The recently renamed Azure Virtual Desktop service offers virtual desktops in the cloud but it also requires organizations to understand the Azure portal as well as have having virtualization expertise. With hybrid and remote work becoming ever more popular, even enterprises and Microsoft partners who do have those skills may not have the resources available to cope with the current level of demand for virtual PCs, and there are plenty of smaller businesses that find AVD too complex.
Instead, they’re asking for a cloud desktop option that works with the management tools they already use, said Scott Manchester, partner director of program management for Cloud Managed Desktops. “I would really like to have the power and security of the cloud, but please don’t make me learn something new and adopt a new tool; please make sure that it works with the existing investments that I have with Microsoft Endpoint Manager and with my security and identity solutions.”
The new Windows 365 service is “the Windows you know, but you’re getting it in a different way, in a way that’s most flexible for you,” said Melissa Grant, director of product marketing for Microsoft 365.
Built on top of AVD, it offers Windows PCs in the cloud that can be provisioned from the same Microsoft Endpoint Manager dashboard organizations use to manage physical devices and VMs, with no need to provision Azure resources you pay for by consumption. Instead, there are two editions with fixed per user monthly pricing: Windows 365 Business and Windows 365 Enterprise, both of which will be available commercially Aug. 2.
Windows 365 is designed to coexist with physical PCs (and VMs on other infrastructure), to help organizations who are supporting a hybrid workforce, including remote and seasonal workers like contractors or interns. “The competition for global talent is fierce and people want to be able to use the devices they want, they want to be able to work when and where they want and still be able to be very productive, collaborative and secure,” she said.
“You can have everything all together in Microsoft Endpoint Manager, you’re using the same unified management console you’re familiar with. You can see your cloud PCs right next to your physical devices, right next to your other virtual endpoints, all in one unified place, and to do all the administration and deployment, as well as have predictable and per user pricing.”
Windows 365 also integrates with Microsoft Defender for Endpoints, just like physical Windows PCs, but there’s a specific Cloud PC security baseline and you can use multi-factor authentication with dedicated Windows 365 conditional access policies to check that logins to the service are genuine users. Plus, she noted, “you get a lot of affordance for endpoint security by having everything stored in the cloud, and not on that endpoint.”
Microsoft is also using a new term, Cloud PC, to distinguish Windows 365 from both the complexity of traditional VDI for the IT team, and the usually poor VDI experience for users, with VMs that are slow to start and don’t always keep any personalization done to the desktop. “One of the real differentiators of this is from traditional VDI is that you log back in exactly where you were the last time you left your machine,” Manchester explained.
You’ll go back to the same state even if you log in from another device, Grant added: “It picks up right where you left off with all your content, all your settings, all your data, as you move from device to device. You go right back into your Cloud PC, and you pick right up where you left off.”
That won’t always be completely seamless, anymore that it is on any other Windows PC. Windows 365 doesn’t offer the same kind of reboot-free security hotpatching that Azure Automanage brings to Windows Server 2022 running in an Azure VM.
Instead, the emphasis is on making updating Windows 365 just like updating any other Windows—so a Cloud PC will reboot like a physical PC (although you can set apps to restart automatically).
“We integrated into the Microsoft Endpoint Manager with the goal of minimizing the amount of new concepts that an endpoint admin would need to understand to truly be able to treat these workloads like they do their traditional workloads,” Manchester said. “With that we were able to accomplish a model where you can do your updates through the same exact workflows you do today, so you can get the Patch Tuesdays and do your own testing and validation and pick the time that you want to push those updates out, so you can determine with this group of users what the off hours are and push that update out so that you’re not going to disrupt them.”
Provisioning VDI on your own infrastructure or in the cloud usually means spending time allocating resources, using multiple admin roles or paying a consultant to do that for you. Windows 365 builds in the intelligence to take that work away, he said, so it’s easier to deploy than AVD.
“We don’t require all this complex understanding of building back-end infrastructure or all the mechanics and math required to run a cloud based solution cost effectively. We take all that burden away now, and provide that same set of tools and same workflows that you’re using today, but now you’re using them with virtualized workloads.”
In fact, Windows 365 is so simple that Microsoft initially worried some partners might be unhappy. “Those are things they typically charge for,” he noted. But with COVID-19 and the increase in hybrid work, partners have so much customer demand they want the simplicity themselves because now endpoint administrators can do the work previously reserved for expert virtualization admins. One large partner has seven times more endpoint admins than it does virtualization admins— and 15 times as much work as those virtualization admins could cope with.
“We’ve thought what admins have access to, which portals to ensure you don’t have to be a global admin to manage and apply this.” If an organization wants to integrate other Azure resources like storage, the Azure admin can do the setup for that instead of the endpoint admin.
“That’s where we usually lose customers: When you’re asking someone who manages different parts of their corporate environment to take on additional roles, it’s both a security issue and a complexity issue that limits the scale of the service.”
Any device, any network
You can use Windows 365 from a PC, Mac, iPad or other mobile device—anything with a browser, including the Raspberry Pi computers which are starting to be popular in education—or you can install the Remote Desktop app. Microsoft puts a link to its own client in the Windows 365 portal but third-party clients built on the AVD SDK, which also work with Windows 365.
Using Remote Desktop gives you the richest experience, according to Manchester. “You can redirect USB devices, you can do multimonitor.” But Windows 365 is also designed to work well in the browser for users who need quicker access. “If I’m travelling and I didn’t bring my work laptop or I didn’t bring any laptop all, and I want to get in and get some work done, you can log in from any browser and go directly into your cloud PC experience.”
Microsoft is also working with hardware OEMs on dedicated devices that only run as Cloud PCs. “Expect to see some really interesting integrated devices that focus more on battery life and screen size and rely on Azure Cloud to provide the computing experience.”
The small business version of Windows 365 also puts the management and deployment tools in the portal, because in a small business with no dedicated IT team, users will also be admins. “I can do centralised IT stuff right from the portal: I can add users, get more cloud PCs.”
Depending on the admin choices, users can rename, reboot and troubleshoot their Cloud PCs from the portal. “If my admin allows me to be a local admin, I could theoretically instal software that could put the machine into a bad state. This gives me a low-level Azure Resource Manager restart that puts that machine back into a good state.”
SEE: From low code to no code: Azure GPT-3 and Microsoft’s Power Platform (TechRepublic)
The troubleshooter runs an end-to-end connectivity test to see if any network issues are in the local network or on the back end. Windows 365 obviously takes advantage of the Azure network, which speeds up opening large files or working with remote colleagues in other locations; “the average Wi-Fi connection speed is somewhere around 27 megabits in the U.S. but once I’m connected up to my cloud PC, I’ve got 10 gigabits up and down.”
Enterprises and partners get more support tools based on the Watchdog Service that runs in Windows 365. Enterprises see alerts and advice inside Endpoint Manager through Endpoint analytics (as with AVD) and partners can see the health of the Windows 95 environment for multiple tenants inside Azure Lighthouse. “As an MSP, I could have have a thousand tenants, and if anything was going wrong in their networking environment—performance a user has on a machine, some security policy or conditional access policy that could affect them, if one of my admins passwords are ready to expire, if I’m running out of IP addresses. … We have hundreds of these checks that we’re running continuously on every tenant and bubbling them up into Lighthouse and bubbling up into the dashboard.”
That information is also available through the Microsoft Graph APIs so partners can integrate it into other tools; one partner has created a Teams chatbot for Windows 365 provisioning and support. “You can say ‘Hey, I’ve got these 500 new users starting tomorrow, can we get some VMs pushed out for them?’ and Windows 365 will go off and build the VMs. You can ask questions like ‘are all my users having good performance?’ and get, ‘This person is having bad performance, would you like to upgrade their machine?’ and when you say yes, it automatically gives them a bigger machine.”
Azure Virtual Desktop is what powers Windows 365, and that service will still be available. “We look at AVD as the Swiss Army knife: it’s got every option that you could ever demand.” AVD will be ideal for customers that want to run a single remote app for all their users who are all on physical devices, or to take advantage of the Windows 10 multi-user support, he suggested. “If they’re compelled by the opportunity to replace a lot of the workloads that traditionally ran on physical devices and move that workload up into the cloud, and a full desktop is better suited for them then w365 is going to be a better fit.” Some organizations will likely use both services in different parts of their businesses, with some teams wanting consumption-based pricing, and others needing virtual PCs that endpoint admins can scale up and down.
Consumer Cloud PCs in the future
Before Azure Virtual Desktop, Manchester worked on Project Arcadia, a cloud gaming service Microsoft experimented with, so he understands what consumer Cloud PCs will require, and Windows 365 isn’t there yet—even though it’s suitable for very small businesses.
“I could be a single LLC, one employee, and from a cost perspective management overhead Windows 365 is a very viable option for me. With traditional virtualization solutions, you usually have to get to about 25 to 50 [people] where you can amortise the cost, but this is a fixed price. There’s no flat costs, you’re just paying for the cost of the machine. With our small business offering, there’s no domain controller required, I can do a pure native AAD join, I don’t need a VNet; I can just leverage Microsoft’s infrastructure and have this up and running in minutes, and have this Windows desktop experience in the cloud.”
It’s this identity piece that’s not ready for a consumer service (or for students who want to have a Cloud PC on their own, unmanaged devices), but he suggested that would be possible. “I can’t bring my own identity; I have to have either a vanity domain that I’ve set up with Microsoft 365 or I’m using a onmicrosoft identity [from Microsoft 365 or Office 365]. The next step for us is to bring forward the end user’s own identity and then we have a consumer product. But from a scale perspective and ease of use and simplicity, it’s very ready for consumer usage.”
Microsoft is also planning other new features for Windows 365, like being able to use it when you’re not connected to the cloud. “Some of our forward-looking thinking has scenarios where you can have a mobile experience and even still interact with your Cloud PC when you’re offline. Synchronizing a local container, so though you wouldn’t have the same performance when you’re working offline, you can still be productive and then when you reconnect to the internet sync back up and be back leveraging the cloud resources. There’s lots of cool things like that that this unlocks for us to innovate on.”