Azure Virtual Desktop (AVD): Frequently Asked Questions (FAQs)

With Microsoft Azure Virtual Desktop (AVD) now in wide use, we’ve put together a list of the most frequently asked questions we receive, such as: What is AVD? How does it work? How much does it cost? How is it licensed? How do you access AVD and what are the tech requirements?

Read on for these answers and more information.

1. What is Azure Virtual Desktop? 

Azure Virtual Desktop or AVD (also sometimes incorrectly referred to online as Microsoft Virtual Desktop or MVD, and also as its previous name of Windows Virtual Desktop, or WVD) is a set of technologies from Microsoft Azure that enables IT professionals and Managed Service Providers (MSPs) to create Windows 10 virtual desktops in Azure.  AVD was launched in 2019 and is the evolution of Microsoft’s Remote Desktop Services (RDS) technology. Azure Virtual Desktop consists of 4 primary innovations: 

  1. Windows 10 multi-user operating system, which allows multiple concurrent users to use a single Azure virtual machine as a desktop.  Prior to AVD, this was only possible with the Windows Server operating system. 
  2. User profiles are handled independently of the virtual machine that serves are the user’s desktop.  These profiles are placed in containers and the containers are stored separately from the desktop VM in Azure.  This is enabled by FSLogix technology that Microsoft purchased in 2018.
  3. Microsoft Azure has a new Platform-as-a-Service (PaaS) offering that contains the management and connection broker functionality for AVD.  It is the service that determines which users end upon which Azure virtual machine when they connect.  Before Windows Virtual Desktop, this was handled by RDS server roles such as RD Gateway, RD WebAccess, RD Connection Broker, and RD License Server. 
  4. Licensing for AVD has been drastically simplified from prior virtual desktop technologies like RDS.  AVD rights are included at no additional charge with multiple Windows 10 subscriptions including Microsoft 365 and Windows 10 Enterprise. 

2. How much does Azure Virtual Desktop cost? How is AVD licensed?  

There are two cost components to AVD:  License and Azure infrastructure

Microsoft License – Azure Virtual Desktop is an entitlement of a Windows 10 subscription license.  This license can be purchased as part of Microsoft 365 Business/E3/E5/A3/A5 or as a standalone subscription (e.g. Windows 10 Enterprise E3).  If you already own one of these licenses there is no additional cost to use WVD from a software perspective.   
 
If you don’t already have a Windows 10 subscription license, then the least expensive option that covers AVD is Windows 10 Enterprise E3 for $7/user/month.  AVD license covers the cost of the operating system (Windows 10 single user and multi-session) and the use of the AVD management service that’s hosted by Microsoft in Azure.   
 
This license also replaces the need to pay for Windows Server OS license in Azure and the RDS license, since neither of these technologies is used to deliver Windows Virtual Desktop. It is important to note that AVD covers only Azure virtual machines and cannot be used to license on-premises deployments or other clouds.   
 

Azure Infrastructure – Once the license portion of AVD is covered, what remains is the cost of Azure infrastructure to run the virtual machines that users will connect to and use as their desktop.  In addition to the desktop VMs, you will need a place to store users’ profile containers and Active Directory (in addition to Azure AD).  Profile containers can be stored in Azure Files or on a Windows File Server VM in Azure, and Active Directory can be Azure AD DS or traditional AD running a Windows Server VM in Azure.   
 
The cost of all these components will include the virtual machines (compute), storage (disks and files), networking (egress bandwidth), etc.  The precise cost will depend on the number of users, amount of storage per user, how many and what types of applications the users use and many other factors.  The easiest way to calculate the precise cost is to use a tool like Nerdio’s Azure Cost Estimator to have it architect the infrastructure and figure out all the costs.  As a rough range, the Azure infrastructure cost component for pooled desktop users (those sharing a VM or set of VMs) would be in the $10-$30/user/month, and for a personal desktop user (those with dedicated desktop VMs) being in the $60-$130/user/month range. 

Schedule a demo with one of our experts!

 

3. Are there different pricing plans for Azure Virtual Desktop? 

There are not.  License cost is per-user and is the same no matter what type of desktop you’re using.  The cost of Azure infrastructure to run the virtual desktops varies based on what types of desktops you want to deploy.  It is very flexible. 

4. Can I subscribe to Azure Virtual Desktop?

AVD is an entitlement of any Windows 10 subscription license such as Microsoft 365 and Windows 10 Enterprise E3/E5, etc. 

5. How do I access Azure Virtual Desktop?  

AVD can be accessed from any modern, internet-connected device no matter what operating system it uses.  It can be accessed using an installed Remote Desktop client app.  This app is available for Windows, MacOS, iOS, and Android.   
 
This is not the same app as the one that is used for accessing RDS so be sure to download the latest version.  The Remote Desktop client allows a user to run both full session desktops (aka published desktop) and individual published apps (aka RemoteApps).  The RemoteApps and session desktops are even added automatically into the local computer’s Start Menu for easier access.  AVD can also be accessed via any HTML5 compatible browser.  This allows a user to run any session desktop or RemoteApp inside of a browser window or tab. 
 

6. How does Azure Virtual Desktop work?   

AVD allows IT pros and MSPs to create virtual desktops and RemoteApps in Azure and publish them to users who can access them from their own devices.

7. How do I create a virtual desktop on Windows 10? 

Windows 10 is the operating system that’s primarily used to deliver Microsoft’s Windows Virtual Desktop desktops to end-users.

8. How do I get started with AVD?  

Azure Virtual Desktop can be quickly and easily provisioned automatically with Nerdio Manager for MSP. Getting started with AVD is easy. In fact, you can deploy a desktop within 60 seconds using Nerdio Manager for MSP.

9. What are the technical requirements for running Azure Virtual Desktop?

To run AVD, you’ll need a Windows 10 subscription license and an Azure environment with all the prerequisites met. 

10. What is Azure Virtual Desktop session virtualization? 

Session virtualization is a technology that allows the same Azure virtual machine to be used by multiple users concurrently, each for their own desktop session.  This is in contract to VDI or personal desktops where each user gets his or her own dedicated Azure virtual machine to use as the desktop.  Session virtualization is a good way to increase “user density” and reduce costs. 
 

11. What operating systems does Azure Virtual Desktop support? 

On the Azure side, AVD supports Windows 10 Enterprise (single user), Windows 10 multi-session, and Server 2012/2016/2019.  On the client side (end-user device), AVD supports all modern, internet-connected devices such as PCs, Macs, iOS, Android and any device with an HTML5 browser. 
 

12. What hardware supports Azure Virtual Desktop? 

AVD is an Azure-only technology and can only be used in the Microsoft cloud.  Users of AVD can use any modern, internet-connected hardware device.  There are also hardware vendors who produce thin clients designed specifically for AVD. 
 

13. Which remote desktop clients support Azure Virtual Desktop? 

AVD supports all Remote Desktop client devices that are internet-connected. 
 

14. What are the limitations of Azure Virtual Desktop? 

AVD can only be used in Azure and not for on-premises or other cloud deployments.  It also requires a subscription to Windows 10 Enterprise.  This must be a subscription and not a perpetual Windows 10 license. 
 

Do you have more questions? Schedule a quick call with one of our experts.

Understanding Azure VDI Costs

The number one reason why many businesses consider switching over to a desktop-as-a-service model has to do with the immediate cost savings they get to enjoy on the technological assets they depend on so heavily each day. In fact, part of the reason why DaaS works so well is because it frees an organization from the restrictions of physical hardware assets in the first place.

When you buy a computer for your office today, it can (and likely will) grow out of date as soon as six months from now. As time drags on, it will continue to get slower, and more issues will develop. Soon, it won’t be able to do what you need it to do anymore, and you’ll either have to invest money in upgrades or buy an entirely new computer in the first place. Multiply these costs by dozens of employees, and you can see what a significant restriction this really is.

But even beyond simply investing in desktop hardware, you also have to think about the purchasing and licensing of servers, the purchasing and licensing of applications, the money that you’re losing literally every day to the depreciation of assets, etc. To say that all of these costs can quickly add up is something of a dramatic understatement.

Azure VDI Pricing Explained

With desktop-as-a-service, on the other hand, these costs evaporate. Your ability to run your mission-critical applications is no longer dependent on the quality of the computer you’re using — it’s dependent on the speed of your internet connection, instead. Desktop-as-a-service resources are usually delivered as a cloud service, right along with all of the apps needed for use on your virtual desktop infrastructure.

Hardware Costs

This means that you’ll be able to use your existing hardware assets for significantly longer periods of time, decreasing your total cost of ownership across the board. Every time a new version of one of your enterprise applications is released, you won’t have to worry about all the features that will “break” because you’re trying to run that program on a five-year-old computer. At that point, the computer itself is totally irrelevant.

Operational Costs

As all of these costs disappear, along with additional expenses like powering, cooling and hosting your own infrastructure, it should come as a surprise to absolutely nobody that using IT support services like desktop-as-a-service can save the average business up to 50 percent of operational costs within five years of adoption.

You get all of this in exchange for what is typically a fixed monthly fee that is easy to scale up and down at will. If you bring on new employees to account for seasonal fluctuations, you don’t have to worry about buying new hardware — you can make a single call to your DaaS vendor, and everything will be taken care of.

You have access to the latest technology at all times, allowing you to miss fewer opportunities and take advantage of the ones that do present themselves as quickly as possible. With one relatively simple switch, you’ve cemented your competitive advantage in your industry for a decade.

For many, these reasons alone make the switch to a desktop-as-a-service infrastructure more than worth it. But it’s also important to understand that there are many other ways in which DaaS can save an organization money, too — particularly in the long term. These are factors that many people don’t necessarily think about, but that doesn’t make them any less important.

The Long-term Costs of VDI

One of the biggest ways in which desktop-as-a-service can save an organization money in the long term ultimately comes down to a single word: productivity. DaaS isn’t just about freeing an organization from the restrictions of hardware in terms of total cost of ownership — because resources are being served up over the internet, users can essentially access the same “machine” from any device or location on planet Earth with an active internet connection.

This means that if one of your employees is halfway around the world on vacation but suddenly needs to contribute to a major project, productivity doesn’t have to grind to a halt while you wait for them to return. Provided that they’ve got internet access, they can be just as productive while they’re sitting in an airport lounge waiting for their flight to take off as they can be in front of the computer in their office. This is because the physical computer itself no longer matters — only the tasks that you can complete with those resources matter, and now you can do them anywhere.

Work from anywhere

This segues nicely into another one of the major advantages of the desktop-as-a-service model: a strengthened sense of business continuity. If your physical workplace suffers some type of catastrophe like a fire, you don’t have to worry about all of the progress that was lost on every project you were working on just because your computers are now damaged beyond repair.

While this will be a challenge to overcome on an organizational level to be sure, desktop-as-a-service offers both centralized data backup and ubiquitous desktop availability in one package — meaning that as far as work is concerned, you can pick back up from anywhere without skipping a beat. Your employees could work from home if they needed to while leadership gets everything else sorted out.

Get the most from your team

The desktop-as-a-service model also has a number of important implications in terms of not just how your employees are able to work, but what they’re actually doing in the first place. Take your own in-house IT team, for example. Because technology is such a fundamental part of your organization, your IT employees are essentially the backbone of everything you’ve already worked so hard to build. With a conventional computing model, the majority of their time is monopolized in reactionary ways. Something breaks, they fix it. Hardware grows out of date; they update it. Applications need patched, they patch them. Rinse, repeat.

The problem is that the people who are largely responsible for your organization’s major competitive advantage are stuck “spinning their wheels,” so to speak. The majority of their attention is devoted to preserving the status quo, not making sure that technology is aligned with your long-term business objectives. With the DaaS model, all of the above tasks — from updates to maintenance and everything in between — are all handled instantly by a vendor. Suddenly, your IT staff has an infinitely larger amount of time each day to devote their attention to other, more proactive matters that deserve it the most.

Security cost savings with Azure VDI

But perhaps one of the biggest advantages of the desktop-as-a-service model ultimately comes down to not the expenses that it saves your organization, but from the costs it helps prevent you from having to endure: namely, those related to cybersecurity.

According to a study conducted by the Ponemon Institute and sponsored by IBM Security, the average total cost of a single data breach came in at an astounding $3.62 million in 2017. This number breaks down to approximately $141 per stolen or otherwise compromised records. Many people fail to realize that oftentimes these breaches are not the product of a team of hackers sitting in a lab somewhere, working tirelessly to penetrate computer systems from afar. They’re the result of people taking advantage of weak, outdated, and otherwise vulnerable software and hardware.

When the developer of a piece of software you’re using for your enterprise issues an update, it’s always important to download and install it as quickly as possible. These updates don’t just add new features — they also patch security holes, fix bugs and address other exploits that people use to execute these types of breaches in the first place. Understanding that this is important is only half the battle — you (or more specifically, your IT team) actually has to do something about it. But under a traditional hardware model, making sure that absolutely everything is patched and updated at all times can be an uphill battle to say the least.

Thankfully, this is not something that you have to worry about with the DaaS model. Because all of your assets are being served up in an “on-demand” capacity over the internet, you and your team have access to the latest versions of everything from drivers to productivity suites at all times. All updates — along with patches, preventative and proactive maintenance — are handled by the third-party vendor of your choosing. You don’t have to worry about whether or not you and your team were updated the next time you read about a massive data breach in the newspaper — you’ll know beyond the shadow of a doubt.

Azure VDI is Here to Stay

Regardless of how you choose to look at it, the desktop-as-a-service model makes a great deal of sense for small- and medium-sized businesses in particular for a wide range of different reasons. For many, the immediate cost savings that come along with freeing themselves from the dependency of hardware resources will more than make up for the initial investment. But the long-term implications — namely the instant boost in productivity you can receive and the cybersecurity-related benefits in particular — make DaaS a step that is more than worth taking.

Azure Virtual Desktop Advanced Specialization – Part 1: How to Achieve It and What It Entails

AVD Specialization

Here at Nerdio, we are all about empowering not just businesses to succeed with Microsoft Azure, but hardworking IT professionals, too. After all, many of our staff have been in the shoes of an IT admin, consultant, or MSP — yours truly included.

Which is why we’re launching a new, four-part blog series full of helpful tips, tricks and insights to support Azure enthusiasts in the journey toward Microsoft AVD Advanced Specialization, for companies, and also the AZ-140 Certification, for individuals.

To kick off the series – check out our first part exploring what companies have invested (or are investing) in virtual desktop practices in Azure when looking into Azure Virtual Desktop (AVD) Advanced Specialization, along with advice for passing the exam from our team of experts.

Next in the series, I’ll take a step back and explore why the specialization is beneficial for companies, weaving in industry perspective and comparison and also my own firsthand experience from achieving the specialization.

What is Microsoft’s AVD Advanced Specialization?

In 2020, Microsoft released the Microsoft Azure Desktop Advanced Specialization: an award given to companies for meeting a strict set of minimum criteria discussed further below.

As Azure is a powerful solution comprised of more than 200 products and cloud services, Microsoft Azure Advanced Specializations can be obtained across several different technologies and areas of expertise.

So why would you want to achieve the AVD Advanced Specialization? When dealing with existing or new customers, this achievement demonstrates that your company, its consultants, and architects have a deep knowledge of Azure Virtual Desktop and that you meet the highest standards for service delivery and support.

How Do We Achieve AVD Advanced Specialization?

To ensure your company meets the minimum criteria, Microsoft will schedule a meeting with a third party auditor by ISSI who will spend approximately 4-6 hours in a workshop style format thoroughly reviewing all of your processes, operational documentation and also any design documentation which has been produced for your customers within the past 12 months. Microsoft does this to test your end-to-end capability to gather requirements, design, deliver and support a full AVD solution. 

Microsoft recommends you have three different customers to show when providing items required for the Advanced Specialization checklist. In our experience, it is better to focus in on a single customer reference that you know and can talk about with a lot of detail.

What Criteria Must We Meet?

Each certification must be held by at least one individual. You will also need to have three people pass the AVD Technical Assessment. We recommend these are the same three people who take the above certifications, and also that these individuals take the AZ-140 exam, which we will detail more later in our series.

What Will My Company Be Asked About?

When you register for the Specialization, Microsoft will send you a full checklist of the type of information you will be required to provide. A few examples include:

  • Marketing materials with your strategy for selling AVD solutions
  • Pre-sales activities
  • Evidence of requirements-gathering exercises
  • High-level design documentation of the AVD solution
  • Low-level design documentation of the AVD solution
  • Operational support documentation (i.e. image updates process, patching process, how to add hosts into a host pool etc)

The whole process should loosely follow the AVD Cloud Adoption Framework. If you can provide evidence that your company has a blueprint that follows all design principles of the AVD CAF, and those processes and procedures are followed throughout each of your customers implementations, then you will have a very high chance of achieving the AVD Advanced Specialization.

Advice from Our Experts on Passing the Exam

Our staff have guided partners through this process and recommend some general tips and advice below:

  • Go through the checklist provided by Microsoft literally line by line. The auditor will cover each section line by line and asked you to provide evidence to show how you have met each requirement.
  • Make sure that your designs match your blueprints and processes.
  • Know your designs well, and ensure you can talk about them in detail to somebody who has never seen the environment before.
  • Ensure that you also have the Azure Landing Zone design’s handy and are able to reference them.
  • Our final and most important bit of advice is when going through the process is to ensure that you can match every single checklist item to section in your documentation (Requirements, LLD, HLD’s etc)

If you want to know more about the AVD Advanced Specialization, stay tuned for the next blog in our series or reach out to us for a FREE 30-minute AVD Advanced Specialization consultation to get your Azure Virtual Desktop Advanced Specialization questions answered by one of our technical professionals.

Find Part 2 here!

Microsoft Windows 365: Introducing a New Product to End-user Computing

Windows-365_-Introducing-a-New-Product-to-End-user-Computing-2

On July 14th, 2021 at the annual Inspire conference, Microsoft announced a new service that holds the promise to establish Windows desktop virtualization as a modern, cloud-native way to deliver Windows applications to users on any device.  Coming on the heels of Azure Virtual Desktop (AVD), Windows 365 is a service that is complimentary to AVD rather than its replacement.  The key differences are its simplified management and commercial model. 

In September 2019, Microsoft made history with the release of Windows Virtual Desktop (now Azure Virtual Desktop) and finally embraced desktop virtualization as a legitimate, modern way to deliver Windows applications from the cloud.  AVD grew rapidly in popularity, much faster than anyone anticipated, largely fueled by COVID-related remote work requirements.  AVD is an Azure-based VDI service designed for maximum flexibility and is wildly popular with end-user compute (EUC) veterans.

There are more than a billion devices running Windows, but only a small fraction are virtualized.  Even with Azure Virtual Desktop, there is significant expertise required to set up and maintain a virtual desktop environment.  Managing virtual desktops requires an understanding of desktop imaging, multi-session OS application management, auto-scaling, and other advanced concepts.  Most importantly, AVD desktops are built on top of the Azure cloud, which is priced based on consumption.  This means that predicting the cost of a user’s virtual desktop is challenging because it depends on usage; some months the Azure bill may be higher than others.

Windows 365 aims to significantly grow the virtual desktop market by solving the technical and commercial complexity challenges.  While today desktop virtualization penetration is likely around 10% of the total Windows market, with Windows 365 this number can grow fast over time.

What Exactly is Microsoft Windows 365?

Windows 365 is a virtual desktop service that’s part of Microsoft 365.  It offers organizations a fixed-price monthly subscription to a cloud PC that is dedicated to a user and can be managed using the exact same tools as a traditional Windows PC. Making a cloud PC available to a user (once the initial environment is set up) is a matter of assigning a M365 license.  Three key properties of Windows 365 are worth repeating and emphasizing.  A cloud PC is dedicated to a user, fixed price, and part of the Microsoft 365 cloud rather than Azure.

Dedicated and Persistent

A cloud PC is a complete replacement of a user’s traditional Windows machine.  Therefore, it behaves exactly as a physical device would.  Each cloud PC is a persistent VM that is dedicated to a specific user.  Any applications that are installed on the cloud PC do not disappear when the user logs off.  The user profile is not offloaded to a file share using FSLogix.  All security software agents, licensed applications or patches recognize the VM as a single-user, traditional Windows device running the same Windows 10/11 Enterprise operating system.  Windows 10 EVD (multi-session) is not currently supported.  All this is important to make cloud PCs behave and be managed together with physical devices and over time replace physical machines with cloud PCs.

Fixed Monthly Price

Windows 365 cloud PCs are monthly product SKUs in Microsoft 365 just like M365 E3 or other M365 products.  There is no consumption-based pricing, as with Azure Virtual Desktop.  Purchasing physical Windows devices is predictable from a pricing perspective and Windows 365 delivers the same predictability when buying cloud PCs.  There are several SKUs for different sizes of cloud PCs that vary in CPU, RAM, and storage specs.  A user’s license can be upgraded to a larger cloud PC size at any time.

Microsoft 365 Cloud, Not Azure

Microsoft 365 is the most popular SaaS platform in the world.  Being part of M365 means that cloud PCs are purchased through the same channels as E3 and E5 that most organizations are already using.  Cloud PCs are delivered as a SaaS offer and managed through Microsoft Endpoint Manager and the M365 admin portal, rather than through the more complex Azure portal like AVD.

Think of the virtual desktop evolution from on-premises RDS to Azure Virtual Desktop to Windows 365 in the same way as Exchange messaging evolved from on-premises Exchange server to hosted Exchange to Office 365.  Once Office 365 solved technical and transactional complexity challenges adoption exploded.  Microsoft is hoping the same will happen with desktop virtualization now that Windows 365 is part of the same Microsoft 365 SaaS platform.

How Much Does Windows 365 Cloud PC Cost?

There are two cost components to a cloud PC: compute license and software license.

Compute capacity is purchased via a cloud PC license.  At general availability there will be 12 cloud PC sizes ranging from 1 vCPU to 8 vCPUs, 2 GB to 32 GB of RAM, and 64 GB to 512 GB of storage.  

From a licensing perspective, you need a Windows 10/11 Enterprise subscription and Intune license (if using Enterprise cloud PCs).  The Windows subscription license requirement is the same as in Azure Virtual Desktop.  A physical device license (e.g. OEM) doesn’t qualify.  Only a M365 subscription to Windows can be used for cloud PCs.  Some popular M365 SKUs that include a Windows Enterprise subscription are M365 Business Premium, E3, E5 and Windows 10 Enterprise E3/E5/VDA.

To manage cloud PCs via Microsoft Endpoint Manager (MEM) an Intune license is required.  These licenses come with M365 E3, E5 and Business Premium subscriptions and can also be purchased stand alone.

How Does Windows 365 Work?

There are two versions of cloud PCs: Enterprise and Business.

Enterprise cloud PCs are designed for organizations who have invested in Microsoft Endpoint Manager and are using this powerful platform to manage their existing physical Windows 10 desktops.  Enterprise cloud PCs require an Intune license for each user who is assigned a cloud PC M365 SKU.

Business cloud PCs are designed for individual users and very small businesses who typically go to their local Best Buy when they need a new computer.  Now, instead of Best Buy, they can go to Microsoft and subscribe to a new cloud PC and have it ready to use in an hour.  Business cloud PCs do not require MEM/Intune license and are managed entirely by the user, just like a standalone physical PC.

The diagram below depicts the deployment architecture of both Enterprise and Business cloud PCs.

Enterprise Cloud PC Architecture

Enterprise cloud PCs are Azure and Active Directory dependent.  An Azure subscription with a properly configured network is required with access to Active Directory that has Azure AD Hybrid Join enabled.  Azure AD DS is not currently supported and cloud-only, Azure AD join is not currently supported either.

The VM itself runs in a Microsoft-managed Azure subscription, which means admins don’t have access to it directly and are not incurring the cost of this VM in their own Azure subscription.  However, the VM’s network interface card (NIC) is “injected” into a vNet in customer’s Azure subscription.  All network traffic enters and leaves the VM via the customer-managed vNet.  Egress transfer costs are incurred by the customer.

Since admins don’t have direct access to the VM running in Microsoft’s Azure subscription, all management tasks (e.g. software installation, patching, policies) are performed through the Microsoft Endpoint Manager portal.   

Enterprise cloud PC pre-requisites:

  • Azure subscription with vNet
  • Azure vNet can access Active Directory domain controller (i.e. a PC can be joined to the domain). Custom DNS servers, necessary routing, and firewall access to AD.
  • Azure AD Connect configured and running within Active Directory with Azure AD Hybrid Join enabled
  • Intune enabled on Azure AD tenant (each cloud PC user needs Intune license assigned)
  • Admin setting up the initial deployment must be an Owner of this Azure subscription
  • Azure AD DS is NOT supported

Enterprise cloud PC high-level setup steps (without Nerdio Manager):

  • In Microsoft Endpoint Manager create an “on-premises network connection” pointing at the vNet and provide AD credentials to join new VMs to domain. The network connection and AD credentials will be validated automatically.  This process may take a while.
  • Upload an existing custom Windows 10 Enterprise image or use a clean, Microsoft-provided gallery image
  • Create a cloud PC “provisioning policy” that combines an “on-premises network connection” with a desktop image. Assign this provisioning policy to an Azure AD security group.
  • Add users to the Azure AD security group that the provisioning policy is assigned to

Enterprise cloud PC user entitlement:

  • Once the above pre-requisites and setup steps are completed, entitling a user to a cloud PC is very easy. Simply assign a cloud PC license to the user via Microsoft 365 Admin portal.
  • As long as the user is a member of a security group that’s assigned to a cloud PC provisioning policy and the network connection is “healthy” a new cloud PC will start provisioning. It will take up to an hour for the cloud PC to be ready for the user to log into.

Business Cloud PC Architecture

Business cloud PCs are VMs that run entirely in Microsoft’s Azure subscription, including the network interface cards.  There is no Azure subscription needed to be provided by the customer. There is also no Active Directory dependency since Business cloud PCs natively join Azure AD.  There is also no requirement of an Intune license.

Business cloud PCs route all network traffic through Microsoft-controlled network infrastructure and there is no way for admins to control the inbound or outbound connectivity to/from these VMs.  There is currently no way to assign static IPs to Business cloud PCs.  Since these cloud PCs run in Microsoft’s Azure subscription and are not Intune-enrolled, there is no admin interface to manage them.  They can only be managed directly by the user, just like a standalone physical Windows device.

There are no pre-requisites and no setup steps needed for business cloud PCs.  Simply assign a Business cloud PC license to a user in the Microsoft 365 Admin portal and the new desktop gets provisioned within an hour.  The user will get an email notification with login instructions to start using their new cloud PC.

End-user Experience

Windows 365 is built on top of Azure Virtual Desktop global infrastructure and will be familiar to those with AVD experience.  The end-user client apps are the same as AVD and are available for Windows, MacOS, iOS, Android and HTML.  When connecting to a cloud PC, a user will authenticate to Azure AD using the AVD client and all cloud PCs that the user is entitled to will appear in the feed.

Leveraging the same infrastructure as AVD provides users the advantage of a unified experience across Windows 365 and Azure Virtual Desktops.  Admins can control the resources visible to individual end-users and the user will see everything in a single feed using the same app.  The authentication and multi-factor experience will also be very familiar since it leverages Azure AD, which is used for M365 and AVD authentication.

Step 1: Go to https://cloudpc.microsoft.com and log in

Step 2: Connect to cloud PC in browser or download the Remote Desktop client app

How Nerdio Supports Windows 365 

By introducing Windows 365, Microsoft has expanded the available options for virtual desktops.  Now there is the flexible, Azure-based AVD with single-user, multi-session, and RemoteApp options and the simplified, M365-based Windows 365 with Enterprise and Business cloud PC alternatives.

For the past year, Nerdio worked closely with Microsoft Engineering to help develop Windows 365 and provide support for cloud PCs in Nerdio Manager for MSP and Nerdio Manager for Enterprise on Day 1 of availability.  Nerdio’s mission is to empower MSPs and IT professionals to build successful virtual desktop cloud practices in the Microsoft cloud.  We do this by helping our customers choose the right Microsoft service for the right use-case, automate the deployment, simplify ongoing management, and optimize to reduce ongoing costs. 

Nerdio Manager for MSP provides Manage Services Providers with a unified console to price, deploy, manage, and optimize all types of virtual desktops in the  Microsoft cloud – both AVD and Windows 365 – across multiple customers.  Selecting the right technology for the right use-case and deploying it with ease, using best-practices, and in the most cost-effective manner.

Nerdio Manager for Enterprise helps IT pros enable Windows 365 in their existing Azure environment and manage both AVD and Windows 365 from a unified console leveraging powerful and automated image management, monitoring, auto-scaling, and scripted actions.  Nerdio Manager will enable migration scenarios from AVD to Windows 365 and vice versa so each user can get the right type of virtual desktop in the most cost-effective way.

AVD is a flexible, Azure-based VDI solution while Windows 365 is a simpler cloud PC service.  Nerdio Manager integrates the two services into the simplest, most cost effective, and automated way to deploy, manage and optimize virtual desktops and applications in the Microsoft Cloud.

Free White Paper Download!

The Best Vendor Support for MSPs, Medium, and Enterprise-sized Businesses

The-Best-Vendor-Support-for-MSPs-Medium-and-Enterprise-sized-Businesses-300x169

If anything, support needs to be top notch when dealing with medium-sized and enterprise companies. You cannot afford any single points of failure, and preferably you have access to a team of experts you can rely on to do the heavy lifting when things go wrong or when you are looking for someone to have a chat with.

Our Enterprise support team at Nerdio is fantastic– they really are. They’re knowledgeable, swift in their response, and always put the customer first.

One of the things I like best, though, is that support is included with both Nerdio Manager for Enterprise and MSP. You don’t need to purchase and pay for a separate support contract, renew yearly, or anything like that. Having said that, take a look at our licensing options and monthly pricing and it almost seems too good to be true.

In fact, during the PoC phase (both solutions are available from the Azure Marketplace, up and running within 45 minutes), you can make use of support as well. During the PoC we always try to make sure that our (potential) customers get the best out of Nerdio during their 30 day free trial. This approach lowers the barrier, saves time, money, and makes sure we are all on the same page.

Proof of Concept Support

On a few occasions I’ve had some customers who ran into an issue, a misconfiguration, or an error of some sort during the PoC phase. Whenever I can, I will always try to help them personally. However, I don’t mind sending them over to Nerdio Support because I know they will be satisfied later that day – or that same hour in many cases.

Even before you start using Nerdio in production, you will have experienced all facets that come with using an Enterprise solution and building a long-term relationship, which is the ultimate goal, of course.

Online Resources

I always point out our first line of defense–our online Nerdio Academy for both Manager for Enterprise as well as MSP. The content is brief, to the point, and very easy to digest.

We have videos and Knowledge Base articles on just about any configuration option available within both solutions. What about the inner workings of the solutions and the permissions they need? What data is stored where? You name it, you’ll find it online.

Our release notes page let you know what’s coming up and enables you to view all previous released versions including all features and functionalities released with it. Again, links to videos and Knowledge Base (KB) articles will be included there as well.

We often get questions about licensing, how licenses are counted and invoiced, the types of licenses and their differences per solution. This is also out in the open.

What about security? How to harden underlying services and secure communication within your AVD environment, advanced app service configurations, that sort of thing. Backup your Nerdio/AVD configuration, how to make your deployment highly available if desired. That and more, you can find it all online. Including various best practices.

Visit the Nerdio Academy

Go Live Engineer

When it comes to Nerdio Manager for MSP we even take it one step further and offer our customers additional FREE support in the form of a Go Live Engineer, or GLE for short.

The GLE engagement is offered to new partners looking to accelerate their cloud entry with Nerdio as they work towards growing an Azure practice with their first two accounts. 

New partners are entitled to have two free GLE engagements. A GLEs primary goal with a partner is to help them bring a closed deal to its go live in a timely manner using best practice and methods aligned with giving their customers a positive and sustainable cloud experience. The following are the details of the process to achieve that goal. 

For direct partners, a GLE involvement will be scoped as follows:

  • Architectural and proposal (quote) validation
  • Nerdio Orchestration and best practices
  • Host and Golden Image/Template management
  • VPN Configuration
    • Including IKEv1 vs IKEv2
  • Office installation knowledge transfer (Nerdio to provide KBs)
  • Nerdio pool management and optimization features
  • Azure VM series evaluation and configuration
  • FSLogix review and walk through from Nerdio orchestration.

How about that?

Let us know if you would like to learn more or have a customer-case where you think this approach makes sense and we can set it up together.

What About Nerdio Manager for Enterprise?

Even though we do not have a similar service for Nerdio Manager for Enterprise, we always put in the effort necessary to make sure our clients and partners are successful. We often organize extensive deep(er) dive sessions, demos, one to many questionnaires, one-on-one meetings; you name it, it always works out!

Once we start a PoC, we make sure to discuss success criteria and act accordingly in the weeks that follow. We’ll schedule additional sessions, do a quick health check in between,  to make sure that together we get the most out of the 30-day free trial.

Partnerd Program

As part of our Partnerd program, we offer various benefits based on tiered partner levels, which can be achieved in multiple ways. This includes but is not limited to free Nerdio certifications, exclusive training and webinars, and an all-expense paid trip to NerdioCon (annual event) as you add more customers and move up in partner tiers.

From a marketing perspective, you can count on access to exclusive, white-labeled content, up-to-date product demo videos, e-guides and white papers, and monthly partner webinars.

Furthermore, you can gain access to the previously highlighted Nerdio’s Go Live engineering team and earn monthly training sessions with Nerdio leadership.

Learn more about the Partnerd program here

Next Steps 

As you can see, there is a wealth of free information and support available. We support our partners and customers in any way you can think of, and we always go the extra mile, as they say. I would like to invite you to become part of ecosystem as well, you won’t be disappointed, I promise!

Thank you for reading and until next time.

Get your first 10 users free

How Nerdio Enhances the Provisioning & Management of NEW Windows 365

How-Nerdio-Enhances-the-Provisioning-Management-of-NEW-Windows-365-300x169

Now that Windows 365 is out in the open, you might be wondering: what is the added value of Nerdio Manager on top of the native service? A fair question. Let’s dig in a bit more and see how Nerdio makes the life of a (future) Windows 365/AVD administrator easier and more efficient.  

First, it’s important to understand that Windows 365 has been built on top of the existing Azure Virtual Desktop architecture, meaning there are many similarities, even though most might be hidden to the end user.  

Second, Nerdio has a proven track record when it comes to automating, managing, and optimizing new and existing Azure Virtual desktop (AVD) environments. In fact, from a development and support perspective, Nerdio has been partnered with Microsoft even before day 1 of AVD availability. We go as far back as when it was still referred to as RDmi a few years ago.  

So, you could say that we have some experience in that area (understatement). Today, Nerdio Manager is recognized by thousands of companies globally as being the go-to management and automation platform regarding everything AVD (and now also Windows 365) related.  

When it comes to Cloud PC, history repeats itself, in a good way. For the past year,  Nerdio has  worked closely with Microsoft  Engineering to help  develop Windows 365  and provide support for  cloud PCs in  Nerdio  Manager for MSP and Nerdio Manager for Enterprise, and is once again ready to go on day 1 of availability.  

Nerdio is familiar with all the ins and outs, the pros and cons, limitations and flexibility of both platforms and we are well known for helping our customers pick the right solution for their unique use-case(s), which, needless to say, we’ll continue doing.   

Next to everything we have been building for AVD throughout the last couple of years, this has now been complemented by a complete, designed from the ground-up management suite for Windows 365  Cloud PCs.  

The Two Types of Windows 365 Cloud PC

As you might be aware, Windows 365 comes in two different SKUs: Enterprise (MEM-Managed) and Business. MEM stands for Microsoft Endpoint Manager. While this document is not meant as a deep dive into Windows 365, it’s important to understand the differences between these two models, including a few things to keep in mind in terms of evaluating both options.  

As a side note… For more details on the underlying architecture, license requirements, how to set things up, and such, see this article

Enterprise Cloud PCs are designed for companies that have invested in Microsoft Endpoint Manager and are using this powerful platform to manage their existing, physical Windows 10 desktops.  Enterprise cloud PCs require an Intune license for each user  who is  assigned a cloud PC M365 SKU.  

However, if you are new to MEM and still have not implemented it, this might come with a (steep?) learning-curve and some other forms of investment.  

On the other hand, Business Cloud PCs are designed for individual users and very small businesses that typically go to their local Best Buy (or European equivalent) when they need a new PC.  Now, instead of  visiting  a Best Buy, they can go to Microsoft and subscribe to a new Cloud PC and have it ready to use in an hour.  Business Cloud PCs do not require  an MEM/Intune license and are managed entirely by the user,  which is similar to  a stand alone physical PC.  

Depending on your requirements, knowledge level, and management capabilities, this may or may not be a good fit.  

Finally, Windows 365 VMs can best be compared to physical machines, meaning they are persistent to the user and everything a user does on that machine will be stored and saved on the underlying/attached hard disk.  

Overall Management of Windows 365

Enterprise  Windows 365 Cloud PCs  are  managed via  Microsoft Endpoint  Manager (Intune)  and via  the Azure portal  for networking.  Administration of  MEM-managed Cloud PCs  can also be unified  (together with AVD) via a single portal like the Nerdio Manager. MEM  allows management  of Cloud PCs at the OS  level and above.  

This means that  admins do not have access to  make changes to the underlying VM resources; they can  only make changes to Windows and applications.  As highlighted, virtual networking is managed  via the Azure portal, unless Nerdio is used, of course.  

We enable you to manage all of your Cloud PC network connections directly from Nerdio Manager.  

Business Windows 365 Cloud PCs are not  integrated with  Endpoint Manager  and do not have a dedicated management portal (except for the 365-license portal to assign licenses and kick-off the (re)provisioning process).  They can  only be managed  by the  end user assigned to the desktop while logged into it, much like a physical PC. 

Actions such as  PC restarts  can be performed by the user  from the cloud  PC  web portal. Nerdio Manager enables you to set up all pre-requisites, provision/re-provision your Cloud PCs, run scripted actions, and restart them as needed.

Applications and (Image) Updates 

Enterprise Cloud PCs can be updated via MEM or  manual methods. Image-based software deployments are not typical without  third-party tools like Nerdio Manager, as is the necessary user profile management that comes with it.   

Also, MSIX AppAttach application delivery  is not  currently supported with Windows 365, however, it wouldn’t be a surprise if this is introduced in the future, and when that happens, Nerdio has MSIX AppAttach support fully integrated and ready to go.  

Business Cloud PCs can be updated  with Windows update manually by the user or by using third-party management tools.  

Enterprise Cloud PCs support Microsoft provided images based on Windows 10 Enterprise (single-user only and persistent only, remember), or any custom images that the customer might have available in their subscription.  

Nerdio already offered unparalleled image management options for AVD and now offers the same functionality for Windows 365, all from a single management interface, side-by-side. This makes image-based software deployments, updating and patching your Enterprise Cloud PCs a breeze since everything can be automated and scheduled at will. The same image can be used to update both AVD and Windows 365. 

Azure Virtual Desktop and Windows 365 Go Hand-in-hand 

I already mentioned that both solutions are based on the same underlying architecture and thus have a lot in common. As such, we expect many organizations to be using some form of Windows 365 next to AVD.  

Click here for a comparison of Windows 365 and AVD.

By using Nerdio Manager, you’ll have it all in one place; one single management console to provision, manage, and optimize both AVD as well as Windows 365 – single and multi-tenant.  

Multi-tenant 

MSPs who are managing dozens, if not hundreds of customer tenants – and even more users-  might want to start exploring Windows 365 as well. Nerdio Manager for MSP offers a single management interface where you can build, manage, and optimize as many customer tenants as you would like globally and goes way beyond the concept of Azure virtual desktops, regardless of type.  

Spinning up a Windows 365 and/or an AVD host is one thing; taking care of everything else (users, identity, backup, networking, monitoring, autoscaling, and the list goes on) is something different altogether. What about all of your other virtual machines (outside of AVD and or Windows 365)? Are there any VPNs you might need? This could be a single environment or hundreds – all it takes is just a few clicks. 

In short, Nerdio Manager for MSP enables managed service providers to build their entire cloud practice around AVD, Windows 365, or both.  

The above partly applies to Manager for Enterprise as well. We tightly integrate with many other native Azure services often used in combination with AVD, and I can imagine Windows 365 as well going forward.   

Scripted Actions 

These have been a big hit as of day one. Extremely flexible and powerful at the same time. You can leverage Scripted Actions (100% PowerShell based) on your Windows 365 environments as well. Even though this might seem like a small matter, it’s huge! More info on this specific topic will be published soon.   

Windows 365 + Nerdio Feature Set Available as of Day One 

The below will be available using Nerdio Manager as soon as Windows 365 will enter General Availability (GA). Do remember, though, we have an extensive roadmap lined up and as you are used to from Nerdio, you can expect many more updates, features and functionalities to be added going forward – we’re just getting started.  

  • Prepare your environment with all pre-requisites for Windows 365
  • Create and manage on-premises network connections and provisioning policies
  • Create and manage desktop images, including backups and versioning
  • Manage Active Directory profiles
  • Assign users, groups, and licenses
  • Provision and re-provision cloud PCs
  • Restart cloud PC machines
  • Manage multiple environments from a single interface (multi-tenant) 
  • Manage cloud PC user settings (i.e., local admin role)
  • Consolidated view of all cloud PCs provisioned and their status
  • All Windows scripts scripted actions capabilities of Nerdio Manager
  • Everything is audited and can be viewed in detail
  • And a whole lot more (coming)

Differentiating Windows 365 and AVD

Nerdio  Manager for MSP provides Managed Service Providers with a unified console to price, deploy, manage,  and optimize  all types of virtual desktops  in  the  Microsoft  cloud – both AVD and Windows 365 – across multiple customers. Selecting the right technology for the right  use-case  and deploying it with ease, using best-practices, and in the most cost-effective manner.  

Nerdio  Manager for Enterprise  helps IT pros enable Windows 365 in their existing Azure environment and to manage both AVD and Windows 365 from a unified console leveraging  powerful and automated image management, monitoring,  auto-scaling,  and scripted actions.  Nerdio  Manager will also enable  migration scenarios from AVD to Windows 365 and vice versa so each user can get the right type of virtual desktop  in the most  cost-effective  way.  

AVD is a  flexible, Azure-based VDI solution , while Windows 365 is a  simpler  and more limited Cloud PC service.  Nerdio  Manager integrates the two  services  into the  simplest, most  cost effective,  and  automated  way to deploy, manage and optimize virtual desktops  and applications  in the Microsoft  Cloud.   

Conclusion 

These are exciting times. With Windows 365. Microsoft offers another, and in some cases more simplified way, to leverage cloud based virtual desktops at a fixed price. Though, before getting too excited, make sure to read through the details, prerequisites, and such — or come and have a talk with us; we’ll make sure to pick the right solution for your use-case while keeping a strong focus on ongoing manageability and the financial side of things.  

Thank you for reading.

Bas van Kaam

Nerdio Field CTO, EMEA

Learn more about Microsoft Windows 365 product by clicking here!

What Does Windows 365 Cloud PC Mean for MSPs? Here’s What You Need to Know

What-Does-Windows-365-Cloud-PC-Mean-for-MSPs_-Heres-What-You-Need-to-Know-300x169

If you are reading this, you are probably aware of Satya Nadella’s keynote speech at Microsoft Inspire on July 14th, 2021, where he announced Windows 365 Cloud PC. To read the detailed technical overview of the product, visit Microsoft Windows 365: Introducing a New Product to End-user Computing and Windows 365 vs. Azure Virtual Desktop (AVD) – Comparing Two DaaS Products.

What is Windows 365 a nutshell? It’s Microsoft’s Desktop-as-a-Service (DaaS) solution made to be sold in a SKU-based fashion. It’s an individual persistent desktop offering in a few canned sizes running in Azure. Just like Microsoft launched Office 365 almost a decade ago, which came to replace all Exchange servers running on-premises, Windows 365 is meant to replace all fat client desktops as we know them.

I know what you’re thinking…here we go again; Microsoft is coming after MSPs by selling PCs directly to customers. So, where does that leave the business of managing desktops, networks, and servers for your customers? Instead of fearing the change that Windows 365 cloud PC is going to make, I would look at it as a huge opportunity – just like M365 provided a huge opportunity for MSPs to provide management services around security, consulting services, and project labor to get clients migrated to it. Every year, VDI vendors like to say, “this year is the year of VDI”, but now may be that time.  Microsoft has just made VDI mainstream with this announcement. Offering a true apples-to-apples offering to compete with AWS Workspaces and making it easy enough that anyone, regardless of their technical capabilities (or lack thereof), can purchase a virtual desktop from their Microsoft 365 admin account.

Where is the MSP Opportunity?

As an MSP offering services to customers, there is tremendous opportunity over the next decade to transition and leap into the world of providing virtual desktop services. Windows 365 is built on top of the Azure Virtual Desktop (formerly Windows Virtual Desktop) stack running exclusively on Microsoft Azure. If you have a cloud practice around VDI, you are in a good position to take advantage of this free marketing that Microsoft will generate with this new service. If you are not yet considering offering VDI services, it is not too late to start. If you are not currently offering VDI services, start now. Do not get caught not knowing anything about the subject and worst of all, not leading with VDI as part of your service offering.

Windows 365 is meant to be easy to purchase and procure but it is still NOT the lowest cost solution when it comes to offering a virtual desktop solution to customers. Since it’s built on top of the Azure Virtual Desktop (AVD) stack of technologies, AVD, if built optimally, is still more economical than the MSRP of Windows 365. This means that MSPs who take the approach to offer VDI strategically can leverage native Azure Virtual Desktop and come in at a price much lower than your competitors who are just plain reselling Windows 365 as a SKU with the standard distribution discount.

Windows 365 will come in two flavors; a Microsoft Endpoint Managed (MEM) version (Enterprise) and a Standalone self-managed version (Business). Most MSPs will gravitate towards the Enterprise version of Windows 365 since it is a more flexible and can be tied in with the rest of their existing Azure infrastructure. For those not familiar with Microsoft Endpoint Manager, MEM is a rebrand of two existing products coming together, Microsoft Intune + SCCM = Microsoft Endpoint Manager. Endpoint Manager will be a skillset MSPs will need to rush to acquire knowledge about rather quickly as it is a model gives the MSP the opportunity to manage the entire customers’ environment (virtual and physical) without using legacy RMM.

Less mature MSPs may be content with the Business version of Windows 365 and continue using legacy RMM tools to manage those customers’ Cloud PCs. Use cases for Windows 365 Business may be limited since it lacks basic network management. The opportunity for MSPs is to leverage Microsoft Endpoint Manager and offer policy, compliance, and security management, as well as consulting around the M365 stack.

From our speculation, since Window 365 hasn’t been released into General Availability yet, AVD pooled model will likely comes in substantially lower than its new Windows 365 cousin, especially when leveraging auto-scaling.

What about Hardware?

Of course, endpoint hardware is still going to be required to access Windows 365. You’ll see VDI specialized hardware become mainstream. Vendors like 10Zig, IGEL, and nComputing, whom have all created a business around providing thin and zero clients for VDI brokers have also strategically aligned themselves with AVD since launch will now play in the big leagues as they had an early start with AVD. In a way, big box vendors will need to change their messaging to catch up. The opportunity here is for MSPs to provide hardware-as-a-service. Thin and zero client physical endpoints should cost less than your average PC and typically will last longer than your average PC lifecycle. Many MSPs will start bundling in Windows 365 and pair it with hardware to be sold as a monthly package. If hardware breaks, it simply gets replaced and dropped shipped directly to the client reducing a lot of onsite visits for hands on repair.

Nearly a decade ago, MSPs were unsure of Microsoft’s direction with Office 365. Many saw Microsoft coming after the livelihoods of MSPs. Where would the revenue come from if we don’t have our clients’ Exchange Servers to manage? Now, it’s not even a question to consider when deciding whether to migrate a customer to M365 or not. Microsoft is here again to break the status quo. The PC chip shortage may be a temporary issue, but this is just one small reason what everyone should pay attention to Windows 365 Cloud PC. It will open many doors for partners all around the world.

MSPs who already have a practice around Azure Virtual Desktop should also very excited about this news since this legitimizes going to market with your existing AVD solution. AVD is still the lowest cost and most flexible solution available. Windows 365 will be free marketing for your existing offering; however, this will wake up a lot of your competition as well, as they’ll likely start jumping onto this bandwagon.

We are here to say take advantage of the momentum of this announcement. Train your sales and technical teams to be prepared to sell and offer these services on day one! The VDI revolution has begun, for real this time. Unlike other public preview offerings from Microsoft Azure, Windows 365 will not be able to be trialed until early August. Take this small Window to learn about how Nerdio can help you start, grow, and enhance your Azure cloud practice with support for Azure Virtual Desktop and Windows 365 on day 1.

Nerdio has been working with Microsoft engineering in shaping Windows 365 for well over a year before its launch, and we are the trailblazers in the Azure space for MSPs.  Nerdio is the easy button for Azure, Azure Virtual Desktop, and Windows 365 Cloud PC. If you’ve looked at Nerdio in the past, I urge you to look again! Contact us to get a 1-on-1 demo of our newest product, Nerdio Manager for MSP.

Schedule a demo

5 Steps to Grow Your MSP Practice by 50% 

5-Steps-to-Grow-your-MSP-Practice-by-50-percent

As a business owner, you are busy. Some weeks it feels like you are running from one fire to the next. Despite all your plans, your hopes, your dreams for what a week might look like – the reality is often very different. I have been there. In the ten years I spent as the CEO of my MSP, I had great weeks and very bad ones. The stress of running a small business often doesn’t leave much time during the day for dealing with what you know is most important. Weeks have a tendency of turning into months. The goals in your head (and hopefully written down somewhere) aren’t always achieved. At Nerdio, I have had the opportunity to talk to dozens of MSPs every week. In those conversations, I get to hear what is working and just as importantly, what isn’t working. Today, we will focus on five of the things we hear MSPs are focusing on. 

1. Focus On Value 

Think for a moment about how much you charge for your “all-in” managed services. Do potential clients ever push back? Have you ever finished a proposal – looked at the price and wondered if your services are worth it? Maybe you even lowered the price before ever actually talking to the client. I hear from MSPs every week that fall into the trap of undervaluing their services.  

One of the single most impactful changes you can make is to start charging what you are worth. Increasing your overall rates can feel like a daunting task. There are many ways to approach this. In many cases you will need to reset expectations with your existing clients. One opportunity to do this is to roll out a new type of service such as Windows Virtual Desktop. For instance, I recently spoke to an MSP that was previously charging way too little for all-inclusive support. He knew it was too low, and over the last year had increased his rates by 10%. One client felt like the 10% increase was too much but signed on begrudgingly.  

Fast forward 6 months and it is time for the same client to invest in new hardware for their on-premises environment. The MSP decided to propose a move to Azure with WVD. He had very little hope that the deal would close, but we talked through the value proposition of cloud, the advantages he would be able to give the client, and take for himself. He delivered the message and the final proposal. The client chose, without hesitating, to move to the cloud. He was making 30% on the Azure and WVD Services, plus increased his total MSP rate by 250%. He now has his managed service price set correctly and the client was happy to pay it because he focused on the value of the overall solution and the service he would be providing. 

2. Identify Your Targets 

It can be easy to chase every lead that comes in the door, but some clients won’t appreciate the value you bring. Know what you are and know what you are not. Some clients won’t be on board with your approach or how you do business. That is okay. You won’t be happy with them and they won’t be happy with you. I encourage you to do the following exercise: Create a list with your current clients on it; include their industry, number of users, the total you charge them each month, and the type of agreements you have. Do the math to know what your average per-user price is for each client, then add one more column to grade them with an A, B, or C.  

A Clients = those that value how you do business; you want 100 more just like them.  

B Clients = those that with a little coaching or a tweak to their agreement/expectations they would be a good fit.  

C Clients = those you should respectfully see out the door. They require more work for less money. They question everything you do.  There are several ways to approach this which I won’t get into here, but if at all possible, you need these clients to decide to leave on their own. They may not be a good fit, but they own a business, and likely have friends that would be a good fit.  

Now that you have performed this exercise, take a look at your A list. What do these clients do? Are there similarities between them? Why are they a good fit? With the answer to those questions, you now know who your ideal client is. Build your MSP to cater to those types of clients. Market to them. Learn their industry. If specific technical solutions are important to them or help them grow their business – learn them. Your profitability will increase and your exposure in your region will grow.  

We see many MSPs running through this exercise as they build out their cloud practice. Knowing the types of clients you already work well with helps to simplify your cloud offering and focus your energy so you can quickly speak fluently to the right client for you. 

3. Client Engagement 

Talk to your clients. I know this sounds silly at first, but it can’t be said enough. Create a regular cadence of meetings with each client. Some people call them Quarterly Business Reviews, but once a quarter isn’t always the right fit. Some will need monthly meetings while others need to meet once every 6 months. When you go and speak with them, have an agenda, and keep to the same agenda every single time. Follow the same outline for every single client, as this helps you deliver the right information more effectively and it helps the client understand how to digest it. Don’t take information to them that they are paying you to care about. Instead, stay big picture. For instance, it isn’t helpful for them to see a list of every patch you applied; it is helpful for them to know you applied patches to 100% of their environment. Be sure to talk about the future, such as what investments they will need to make in the future. Ask about their business goals, what changes they anticipate, and what keeps them up at night. Be sure they know what new solutions you are adding to your offering and what investments you are making in your own business. Don’t be afraid to tell them what keeps you up at night, too. 

Unfortunately, I speak to too many MSPs that aren’t doing this. As a result, they end up scrambling to come up with technical solutions for problems they didn’t know their clients were having. I recently spoke to an MSP that had a client about to leave them. The client found a new provider that offered cloud solutions. Since the MSP wasn’t meeting with the client regularly, the client just assumed they had to go somewhere else to get their problem solved. Thankfully, in this case, the client decided to call just to make sure before signing on with the new MSP. 

Engaging with your clients regularly gives you visibility into their business and their goals and provides a chance to unlock all kinds of potential growth. Opportunities with the client you didn’t know existed will arise, and issues they are having can often be solved by implementing new technology. In addition, regular conversations build a stronger relationship between you and another business owner. When you ask for them to introduce you to someone else that can use your services, they will feel much more comfortable doing so. 

4. Thought Leadership 

So, you have a clear understanding of your value, you know who you want to talk to, you know how you are going to deliver your service, and you are using regular meetings to provide you with a feedback loop and give you the opportunity to engage with your clients. It is time to take all of that and find opportunities to speak to more of the right kinds of clients. Wherever the types of clients on your “A” list like to hang out, you should hang out too. Ask for the chance to speak, join groups, go to happy hours, go to industry breakfasts and other networking opportunities, and sponsor their events and go take part. Don’t give up. In my experience, it can take 18 to 24 months to become part of a community and not be seen as just the new kid on the block. Share what you know, the experiences you have had, and how technology helped your current clients overcome issues, increase profitability, and solve new problems.  People are especially interested in hearing about cloud solutions and security today – take advantage of whatever the latest buzz is and go find places to speak about it.  

5. Plan, Set Goals, and Communicate 

As we near the end of the list, let’s talk about growth. You want to increase your MSP Practice by 50%. What does that look like for you? Everything we have talked about helps support this kind of growth, but if you aren’t planning for it, setting goals, and communicating it to your team, you won’t get there. 50% growth doesn’t happen by accident. First, of course, you must decide what it is exactly you want to grow by 50%. Your Revenue? Number of users you support? Your profit?  

Once you have determined exactly how you want to measure the growth, create a plan to hit that goal by a certain date. Now, work backwards so that you know exactly what you have to do every month, even every week, to reach the goal. Is it reasonable? What investments will you need to make? What changes in your processes need to occur? Create a clear and transparent way to measure and track your progress. 

Now, tell everyone about it; tell your entire team where you are going and how you are going to get there. Tell them when you are on target and even when you have missed the target. Ask for feedback. Celebrate when you get there! 

Final Thoughts 

Today, we have discussed a handful of important areas to focus on to grow your business by 50%. Change won’t happen overnight. To grow your business, like all growth, takes many small steps. If growing your cloud practice is one of the ways you intend to grow your business, Nerdio would be glad to help you on your journey. 

Schedule a demo call with us now and we’ll walk you through just how easy it can be. 

10 Most Common Azure Mistakes Made by Managed Service Providers (MSPs)

10-Most-Common-Azure-Mistakes-Made-by-Managed-Service-Providers-1-300x169

There are many lists out there of common mistakes people make in Microsoft Azure. In this article, we are going to specifically focus on the ones that Managed Service Providers (MSPs) make in Azure, as they can be somewhat different and unique to this space.  

1. Selecting Nonoptimal VM Sizes for Servers and Session Hosts 

There are many use cases for Virtual Machines in Azure, but MSPs, who typically service Small and Medium Size Businesses, would probably use them for just a few purposes. Some examples of roles that virtual machines are typically used as domain controllers, file servers, application servers, database servers, remote desktop session hosts and Azure Virtual Desktop (AVD) hosts. 

It is very common for someone unfamiliar with VM families and SKUs to randomly pick any VM size that is similar in core count and memory required for their needs. However, it is important to know there is a big difference, for example, between D2sv3 and DS3v2. Although VM SKUs look similar, perhaps even the same in core count and memory, it is important to understand the differences and pick the right one. Picking a non-optimal VM size can cause negative pricing ramifications and degraded performance and sometimes even both. 

Domain Controllers 

For domain controllers, it is very common to use a B-series machine since these machines provide significant value and will give you the performance a typical domain controller needs.  

File Servers 

For file servers, this can be quite tricky as CPU, core, and memory aren’t the only thing to consider. Picking the right storage type and size is equally as important when optimizing performance on a file server (more on this in point in number 3 below). A typical VM size to select might be a D2asv4 or a DS3v2 for larger premium disks. 

Application Servers 

For application servers, referring to the recommended system requirements from your vendor is your best bet. Common VM families used here are the DASv4 or EASv4 types. There is also a difference between hyper-threaded cores and non-hyper threaded cores. For example, a DASv4 machine family uses hyper threaded cores while the DS2_v2 does not. Performance on the DS2_v2 would be better since they will perform like physical cores rather than virtual cores. Checking with your application vendor to see what they recommend is the right thing to do. 

AVD & RDS 

For Azure Virtual Desktop, session hosts, or RDS servers, it’s a good idea to use a machine that has a higher CPU core count to allow some room for bursting. It is also a good idea but not absolutely required to use an E series machine. E series machines have double the memory for only 15% more cost. The memory will come in handy if you have users using a lot of browser tabs or opening a lot of Office documents. Even NV series VMs would offer a performance boost as NV VM’s have a GPU attached to the machine which could offset some load from the CPU allowing you the ability to put more users on a session host. 

2. Using a Deprecated Virtual Machine Family 

When we look at partners that inherit an Azure environment from another MSP, it is very common to come across an environment that is on the Azure Classic platform rather than the modern Azure Resource Manager (ARM) model. When we see that, there is a high likelihood that the VMs were configured a long time ago and no maintenance has been done to resize the machine to use modern hardware. Azure does deprecate VMs over time by either not offering them anymore or making the cost increase, which incentivizes you to resize to a more modern, better-performing VM that actually costs less. 

If you are inheriting an Azure environment or reviewing an Azure environment that has been built a few years ago, you may find VMs running on older VM SKUs. It is a good idea to resize them to the current VM SKUs. You’ll see much better performance and likely at a much lower cost. A win-win situation! 

3. Using Premium SSDs on VMs That Can’t Handle the Full Potential of the Disk 

Oftentimes when reviewing a quote or build that a partner brings to us, it’s common to see that premium SSDs are used everywhere. While premium SSDs are best in class in terms of speed and SLA, it is also important to consider the VM SKU being paired with the premium disk. Not all VM sizes can take full advantage of the premium disk you give it. If you look at Microsoft’s premium SSD documentation, you will notice that the larger the premium disk is, the more IOPs and MB/s throughput that disk is capable of. However, what most people don’t know is that each VM SKU can only handle a maximum IOPS and MB/s throughput. This means that if you assign a very large premium disk—let’s use a 4TB premium SSD (7500 IOPS) as an example–and pair it with a D2sv3 VM, the VM documentation shows that the VM can only take advantage of a disk with IOPS that will max out at 3200 IOPS. The VM would never be able to take full advantage of the full capability of that premium disk and you are therefore wasting money if higher performance is what you are looking to achieve. 

Make sure you select a VM that is properly sized to take full advantage of the premium disk you assign to it by picking a VM that has greater IOPs and MB/s throughput than all the combined disks assigned to that VM. 

4. Using Standard HDDs for Heavy Production Workloads 

Quite the opposite can also happen. We will see mission-critical workloads being assigned standard HDs or standard SSDs. All mission-critical workloads should be using a premium SSD disk. Your workload performance will certainly increase compared to a standard SSD or standard HDD. The rule of thumb is that if the disk serves data to an end-user, make it premium. With that said, make sure you follow #3 above and size your VM appropriately for the disk. 

5. Selecting the Wrong Tier or Azure Files and Not Allocating Enough Storage  

When using Azure files for mission-critical workloads such as hosting FSlogix profiles for RDS or AVD, I see the use of standard-tier Azure files used. The challenge will always be the speed of AVD if you select anything but premium tier storage for Azure files. However, just selecting premium is not good enough. You also must allocate a decent quoting size to get the IOPS you are looking for. Azure files’ formula for IOPs is 400 IOPS, +1 IOPS per GB you assign to the Azure files share. This means that if you want more IOPS (up to 100,000) you must allocate more GBs to the share. Performance degradation can come from not using premium tier storage and not allocating enough storage quota to your Azure files share. 

6. Forgetting to Order Reserved Instances on Virtual Machines 

Reserved Instances are an absolute must when it comes to cost control and saving money in Azure. A very high percentage of partners do not opt-in for Reservations for their VMs. Without Reserved Instances, your Virtual Machines are running at the pay-as-you-go rate, which is the absolute most expensive way to pay for Azure. I believe partners are so busy that they either forget to do it, or don’t know how to do it. If you are working with a CSP Distributor, you need to contact them to order and lock in your Reserved Instances and make sure every running VM is covered by a Reserved Instance.

7. Forgetting to Toggle Azure Hybrid Benefit 

Equally as important is purchasing the licenses required for Azure Hybrid Benefit and not forgetting to TOGGLE the switch on each VM to take advantage of AHB. Similar to Reserved Instances, partners often forget to do this as well. Renting an OS or SQL license from Azure is by far the worst way to acquire the necessary Windows licensing for your VM. 

Purchasing the licenses isn’t all you need to do. You must tell Microsoft that you own a compatible license for Azure for them to give you the appropriate discount.

8. Improperly Licensing Microsoft SQL Server 

If you have applications using SQL on Azure VMs, it is very important to understand how SQL can be licensed in Azure. Unlike on-premises where you can license SQL by the User and CAL model, you cannot do this in Azure. SQL can only be licensed under the Core model, and you must purchase a minimum of 4 cores per SQL Standard instance regardless of if your machine is under 4 cores. Core licenses are sold in packs of 2. 

There are currently two supported models of purchasing SQL licenses under the Core model in Azure: 

  1. CSP Software Subscription SQL Server 2 Core Pack (1 year or 3 years) 
  2. OPEN license for SQL Server per Core model with Software Assurance 

If you don’t have either of these two types of licenses, you may not use this in Azure. The licenses will need to be repurchased under the correct licensing program. 

It is also important to take advantage of Azure Hybrid Benefit for SQL Server licensing. Over a 3-year term, renting the SQL Server license under the Pay as you Go model will cost you over $3,000 for a 4 Core SQL Server compared to bringing your own license under the CSP or OPEN license with Software Assurance program and taking advantage of Azure Hybrid Benefit. The drawback is that it is an upfront payment vs renting it month to month. 

9. NSG Inbound Outbound Rules 

Understanding how Network Security Groups (NSG) work is important to the security of your Azure environment. NSGs are like your stateful firewall. They can be set to ALLOW or DENY traffic to your virtual network in Azure. Most NSG’s are misconfigured, thereby giving full access to the outside world on all ports or specific ports such as 80, 443 or 3389. Hunker down and learn how NSG’s work as getting it wrong can pose a huge security risk to your network and frustrate you when traffic does not flow, you cannot connect, and cannot seem to figure out why. 

10. Not Patching your VMs Running Azure 

Believe it or not, when VM’s are deployed in Azure, there is a high likelihood the VMs aren’t patched like machines that are running on-premises. A Virtual Machine running in Azure is no more secure or less secure than a VM running on-premise. It is very important to install your RMM tools and anti-virus software on VMs running in Azure as well. Treat them the exact same way and put them on the same patch schedule as a VM running on-premise. Do not neglect your VMs in Azure as they too need to be safe and treated with care. 

Azure even has a Windows Update Manager service that you can enroll your VMs in that will help patch your machines if you don’t feel like using your RMM tool to do the job. Here is how to enroll your VM and use Update Manager.  

These are the 10 most common Azure mistakes we see MSPs make. Keeping these points in mind when you are working with Azure will help you be more successful. And, of course, we are always here to help assist you. 

4 Customer Deployment Scenarios in Nerdio Manager for MSP

4-Customer-Deployment-Scenarios-in-Nerdio-Manager-for-MSP-300x169

Getting started with Nerdio Manager for MSP (NMM) is easy. It is available directly from the Azure Marketplace and setting it up will take you around 30-45 minutes. Once you have NMM installed, onboarding customers or building new Azure environments in NMM is even easier. Let’s take a look at some examples.

Below we’ll handle the various customer deployment scenarios supported by Nerdio Manager for MSP. NMM integrates with various native Azure technologies making it extremely flexible and powerful at the same time.

Next to that, almost everything you can think of when building up or onboarding a (new) virtual desktop environment in Azure using NMM is done fully automatically, accompanied by a step-by-step wizard.

The learning curve is minimal, meaning, you will save on time, (human) resources, and the process will be a lot less prone to errors.

1. Greenfield Deployment in 60 Minutes or Less

Here, we assume that there is no footprint in Azure whatsoever and you are starting from scratch. When starting greenfield, Nerdio Manager for MSP (NMM) will create a new all-PaaS environment combined with Azure Virtual Desktop, plus various AVD supported services.

NMM will start by creating a new Azure Active Directory Domain Services, followed by a VNet, as you can see on the image below.

Next, the actual domain comes into play and a file share based on Azure Files technology, another native Azure service, will be created as well. Last but not least, NMM will create a fully operational AVD deployment including a Workspace, one or more hostpools, and virtual machine hosts.

2. Landing Zone in 30 Minutes or Less

Let’s assume that there is a landing zone consisting out of a traditional Active Directory or an Azure Active Directory Domain Services in place already. NMM would then be able to leverage the existing identify provider and (re)use any existing resource groups and networks available. Next, NMM provisions a new Azure Files-based file share and finally NMM will build a AVD environment just as in the greenfield example above.

3. Existing IaaS in 10 Minutes or Less

In this situation, most of the groundwork needed to run Azure virtual machines and AVD hosts is already in place. Here, NMM is able to (re)use the existing identity provider, it being a traditional Active Directory or Azure Active Directory Domain Services, just as in the previous example. It will also be able to leverage an existing VNet and file storage. And just like before, NMM will build a fully operational AVD environment just as in the greenfield and landing zone examples earlier, taking only a few minutes.

4. Existing AVD Deployment in 10 Minutes or Less

This is where NMM is a direct overlay on top of an existing AVD environment combined with identity, networking, file storage, resource groups, and any other type of virtual machines or services that might already be part of the Azure deployment.

Within minutes NMM adds an impressive set of features and management capabilities aimed at optimizing, fine tuning, and enhancing AVD and other types of IaaS based Azure virtual machines – see the “The true added value” section below as well.

The True Value Add of Nerdio Manager for MSP

Once you’ve onboarded your first couple of customers, the true added value of NMM comes to light. It is built and designed in such a way that you will be able to save, not only a considerable amount of time regarding dozens of (daily) management tasks but also on the underlying Azure compute and storage costs applicable to your AVD hosts and other Azure VM’s. Up to 70% easily.

Next to that, you will be able to leverage all sorts of best practices, recommendations, and performance optimizations getting your Azure environment in tip top shape, plus per user Azure cost reporting, together with an easy wizard driven cost estimator. We thought of everything.

Working with multiple networks, resource groups, adding in machines, creating and managing images, user, session, and Azure AD group management, backups, etc., are all done within three mouse clicks. Would you like to change a VM from a D series machine to a B series machine at night, for example? Not a problem. Want to turn it off completely and back on in the morning? Sure thing, we have you covered. Single session machines, multi-user; it is all supported.

And we’ve not even touched on the (image) management capabilities when it comes to Windows Virtual Desktop hosts, application management, MSIX AppAttach, FSLogix Profile Containers, and our unique built-in autoscaling engine that you’ve come to know through Nerdio Manager for Enterprise.  

Nerdio Manager for MSP changes the way we’ve dealt with Azure and AVD environments up till now. Make sure to check it out, you won’t be disappointed.