Skip to content

Academy

Microsoft Windows 365: Introducing a New Product to End-user Computing

On July 14th, 2021 at the annual Inspire conference, Microsoft announced a new service that holds the promise to establish Windows desktop virtualization as a modern, cloud-native way to deliver Windows applications to users on any device.  Coming on the heels of Azure Virtual Desktop (AVD), Windows 365 is a service that is complimentary to AVD rather than its replacement.  The key differences are its simplified management and commercial model. 

In September 2019, Microsoft made history with the release of Windows Virtual Desktop (now Azure Virtual Desktop) and finally embraced desktop virtualization as a legitimate, modern way to deliver Windows applications from the cloud.  AVD grew rapidly in popularity, much faster than anyone anticipated, largely fueled by COVID-related remote work requirements.  AVD is an Azure-based VDI service designed for maximum flexibility and is wildly popular with end-user compute (EUC) veterans.

There are more than a billion devices running Windows, but only a small fraction are virtualized.  Even with Azure Virtual Desktop, there is significant expertise required to set up and maintain a virtual desktop environment.  Managing virtual desktops requires an understanding of desktop imaging, multi-session OS application management, auto-scaling, and other advanced concepts.  Most importantly, AVD desktops are built on top of the Azure cloud, which is priced based on consumption.  This means that predicting the cost of a user’s virtual desktop is challenging because it depends on usage; some months the Azure bill may be higher than others.

Windows 365 aims to significantly grow the virtual desktop market by solving the technical and commercial complexity challenges.  While today desktop virtualization penetration is likely around 10% of the total Windows market, with Windows 365 this number can grow fast over time.

What Exactly is Microsoft Windows 365?

Windows 365 is a virtual desktop service that’s part of Microsoft 365.  It offers organizations a fixed-price monthly subscription to a cloud PC that is dedicated to a user and can be managed using the exact same tools as a traditional Windows PC. Making a cloud PC available to a user (once the initial environment is set up) is a matter of assigning a M365 license.  Three key properties of Windows 365 are worth repeating and emphasizing.  A cloud PC is dedicated to a user, fixed price, and part of the Microsoft 365 cloud rather than Azure.

Dedicated and Persistent

A cloud PC is a complete replacement of a user’s traditional Windows machine.  Therefore, it behaves exactly as a physical device would.  Each cloud PC is a persistent VM that is dedicated to a specific user.  Any applications that are installed on the cloud PC do not disappear when the user logs off.  The user profile is not offloaded to a file share using FSLogix.  All security software agents, licensed applications or patches recognize the VM as a single-user, traditional Windows device running the same Windows 10/11 Enterprise operating system.  Windows 10 EVD (multi-session) is not currently supported.  All this is important to make cloud PCs behave and be managed together with physical devices and over time replace physical machines with cloud PCs.

Fixed Monthly Price

Windows 365 cloud PCs are monthly product SKUs in Microsoft 365 just like M365 E3 or other M365 products.  There is no consumption-based pricing, as with Azure Virtual Desktop.  Purchasing physical Windows devices is predictable from a pricing perspective and Windows 365 delivers the same predictability when buying cloud PCs.  There are several SKUs for different sizes of cloud PCs that vary in CPU, RAM, and storage specs.  A user’s license can be upgraded to a larger cloud PC size at any time.

Microsoft 365 Cloud, Not Azure

Microsoft 365 is the most popular SaaS platform in the world.  Being part of M365 means that cloud PCs are purchased through the same channels as E3 and E5 that most organizations are already using.  Cloud PCs are delivered as a SaaS offer and managed through Microsoft Endpoint Manager and the M365 admin portal, rather than through the more complex Azure portal like AVD.

Think of the virtual desktop evolution from on-premises RDS to Azure Virtual Desktop to Windows 365 in the same way as Exchange messaging evolved from on-premises Exchange server to hosted Exchange to Office 365.  Once Office 365 solved technical and transactional complexity challenges adoption exploded.  Microsoft is hoping the same will happen with desktop virtualization now that Windows 365 is part of the same Microsoft 365 SaaS platform.

How Much Does Windows 365 Cloud PC Cost?

There are two cost components to a cloud PC: compute license and software license.

Compute capacity is purchased via a cloud PC license.  At general availability there will be 12 cloud PC sizes ranging from 1 vCPU to 8 vCPUs, 2 GB to 32 GB of RAM, and 64 GB to 512 GB of storage.  

From a licensing perspective, you need a Windows 10/11 Enterprise subscription and Intune license (if using Enterprise cloud PCs).  The Windows subscription license requirement is the same as in Azure Virtual Desktop.  A physical device license (e.g. OEM) doesn’t qualify.  Only a M365 subscription to Windows can be used for cloud PCs.  Some popular M365 SKUs that include a Windows Enterprise subscription are M365 Business Premium, E3, E5 and Windows 10 Enterprise E3/E5/VDA.

To manage cloud PCs via Microsoft Endpoint Manager (MEM) an Intune license is required.  These licenses come with M365 E3, E5 and Business Premium subscriptions and can also be purchased stand alone.

How Does Windows 365 Work?

There are two versions of cloud PCs: Enterprise and Business.

Enterprise cloud PCs are designed for organizations who have invested in Microsoft Endpoint Manager and are using this powerful platform to manage their existing physical Windows 10 desktops.  Enterprise cloud PCs require an Intune license for each user who is assigned a cloud PC M365 SKU.

Business cloud PCs are designed for individual users and very small businesses who typically go to their local Best Buy when they need a new computer.  Now, instead of Best Buy, they can go to Microsoft and subscribe to a new cloud PC and have it ready to use in an hour.  Business cloud PCs do not require MEM/Intune license and are managed entirely by the user, just like a standalone physical PC.

The diagram below depicts the deployment architecture of both Enterprise and Business cloud PCs.

Enterprise Cloud PC Architecture

Enterprise cloud PCs are Azure and Active Directory dependent.  An Azure subscription with a properly configured network is required with access to Active Directory that has Azure AD Hybrid Join enabled.  Azure AD DS is not currently supported and cloud-only, Azure AD join is not currently supported either.

The VM itself runs in a Microsoft-managed Azure subscription, which means admins don’t have access to it directly and are not incurring the cost of this VM in their own Azure subscription.  However, the VM’s network interface card (NIC) is “injected” into a vNet in customer’s Azure subscription.  All network traffic enters and leaves the VM via the customer-managed vNet.  Egress transfer costs are incurred by the customer.

Since admins don’t have direct access to the VM running in Microsoft’s Azure subscription, all management tasks (e.g. software installation, patching, policies) are performed through the Microsoft Endpoint Manager portal.   

Enterprise cloud PC pre-requisites:

  • Azure subscription with vNet
  • Azure vNet can access Active Directory domain controller (i.e. a PC can be joined to the domain). Custom DNS servers, necessary routing, and firewall access to AD.
  • Azure AD Connect configured and running within Active Directory with Azure AD Hybrid Join enabled
  • Intune enabled on Azure AD tenant (each cloud PC user needs Intune license assigned)
  • Admin setting up the initial deployment must be an Owner of this Azure subscription
  • Azure AD DS is NOT supported

Enterprise cloud PC high-level setup steps (without Nerdio Manager):

  • In Microsoft Endpoint Manager create an “on-premises network connection” pointing at the vNet and provide AD credentials to join new VMs to domain. The network connection and AD credentials will be validated automatically.  This process may take a while.
  • Upload an existing custom Windows 10 Enterprise image or use a clean, Microsoft-provided gallery image
  • Create a cloud PC “provisioning policy” that combines an “on-premises network connection” with a desktop image. Assign this provisioning policy to an Azure AD security group.
  • Add users to the Azure AD security group that the provisioning policy is assigned to

Enterprise cloud PC user entitlement:

  • Once the above pre-requisites and setup steps are completed, entitling a user to a cloud PC is very easy. Simply assign a cloud PC license to the user via Microsoft 365 Admin portal.
  • As long as the user is a member of a security group that’s assigned to a cloud PC provisioning policy and the network connection is “healthy” a new cloud PC will start provisioning. It will take up to an hour for the cloud PC to be ready for the user to log into.

Business Cloud PC Architecture

Business cloud PCs are VMs that run entirely in Microsoft’s Azure subscription, including the network interface cards.  There is no Azure subscription needed to be provided by the customer. There is also no Active Directory dependency since Business cloud PCs natively join Azure AD.  There is also no requirement of an Intune license.

Business cloud PCs route all network traffic through Microsoft-controlled network infrastructure and there is no way for admins to control the inbound or outbound connectivity to/from these VMs.  There is currently no way to assign static IPs to Business cloud PCs.  Since these cloud PCs run in Microsoft’s Azure subscription and are not Intune-enrolled, there is no admin interface to manage them.  They can only be managed directly by the user, just like a standalone physical Windows device.

There are no pre-requisites and no setup steps needed for business cloud PCs.  Simply assign a Business cloud PC license to a user in the Microsoft 365 Admin portal and the new desktop gets provisioned within an hour.  The user will get an email notification with login instructions to start using their new cloud PC.

End-user Experience

Windows 365 is built on top of Azure Virtual Desktop global infrastructure and will be familiar to those with AVD experience.  The end-user client apps are the same as AVD and are available for Windows, MacOS, iOS, Android and HTML.  When connecting to a cloud PC, a user will authenticate to Azure AD using the AVD client and all cloud PCs that the user is entitled to will appear in the feed.

Leveraging the same infrastructure as AVD provides users the advantage of a unified experience across Windows 365 and Azure Virtual Desktops.  Admins can control the resources visible to individual end-users and the user will see everything in a single feed using the same app.  The authentication and multi-factor experience will also be very familiar since it leverages Azure AD, which is used for M365 and AVD authentication.

Step 1: Go to https://cloudpc.microsoft.com and log in

Step 2: Connect to cloud PC in browser or download the Remote Desktop client app

How Nerdio Supports Windows 365 

By introducing Windows 365, Microsoft has expanded the available options for virtual desktops.  Now there is the flexible, Azure-based AVD with single-user, multi-session, and RemoteApp options and the simplified, M365-based Windows 365 with Enterprise and Business cloud PC alternatives.

For the past year, Nerdio worked closely with Microsoft Engineering to help develop Windows 365 and provide support for cloud PCs in Nerdio Manager for MSP and Nerdio Manager for Enterprise on Day 1 of availability.  Nerdio’s mission is to empower MSPs and IT professionals to build successful virtual desktop cloud practices in the Microsoft cloud.  We do this by helping our customers choose the right Microsoft service for the right use-case, automate the deployment, simplify ongoing management, and optimize to reduce ongoing costs. 

Nerdio Manager for MSP provides Manage Services Providers with a unified console to price, deploy, manage, and optimize all types of virtual desktops in the  Microsoft cloud – both AVD and Windows 365 – across multiple customers.  Selecting the right technology for the right use-case and deploying it with ease, using best-practices, and in the most cost-effective manner.

Nerdio Manager for Enterprise helps IT pros enable Windows 365 in their existing Azure environment and manage both AVD and Windows 365 from a unified console leveraging powerful and automated image management, monitoring, auto-scaling, and scripted actions.  Nerdio Manager will enable migration scenarios from AVD to Windows 365 and vice versa so each user can get the right type of virtual desktop in the most cost-effective way.

AVD is a flexible, Azure-based VDI solution while Windows 365 is a simpler cloud PC service.  Nerdio Manager integrates the two services into the simplest, most cost effective, and automated way to deploy, manage and optimize virtual desktops and applications in the Microsoft Cloud.

AVD MANAGEMENT

Multi-Cloud and On-Premises Deployment with Azure Stack HCI (Coming Soon)

Deploy Azure Virtual Desktop in Azure and extend the session host VM placement to on-premises and other cloud using Azure Stack HCI. Nerdio Manager automates deployment of session hosts, AVD agent installation, and full integration into the AVD deployment in Azure.

Create a brand new Azure Virtual Desktop environment or allow Nerdio Manager to discover an existing deployment, connecting to existing resources, and manage them.

Deploy Nerdio Manager from Azure Marketplace and configure a new AVD environment with an easy to follow, step-by-step configuration wizard. First group of users can access their AVD desktop in less than 2 hours.

Service providers, system integrators, and consultants can leverage Nerdio Manager’s scripted AVD deployment template. Create complete environments with desktop images, host pools, and auto-scaling in minutes.

Create and manage AVD environments that span Azure regions and subscriptions. Quickly link Vnets and resource groups and manage AVD deployments world-wide from unified portal.

Link multiple Azure tenants under the same Nerdio Manager instance and manage AVD deployments that span Azure AD tenants. User identities and session host VMs can run in separate tenants for maximum flexibilty and security.

Deploy and manage AVD environments that span across sovereign Azure Clouds. Cross-sovereign cloud support allows identity (e.g. users and groups) to be in one Azure Cloud, while session host VMs are in another Azure Cloud.

Management of workspaces, host pools, app groups, RemoteApps & custom RDP settings

Administer every aspect of AVD with Nerdio Manager including workspaces, host pools, application groups, RemoteApp publishing, RDP properties, session time limits, FSLogix, and much, much more. Every Azure service that AVD relies on can be managed with Nerdio Manager.

Deploy and manage AVD session host VMs. Hosts can be created manually or with auto-scaling, deleted on-demand or on a schedule, re-imaged to apply updates, run a scripted action, resized, put into or taken out of drain mode, and more.

Manage user sessions across the entire AVD environment, within a workspace, host pool or on a single host. Monitor session status, disconnect or log off the user, shadow or remote control to provide support, or send user an on-screen message.

End users have the ability to log into Nerdio Manager with their Azure AD credentials and manage their own session, restart their desktop VM, or start a session host if none are started in a host pool. (Ability to resize and re-image own desktop is coming soon.)

Create, link, and manage Azure Files shares including AD domain join. Synchronize Azure Files permissions with host pools, configure quotas, and enable SMB multi-channel. Manage file lock handles and configure Azure Files auto-scaling to increase quota as needed.

Create, link, and manage Azure NetApp Files accounts, capacity pools and volumes. Configure provisioned volume size, monitor usage, and use auto-scaling to automatically adjust volume and capacity pool size to accommodate the needed capacity and latency requirements.

FSLogix configuration can be complex and overwheling, but not with Nerdio Manager. Create one or more FSLogix profiles with all the needed options, point at one or more Azure Files, Azure NetApp Files, or server locations and select from VHDLocations, CloudCache and Azure Blob storage modes.

Multiple identity source profiles can be set up and used automatically on different host pools. Active Directory, Azure AD DS, and Native Azure AD are all supported. Choose the appropriate directory profile when adding a host pool and all VMs will automatically join this directory when being created.

Create a copy of a host pool with all of its settings: auto-scale config, app groups and RemoteApps, MSIX AppAttach, user/group assignments, VM deployment settings, etc. Save time by creating host pool “templates” that can be cloned to any Workspace, Azure region or subscription instead of starting from scratch.

Apply user session time limits at host pool level. Automatically log off disconnected sessions, limit the duration of idle sessions, control empty RemoteApp session behavior and more.

Assign Azure AD users to personal desktops to ensure the user will log into a pre-configured VM. Un-assign personal desktops from users who leave the organization and re-use these VMs for new users.

Pre-configure custom Azure tags for all Azure resources associated with each host pool. Tags can be used for charge-back and cost allocation by host pool.

When creating session hosts using NV-series VMs NVIDIA and AMD GPU drivers are automatically installed.

Move existing host pools from Fall 2019 (Classic) object model to Spring 2020 (ARM) object model. Choose to whether to move or copy user assignments. Existing session hosts are automatically migrated or new ones can be created in the ARM host pool.

Automatically enable and configure AVD integration with Azure monitor. Zero configuration required. Azure Monitor Insights for AVD can be used instead of or in conjunction with Sepago Monitor.

AVD personal desktops to Windows 365 Cloud PC migration (Coming Soon)

Migrate users from AVD personal desktops to Windows 365 Enterprise Cloud PCs using an existing image and user assignment. (Coming soon)

WINDOWS 365 ENTERPRISE MANAGEMENT

Cloud PC License Usage Optimization (Coming Soon)

Cloud PC device lifecycle management

Cloud PC user group assignment

Intune primary user management on Cloud PCs

Migrate AVD personal desktops to Cloud PCs (Coming Soon)

Get Certified