How to implement and manage Microsoft Windows 365 Cloud PC

In August 2021, Microsoft released Windows 365 Cloud PC. A new cloud-based service that provides Cloud PCs to end users. With this Windows 365 Cloud PC, users get their own personalized desktop in the cloud, which can be accessed from anywhere on any device. It is optimized for Microsoft 365 including Microsoft Teams AV redirection. Unlike Azure Virtual Desktop you pay a fixed price per-user per-month, no matter you many hours you use the Cloud PC in a month (license, exclusive network egress fees in case of Enterprise version). The price of the license depending on the size and specs of the Cloud PC.

Will Windows 365 Cloud PC replace Azure Virtual Desktop?

Windows 365 Cloud PC and Azure Virtual Desktop are both SaaS solutions from Microsoft that can provide users with a remote desktop. For many people this raises the question whether the new Windows 365 Cloud PC service will replace the current Azure Virtual Desktop solution. Although both services have some basic similarities, they are both suitable for different use cases. See the following table for the main differences.

 Windows 365 Cloud PC  Azure Virtual Desktop (AVD)
 Fixed per-user, per month pricing  Flexible pricing, based on usage.
 Fully integrated with Microsoft Endpoint Manager (MEM) – Microsoft Intune  Full control over management and deployment.
 Windows personalized desktop. Single user, desktop only.  Windows personalized desktop. Single user and multi-user OS. Can publishes both desktops and remote applications.
 User self-service in web portal.  No native self-service options.

 

Licensing

As mentioned before, with Windows 365 Cloud PC you pay a fixed price per-user, per month. There are two license types available, Business and Enterprise. In both cases the price depends on the size of the Cloud PC. There are big differences between the business and the enterprise license.

 Business  Enterprise
Designed for small- to medium-sized companies with a maximum of 300 desktops. Designed for larger businesses that want to deploy Cloud PCs across their organization for an unlimited number of users.
Desktop will be attached to a vNet managed by Microsoft, an advantage is that customers are not charged for network egress fees. Desktops will be attached to the customers existing Azure virtual network (vNet), but they are charged for the standard network egress fees.
 Standard Gallery Images only.  Standard Gallery Images + Custom Images.
 Manual configuration and App installation  Fully integrated with Microsoft Endpoint Manager / Microsoft Intune for automatic configuration and application installations.
No other Microsoft licenses are required. Users must also be licensed for Windows 10 Enterprise or Windows 11 Enterprise, Microsoft Endpoint Manager, and Azure Active Directory P1.

In this blog we will use a Windows 365 Cloud PC Enterprise license.

Prerequisite

The following prerequisites needs to be in place before you can start with the Windows 365 Enterprise Cloud PC deployment.

– Azure subscription
– Windows 365 Enterprise license
– Microsoft Intune license (or EMS or Microsoft 365 E3/E5 licenses)
– Azure AD environment up and running
– Microsoft Intune environment up and running
– Azure Network configuration (vNet) up and running (including correct DNS configuration)
– On-premises domain up and running
– Site-to-Site VPN / Express route to have access to the domain controllers within the Azure Network (as an alternative the domain controllers can also run in Azure itself)
– Azure AD Connect up and running with Hybrid Azure AD configuration (computer objects for Cloud PC needs to sync to Azure)

In this blog

In this blog I will cover the following steps:

Step 1 : Assign licenses to the users
Step 2 : Create on-premises network connection
Step 3 : Create a Provisioning Policy
Step 4 : Assign policies and applications to the Cloud PC
Step 5 : Connect to the Windows 365 Cloud PC

Step 1 : Assign licenses to the users

Before a user can use a Cloud PC, a Windows 365 license needs to be assigned to the user.
Login to the Azure Active Directory admin center to perform the assignment.

The assignment of the Windows 365 license can be direct to the user, or via a group assignment (requires additional licenses).

Step 2 : Create on-premises network connection

As described in the prerequisite of this blog, an Azure network must be configured first. Before Cloud PCs can be provisioned an On-premises Network Connection (OPNC) needs to be created once per network. This connection is used for Cloud PCs to join the company’s domain and for the provisioning itself.

To create the OPNC, login to the Microsoft Endpoint Manager admin center.

Navigate to Devices > Windows 365 > On-premises network connection and click + Create

Give the On-premises network connection a Name. Select your Subscription, Resource group and Virtual network including Subnet.

Click Next

Fill in the AD DNS domain name and optionally the Organizational Unit (this OU needs to be synced with AD Connect). Fill in the AD username UPN and the AD domain password.

Click Next

Click Review + create

After a few minutes the On-premises network connection is created and a “checks successful” status will be displayed (if everything is configured correctly). You can click on the status to get more info.

In this case every step has been successfully passed. However, the first time I got a warning on “Azure AD device sync”. It turned out afterwards that the computer account was not yet synced from the on-presses domain to Azure AD. After the sync, the warning disappeared, and the status changed to Passed.

Step 3 : Create a Provisioning Policy

A Provisioning Policy needs to be created to provision the Cloud PC with an image of choice and is based on Azure AD security groups.

As you can see in the screenshot above, no provisioning policy has been created and assigned to my test user. The Cloud PC has the status “Not provisioned”.

Open the Provisioning policies tab and click + Create policy

Give the policy a Name and select the just created On-premises network connection.

Click Next

Select an image from your Image Gallery or a default image from the Gallery Image. I will discuss custom images in a later blog, for now I select Gallery image.

Click Next

For this demo I select the Windows 10 Enterprise + Microsoft 365 Apps 21H1 image.

Click Next.

Select an Azure AD security group and click Next.

Click Review + Create

After the provisioning policy is created, Cloud PCs of assigned users will be provisioned.

Keep in mind that the provisioning can take up to 60 minutes. After the provisioning is finished, the status will be changed to “Provisioned”.

Step 4 : Assign policies and applications to the Cloud PC

Windows 365 Cloud PCs will be enrolled with Microsoft Endpoint Manager / Microsoft Intune. As a result you have the possibility to publish your current Microsoft Intune configuration like, Configuration Policy, Compliance Policies and Applications. Keep in mind that the Security Baseline for Windows 10 and later is not supported on virtual machines. Therefor, it is not recommended to publisher this security baseline to Cloud PCs. For Cloud PCs you can use the Windows 365 Security Baseline.

Step 5 : Connect to the Windows 365 Cloud PC

Let’s connect to the Windows 365 Cloud PC. You can use different clients for this, depending on the operating system that is in use on the client. First, lets use the web client. Navigate to https://windows365.microsoft.com/

After signing in, you will see your cloud PC. There is even an option for the user to reset the PC from this web console!

When opening the Remote Desktop Clients page, you can find download links and information of all other available clients.

When also using Azure Virtual Desktop, the Cloud PC will be available within the same client too, without additional configuration.

The first time you login to the Windows 365 Cloud PC the account setup will be completed with the latest settings and applications from Microsoft Intune.

After the account setup is completed, your Cloud PC is ready for use.

4 comments

Your email address will not be published.

About Robin Hobo

Robin Hobo

I work as a Senior Solution Architect with focus on the Modern Workspace. I am specialized in Azure Virtual Desktop (AVD), Windows 365 and Microsoft EM+S (including Microsoft Endpoint Manager - Microsoft Intune).

For my full bio, check the About Me page. You can also join me on the following social networks:

By continuing to use the site, you agree to the use of cookies. more information

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.

Close