All installed apps will be available to all users who connect to these session hosts. 

This method is easy to start with but becomes difficult and time consuming to maintain over time. 

2. Scripted Action Install On Image 

Script the installation of applications with Powershell, save these scripted actions in the Nerdio Manager Scripted Action library, and run the scripted actions on the image during creation or monthly patch cycle.  Once the updated image is deployed to session hosts, all users can access all apps. 

This method requires a bit of work to script the installation of each app but makes ongoing image and application updates easy and automated. 

3. MEM Install On Image 

Leverage existing MEM workflows to install and update applications on the base image.  Once all apps are installed, the image is “sealed” and can be used to build new session hosts or update existing ones.  All installed apps will be available to all users who connect to these session hosts. 

This method required some upfront work to get all applications imported and configured in MEM. 

4. Scripted Action Install On Session Hosts 

Instead of pre-installing application on the image, deploy apps to session host VMs with Nerdio Manager using scripted actions while the VMs are being created.  The latest base image can be pulled from the Azure Marketplace and all apps can be automatically installed during session host VM creation. 

This method required a bit of work to script installation of each app but makes ongoing host updates easy and automated.  All installed apps are available to all desktop users. 

5. MEM Install On Session Hosts 

Instead of pre-installing applications on the base image, deploy apps to session host VMs with MEM after the VMs are created.  The most recent image can be pulled from the Azure Marketplace and all apps will be automatically installed once the session host VMs are created. 

This method required some upfront work to get all applications imported and configured in MEM. 

Azure Virtual Desktop User Delivery 

Once applications are installed, they need to be delivered to users.  This is where the challenge of pooled desktops comes in.  Regardless of which of the 5 methods above was used to install the apps, once installed, all users will have access to all apps.  This may be OK in some scenarios but, often, this is not ideal. 

The following methods can be used to selectively deliver specific apps to specific users or groups. 

  1. Multiple images and host pools 
  1. RemoteApps 
  1. MSIX app attach 
  1. Nerdio’s Installed Apps Management 

1. Multiple Images and Host Pools 

Since all installed apps on the image are available to all users assigned to a host pool based on this image, one way to selectively assign groups of apps to groups of users is by creating and maintaining multiple desktop images, each associated with its own host pool.  Different groups of users are assigned to separate host pools that only have the apps that the users need. 

Although this method can achieve the objective of selective app assignment in a pooled desktop environment, it is difficult to manage at scale.  The number of images with unique configurations tends to be high and the effort required to maintain each individual image with its own set of apps is extremely time consuming. 

2. RemoteApps 

If users don’t need access to a full desktop, RemoteApps can be selectively published to individual users or groups.  Instead of launching a full desktop session, users will open individual apps published to them by the administrator. 

3. MSIX App Attach 

MSIX app attach is a relatively new technology available in AVD.  Administrators can assign individual MSIX apps to specific users or groups.  The application gets mounted when the user logs in and only entitled users can access the app.  One session host VM can have multiple connected users with different apps available in their sessions. 

MSIX app attach is great in concept and works well in practice.  However, today very few applications are available in the new MSIX format and converting existing apps to MSIX is a challenging and time-consuming process.  As a result, until the MSIX format becomes more widespread among software publishers, app attach is not very commonly used. 

4. Nerdio’s Installed Apps Management 

This is the most flexible and easy method to manage app assignment.  It leverages a technology built into FSLogix called “Application Masking”.  The concept is very simple: install a superset of apps on the image and use application masking to only reveal the apps an individual user need.  App masking doesn’t just hide the application shortcut, it makes all components of the app (e.g. files, registry entries, shortcuts, etc.) completely invisible to users who have no access.  There is nothing even a very sophisticated user can do to access an application that has been masked from them.  Unfortunately, with out-of-the-box FSLogix tools, implementing app masking is challenging and extremely complex.  It is difficult to initially configure and even more difficult to maintain at scale. 

This is where Nerdio’s Installed Apps Management feature comes in.  Nerdio Manager simplifies and automates the app masking configuration process down to 3 steps: 

  1. Discover installed apps 
  1. Create app-to-users assignment rules
  1. Apply rules to hosts 

Let’s look at each of these steps in more detail. 

1. Discover Installed Apps 

Whenever a new host pool is created or an existing host pool is re-imaged, Nerdio Manager will automatically discover all installed applications on the host pool and create an inventory.  This inventory of discovered apps will include all apps installed on the base image and directly on the session host VMs.  Each discovered application will have several “paths” associated with it.  These paths are locations of files and registry entries that belong to a specific application. 

2. Create App-to-Users Assignment Rules 

Once all apps are discovered, one or more rule sets can be created to define which apps are available to which users and groups.  By default, all installed apps are available to all users.  However, once an application is added to a rule set it can be made available to all users with exceptions (blacklist) or be made unavailable to all users with exceptions (whitelist). 

Apps-to-users assignment rules can be used for individual apps or groups of applications.  For example, there may be a rule set for Browsers that includes Microsoft Edge, Google Chrome, and Mozilla Firefox that is made available to all users except for certain group of task workers.  And there could also be a rule set for Accounting Apps that includes various accounting and finance applications that are available only to members of Accounting and Finance security groups. 

3. Apply Rules to Hosts 

Once apps are automatically discovered and rule sets are created, Nerdio Manager applies these rule sets to all existing hosts and all newly created VMs in the host pool.  The process of applying rule sets does not require a reboot of the VMs and can be done in production.  Within a few minutes, users will notice apps appear or disappear depending on rule set configuration. 

With these 3 simple steps, admins gain full control over users’ access to specific apps without creating and managing multiple images and host pools. 

Application management is a critical component of AVD administration strategy and Nerdio Manager provides a complete suite of tools to install applications via images and scripted actions and to deliver apps to specific users with RemoteApps, MSIX app attach, and Installed Apps management. 

Windows 365 License Optimization: Don’t Pay for Licenses You Aren’t Using

Windows 365 Cloud PC and Azure Virtual Desktop are both virtual desktop services from Microsoft.  However, the pricing models for these services are very different.  Azure Virtual Desktop (AVD) is charged based on consumed Azure infrastructure, which allows optimization tools like Nerdio Manager for Enterprise to significantly reduce costs by closely matching the size of infrastructure to actual user demand in real-time.  Windows 365, on the other hand, is a licensed service similar to other Microsoft 365 products like Office 365.  This means that the cost of Cloud PC infrastructure is included in a monthly subscription regardless of actual usage. 

Is the only option to purchase a Windows 365 Cloud PC license for every user who *may* need a virtual desktop and pay for it regardless of usage?  Turns out that it’s possible to dramatically reduce Windows 365 license costs (up to 55%) given the unique way in which virtual desktops are used. 

Background 

Nerdio software is used by thousands of organizations to manage close to two million Azure Virtual Desktop users.  This gives us great perspective into the way virtual desktops are used in large production environments.  By analyzing aggregated AVD usage data, we were able to identify usage patterns that can be optimized to reduce Windows 365 license costs.   

Let’s start by defining some terminology: 

  • Authorized users – potential users of a virtual desktop.  They are sometimes referred to as “Named” or “Assigned” users.  Each of these users will typically be assigned a Cloud PC license or be given access to an AVD host pool. 
  • Active users – users who are actively using a virtual desktop during some period of time.  For example, Monthly Active Users are ones who connect to a Cloud PC or AVD desktop at least once in a month.  The number of active users is less than or equal to authorized users. 
  • Concurrent users – users who are connected to their virtual desktop at the same time.  The number of concurrent users is always less than or equal to active users. 
  • Peak concurrency – the highest number of concurrent users during a period of time.  For example, monthly peak concurrency would be the maximum number of users connected to the desktops at the same time during a month. 

In our analysis, we found that in large virtual desktop environments the number of authorized users far exceeds active users and the number of monthly active users far exceeds the peak concurrency over the same period of time.  Intuitively this makes sense.  Not every user an administrator thinks will need a virtual desktop will actually use one and not everyone who uses a virtual desktop will do so at the same time.   

Here are the findings normalized for a 1,000-user environment: 

  • Authorized users = 1,000 (100%)  
  • Average Active users = 600 (60% of total) 
  • Average Peak concurrency = 350 (35% of total) 

Note that these numbers are very environment-specific and represent averages across the data set we analyzed.  Your mileage may vary. 

The “License-based” pricing model challenge 

Given the above numbers, if you’re deploying an AVD environment the amount of infrastructure needed should never exceed the peak concurrency, or 350 users in our example (it will actually be even lower with dynamic auto-scaling). However, with a license-based, rather than consumption-based pricing model you will need to purchase 1,000 Cloud PC licenses and assign them to all authorized users even though only 600 users will actively use their desktop and only up to 350 of them will be ever logged in at the same time. 

Can anything be done to avoid paying for and “wasting” licenses for users who are not taking advantage of their Cloud PCs?  The answer is Yes and the specifics of how this works is the topic of this article. 

Optimization Strategy #1: Automatic license assignment 

automatic license assignment

The first step is to assign licenses only to those authorized users who actually log into their Cloud PC.  Now this is easier said than done because Windows 365 is architected in such a way that a Cloud PC will only be provisioned for a user if a license is already assigned. No license means no Cloud PC and users don’t have admin access to go into Microsoft 365 admin center and assign themselves a license, nor would admins want them to do that. 

Nerdio Manager for Enterprise version 3.4 introduced the concept of License Auto-assignment.  Here is how it works: 

  1. The administrator creates one or more security groups to contain authorized users. These users do not have licenses assigned to them. 
  1. The administrator creates a security group to contain licensed users. These are users to whom a Cloud PC license will be assigned upon first login. 
  1. The first time an authorized user logs into the Cloud PC, they navigate to an admin-provided URL. If the user is authorized, they will be added to the licensed group, a license will be assigned, and a Cloud PC will be provisioned. The user will automatically be redirected to the Windows 365 portal to log into their desktop. 

The result is that only 600 licenses will be needed to support the 600 active users and those licenses will be assigned on-demand. This is a 40% savings and with a $50/user (2 vCPU, 8 GB, 256 GB) license it’s worth $20,000/month

Optimization Strategy #2: Unused License Reclamation 

What happens if a user who once worked on a Cloud PC leaves the organization or changes their workflow in such a way that they no longer user their Cloud PC?  The answer is nothing.  The user’s Cloud PC will continue running, the license will continue to be assigned to the user, and you will continue paying for it even if no one is ever connecting to the Cloud PC. 

This is where Unused License Reclamation feature of Nerdio Manager for Enterprise comes in. If users don’t connect to their desktop for 45, 60, 90 or any other number of days, the license will be unassigned, and the Cloud PC will go into a “Grace Period” for seven days. During this time the license can be restored, if needed, but if it’s not the Cloud PC will be automatically de-provisioned. 

Here is how it works: 

  1. The administrator enables the Unused License Reclamation feature on a Cloud PC provisioning policy in Nerdio Manager and specifies the number of days that a Cloud PC can be inactive before the license is reclaimed. 
  1. Nerdio Manager monitors user login activity to the Cloud PC in the background and once the configured number of days passes without a login un-assigns the license from the user and notifies the administrator about this action. 
  1. Cloud PC goes into Grace Period for seven days. If the user logs in during these seven days, the license is re-assigned and the clock resets. If the user does not log in, then the Cloud PC is de-provisioned. 

The result is that unused licenses, even if they were used in the past, aren’t being wasted. Once an unused license is reclaimed, it can be assigned to a new user or cancelled to avoid paying the subscription fee. 

Optimization Strategy #3: Inactive User License Parking 

inactive user license parking

Cloud PCs come in many different sizes ranging from 1 vCPU with 2 GB of RAM for $20/month to 8 vCPU with 32 GB of RAM and 512 GB storage for $158/month. While the user is connected to their Cloud PC, the specs make a big difference in performance and capabilities and are well worth the cost. However, when the user is not connected and the Cloud PC isn’t being used, wouldn’t it be great if the user’s Cloud PC could be “parked” with a cheaper license and assigned the original license when the user logs back in? 

Nerdio Manager’s Inactive User License Parking feature does just that. Once users disconnect from their Cloud PC, their license is swapped out with a less expensive license (e.g. 1 vCPU, 2 GB, 64 GB – $20) and once they log back in the original license is re-assigned. This way, the number of licenses needed equals the peak concurrency while the remaining licenses could be less expensive, “parking” licenses. 

Here is how it works: 

  1. The administrator creates an empty parking security group and assigns a set of parking licenses to it (e.g. 1 vCPU, 2 GB, 64 GB – $20). 
  1. Nerdio Manager monitors users’ Cloud PC activity and non-active users are moved from licensed security group to parking security group. This unassigns their primary license and assigns the parking license. The primary license can now be used by another active user. 
  1. When users become active again and connect back to their Cloud PC, Nerdio Manager moves the users from parking group to licensed group re-assigning the primary license. 

The result is you need fewer primary (more expensive) licenses. In our example, if 600 users are active but peak concurrency is 350 then you only need 350 primary licenses. The remaining 250 are less expensive, parking licenses. If the primary license is 2 vCPU, 8 GB, 256 GB, $50/month and the parking license is 1 vCPU, 2 GB, 64 GB, $20/month then the resulting savings is 15% ($12,500/month), which is on top of the license auto-assignment savings of 40% for a total of 55% in savings or $27,500/month. 

A few technical notes: 

  • Inactive User License Parking does not actually resize the user’s VM, it simply temporarily replaces the user’s license while the user is not connected. 
  • For license compliance reasons, it is not possible to un-assign the primary license and leave the user without any license while not connected. Therefore, a minimal parking license is required to stay compliant with licensing requirements. 
  • Changing a user’s Windows 365 license is excluded from short-term license reassignment restrictions that exist for other Microsoft 365 products. 

Putting It All Together 

In our example of 1,000 authorized users with a 2 vCPU, 8 GB, 256 GB Cloud PC, license savings are $27,500/month. These savings of 55% relative to an “unoptimized” scenarios are possible by leveraging License Auto-Assignment and Unused License Reclamation to ensure that you only pay for licenses that are utilized and by using Inactive User License Parking to save on the cost of expensive licenses 

Find Nerdio Manager for Enterprise in the Azure Marketplace here.

Free White Paper Download!

FREE NMM-100 Certification Launches to Equip MSPs with the Fundamentals of Nerdio + Azure

Last May we launched the Nerdio Partnerd program to give our MSP and channel partners access to a full arsenal of resources including our NMM-200 certification, discounted pricing, and an asset library with case studies, content white labelling capabilities, testimonials, product demo videos, and more. Today, we are excited to announce the launch of our newest certification program, NMM-100!  

NMM-100 is designed to build partner proficiencies in Microsoft Azure and Nerdio Manager for MSP.  Specifically, we are using this certification to give partners that first leg up when it comes to understanding the terminology, technology and best practices needed to be successful in deploying and managing Azure Virtual Desktop via Nerdio Manager.  

Below we’ve shared details around what the exam covers, resources you can use to prepare for it, and an explanation of how NMM-100 and NMM-200 relate to each other.  

What Does the NMM-100 Exam Entail, and How Should I Prepare?  

Our study curriculum is outlined below. It is a combination of articles and videos intended to give you a comprehensive understanding of Microsoft Azure, Nerdio Manager for MSP, Azure Virtual Desktop and Microsoft 365. 

  • Lesson One – Azure Fundamentals 
  • Lesson Two – Identity Management 
  • Lesson Three – Microsoft 365 
  • Lesson Four – Azure Virtual Desktop 
  • Lesson Five – NMM Fundamentals 
  • Lesson Six – NMM Account Deployment Paths 

The exam contains 60 questions related to the above lessons. We highly recommend you pay close attention when consuming the curriculum material as it closely overlaps with content that will appear in the exam. 

How Does This Relate to the NMM-200 Certification?  

Completion of the NMM-100 exam will ensure you are fluent in the underlying fundamentals needed to succeed with your AVD deployments. NMM-200 is more technically sophisticated than NMM-100, and those prepared to take the level 200 exam need a fair amount of Azure experience and knowledge to be successful in passing. 

NMM-100 is offered FREE to Partnerd members. Partners who pass the exam will be eligible for a 50% discount on the NMM-200 certification. To claim the discount, they must sign up and pay within 90 days of passing NMM-100.  

How Do I Register to Get Certified?

Head to our MSP Certifications page, scroll down and click the “Get Certified” button to start the process. To find the MSP Certifications page manually on the website, look for the ‘For Partners’ tab found at the top of the website (picture below), hover over the tab and select “Get Certified.”

Our certification programs have been carefully crafted to provide partners with the knowledge needed to build a successful (and profitable) cloud practice in Microsoft Azure using Nerdio. We look forward to seeing how the addition of NMM-100 helps accelerate your business and would love to hear any feedback you may have on the exam! Send any feedback (or questions) to certs@getnerdio.com – and best of luck!