Skip to main content
The core components and processes that enable DaaS to function effectively including hypervisors, connection brokers, and network connectivity

Desktop as a Service (DaaS): a guide for enterprise IT

Desktop as a Service (DaaS) delivers cloud-hosted desktops over the internet. A 2026 guide on Windows 365 and Azure Virtual Desktop.

Amol Dalvi | June 25, 2025

Desktop as a Service (DaaS) is a cloud model where a provider hosts virtual desktops and streams them to your users over the internet. For most enterprises in the Microsoft ecosystem, DaaS means two products: Windows 365 and Azure Virtual Desktop. Microsoft groups both under an umbrella it calls Windows Cloud.

While we recognize AVD is not truly a DaaS service, Microsoft includes it in their Windows Cloud solutions so for this article we will go over both offerings. Many enterprises run both. Each product fits a different group of users, and the real work is managing them together without breaking the team.

This guide covers what DaaS means today, the delivery models underneath it, how it compares to on-premises virtual desktop infrastructure and physical endpoints, and what it takes to run Windows 365 and Azure Virtual Desktop at scale.

What is Desktop as a Service?

Desktop as a Service is a cloud model where a provider hosts virtual desktops and streams them to your users over the internet. Your team gets a full Windows desktop with their files, applications, and policies on any device. The operating system runs in the cloud; the endpoint just displays it.

DaaS is the standard market term for this category. In the Microsoft ecosystem, two products dominate:

  • Windows 365 is a flat-rate, per-user Cloud PC. Easy to deploy, predictable monthly cost, limited customization.
  • Azure Virtual Desktop is Microsoft's consumption-based virtual desktop service. More flexible, more configurable, cheaper at scale if you manage it well.

Many enterprises run both. Windows 365 handles information workers, frontline staff, and contractors who need a consistent PC-like experience. Azure Virtual Desktop handles teams that need shared hosts, custom configurations, or GPU workloads. Treating one as a replacement for the other usually ends in a bad fit.

Key things to know about DaaS

  • DaaS is a delivery model, not a single product. In the Microsoft ecosystem, that means Windows 365 and Azure Virtual Desktop working together under Windows Cloud.
  • OpEx replaces CapEx. Operational expense replaces capital expense. You pay a subscription instead of buying desktop hardware, servers, and virtualization licenses upfront.
  • Centralized management. IT provisions, patches, and retires desktops from one place rather than touching every endpoint.
  • Data stays in the cloud. If a laptop is lost or stolen, the sensitive data isn't on it.
  • Access from anywhere. Employees connect from nearly any internet-connected device.
  • Business continuity is built in. If an office goes offline, the desktops don't.
  • Management complexity shifts; it doesn't disappear. You stop managing hardware and start managing identity, policy, images, cost, and two Microsoft products that need to be run differently.

How does DaaS work?

A DaaS setup has a cloud provider doing the heavy lifting at the back end and a thin client or browser doing almost nothing at the front. Between them sits a control layer that authenticates users and connects them to their desktops.

What is the typical architecture of a DaaS solution?

A DaaS deployment has five moving parts.

  • Cloud infrastructure. The provider runs compute, storage, and networking in regional data centers.
  • A hypervisor layer. Virtual machines hosted on that infrastructure become individual user desktops.
  • A connection broker. Authenticates users and routes them to the right desktop.
  • A management console. Where IT provisions desktops, applies policies, monitors sessions, and manages cost.
  • Endpoints. Any device that can run the client or a browser.

For Windows 365 and Azure Virtual Desktop, Microsoft runs most of that infrastructure. You manage identity, images, applications, policies, and users through a mix of Azure, Intune, and whatever management layer sits on top.

How do employees access their virtual desktops?

Users reach a DaaS desktop in one of two ways. They install the Windows App (Microsoft's unified client, formerly Remote Desktop Client) on their device, or they open a browser and sign in to a web portal. After authentication, the connection broker routes them to their assigned desktop and the session streams to the endpoint.

Enterprise DaaS deployments integrate with Microsoft Entra ID for single sign-on and require multi-factor authentication. The display protocol handles the graphics, audio, USB, and printer redirection over the network. Azure Virtual Desktop uses Microsoft's Remote Desktop Protocol with Shortpath. Windows 365 uses the Windows App client stack.

Where do company applications and data live?

In the cloud, not on the endpoint. Applications are either installed on a master image or delivered dynamically to the virtual desktop at login. User data sits in one of three places: inside a persistent desktop, on centralized cloud storage, or inside a containerized profile. In Azure Virtual Desktop non-persistent environments, FSLogix manages those profile containers. Windows 365 Cloud PCs are persistent by design and store user profiles natively.

You control the data, policies, and applications. The provider runs the infrastructure underneath.

What are the main DaaS delivery models?

DaaS delivery models differ on two axes: whether user data survives between sessions, and whether each user gets their own virtual machine. For Microsoft shops, there's a third axis: Windows 365 vs. Azure Virtual Desktop.

Persistent, non-persistent, or both?

Persistent desktops save each user's settings, apps, and data between sessions. Non-persistent desktops reset to a standard image every time a user logs off. Many large organizations run both, matching the model to each group of users.

Attribute

Persistent

Non-persistent

Personalization

User settings, apps, and data save between sessions

Desktop reverts to a golden image at logoff; profile data managed separately

Management

Each desktop managed individually, more storage required

One image for many users, patches applied centrally

Cost

Higher per user

Lower per user

Best fit

Developers, executives, power users, anyone installing specialized software

Task workers, call centers, training labs, shift workers

The choice isn't either/or. It's which users get which model, and whether your management tools can run both without doubling the admin work.

Single-session vs. multi-session

Single-session means one user per virtual machine. It feels like a physical PC and handles any application, but it costs more per user. Multi-session lets several users share one larger VM. Windows 11 Enterprise multi-session on Azure is the common example. Multi-session is cheaper because many users share one VM, but the applications have to work in a shared operating system.

Single-session fits users running heavy or compatibility-sensitive software. Multi-session pooled desktops fit standard knowledge workers running Microsoft 365 and everyday business apps.

Windows 365 vs. Azure Virtual Desktop

Windows 365 is the flat-rate, simpler option. Azure Virtual Desktop is the flexible, consumption-based option. Both are Microsoft cloud desktop products. The real difference is how you buy them, how you pay for them, and what your admins manage day to day.

Attribute

Windows 365

Azure Virtual Desktop

Pricing

Flat, per user, per month

Consumption-based (Azure compute + storage + licensing)

Customization

Limited

Fully configurable

Session model

Single-session only (one Cloud PC per user)

Single or multi-session

Best for

Information workers, contractors, frontline shifts

Teams needing shared hosts, custom images, or GPU

Management

Primarily Microsoft Intune

Azure Portal, PowerShell, and Microsoft Intune

Windows 365 is the easier path to a per-user cloud desktop. Azure Virtual Desktop is the cheaper path at scale, if you can manage it well. Many enterprises end up running both, because different groups of users need different cost models. For a side-by-side cost view, see our AVD vs. Windows 365 breakdown.

What does DaaS deliver for an enterprise?

Compared to an on-premises desktop fleet, DaaS improves cost predictability, lets you scale in minutes rather than weeks, tightens security by keeping data off endpoints, supports remote and hybrid work, reduces IT overhead, and builds business continuity into the infrastructure. The specifics depend on the product.

Cost predictability

DaaS turns desktop spending into a subscription. Windows 365 is flat per-user, so finance can forecast it to the dollar. Azure Virtual Desktop is consumption-based, so the cost depends on how many hours your VMs run and how big they are. Managed well, it can be cheaper than Windows 365 at scale. Sage reported 62 to 65 percent savings on VM costs and more than $1M in annual savings after moving to Azure Virtual Desktop with Nerdio. Windows 365 is predictable by design. Azure Virtual Desktop becomes predictable through auto-scaling and right-sizing.

Business agility and scale

New users get a desktop in minutes instead of the weeks it takes to procure and image a laptop. The same applies in reverse: when a contract ends, you reclaim the license. Newfoundland's provincial health authority stood up 1,700 healthcare workers on Azure Virtual Desktop in five days. That kind of speed is hard to match with physical hardware.

Security and compliance

Sensitive data lives in the cloud, not on endpoints. A lost laptop becomes a password reset, not a breach. Policies, patches, and baselines apply consistently across every desktop from one central console. Microsoft's cloud infrastructure holds certifications including ISO 27001, SOC 2, HIPAA, and PCI DSS, which help with your own compliance requirements. You still own identity, access, and data governance above the infrastructure.

Flexible work

Employees reach their full work desktop from a home laptop, client site, or shared kiosk. Bring-your-own-device (BYOD) policies get easier to manage because the corporate environment never lives on the personal device.

IT efficiency

The cloud provider runs the backend. Your team stops patching physical machines and managing hardware lifecycles and starts managing identity, images, and policy. Ossur, a medical devices company based in Iceland, reported roughly 70 percent reductions in licensing costs and a smaller team able to run the whole environment after leaving Citrix for Azure Virtual Desktop on Nerdio.

Business continuity

When an office loses power or network, desktops keep running. Users reach their environment from any location with an internet connection. Recovery times compress because the desktops were never tied to a single physical site.

DaaS vs. on-premises VDI vs. physical desktops

DaaS puts the infrastructure in the cloud, run by the provider. On-premises VDI keeps the infrastructure in your data center, run by your team. Physical desktops run the operating system directly on the user's device.

Attribute

DaaS

On-premises VDI

Physical desktops

Infrastructure ownership

Provider

Enterprise

Enterprise (endpoints only)

Cost model

OpEx, subscription

CapEx-heavy, ongoing OpEx

CapEx + ongoing support

Scalability

Elastic, minutes to provision

Moderate, infrastructure planning required

Low, one device at a time

IT expertise

Cloud service management, identity, images

VDI, virtualization, storage, networking

Endpoint management, hardware support

Primary benefit

Workforce agility and simplified infrastructure

Granular control inside your own data center

Dedicated local resources, full offline

How does DaaS compare to on-premises VDI?

The core difference is where the infrastructure lives and who runs it. On-premises virtual desktop infrastructure means you own the servers, storage, hypervisor, and the specialized team required to keep them running. DaaS means the provider owns that stack and you pay a subscription.

DaaS lowers upfront cost and shifts operational burden off your IT team. On-premises VDI keeps everything under your direct control, which some regulated workloads still require. The trend across many enterprises is a migration path from Citrix or legacy VDI into Azure Virtual Desktop and Windows 365, usually driven by renewal pressure, rising licensing costs, or the need to modernize aging infrastructure.

When does DaaS beat physical desktops?

Four situations consistently push enterprises toward DaaS: a growing remote or hybrid workforce, tight security and compliance requirements, rapid scaling needs during growth or M&A, and a desire to reduce the IT overhead of patching and supporting a physical fleet. DaaS also extends the life of existing endpoints, since the processing power is in the cloud.

When might VDI or physical still make sense?

VDI still wins when regulators require infrastructure to stay on-premises under your direct control. Secure DaaS offerings now cover most regulated workloads, but a few hold-outs remain. Physical desktops still win for two cases: heavy graphics workloads on unreliable internet, and specialized legacy peripherals that need local hardware access.

How do you plan and implement DaaS?

A typical enterprise DaaS migration has five phases:

  • Discovery and assessment. Define the goals, inventory applications, segment users by role and workload, assess existing infrastructure.
  • Design and planning. Pick a DaaS platform (Windows 365, Azure Virtual Desktop, or both), design the images, policies, and identity model, map out the migration.
  • Pilot. Deploy to a small representative group. Test performance, application compatibility, user experience, and support processes. Refine.
  • Phased rollout. Move users in waves. Start with lower-complexity groups. Train and support as you go.
  • Optimization. Monitor performance, cost, and usage. Tune auto-scaling, image updates, and license allocation on an ongoing basis.

Application and user needs

Inventory every application and classify it by compatibility with a virtualized multi-user environment, performance profile, and licensing model. Segment users by role and workload: task workers, knowledge workers, developers, power users with GPU requirements. That segmentation tells you which users go on Windows 365, which go on Azure Virtual Desktop, and which mix of persistent and non-persistent sessions each group needs.

Network and bandwidth

DaaS experience depends on stable, low-latency internet. Assess WAN capacity for offices and typical home connections for remote workers. Bandwidth per user varies with screen resolution, monitor count, and workload. Video conferencing and graphics-intensive applications consume more. Software-defined WAN (SD-WAN) or similar network optimization helps when existing connectivity isn't enough.

Security, identity, and compliance

Security in DaaS is a shared job. The provider handles the infrastructure certifications and encryption; you handle identity, access, and data policy. Start by checking the provider's certifications (SOC 2, ISO 27001, HIPAA attestations) and encryption practices. Then integrate DaaS with Microsoft Entra ID for single sign-on, enforce multi-factor authentication, and plan for data residency where regulations apply. Apply conditional access policies to both the desktops and the identities connecting to them.

User experience

User experience makes or breaks DaaS adoption. Set performance expectations, run a pilot with real users, and support common peripherals like printers, scanners, and multiple monitors. Build a communication and training plan. Monitor user feedback and session telemetry after go-live.

What to look for in an SLA

Uptime guarantees of 99.9 percent or higher. Response times tied to issue severity. Escalation procedures in writing. Clear boundaries between what the provider maintains and what your team owns.

How are enterprises actually using DaaS?

Some enterprises hit DaaS return on investment in a single quarter. Others spend two years migrating and never get there. The difference is usually fit. Three patterns show up in the fastest-moving deployments.

Regulated industries on a VDI renewal cycle

Financial services, healthcare, legal, and government teams running Citrix or legacy VDI are the clearest fit. There's usually a forcing function: a Citrix renewal, a compliance audit, or an infrastructure refresh that won't pass another fiscal year. There's also a regulated workload where auditors want to see policy enforcement and data residency controls. Microsoft's compliance certifications on Azure compress the review that usually slows Citrix-alternative evaluations.

  • Equitable Bank (financial services, Canada) ran its digital transformation on Nerdio-managed Azure Virtual Desktop and reported 74 percent compute savings per month.
  • LexisNexis (legal and data analytics, 160 countries) reported 50 percent year-over-year cost savings and a 75 percent reduction in support needs on Nerdio-managed AVD.
  • Ossur (medical devices, Iceland) reported roughly 70 percent reductions in licensing costs after leaving Citrix for AVD on Nerdio.

All three left Citrix or legacy VDI and landed on Microsoft under a management layer that absorbed the operational lift their internal team couldn't.

Rapid workforce change and M&A

Stand-up-and-tear-down speed is where DaaS pulls the furthest ahead of physical desktops. A new acquisition needs access to corporate applications in days; a contractor team ends in six months with laptops to reclaim. Cloud desktops provision in minutes and reclaim when the contract ends.

  • Carvana migrated off its previous platform in 14 days and reported a 40 to 50 percent cost reduction.
  • Sage grew from 200 to 1,000 managed customers without adding headcount after moving to Nerdio-managed AVD. The team reported 62 to 65 percent savings on direct VM costs and more than $1M in annual savings.
  • Newfoundland's provincial health authority stood up 1,700 healthcare workers on Azure Virtual Desktop in five days.

None of these teams could have matched that speed with physical hardware, and none of them wanted to.

Frontline and shift-based workforces

If your workforce includes shift workers whose hours never overlap, the standard per-user Windows 365 license is usually overkill. Windows 365 Frontline licenses cover three non-overlapping users for roughly twice the cost of one enterprise license, which can cut per-seat spend sharply for this pattern.

Nerdio Advisor identifies shift patterns automatically and recommends Frontline license conversions where they'd save money. Without that kind of telemetry, most IT teams default to enterprise licensing across the workforce and never notice the over-spend.

Across these patterns, the common thread is using DaaS to absorb workforce complexity rather than pay for more of it. Grant Thornton reported $20,000 per month in savings on 330 concurrent users. Syneos Health, a clinical research organization, reported 70 percent faster configuration changes after switching to Nerdio. With the right management layer on top, a smaller team can run a bigger DaaS environment.

Where is DaaS headed next?

DaaS in 2026 is getting more tightly wired into Microsoft's endpoint management stack. Two shifts are worth watching.

Microsoft Intune is becoming the management substrate for both Windows 365 and AVD. Intune's Endpoint Privilege Management extended to AVD single-session VMs in early 2026. The full Intune Suite ships with Microsoft 365 E5 starting July 2026, with a partial set added to E3. The Intune skill set IT already uses now covers more of the cloud desktop estate, though the primary Intune relationship still sits with Windows 365.

Digital employee experience is becoming measurable. Connection quality, latency, and application load times now appear on live dashboards instead of in quarterly satisfaction surveys. Teams running DaaS at scale need a single pane across Windows 365 and Azure Virtual Desktop, since managing them separately hides the problems that only surface across the stack. Expect DEX monitoring to move from a premium add-on to an expected feature in any enterprise DaaS stack.

How Nerdio helps with your DaaS strategy

If you're running Windows 365, Microsoft Intune, and Azure Virtual Desktop, or planning to, Nerdio Manager for Enterprise gives you one console to manage all three. Fewer clicks, faster changes, more predictable cost, and the same admin workflow for both Windows Cloud products.

That shows up in five specific places.

  • Azure Virtual Desktop auto-scaling. Nerdio's auto-scaling evaluates both user count and VM utilization, then powers down and deallocates unused VMs automatically. Enterprise customers report up to 80 percent savings on Azure compute. Equitable Bank reported 74 percent compute savings per month. Penn State reported a 71 percent reduction in AVD spend while adding more than 1,000 users.
  • Windows 365 application management. Nerdio's Unified Application Management deploys apps to Cloud PCs in about 30 seconds. Native Intune delivery can take up to three hours because Intune polls on its own schedule. For an admin pushing an urgent update to 500 Cloud PCs, that difference is the difference between a morning and a day.
  • Intune policy backup and restore. Native Intune can't back up or restore a deleted policy. Nerdio can. For a team where a single misconfigured policy can affect thousands of endpoints, that's a safety net worth naming.
  • Nerdio Advisor. Right-sizes oversized Cloud PCs, flags underutilized licenses, and recommends Frontline license conversions for shift workers who don't overlap. Three enterprise licenses at $31 each is $93 a month. One Frontline license covering the same three users is $62 a month.
  • Operational efficiency. Independent testing by Dr. Tritsch IT Consulting found that common Azure Virtual Desktop management tasks take 55 to 88 percent less time on Nerdio compared to the native Azure portal, with 77 to 91 percent fewer clicks. Fewer clicks means fewer manual steps, which means fewer configuration errors.

Together, these give your team one management layer across Windows 365, Intune, and Azure Virtual Desktop, so you stop switching between three portals and two sets of admin workflows to get through the day.

If you're planning a DaaS strategy across Windows 365 and Azure Virtual Desktop, Nerdio Manager for Enterprise is built for exactly that. Schedule a demo or try it free in your own Azure tenant.

Frequently asked questions about Desktop as a Service

About the author

Amol Dalvi

Amol Dalvi

VP, Product

Software product executive and Head of Product at Nerdio, with 15+ years leading engineering teams and 9+ years growing a successful software startup to 20+ employees. A 3x startup founder and angel investor, with deep expertise in Microsoft full stack development, cloud, and SaaS. Patent holder, Certified Scrum Master, and agile product leader.

Ready to get started?