Windows 365 – the revolutionary new virtualization solution (Part 5: Administrating Windows 365)

After having a look at the setup and usage for end users (in the previous articles of that series), it it now time to have a look at the administration of Windows 365.

This blog series contains the following articles (the links will be updated, once the articles are released).

Every company, that manages servers and clients, needs to control certain settings. For example Windows settings, Office settings, disable some unwanted features and all that stuff. Now after you have setup Windows 365 as shown here or here, you want to control the CloudPCs as well of course.

If you have ever tried to join a Windows Server 2019 to Azure AD you may have seen articles like this one: Sign in to Windows virtual machine in Azure using Azure Active Directory | Microsoft Docs. This only works with Azure VMs and to be honest: It is a mess. You need AAD Domain Services and a lot of patience. So what about Windows 365? This is not a server operating system, but client. Everybody knows how easy it is to join a client to an on-premises domain or to Azure Active Directory. So it is with Windows 365.

After having the first Windows 365 PC provisioned, it appears in your management. In my case (and in this blog article) I focus on Endpoint Manager. When you use Windows 365 Enterprise, you will find your PCs in your on-premises environment as well. Once I have one, I’ll update this article.

Windows 365 is easy to find inside Endpoint Manager. Just open the blade Devices:

You see my tenant has several Windows devices (even one with Windows 11 😉 ) and an Android mobile. Highlighted is the CloudPC. Easy to identify because of its prefix CPC. Some magic happened to achieve that. Remember that Windows 365 is a user license? Continuing that thought means:

  1. A user gets a Windows 365 license assigned
  2. The CloudPC is being provisioned
  3. The user logs on
  4. The CloudPC automatically joins Azure AD and applies all Intune policies
  5. The CloudPC has a compliant state from hour zero

Having devices be compliant from hour zero is a dream. No further need for post-provisioning, removing bloatware and all that creepy and crappy stuff.

On the other hand this also means that all configuration that is already in place and in future in Intune/Endpoint Manager will automatically be applied to the CloudPC. Like with every other PC in your network. As you know it from Endpoint Manager, you can have a look, which policies were applied and you will find all user-assigned policies here:

Well and that is everything you need to have in mind. With other easy words:

You continue to manage as you know it. Nothing new to learn when adding a CloudPC to your network. The CloudPCs adapt your client standards regarding configuration and compliance.
The Windows 365 CloudPC is under full control of the company - like any other client.

Published by Andreas

Founder of M365 Evangelists Cloud-Architect, Strategy Consultant, Consultant for Microsoft technologies, Graph API enthusiast, PowerShell enthusiast
%d bloggers like this: