Microsoft - Aug 2, 2021

Windows 365 – A new, modern OS via Desktop as a Service.

The last few weeks have been turbulent for Microsoft. The IT world was perplexed over the announcement of their new OS, Windows 11, on 24/06/21, as it had previously been announced that Windows 10 would be its last standalone OS release. Only a few weeks later, at the annual #MSInspire partner conference, came the next surprise—a preview of Windows 365. And that wasn’t all. It turns out Windows 365 is not only a Desktop as a Service feature, but the beginning of a whole new computer category—the Cloud PC.

written by

Consultant – Microsoft and Workplace Management

E-Mail: florian.vees@bechtle.com

Chairman and CEO at Microsoft Satya Nadella’s speech on the release of Windows 365 left a deep impression. “The same way applications made it into the cloud via Software as a Service, we will now bring the operating system into the cloud. This will offer companies more flexibility and a secure way of enabling their employees to work efficiently and be better connected, regardless of their location.”

In addition to Windows 365 and the recently rechristened “Azure Virtual Desktop”(AVD) (previously Windows Virtual Desktop), Microsoft now has two central Desktop as a Service virtualisation services for the provision of Windows via and from the cloud. We asked ourselves, what exactly is Windows 365 and how does it work and provision in comparison to Azure Virtual Desktop?

Windows 365 – Service model.

Upon release, Windows 365 will be available as two different licensing models—Windows 365 Enterprise and Windows 365 Business. Both versions of Windows 365 use similar cloud technologies for provisioning as Azure Virtual Desktop. Technologically, Windows 365 is based on the AVD component, but shows some fundamental differences in the complexity of its provisioning, management and licencing model.

The Enterprise Cloud PC solution by Windows 365 was designed primarily for organisations that have already invested in Microsoft Endpoint Manager and use the platform to manage physical Windows 10 desktop systems. Similar to Microsoft Endpoint Manager, Windows 365 Enterprise requires an Intune licence for each user that has been assigned a direct Cloud PC M365 SKU.

A review of Windows 11.

What does the new Microsoft OS have to offer, What updates can we look forward to and what will still be all too familiar?

Blog post

The Business Cloud PC solution by Windows 365, on the other hand, has been designed for individual users or smaller organisations and startups that do not have an Enterprise devices or software management solution for consistent and central administration. The advantage of using Windows 365 Business is that it can provide centrally configured, consistent and secure Cloud PCs, regardless of the hardware, in only a few hours’ time. Unlike Windows 365 Enterprise, the Business version does not require Intune licences for each user. The end points are managed by the users themselves, similar to a standalone, physical PC.

When you compare AVD to Windows 365, it becomes noticeable how Windows 365 only supports Windows 10 Enterprise (and most likely Windows 11 after release) as a single-session OS solution. AVD on the other hand enables organisations to choose between single-session, multi-session and Windows Server operating systems.

Windows 365 Enterprise – Technical architecture.

Windows 365 Enterprise depends on a provisioned Azure Active Directory and a local Active Directory instance in a hybrid scenario. For this reason, for provisioning, it requires a standalone Azure subscription with a configured network and access to the local Active Directory instance that Azure AD Hybrid Join for Windows end devices has been activated for. According to Microsoft, use of Enterprise in a cloud-only infrastructure with Azure Active Directory Domain Services (Azure AD DS) is currently not supported.

The actual VM in Windows 365 Enterprise is executed via a Microsoft Azure subscription, which means that administrators do not have direct access to the actual VM endpoint and that the costs of the VM are not included in the actual Azure subscription. The interesting thing about this method of provision, however, is that the network card (NIC) of the Windows 365 Enterprise VM can be “injected” into an active vNet of the deployed Azure infrastructure. This enables all of the Windows 365 Enterprise VM’s traffic at the network’s end to be calculated via the internal organisational Azure subscription, and the VM to be provided as a member of the local domain. In addition, all administrative tasks, e.g. software installation, patching and the use of guidelines can be carried out via the Microsoft Endpoint Manager Portal.

Windows 365 Business – Technical architecture.

Unlike the Enterprise solution, Windows 365 Business is provided fully and exclusively as part of an Azure subscription by Microsoft, including the corresponding network card. So there currently is no way to integrate the network card of the provisioned VM into an existing vNet in Azure. The advantage is that at no time does Windows 365 Business require or ask the organisation for an Azure subscription. Neither is it dependant on a local Active Directory instance, as business Cloud PCs are connected to the Azure AD natively. In addition, individual users leveraging a Windows 365 Business VM do not require their own dedicated Intune licence. The flip side of the coin is that administrators don’t have the possibility to manage the VMs.

Thanks to full integration and visualisation of the VM via Microsoft, Windows 365 Business does not require any tricky setup processes. The steps for provisioning are extremely simple. First allocate a Windows 365 Business licence to a user via the Windows 365 Admin Portal. The desktop in question is provided to the licenced user within a few hours via e-mail with a login portal and the necessary access data.

Windows 365 – Admin experience.

Windows 365 Enterprise is managed entirely in the Microsoft Endpoint Manager UI, as opposed to AVD that is managed via the Azure portal. It does not require any additional portal. The Endpoint Manager (MEM) enables administration on the operating system level or higher up. Administrators can only make changes to Windows via MEM or the virtual network via Azure, but not to VM resources on Windows 365 Enterprise Cloud PCs.

Windows 365 Business Cloud PCs on the other hand are not integrated into MEM and therefore do not have a dedicated management portal. The user that has been assigned the Windows 365 Business Cloud PC is completely responsible for administration on the operating system level.

Windows 365 Enterprise, similar to AVD, gives the user the possibility of using their own OS image, besides a Microsoft image. However, unlike AVD, Windows 365 Enterprise only supports Gen 1 VM hardware images. Business Cloud PCs by Windows 365 do not support user-chosen images. These users will have to use the resources provided by Microsoft for Windows 10 Enterprise.

Windows 365 Enterprise uses Microsoft Endpoint Manager integration for providing and updating applications. Provision of MSIX applications is currently not supported. For Windows 365 Business, Windows updates must be executed manually by the users or via management tools offered by third party providers.

In terms of profiles and profile management, there are some large differences between AVD and Windows 365 Enterprise and Business. AVD uses FSLogix technology for encapsulating user profiles, which enables a fast transition between VMs without losing the user status. Another possibility is the provision of personalised desktops without FSLogix in AVD. Windows 365 on the other hand does entirely without the use of and implementation of FSLogix technology, meaning that all profiles are saved natively on the :C drive.

Windows 365 – User experience.

The experience a user has, whether they are using Windows 365 Cloud PCs or an AVD desktop, is identical. Users connect to AVD or Windows 365 via the same client app, which is available for Windows, macOS, iOS, Android or as a HTML website app. The fact that Windows 365 and AVD use the same infrastructure offers the users all the advantages a consistent experience across both platforms can offer. 

It’s especially interesting when it comes to printing. Both AVD and Windows 365 Cloud PCs support relaying printers and scanners via the RDP client application. AVD and Windows 365 Enterprise also enable network-based printing and scanning via a site-to-site VPN between Azure vNet and the local network where the devices are hosted. Windows 365 Business does not support this feature due to missing vNet integration in Azure—but there is a workaround with Azure Universal Print. 

There are also some distinctions between AVD and Windows 365 when it comes to self-service. AVD offers very few functions for self-service. E.g. users are not capable of restarting or ending a frozen session. Windows 365 on the other hand can be restarted by users without any additional support.

Summary.

To come to the point, I would say that Windows 365 is definitely worth looking at as an SaaS solution for SMEs and larger organisations that have already implemented Microsoft Endpoint Manager. The fast and uncomplicated provisioning of Windows 365 VMs and Cloud PCs offers fast scaling and reaction possibilities, even in the event of disaster. The release of Windows 365 on 02/08/2021 and Windows 11 at the end of the year will also pose an attractive opportunity for providing new operating systems in a way that is fast and hardware independent. I look forward to seeing first application examples and configurations! 

It will be exciting to see which options in terms of app provisioning and OS customisation will be available in the final release of Windows 365, as this will be decisive for whether or not AVD will remain in pole position as a central virtualisation solution for Windows, or it gets overtaken by Windows 365.

Share article

Published on Aug 2, 2021.