Remote Windows for a Remote World.
Article originally appeared on PCMag.
It already had Azure Virtual Desktop (AVD) and one of the most advanced infrastructure-as-a-service (IaaS) clouds in the business, so what prompted Microsoft to push out another desktop as a service (DaaS) platform in Windows 365 Cloud PC? The answer is simple: Ease of use for the broadest possible customer adoption. And the fact that Microsoft had to suspend trial accounts because initial demand was skyrocketed so unexpectedly proves that theory correct. Businesses of all sizes are looking for the path of least resistance when it comes to hybrid work.
"We started working on Windows 365 back in late 2019 because after talking to our managed service partners, we saw a new opportunity," says Scott Manchester, Partner Director of Program Management, Windows 365 who was previously the Group Program Manager for Microsoft AVD. "We kept hearing that these partners had much more on-hand staff expertise in endpoint management than they had skilled experts in virtualization."
Endpoint management encompasses the typical IT help desk tasks associated with administering corporate desktop and laptop PCs, which covers everything from user login issues to patch management. Those tasks are still necessary in a DaaS scenario, but now the underlying technology fabric is virtualization since every DaaS desktop is a virtual machine (VM). That can become a problem since managing a virtualized environment can get complex, especially at scale. Microsoft's partners were top-heavy on physical endpoint management but too weak on virtualization skills to be able to roll out an effective DaaS service. According to Manchester that ratio averaged out to seven times more endpoint talent than virtualization professionals. The upshot was that not only Microsoft's customers but also many of its partners needed a simpler desktop virtualization solution.
"Shortly after we started work on that, COVID-19 hit and we had to drastically accelerate our development schedule," continued Manchester. "Our partners suddenly couldn't keep up with demand. They wanted a simpler and much easier to deploy virtual desktop and Windows 365 was the answer."
Windows 365 Under the Hood
For small to midsized businesses (SMBs), Microsoft has done a credible job building an end-to-end DaaS service that's much easier to use than AVD, both for users and IT managers. Microsoft also touts Cloud PC performance over your physical device. Because your Windows 365 instance is hosted in a high-performance data center, you're benefitting from the Internet connection speeds in that data center rather than those of your on-site broadband connection. The company has demonstrated some impressive numbers, including 10Gbps for downloads and 4Gbps for uploads.
On the user side, a Cloud PC will behave exactly as their own physical PC would. That particular virtual PC is theirs and they can customize it just as they could a physical Windows PC. Wallpapers, application pre-sets, default font sizes, it's all available and once customized, persistent. And, the Cloud PC has the added benefit of having better performance than their on-prem PC and they can get to it using any device — a PC, a native Apple app for iPad users, and even their smartphones using a browser interface.
Choosing what you need is broken down into two basic choices, namely either an Enterprise or a Business version. You want Enterprise if you're a Microsoft shop with an IT department that uses Microsoft Endpoint Manager to watch over a big pool of Windows 10 PCs (Manchester hints that Windows 11 will be supported as well, though an exact date wasn't forthcoming). Microsoft adds a bunch of Azure tools here because much of Cloud PC is built on top of AVP technology. To fully take advantage of Enterprise, however, you'll need not just Endpoint Manager, but also a per-user Intune license and an Azure license sufficient to build your own virtual network. And even with that deeper set of tools, Enterprise may still not be enough for you.
"Very large businesses may or may not want Cloud PC," says Melissa Grant, Director of Product Marketing for Microsoft 365. "If you need something turnkey, then the Windows 365 Business version is your best option. But larger companies will need to look at the tools that Windows 365 Enterprise provides and compare those against the even more flexible options available in Azure Virtual Desktop before deciding on the appropriate platform."
The Business version is meant for small businesses or individual users (though the company has hinted that a full-on consumer version might also come out in the future). If you're usually ordering your PCs from Amazon, configuring them yourself, and maybe plugging them into a small business network, this is the option for you. No Azure or Intune license is required, just subscribe via Microsoft 365, go through the guided setup process, and you've got a new PC at a per-monthly rate. If you're a business, know that this version is designed for 300 users or less. You're not capped there, but if your user count grows beyond this, you're probably better off looking at the features in Enterprise.
Most businesses will choose Enterprise not based on user count but because they need their clients to connect not just to the cloud, but to some on-premises resources, too, such as app and file servers or even local printers. That's where you'll need an Azure Active Directory account with Azure AD Hybrid Join. This lets you keep your on-prem domain controller while sharing information with your cloud-based Azure AD service. This isn't trivial work, but Microsoft-savvy IT professionals should find the guided setup experience fairly easy to follow.
Once your hybrid network is up, you'll be able to address it as simply an extension of your on-premises network, just one that's housed in the cloud. All your AD user groups and policies will be available for your Cloud PCs. To set up those Cloud PCs, you've got to hop over to Microsoft 365 to purchase your Windows 365 licenses. That process also means configuring your Cloud PC specs as far as compute, storage, and network resources go because as with most VM services prices go up the more muscle you assign to each PC.
More on pricing below, but the bad news here is that these are new and separate Windows licenses. If you've already purchased a few hundred Windows licenses for your physical devices, you can't drop those off their existing PCs and use them for Cloud PC licenses. Fortunately, Microsoft has put all the licensing requirements for any Cloud PC into a per-user per-month format with (apparently) no per-minute charges, and since these start at $20, even SMBs shouldn't find the per-user licensing to be too much of a gut punch.
Once you've built your basic set of Cloud PC images you can assign them to your various user groups. So, for example, say you need a set of Cloud PCs for your marketing department in New York City. With the hybrid network configured, you can spec out a basic PC instance that you feel has enough compute muscle for a marketing person, and then name it East Coast Marketing. Now you match that to a Cloud PC base image that includes the Windows version and a set of pre-installed apps. Microsoft has pre-configured baseline images that have sport its own apps, notably various bundles of the Microsoft 365 suite. You can customize those images later by adding your own software selections or you can build your own image from scratch.
If you're a small company, you can then push those Cloud PCs to your users manually, meaning one at a time. Most companies though will want to automate this process. For that, you can assign East Coast Marketing to that department's Azure user group. Cloud PC will then automatically provision a PC for every user in that group and you'll see them pop up on your Microsoft 365 and Endpoint Manager screens just like a physical PC. No word yet on what happens if you'd rather use a different management tool or if you'd want Endpoint Manager to connect with another non-Microsoft toolset.
But just as important as day-to-day management, security is what most companies will look at most carefully when considering a business-class DaaS offering. Windows 365 is built on a zero-trust security model and you can enforce all your Azure security policies on your Cloud PCs or build custom policies that apply only to them. There's a built-in baseline security spec to get you started and you can customize from there. Microsoft has included some additional security measures for Cloud PC users based on user role or device type. For example, you can forbid certain users from copy files from their Cloud PC onto the physical device they're using to access it. Finally, end-to-end encryption is a constant at rest and in transit.
Microsoft Cloud PC Pricing
As of August 2, 2021, Microsoft has published 12 Cloud PC configurations. These range from a low-end configured with one virtual CPU (vCPU), 2GB RAM, and 64GB storage costing $20 per user per month. From there it ranges through a variety of resource configurations until it reaches a high end of eight vCPUs, with 32GB RAM and 512GB storage. That configuration will cost you $158 per user per month. These prices are the same for both the Business and Enterprise versions, though Microsoft is sweetening the Enterprise deal with a discount of $4 per Cloud PC.
As mentioned above, however, Enterprise users will need a number of additional licenses beyond per-user Windows 365. This includes an Azure subscription and an Azure virtual network (vNET) subscription, and that one will need to connect to an on-premises Azure directory and a working DNS server. After that, you'll need per-user Microsoft Intune licenses and potentially Microsoft 365 licenses depending on whether or not you're using one of Microsoft's default Microsoft 365 bundles with your Cloud PC.
If you want to evaluate both the pricing and performance of Windows 365 Cloud PC, Microsoft initially offered three trial configurations that a single user in your organization could test out for 60 days. However, the trial service hit capacity much more quickly than Microsoft was expecting, so at the time of this writing, trial accounts are suspended. You can, however, sign up to receive a notification when trials resume.
A Lighthouse for Partners
If you're thinking all this might be a lot more complicated than you first thought or maybe you don't have a stable of Microsoft-steeped IT staffers on hand, that's where Microsoft wants its partners to step in. To enable that, the company announced Project Lighthouse at its Ignite 2020 event and put it into public preview in mid-July.
Lighthouse is a set of tools developed specifically for managed service partners. With these tools, Microsoft wants its partners to build value-add solutions on top of Microsoft 365 and Windows 365 and then push them out to customers at scale. So an MSP that concentrates on real estate property managers, for example, can build a set of Cloud PCs, virtual network templates, and app templates specifically designed for those kinds of customers, including not just Microsoft 365 apps, but also their own custom vertical software. Lighthouse then lets them manage those customers in Azure using multi-tenant technology and a host of security features that individual customers would have difficulty implementing on their own.
And software providers aren't the only partners Microsoft is looking to attract. "We want to expose Windows 365's benefits to hardware partners, too," says Grant. "Because Windows 365 is a truly cross-platform service, there are many interesting opportunities for our hardware partners to build endpoint experiences specific to Windows 365." That means it might be possible to see low-cost thin client-style hardware in the future that might not force companies to double-dip on the Windows licensing portion of Cloud PCs.
So while Microsoft is billing Windows 365 Cloud PC as a one-stop DaaS shop for most businesses, Lighthouse lets its partners build their own service offerings using the same model. Pricing, of course, will vary depending on the partner.
A Compelling Set of Hybrid Work Options
For companies dealing with remote access for all their hybrid work demands, Windows 365 presents some interesting possibilities. While its basic service model is the same as that for many DaaS platforms, if you're a Microsoft shop already, its ability to leverage most of your previous infrastructure investments is attractive. The additional per-user dollars might not make everyone happy, but the fact that they're all rolled into one per-user per-month subscription number will make that easier to swallow.
But the best part of the offering is the flexibility it offers both users and IT pros. Users will be able to access a full Windows PC virtually, and one that's not only managed by their IT staff, it's also connected directly into their company's network. None of those typical remote access hoops are required. For the IT staff, it lets them extend their on-premises network into the cloud fairly easily, which is good. But even better is that it does away with those remote work headaches they've been suffering for the last 18 months.
No more worrying about supporting users on personal hardware the IT department didn't approve or using routers they don't know about. Now the network is in a secure slice of the cloud and IT is only responsible for managing its Cloud PCs. Whatever software or device limitations users impose by using their own devices are their own problem again so your support desk people can stop tearing their hair out. And bonus, the update and patch management chore is also gone, since Windows 365 handles those automatically.
Whether Windows 365 Cloud PC is as good as its billing will come to light only after customers have been using it for at least a year. That's when you'll know for sure how it stacks up against more mature DaaS offerings, like Amazon WorkSpaces or IBM's Dizzion. In the meantime, however, if you're looking at hybrid work as a difficult challenge, this service is definitely worth investigating.