Skip to content

Academy

Microsoft Windows 365: Introducing a New Product to End-user Computing

On July 14th, 2021 at the annual Inspire conference, Microsoft announced a new service that holds the promise to establish Windows desktop virtualization as a modern, cloud-native way to deliver Windows applications to users on any device.  Coming on the heels of Azure Virtual Desktop (AVD), Windows 365 is a service that is complimentary to AVD rather than its replacement.  The key differences are its simplified management and commercial model. 

In September 2019, Microsoft made history with the release of Windows Virtual Desktop (now Azure Virtual Desktop) and finally embraced desktop virtualization as a legitimate, modern way to deliver Windows applications from the cloud.  AVD grew rapidly in popularity, much faster than anyone anticipated, largely fueled by COVID-related remote work requirements.  AVD is an Azure-based VDI service designed for maximum flexibility and is wildly popular with end-user compute (EUC) veterans.

There are more than a billion devices running Windows, but only a small fraction are virtualized.  Even with Azure Virtual Desktop, there is significant expertise required to set up and maintain a virtual desktop environment.  Managing virtual desktops requires an understanding of desktop imaging, multi-session OS application management, auto-scaling, and other advanced concepts.  Most importantly, AVD desktops are built on top of the Azure cloud, which is priced based on consumption.  This means that predicting the cost of a user’s virtual desktop is challenging because it depends on usage; some months the Azure bill may be higher than others.

Windows 365 aims to significantly grow the virtual desktop market by solving the technical and commercial complexity challenges.  While today desktop virtualization penetration is likely around 10% of the total Windows market, with Windows 365 this number can grow fast over time.

What Exactly is Microsoft Windows 365?

Windows 365 is a virtual desktop service that’s part of Microsoft 365.  It offers organizations a fixed-price monthly subscription to a cloud PC that is dedicated to a user and can be managed using the exact same tools as a traditional Windows PC. Making a cloud PC available to a user (once the initial environment is set up) is a matter of assigning a M365 license.  Three key properties of Windows 365 are worth repeating and emphasizing.  A cloud PC is dedicated to a user, fixed price, and part of the Microsoft 365 cloud rather than Azure.

Dedicated and Persistent

A cloud PC is a complete replacement of a user’s traditional Windows machine.  Therefore, it behaves exactly as a physical device would.  Each cloud PC is a persistent VM that is dedicated to a specific user.  Any applications that are installed on the cloud PC do not disappear when the user logs off.  The user profile is not offloaded to a file share using FSLogix.  All security software agents, licensed applications or patches recognize the VM as a single-user, traditional Windows device running the same Windows 10/11 Enterprise operating system.  Windows 10 EVD (multi-session) is not currently supported.  All this is important to make cloud PCs behave and be managed together with physical devices and over time replace physical machines with cloud PCs.

Fixed Monthly Price

Windows 365 cloud PCs are monthly product SKUs in Microsoft 365 just like M365 E3 or other M365 products.  There is no consumption-based pricing, as with Azure Virtual Desktop.  Purchasing physical Windows devices is predictable from a pricing perspective and Windows 365 delivers the same predictability when buying cloud PCs.  There are several SKUs for different sizes of cloud PCs that vary in CPU, RAM, and storage specs.  A user’s license can be upgraded to a larger cloud PC size at any time.

Microsoft 365 Cloud, Not Azure

Microsoft 365 is the most popular SaaS platform in the world.  Being part of M365 means that cloud PCs are purchased through the same channels as E3 and E5 that most organizations are already using.  Cloud PCs are delivered as a SaaS offer and managed through Microsoft Endpoint Manager and the M365 admin portal, rather than through the more complex Azure portal like AVD.

Think of the virtual desktop evolution from on-premises RDS to Azure Virtual Desktop to Windows 365 in the same way as Exchange messaging evolved from on-premises Exchange server to hosted Exchange to Office 365.  Once Office 365 solved technical and transactional complexity challenges adoption exploded.  Microsoft is hoping the same will happen with desktop virtualization now that Windows 365 is part of the same Microsoft 365 SaaS platform.

How Much Does Windows 365 Cloud PC Cost?

There are two cost components to a cloud PC: compute license and software license.

Compute capacity is purchased via a cloud PC license.  At general availability there will be 12 cloud PC sizes ranging from 1 vCPU to 8 vCPUs, 2 GB to 32 GB of RAM, and 64 GB to 512 GB of storage.  

From a licensing perspective, you need a Windows 10/11 Enterprise subscription and Intune license (if using Enterprise cloud PCs).  The Windows subscription license requirement is the same as in Azure Virtual Desktop.  A physical device license (e.g. OEM) doesn’t qualify.  Only a M365 subscription to Windows can be used for cloud PCs.  Some popular M365 SKUs that include a Windows Enterprise subscription are M365 Business Premium, E3, E5 and Windows 10 Enterprise E3/E5/VDA.

To manage cloud PCs via Microsoft Endpoint Manager (MEM) an Intune license is required.  These licenses come with M365 E3, E5 and Business Premium subscriptions and can also be purchased stand alone.

How Does Windows 365 Work?

There are two versions of cloud PCs: Enterprise and Business.

Enterprise cloud PCs are designed for organizations who have invested in Microsoft Endpoint Manager and are using this powerful platform to manage their existing physical Windows 10 desktops.  Enterprise cloud PCs require an Intune license for each user who is assigned a cloud PC M365 SKU.

Business cloud PCs are designed for individual users and very small businesses who typically go to their local Best Buy when they need a new computer.  Now, instead of Best Buy, they can go to Microsoft and subscribe to a new cloud PC and have it ready to use in an hour.  Business cloud PCs do not require MEM/Intune license and are managed entirely by the user, just like a standalone physical PC.

The diagram below depicts the deployment architecture of both Enterprise and Business cloud PCs.

Enterprise Cloud PC Architecture

Enterprise cloud PCs are Azure and Active Directory dependent.  An Azure subscription with a properly configured network is required with access to Active Directory that has Azure AD Hybrid Join enabled.  Azure AD DS is not currently supported and cloud-only, Azure AD join is not currently supported either.

The VM itself runs in a Microsoft-managed Azure subscription, which means admins don’t have access to it directly and are not incurring the cost of this VM in their own Azure subscription.  However, the VM’s network interface card (NIC) is “injected” into a vNet in customer’s Azure subscription.  All network traffic enters and leaves the VM via the customer-managed vNet.  Egress transfer costs are incurred by the customer.

Since admins don’t have direct access to the VM running in Microsoft’s Azure subscription, all management tasks (e.g. software installation, patching, policies) are performed through the Microsoft Endpoint Manager portal.   

Enterprise cloud PC pre-requisites:

  • Azure subscription with vNet
  • Azure vNet can access Active Directory domain controller (i.e. a PC can be joined to the domain). Custom DNS servers, necessary routing, and firewall access to AD.
  • Azure AD Connect configured and running within Active Directory with Azure AD Hybrid Join enabled
  • Intune enabled on Azure AD tenant (each cloud PC user needs Intune license assigned)
  • Admin setting up the initial deployment must be an Owner of this Azure subscription
  • Azure AD DS is NOT supported

Enterprise cloud PC high-level setup steps (without Nerdio Manager):

  • In Microsoft Endpoint Manager create an “on-premises network connection” pointing at the vNet and provide AD credentials to join new VMs to domain. The network connection and AD credentials will be validated automatically.  This process may take a while.
  • Upload an existing custom Windows 10 Enterprise image or use a clean, Microsoft-provided gallery image
  • Create a cloud PC “provisioning policy” that combines an “on-premises network connection” with a desktop image. Assign this provisioning policy to an Azure AD security group.
  • Add users to the Azure AD security group that the provisioning policy is assigned to

Enterprise cloud PC user entitlement:

  • Once the above pre-requisites and setup steps are completed, entitling a user to a cloud PC is very easy. Simply assign a cloud PC license to the user via Microsoft 365 Admin portal.
  • As long as the user is a member of a security group that’s assigned to a cloud PC provisioning policy and the network connection is “healthy” a new cloud PC will start provisioning. It will take up to an hour for the cloud PC to be ready for the user to log into.

Business Cloud PC Architecture

Business cloud PCs are VMs that run entirely in Microsoft’s Azure subscription, including the network interface cards.  There is no Azure subscription needed to be provided by the customer. There is also no Active Directory dependency since Business cloud PCs natively join Azure AD.  There is also no requirement of an Intune license.

Business cloud PCs route all network traffic through Microsoft-controlled network infrastructure and there is no way for admins to control the inbound or outbound connectivity to/from these VMs.  There is currently no way to assign static IPs to Business cloud PCs.  Since these cloud PCs run in Microsoft’s Azure subscription and are not Intune-enrolled, there is no admin interface to manage them.  They can only be managed directly by the user, just like a standalone physical Windows device.

There are no pre-requisites and no setup steps needed for business cloud PCs.  Simply assign a Business cloud PC license to a user in the Microsoft 365 Admin portal and the new desktop gets provisioned within an hour.  The user will get an email notification with login instructions to start using their new cloud PC.

End-user Experience

Windows 365 is built on top of Azure Virtual Desktop global infrastructure and will be familiar to those with AVD experience.  The end-user client apps are the same as AVD and are available for Windows, MacOS, iOS, Android and HTML.  When connecting to a cloud PC, a user will authenticate to Azure AD using the AVD client and all cloud PCs that the user is entitled to will appear in the feed.

Leveraging the same infrastructure as AVD provides users the advantage of a unified experience across Windows 365 and Azure Virtual Desktops.  Admins can control the resources visible to individual end-users and the user will see everything in a single feed using the same app.  The authentication and multi-factor experience will also be very familiar since it leverages Azure AD, which is used for M365 and AVD authentication.

Step 1: Go to https://cloudpc.microsoft.com and log in

Step 2: Connect to cloud PC in browser or download the Remote Desktop client app

How Nerdio Supports Windows 365 

By introducing Windows 365, Microsoft has expanded the available options for virtual desktops.  Now there is the flexible, Azure-based AVD with single-user, multi-session, and RemoteApp options and the simplified, M365-based Windows 365 with Enterprise and Business cloud PC alternatives.

For the past year, Nerdio worked closely with Microsoft Engineering to help develop Windows 365 and provide support for cloud PCs in Nerdio Manager for MSP and Nerdio Manager for Enterprise on Day 1 of availability.  Nerdio’s mission is to empower MSPs and IT professionals to build successful virtual desktop cloud practices in the Microsoft cloud.  We do this by helping our customers choose the right Microsoft service for the right use-case, automate the deployment, simplify ongoing management, and optimize to reduce ongoing costs. 

Nerdio Manager for MSP provides Manage Services Providers with a unified console to price, deploy, manage, and optimize all types of virtual desktops in the  Microsoft cloud – both AVD and Windows 365 – across multiple customers.  Selecting the right technology for the right use-case and deploying it with ease, using best-practices, and in the most cost-effective manner.

Nerdio Manager for Enterprise helps IT pros enable Windows 365 in their existing Azure environment and manage both AVD and Windows 365 from a unified console leveraging powerful and automated image management, monitoring, auto-scaling, and scripted actions.  Nerdio Manager will enable migration scenarios from AVD to Windows 365 and vice versa so each user can get the right type of virtual desktop in the most cost-effective way.

AVD is a flexible, Azure-based VDI solution while Windows 365 is a simpler cloud PC service.  Nerdio Manager integrates the two services into the simplest, most cost effective, and automated way to deploy, manage and optimize virtual desktops and applications in the Microsoft Cloud.

AVD MANAGEMENT

Multi-Cloud and On-Premises Deployment with Azure Stack HCI (Coming Soon)

Deploy Azure Virtual Desktop in Azure and extend the session host VM placement to on-premises and other cloud using Azure Stack HCI. Nerdio Manager automates deployment of session hosts, AVD agent installation, and full integration into the AVD deployment in Azure.

Create a brand new Azure Virtual Desktop environment or allow Nerdio Manager to discover an existing deployment, connecting to existing resources, and manage them.

Deploy Nerdio Manager from Azure Marketplace and configure a new AVD environment with an easy to follow, step-by-step configuration wizard. First group of users can access their AVD desktop in less than 2 hours.

Service providers, system integrators, and consultants can leverage Nerdio Manager’s scripted AVD deployment template. Create complete environments with desktop images, host pools, and auto-scaling in minutes.

Create and manage AVD environments that span Azure regions and subscriptions. Quickly link Vnets and resource groups and manage AVD deployments world-wide from unified portal.

Link multiple Azure tenants under the same Nerdio Manager instance and manage AVD deployments that span Azure AD tenants. User identities and session host VMs can run in separate tenants for maximum flexibilty and security.

Deploy and manage AVD environments that span across sovereign Azure Clouds. Cross-sovereign cloud support allows identity (e.g. users and groups) to be in one Azure Cloud, while session host VMs are in another Azure Cloud.

Management of workspaces, host pools, app groups, RemoteApps & custom RDP settings

Administer every aspect of AVD with Nerdio Manager including workspaces, host pools, application groups, RemoteApp publishing, RDP properties, session time limits, FSLogix, and much, much more. Every Azure service that AVD relies on can be managed with Nerdio Manager.

Deploy and manage AVD session host VMs. Hosts can be created manually or with auto-scaling, deleted on-demand or on a schedule, re-imaged to apply updates, run a scripted action, resized, put into or taken out of drain mode, and more.

Manage user sessions across the entire AVD environment, within a workspace, host pool or on a single host. Monitor session status, disconnect or log off the user, shadow or remote control to provide support, or send user an on-screen message.

End users have the ability to log into Nerdio Manager with their Azure AD credentials and manage their own session, restart their desktop VM, or start a session host if none are started in a host pool. (Ability to resize and re-image own desktop is coming soon.)

Create, link, and manage Azure Files shares including AD domain join. Synchronize Azure Files permissions with host pools, configure quotas, and enable SMB multi-channel. Manage file lock handles and configure Azure Files auto-scaling to increase quota as needed.

Create, link, and manage Azure NetApp Files accounts, capacity pools and volumes. Configure provisioned volume size, monitor usage, and use auto-scaling to automatically adjust volume and capacity pool size to accommodate the needed capacity and latency requirements.

FSLogix configuration can be complex and overwheling, but not with Nerdio Manager. Create one or more FSLogix profiles with all the needed options, point at one or more Azure Files, Azure NetApp Files, or server locations and select from VHDLocations, CloudCache and Azure Blob storage modes.

Multiple identity source profiles can be set up and used automatically on different host pools. Active Directory, Azure AD DS, and Native Azure AD are all supported. Choose the appropriate directory profile when adding a host pool and all VMs will automatically join this directory when being created.

Create a copy of a host pool with all of its settings: auto-scale config, app groups and RemoteApps, MSIX AppAttach, user/group assignments, VM deployment settings, etc. Save time by creating host pool “templates” that can be cloned to any Workspace, Azure region or subscription instead of starting from scratch.

Apply user session time limits at host pool level. Automatically log off disconnected sessions, limit the duration of idle sessions, control empty RemoteApp session behavior and more.

Assign Azure AD users to personal desktops to ensure the user will log into a pre-configured VM. Un-assign personal desktops from users who leave the organization and re-use these VMs for new users.

Pre-configure custom Azure tags for all Azure resources associated with each host pool. Tags can be used for charge-back and cost allocation by host pool.

When creating session hosts using NV-series VMs NVIDIA and AMD GPU drivers are automatically installed.

Move existing host pools from Fall 2019 (Classic) object model to Spring 2020 (ARM) object model. Choose to whether to move or copy user assignments. Existing session hosts are automatically migrated or new ones can be created in the ARM host pool.

Automatically enable and configure AVD integration with Azure monitor. Zero configuration required. Azure Monitor Insights for AVD can be used instead of or in conjunction with Sepago Monitor.

AVD personal desktops to Windows 365 Cloud PC migration (Coming Soon)

Migrate users from AVD personal desktops to Windows 365 Enterprise Cloud PCs using an existing image and user assignment. (Coming soon)

IMAGE MANAGEMENT

Create desktop images from a single pop-up with just a few clicks. No need to Sysprep, capture, version or do any of the other complex Azure image management tasks. Nerdio Manager fully automates the process. Desktop Images can start with a gallery image, existing custom image, or even an existing VM. Images can be stored as custom or Shared Image Gallery integrated objects.

Duplicate desktop images by cloning them to either the same region or another Azure region. Make a clone before making major changes to the image so the changes can be tested without impact the production environment. All with one click.

Distribute desktop images to multiple Azure regions by selecting the locations where the images should be available. Can be enabled on new or existing images. A single desktop image VM can now be used to update AVD session hosts in all locations.

Schedule a recurring update to Desktop Images and automatically re-image host pools on a pre-defined schedule. System and application updates can be automatically applied after hours without manual intervention.

Schedule a regular refresh of a desktop image from Azure Marketplace using the latest patched version. Customize the image with scripted actions and have it automatically deployed to host pools for full end-to-end update automation.

Leverage native Azure backup to create versions of desktop image VMs before making changes and easily revert to prior versions. Take a backup of an image VM while powering it on to modify or manually trigger a backup at any time.

Maintain multiple version of a desktop image by retaining old versions during image updates. These version can be easily used to deploy session hosts in the future.

Modify and update production images and test them without affecting current production host pools that use these images. When updating an image, select for the new version to be created in “staged” mode. Designated test host pools can start using and testing this image right away, but production host pools will only begin using it when it is activated after testing and validation. The end-to-end process of image update, user acceptance testing, and deployment into production can be fully automated.

Ensure that users always log into a pristine, image-based session host by refreshing (re-imaging) used VMs after users log off. In single-user pooled scenarios, desktops will be automatically re-imaged when users log off. In multi-user pooled scenarios, session hosts will be re-imaged as soon as the last user logs off. This way, all hosts will be always kept up-to-date and in pristine state

Schedule a recurring update to Desktop Images and automatically re-image host pools on a pre-defined schedule. System and application updates can be automatically applied after hours without manual intervention.

When session host VMs are re-imaged, the VM name, AD computer object, IP address and DNS host name remain the same. No need to update other systems when re-imaging host VMs since they appear identical to external systems before and after the re-image process.

Before “sealing” the image (i.e. running “set as image” task) document any changes that were made. A report can be generated to show these changes and who made them.

COST & PERFORMANCE OPTIMIZATION

Dramatically reduce Azure compute and storage costs up to 75% by precisely matching the size of Azure infrastructure to the user demand at all times. Nerdio Manager provides multiple auto-scaling algorithms based on CPU usage, RAM usage, user sessions, and user-driven behaviors. Multiple usage triggers can be combined (e.g. CPU and RAM) for precise scaling behavior.

Start VMs when users need them and stop them automatically when no longer in use. VM power management reduces Azure compute costs up to 75%.

Create new session host VMs on-the-fly, as needed, without keeping many VMs created and consuming storage costs by the OS disks. Newly created VMs are always fresh and based on the prestine image state. Add scripted actions to customize the VM provisioning process. When the VMs are now longer needed they can be automatically removed from the environment. A mix of “base capacity” (always created VMs) and “burst capacity” (just-in-time VMs) optimizes costs and user experience.

Auto-scale can start, stop, create, or delete session host VMs based on several auto-scale algorithms that take into account actual usage (e.g. CPU, current active sessions) and/or do so on a schedule to pre-stage capacity in expectation of users logging in.

Balance between cost savings and end-user experience by setting one of three scale in aggressiveness levels that controls the type of hosts can be scaled in (stopped or removed). High aggressiveness provides the highest savings and will forcefully disconnect even active users after end of work hours. Medium will stop host with disconnected sessions. Low aggresiveness will only stop or remove hosts that has no user sessions.

Create multiple auto-scale pre-stage settings to ramp up host pool capacity during certain days of week and times of days. In education environments multiple schedules can be used to turn on VMs based on a pre-defined class schedule.

Provide users with non-persistent, single-user pooled desktops that are used exclusively by a single user during the session then returned to the pool, optionally refreshed/re-imaged, and made available to others. This VDI host pool configuration provides significant savings as compared to permanently-assigned pesonal desktops.

Save up to 90% on Azure VM compute costs while testing an AVD deployment by creating session hosts as Spot VMs. Not to be used in production scenarios as VMs can be unexpectedly “evicted”. Easily convert VMs from spot to pay-as-you-go and back to spot VMs with this scripted action.

Save up to additional 60% on the cost of Azure compute by using Reserved Instances in combination with auto-scaling. Nerdio Manager will analyze prior auto-scale behavior and recommend quantity of CPU core reservations to purchase to take advantage of RI savings.

Host VMs shut down from inside Windows are in stopped, but not deallocated, state and continue to generate Azure compute costs. Nerdio Manager can automatically detect VMs in this state and deallocate them proactively.

Define “running” OS disk storage type (e.g. Premium or Standard SSD) and “stopped” OS disk storage type (e.g. Standard HDD). Auto-scale will change the OS disk to cheaper storage when it stopped and automatically change it to a more performance storage type when the VM is started. This results in up to 75% in OS disk storage savings when the VM is not running.

Save on OS disk storage costs and increase performance with Ephemeral OS disks that can be used for AVD session host VMs. Ephemeral OS disks are free and are stored on the Azure physical host’s local storage and are therefore faster.

Reduce the size of an image VM’s OS disk from the default 128GB to 64GB (or 32GB). This reduces storage costs for session host VMs by requiring a smaller disk and allows for use of smaller VMs with ephemeral OS disks.

Ensure high performance of Azure Files at the lowest possible cost. The performance characteristics of Azure Files Premium are determined by the provisioned capacity quota. Storage auto-scale increases capacity quota in response to increased storage latency (or on a schedule), and decreases it when the extra performance is no longer needed to save on costs.

Ensure high performance of Azure NetApp Files at the lowest possible cost. The performance of an Azure NetApp Files volume is determined by the volume size, regardless of capacity actually used. Storage auto-scale increases the volume size during times of peak demand (e.g. log-on and log-off storms) and decreases it automatically when the extra boost in performance is no longer needed. This is done based on a schedule and/or in response to elevated IO latency. Storage auto-scale also automatically grows volume (and capacity pool) size when capacity reaches a pre-defined threshold ensuring that it never runs out of space.

Shrink FSLogix VHD(X) by removing the “white space” from inside the profile container. This dramatically reducess FSLogix storage costs.

Automatically run Microsoft’s Windows 10 and Windows 11 virtual desktop optimization tool on session host VMs as they are created. This results in drastically improved performance and increased user-per-CPU density, which reduces total Azure compute costs.

WINDOWS 365 ENTERPRISE MANAGEMENT

Cloud PC License Usage Optimization

Reduce total cost of Windows 365 Cloud PCs by optimizing license assignment and reclaim and re-use unused licenses.

Extend existing AVD environments with Windows 365 Enterprise Cloud PCs. Nerdio Manager automatically creates the necessary network connections, images, and provisioning policies based on the current AVD configuration. It can also be used to deploy Windows 365 even if there is no existing AVD deployment.

Cloud PC device lifecycle management

Manage all aspects of Windows 365 Enterprise Cloud PCs. Restart, re-provision from image, resize to a larger VM size based on available licenses, end grace period when Cloud PC is no longer needed, and run any Powershell script on one or more Cloud PCs.

Cloud PC user group assignment

Create and manage Cloud PC provisioning policy and assign user security groups to policies to begin the provisioning process for licensed users.

Intune primary user management on Cloud PCs

Automatically detect if a provisioned Cloud PC does not have an assigned Intune primary user. Alert administrator and allow for one-click primary user assignment.

Leverage existing AVD images to create Cloud PC deployments. Image updates are automatically applied to AVD and Cloud PC environments using these shared images.

Scripted actions are shared between AVD and Windows 365 Enterprise Cloud PC environments. Scripts that install apps, apply optimizations, or anything else that can be scripted with Powershell can be applied to both AVD session hosts and Cloud PCs.

Migrate AVD personal desktops to Cloud PCs (Coming Soon)

Automate the migration process from a personal AVD host pool to an Enterprise Cloud PC. (Coming soon)

AVAILABILITY & RESILIENCE

Enable host pool level active/active DR configuration and Nerdio Manager will automatically distribute session hosts across two Azure regions. Users will be distributed across VMs in both regions as they log in and FSLogix profiles will be automatically replicated using Cloud Cache. In case of an Azure region failure users will continue accessing VMs in the available region.

Auto-scale can automatically detect broken AVD session hosts and attempt to repair them by either restarting or deleting and re-creating the VMs without user intervention.

Protect against data center failure by automatically distributing session host VMs across Availability Zones (data centers) in supported Azure regions.

Azure availability sets of variable size can be optionally enabled. When enabled, session host VMs are automatically placed in availability sets when deployed.

Leverage native Azure backup to create versions of desktop images before making changes and easily revert to prior versions. Take a backup of an image while powering it on to modify or manually trigger a backup at any time.

Modify and update production images and test them without affecting current production host pools that use these images. When updating an image, select for the new version to be created in “staged” mode. Designated test host pools can start using and testing this image right away, but production host pools will only begin using it when it is activated after testing and validation. The end-to-end process of image update, user acceptance testing, and deployment into production can be fully automated.

Scheduled Nerdio Manager backup

Configure a scheduled backup of Nerdio Manager application by protecting App Service, Azure SQL database, and key vault contents.

SECURITY & COMPLIANCE

Nerdio Manager is a single-customer Azure application deployed from the Azure Marketplace into a customer’s own Azure environment. It consists of Azure PaaS services only with no VMs to manage. The application is integrated into Azure AD and uses Graph API to turn the dials inside the Azure environment. No third-parties have any access into the customer’s Azure environment.

No third-party vendor access

Nerdio Manager is not a hosted SaaS service, but rather an Azure application that’s installed in a single customer environment. There is no third party access to this single tenant app deployment.

Data residency control

Because Nerdio Manager is an Azure application, customers can choose the Azure region where it is deployed. All associated metadata is stored in a selected Azure region with customer having full control over backup, retention, and destruction of this metadata.

Delegate access to deploy and administer Azure Virtual Desktop deployments to users with defined role-based access controls. Built-in AVD Admins can full access to the environment, Reviewers have read-only access, Desktop Admins can manage images and power state of host VMs, Help Desk users manage user sessions, and End-users can manage their own virtual desktop session in a self-service portal. Create your own custom RBAC roles and select Read-only or Full Access to all areas of Nerdio Manager, including limiting access to individual host pools.

Create custom roles to control admin access to all areas of Nerdio Manager. Custom roles define scope and level of access and can be assigned to users and security groups. Users can access modules in read-only or full access mode.

RBAC admin roles can be assigned to users and groups and proper level of access is provided at Workspace level and host pool. Different groups of admins can manage different sets of Workspaces and host pools within a larger AVD deployment.

Company-provided SSL certificate and domain name can be applied to Nerdio Manager for Enterprise Azure App Service to increase the security posture of the deployment.

Protect Nerdio Manager and AVD deployment by hardening the SQL, Key Vault, Storage Accounts, App Service by enabling private vnet endpoints in Azure.

Prevent Users from Using Saved Password in AVD Client App

Increase security posture of an AVD host pool by preventing users from using saved credentials in their AVD client app. Users will always be prompted for password when logging into their desktop.

MONITORING & REPORTING

Consolidated dashboard that combines usage, costs, and savings across all Workspaces in WVD deployment. Select desired time range and view graphs of named, concurrent, and active users. View graphs of host pools, hosts, and total CPUs. Review and export data on compute and storage costs savings.

Analyze Azure compute (VMs) and storage (OS disks, Azure Files and Azure NetApp Files) costs at per-hostpool, per-workspace and across the entire environment. Understand average per named, concurrent, and monthly active user costs.

Export detailed usage and costs data to be used for chargeback.

Review auto-scale behavior in an easy-to-understand, visualized dashboard that can be drilled into for more detail. All auto-scale behavior, including corresponding user sessions, can be reviewed for further optimization.

View project montly compute (VM) and storage (OS disks) costs when creating a new host pool. The real-time calculation is based on Azure pricing API and takes into account the entire auto-scale configuration profiles. This calculation provides the minimum host pool cost, assuming the pool stays at the minimum size and never scales out, and the maximum cost, assuming the host pool scale out to its maximum size and never scales in.

Azure list prices used for all calculations can be adjusted with a negotiated discount so all financial data accurately reflect actual Azure costs.

Be always in the know with automated notifications and alerts. Define rules to generate email alerts based on various conditions and actions. Select whom to notify based on tasks, statuses, resources, and other criteria.

Gain fully visibility into AVD environment that extends beyond the Azure Monitor Insights. User sessions dashboard provides a wholistic view into user performance that can be drilled down on a per-user basis to understand latency, app input delay, utilization patterns and more.

Hosts dashboard provides a deep analysis of VM performance and utilization (e.g. CPU, RAM, CPU queue, Disk queue, etc.) and displays recommendations for user-to-host density.

Application dashboard display per-application-per-user stastics to understand applicatino usage patterns, application resource consumption, and user behavior.

Track and report on all changes to desktop images performed by all users.

ORCHESTRATION & INTEGRATION

Leverage the power of Nerdio Manager automation by integrating with existing ITSM platforms (e.g. ServiceNow). Add and re-image hosts, create or update desktop images, control user sessions and much more.

Scripted actions provide limiteless flexibility in AVD deployments. Windows scripts can be used to execute any set of Powershell commands on VMs are created, started, stopped, remove, or re-imaged. This can be used to deploy applications, security software, optimizations, and much more. Azure runbooks can be used to configure and maintain the Azure environment on the outside of the VM. Many triggers are available including VM or AVD host create, start, stop, delete, image create, schedule, run-once, and more.

Synchronize scripted actions with Public and/or Private GitHub repositories. Use your favorite tools, like Visual Studio Code, to edit and maintain scripted actions with all of the power of GitHub workflows, versioning, and so much more. Scripted actions are automatically synchronized with GitHub repositories and any changes take effect immediately without any configuration changes made in Nerdio Manager.

Azure DevOps Integration with Scripted Actions (Coming Soon)

Synchronize scripted actions with Azure DevOps. Use your favorite tools, like Visual Studio Code, to edit and maintain scripted actions with all of the power of Azure DevOps workflows, versioning, and much more. Scripted actions are automatically synchronized with Azure DevOps repositories and any changes take effect immediately without any configuration changes made in Nerdio Manager.

Windows scripts and Azure runbooks can be executed automatically with security context maintained by Nerdio Manager during VM create, delete, start stop, and AVD host register operations.

Windows scripts and Azure runbooks can be executed on all hosts within a host pool either on demand or on a schedule with recurrence.

Automatically install software on newly created desktop images or maintain existing images with regular updates using Scripted Actions.

Execute Scripted Actions on desktop images while packaging the VM into an image object. These scripts do not impact the original image VM but only apply to the the resulting image. For example, SCCM agent can be uninstalled from the image but remain on the image VM where it is used to update and install software.

Leverage powerful scheduling capability to schedule any session host actions such as start, stop, add, delete, re-image, resize, activate, deactivate, run script, and more.

Health check probe for third-party tool monitoring

Get status of Nerdio Manager, SQL DB, Azure and AVD access via an unauthenticated URL. Can be used by monitoring tools to check environment health.

Define global variables that can be used by any scripted action. Variables are encrypted and stored securely in Azure Key Vault.

Nerdio Manager provides built-in integrations for popular desktop virtualization tools such as Teradici PCoIP, security and AV tools like Sophos, and much more.

APPLICATION MANAGEMENT

Use Scripted Actions to install and manage applications on desktop images or during session host VM creation. Large library of popular software installations is included and gets updated on a regular basis. Create your own scripts to install and manage your own apps.

Applications installed on images or session hosts are automatically discovered and can be assigned to only some users and groups (whitelist) or be available to all users with exceptions (blacklist). Leveraging FSLogix application masking technology, apps are completely removed from user’s environment unless user is authorized.

Create MSIX images using msix apps, store them in an Azure Files based library with versioning, and deliver these apps seamlessly to users.

Upload native MSIX installer files and let Nerdio Manager automatically expand them into a VHDX container, capture all needed metadata, and make the app available for host pool attachment.

Upload multiple MSIX apps to be packaged together in a single VHDX image. Combining multiple apps in a single image reduces the number of VHDX files mounted on each session host VM and improves performance.

Upload and manage MSIX App Attach images to an Azure Files share. Update images to new versions and automatically apply to all host pools with existing assignments. Leverage images with multiple MSIX packages inside for more efficient app delivery.

Leverage native WVD MSIX App Attach integrations via the AVD agent. Assign MSIX packages to host pools from Nerdio Manager image library or use existing images storage on any SMB storage including Azure NetApp Files and file servers.

Upload and manage a library of self-signed or CA-issued certs that were used to package apps in MSIX format. These certificates can be automatically installed on desktop images or session hosts during provisioning.

REGISTER NOW

Get Certified

Get Certified

REGISTER NOW

Secure Remote Work: Azure Virtual Desktop GTM Strategy

In this session, we will discuss how Azure Virtual Desktop and Windows 365 enable a secure remote workforce with a ZeroTrust mindset.

Available Webinars

REGISTER NOW

Demystifying Microsoft Azure: Getting Started with Azure for MSPs

Demystifying Azure is our intro to Azure class, teaching MSPs everything they need to know about getting started with Microsoft Azure and creating a path forward to building a healthy Azure practice.

Available Webinars

REGISTER NOW

Microsoft Azure: The Future of VDI

Azure Virtual Desktop and Windows 365 are one of the fastest-growing areas for MSP and Microsoft. In this session, we will discuss what makes it different from other VDI solutions, why every MSP should have this tool in their kit, and how to get started enabling your own Azure desktop practice.

Available Webinars

REGISTER NOW

Microsoft Azure: The Future of VDI

In this session, you will learn how MSPs can build and price a complete Azure solution at the lowest possible price, enabling you to win more business and maintain a healthy margin.

Available Webinars

REGISTER NOW

REGISTER NOW

REGISTER NOW