Introduction
Welcome to the “Windows 365: From Zero to Hero” series! This series will guide you through every aspect of setting up and managing Windows 365, from start to finish. Whether you’re a business owner, IT admin, or simply interested in cloud computing, this series is for you.
In Part 1, we will cover:
- What is Windows 365? Discover how it enhances your business with Cloud PCs.
- License options: Understand Business, Enterprise, and Frontline licenses.
- Setting up your first Cloud PC: Step-by-step guide for beginners.
- User experience: Explore the seamless interface and user interaction with Windows 365.
By the end of Part 1, you’ll be ready to choose the right license, set up your first Cloud PC, and experience the benefits Windows 365 offers for both administrators and end users. In this series we will focus on setting up W365 Enterprise licenses. Let’s get started!
What is Windows 365?
Windows 365 is a cloud-based solution that gives you a virtual PC, accessible from anywhere. If you’ve ever dealt with traditional VDI (Virtual Desktop Infrastructure), you know the headaches—managing servers, handling backups, scaling resources, and planning for disaster recovery. Even cloud-based solutions like Azure Virtual Desktop (AVD) require a lot of manual setup and maintenance.
With Windows 365, all of that complexity is handled for you. There’s no need to worry about managing hardware, backups, or security patches—Microsoft does it all. You assign licenses, and users instantly get a Cloud PC with everything they need. Scaling up? Just assign more licenses. Disaster recovery? It’s built-in, with no extra work on your part.
Why Windows 365 over Traditional VDI or RDP?
Here’s the real difference: Windows 365 makes your life easier.
- No manual backups or disaster recovery: Microsoft takes care of that in the background, so you don’t have to stress over it.
- No infrastructure management: No servers to set up, no storage to maintain. Once you assign a license, the Cloud PC is ready to go.
- Automatic updates: Security patches and system updates happen automatically, without you lifting a finger.
In contrast, traditional on-prem VDI requires constant hands-on management, from setting up servers to ensuring disaster recovery plans are in place. Even RDP (Remote Desktop Protocol), while useful, can suffer from performance issues since multiple users often share a single host, meaning resources are stretched thin.
When On-Prem VDI Still Makes Sense
There are still cases where on-prem VDI could be the better choice, especially if your business requires full control over data and hardware, like in highly regulated industries (e.g., healthcare). For companies that have already invested heavily in their own data centers, sticking with on-prem VDI might be more cost-effective, too.
But for many businesses, Windows 365 simplifies things in a way that’s hard to beat—no need to worry about servers, backups, or patching. Just focus on running your business while Windows 365 handles the rest.
License options
Windows 365 Business
Windows 365 Business is created for small to medium-sized businesses (up to 300 users) that want the benefits of a cloud PC without the complexities of traditional IT infrastructure. It provides a simple and scalable solution, especially for companies without dedicated IT departments.
Key Features:
- Simple Management: Unlike the Enterprise version, no advanced tools like Intune or Azure AD are required. Everything can be managed through the Microsoft 365 admin center.
- Automatic Updates and Security: Microsoft takes care of updates and security patches, removing the burden from IT staff.
- Flexible Access: Users can access their Cloud PCs from any device, including Windows, macOS, Android, or via a web browser.
- Flat Monthly Pricing: Budget-friendly, per-user pricing with no hidden fees.
Limitations:
- Limited On-Premises Integration: Difficult to integrate with on-premises environments or legacy systems.
- Basic Customization: No preinstalled software or support for custom images, requiring users to install their applications manually.
Ideal for: Small businesses without IT departments, remote work environments, and organizations needing scalable, secure virtual desktop solutions.
Windows 365 Enterprise
Windows 365 Enterprise is designed for larger organizations that need advanced management capabilities and full integration with existing IT infrastructure. It supports Microsoft Endpoint Manager (Intune) and Azure AD for robust device and application management, enabling seamless integration with on-prem systems.
Key Management Features:
- App Deployment via Intune: Use Intune to manage apps, settings, and policies across Cloud PCs, eliminating the need for custom images.
- Customizable Desktop Environments: Tailor cloud PCs to different users or teams, based on performance needs like CPU, RAM, or software.
Key Benefits:
- Hybrid Integration: Easily integrates with both cloud and on-prem environments, allowing Cloud PCs to access internal networks and Active Directory.
- Advanced Security and Compliance: Supports multi-factor authentication (MFA), conditional access, and compliance checks, ideal for industries with strict security standards.
Limitations:
- Requires IT Expertise: Advanced tools require skilled IT professionals to manage.
- Higher Complexity: Managing policies, apps, and security is more complex than in the Business version.
Ideal for: Large enterprises with dedicated IT teams, industries with stringent compliance needs, such as healthcare and finance.
Windows 365 Frontline
Windows 365 Frontline is designed for businesses with shift workers or part-time employees, offering all the benefits of the Enterprise version but at a lower cost. It allows up to three users to share one Cloud PC license, although each user has their own personalized cloud PC. However, they cannot all access their Cloud PC simultaneously.
Key Features:
- Shared Licensing: Up to three users share one Cloud PC license, significantly reducing costs while still providing each user with their own separate Cloud PC.
- Full Enterprise Features: Frontline users benefit from all the advanced features of the Enterprise license, such as integration with Intune, app deployment, and strong security policies.
- App Deployment via Intune: Just like in the Enterprise edition, Intune can manage apps, policies, and settings on the shared Cloud PCs.
Key Benefits:
- Cost-Effective: This is ideal for businesses that do not require continuous access to a Cloud PC for each employee. Costs are reduced by allowing users to share access.
- Seamless Enterprise Integration: Despite the shared nature of the license, all the advantages of Enterprise—such as centralized management, app deployment, and enhanced security—are available.
Limitations:
- No Simultaneous Access: Users share a single license and cannot be logged in at the same time. This is suited for businesses where workers are on rotating schedules.
Ideal for: Shift workers, part-time employees, and cost-conscious organizations in industries like retail, healthcare, and customer service where continuous access to a dedicated Cloud PC isn’t necessary.
Extended Security Updates (ESU) program for Windows 10 on Windows 365 [Update]
If you’re using Windows 10 with Windows 365, the Extended Security Updates (ESU) program is something you’ll want to keep in mind. Microsoft officially ends support for Windows 10 on October 14, 2025, which means no more regular security updates after that date. But here’s the good news: as a Windows 365 user, you won’t be left behind.
Windows 365 customers get free ESU coverage for up to three years after Windows 10 reaches its end of support. This means your Cloud PCs will continue receiving critical security updates, keeping your system protected without you having to shell out for additional licenses or worry about vulnerabilities sneaking in.
That said, while you’ll be covered in terms of security, it’s still a good idea to plan ahead and consider upgrading to Windows 11. Not only does this ensure ongoing support and access to the latest features, but with Windows 365, transitioning your Cloud PCs to Windows 11 can be a smooth and hassle-free process.
In short, with Windows 365, you’ll be secure well beyond Windows 10’s end-of-life, but preparing for that next step with Windows 11 will future-proof your setup and keep things running smoothly.
Extended Security Updates (ESU) program for Windows 10 | Microsoft Learn
For a detailed look at Extended Security Updates (ESU) and a step-by-step guide on how to set up a Windows 10 Cloud PC, I recommend watching Steve Weiner’s video. He not only explains how ESU works for Windows 10 but also demonstrates the process of setting up a Cloud PC within Windows 365.
While ESU provides some breathing room with continued security updates, it’s still important to start planning your upgrade to Windows 11 to ensure long-term support and access to new features.
Extended Security Update program for Windows 10 Devices [Update]
While we strongly recommend moving to Windows 11, we understand there are circumstances that could prevent you from replacing Windows 10 devices before the EOS date. Therefore, Microsoft will offer Extended Security Updates.
Like the Windows 7 ESU program, your organization will be able to purchase a yearly subscription to security updates. The yearly commitment is renewable for three years. Devices enrolled in ESUs will receive monthly security updates to keep these Windows 10 PCs secure.
The ESU program for Windows 10 will include critical and/or important security updates. ESUs do not include new features, customer-requested non-security updates, or design change requests. Technical support beyond the ESU itself is also not available.
- For Windows 365 customers, ESUs will be provided for the Windows 10 devices that connect to a Cloud PC running Windows 11 at no additional cost.
- If you run a Windows 10 instance in Azure Virtual Desktop, ESUs will also be available at no additional charge on those virtual machines (consumption not included).
Plan for Windows 10 EOS with Windows 11, Windows 365, and ESU | Windows IT Pro Blog (microsoft.com)
Setting up your first Cloud PC
Create a Security Group and Assign Licenses
To get started with Windows 365 Enterprise, the first step is to create a security group and assign a test user. This group will streamline future management tasks, such as applying security policies, app deployment, and other settings for all users within the group.
Assigning licenses to the group, rather than directly to individual users, offers several advantages:
- Consistency: Policies and settings applied to the group will be uniform across all members, ensuring consistency in configurations.
- Simplified management: Adding new users to the group automatically assigns them the Windows 365 license.
Create a Security Group in Azure AD
- Sign in to the Azure Active Directory portal.
- Go to Groups > New Group.
- Choose Security as the group type.
- Name the group (e.g., Windows 365 Users).
- Set the Membership Type to Assigned.
- Add your test user to this group.
Assign Windows 365 Enterprise Licenses
- Navigate to Microsoft 365 Admin Center.
- Go to Billing > Licenses.
- Find Windows 365 Enterprise and assign the license to your security group.
- Confirm that the test user receives the license.
This setup will prepare the group and user for Cloud PC access in the next steps of configuration.
Creating Provisioning Policies for Windows 365 Enterprise
Provisioning policies in Windows 365 Enterprise define how and where Cloud PCs are created, assigning settings like network configurations and user groups. Here’s how to set up a provisioning policy and an overview of available options:
Steps to Create a Provisioning Policy:
Open Microsoft Endpoint Manager:
- Sign in to the Microsoft Endpoint Manager Admin Center.
- Navigate to Devices > Windows 365 > Provisioning policies.
- Select + Create policy.
General Settings:
- Policy Name: Provide a descriptive name (e.g., “Default Windows 365 Policy”).
- Description: Add a brief description outlining the policy’s purpose.
- Location: Choose the geographic location (e.g., North America, Europe) to ensure data residency compliance and optimal performance for users.
Network Settings:
- Azure Network Connection: Choose an Azure VNet for on-prem resource access.
- Microsoft-Hosted Network: Simplifies management if on-prem resources aren’t required.
Join Type:
- Azure AD Join: Direct join to Azure AD for cloud environments.
- Hybrid Azure AD Join: Connects to both Azure AD and on-prem AD.
Region:
- Region: Select the data region to host the Cloud PCs (e.g., “US East,” “Europe West”).
SSO (Single Sign-On):
- Use Microsoft Single Sign-On: Enable SSO to allow users to access Cloud PCs with their existing Microsoft credentials, simplifying logins and enhancing security.
Images
After configuring the general settings, you’ll be prompted to choose a Cloud PC image. You have two main options:
- Prebuilt Image: Select a pre-configured image from Microsoft with standard Windows 10 or Windows 11 configurations and the latest updates.
- Prebuilt images are ideal for general use cases, providing a quick, out-of-the-box experience that simplifies deployment.
- Custom Image: Alternatively, you can use a custom image tailored to your organization’s needs, if you require specific software or configurations.
For this demo, select a prebuilt image for simplicity..
After selecting the image, the next step involves configuring various settings:
Windows Settings:
- Language and Region: Set the default language, time zone, and keyboard settings for the Cloud PCs, ensuring a localized experience for users.
Cloud PC Naming:
- When applying a Cloud PC naming template, follow the established rules to create standardized, unique names. Here are some custom examples:
- %RAND:6%: Generates a completely random 6-character name (e.g.,
A1B2C3
). - CP-%RAND:7%: Adds a 7-character random string after a prefix (e.g.,
CP-X7T2G5H
). - SALES-%USERNAME:3%-%RAND:5%: Combines the first three letters of the username with a 5-character random string (e.g.,
SALES-JOH-12B8F
). - HR-%USERNAME:4%-%RAND:6%: Prefix with the first four letters of the username plus a random 6-character string (e.g.,
HR-JANE-P9S8K4
).
Additional Services:
- Windows Autopatch: Enable Windows Autopatch to automatically manage and deploy updates for Windows, Microsoft 365 apps, Edge, and Teams. This reduces manual patch management tasks, ensuring devices stay current and secure without administrative burden. Autopatch also helps mitigate security risks by ensuring updates are applied promptly.
- None : If you don’t plan to enable Windows Autopatch, you can manage updates manually using your own policies in Microsoft Intune. This approach gives you full control over how and when updates are deployed to your Cloud PCs, allowing you to customize update schedules, feature releases, and security patching based on your organization’s specific needs.
By configuring these options, you ensure that Cloud PCs are properly maintained, secure, and updated consistently across the organization.
The next step in the provisioning policy setup is to select the security group you created earlier. This group defines which users will have Cloud PCs automatically provisioned based on the policy.
- Select the Security Group: Choose the security group (e.g., Windows 365 Users) created in the previous step.
By assigning the provisioning policy to the security group, you ensure that all users in this group receive their Cloud PCs with the configurations, settings, and services defined in the policy. This also simplifies management, as adding new users to the group will automatically provision Cloud PCs for them.
Once everything looks correct, click Create to finalize the provisioning policy. After this, Cloud PCs will be automatically provisioned for users in the selected security group.
Step-by-Step Guide: Detailed User Settings for Windows 365
- Sign in to Microsoft Intune Admin Center.
- Navigate to Devices > Windows 365 under Provisioning.
- Select User Settings > Add.
- Enter a Name for the user settings configuration.
- Check the following boxes for detailed settings:
- Enable Local Admin: Grants users in the group local admin rights, allowing them to install applications and make system-level changes.
- Enable users to reset Cloud PCs: Allows users to wipe and reprovision their Cloud PCs. Data and apps will be lost, restoring the PC to its initial state.
- Allow users to initiate restore service: Lets users restore their Cloud PCs from a backup. Point-in-time restore service allows users to restore a Cloud PC to a specific time, losing any data between the current time and the recovery point.
- Frequency of restore-point service: Set how often restore points are created (e.g., every 4 hours). Frequent restore points provide more flexibility for users to revert to a stable backup.
Cross Region Disaster Recovery Configuration (Optional):
- Enable Cross-Region Disaster Recovery: Protects Cloud PCs during regional outages by restoring them to a different region. Requires a separate Windows 365 Cross-Region Disaster Recovery license (this option is unavailable for Frontline or Government Cloud PCs).
Network Type:
- Microsoft Hosted Network: A simplified network option managed by Microsoft.
- Azure Network Connection: Select this if you need to connect to on-prem resources like file servers or custom apps.
Geography and Region:
- Geography: Select a geographic location (e.g., European Union) to comply with data residency laws.
- Region: Choose Automatic (Recommended) for the system to automatically choose the best region for optimal performance, or specify a region manually.
- Select Next.
Assignments
- Under Assignments, select Add Groups, choose the group of users, and click Select.
- Click Next, review your settings, and select Create.
User experience
Before we can begin testing the user experience, we need to wait for the Cloud PC to be fully provisioned. This process typically takes around 30 minutes. Once it’s ready, the user can start using their Cloud PC. In this part, we’ll focus on exploring both the web application and the desktop application. The Windows 365 Boot feature will be covered in a later installment of the “Windows 365: From Zero to Hero” series.
Windows 365 Web experience
First, I’ll show you the user experience on the web version of Windows 365. When you log into your Cloud PC for the first time at windows365.microsoft.com, you’ll encounter a few extra setup screens specific to your initial login. These screens only appear once. After this, any future logins will take you directly to the Windows 365 homepage, where you can view and manage your available Cloud PCs.
Once you’re on the Windows 365 home page, you’ll see all your Cloud PCs, and users can easily manage them through several self-service tools. These include options to restore a Cloud PC to a previous point in time, perform full resets, rename the Cloud PC, and connect to it. This setup is designed to give users control over their Cloud PCs without relying on IT support for day-to-day tasks.
However, if you’re an IT admin who prefers to retain more oversight and control, you can limit these permissions through the User Settings. This flexibility allows you to decide exactly what users can and can’t do, such as restricting their ability to reset or restore their Cloud PCs. This way, you can ensure users have just the right amount of access without compromising security or operational integrity.
We’ll dive deeper into user control and management features in a future blog post in this series. For now, we’ll focus on the initial connection process to the Windows 365 Cloud PC, covering how to get up and running for the first time.
When you first connect to your Cloud PC, you’ll be prompted with a few questions asking whether you’d like to allow access to local resources from your device. This includes options for sharing devices or features like printers, your microphone, clipboard, camera, and file transfers. By enabling these options, you can integrate your local PC’s functionality into your Cloud PC, allowing for a seamless experience when working with local and cloud resources together.
After allowing access to your local devices and features, you’ll need to grant permission to connect to the Cloud PC and sign in. Additionally, you’ll be prompted to allow the Remote Desktop Connection to the Cloud PC. This permission process happens only during the first connection. After you’ve completed these steps, you won’t see these popups again for future connections, making it smoother to access your Cloud PC going forward.
On the top right corner of your Windows 365 interface, you’ll find several useful buttons:
- Support Button: Access Microsoft support to report a problem, give feedback, or make suggestions.
- Connection Details: View network and remote computer details, and download a connection report.
- Fullscreen Toggle: Switch between fullscreen and windowed mode.
- File Upload: Upload files from your local PC to your Cloud PC.
- Session Settings: Adjust settings like those shown during your initial connection.
- Shortcuts and Logs: Find keyboard shortcuts and capture session logs.
- User Profile: Manage account details and sign out.
As you can see, the web version of Windows 365 is simple and convenient to use. If you’re in a situation where you don’t have access to your own computer but still need to connect to a secure work environment, this is an excellent solution. There’s no need to download or install any software—just open a web browser, log in to your Microsoft 365 account, and get to work safely and securely. It’s a practical way to work from anywhere with internet access, without compromising security or convenience.
Windows App User experience
Exploring the Windows App for Windows 365
Now, let’s take a look at the Windows App version of Windows 365. Like the web version, you can sign in using your work or school account and access your Cloud PC. The control options are the same, but from my experience, the Windows app runs smoother than the web version.
Key Advantages of the Windows App:
- Offline and In-Session Reconnection: The app can automatically reconnect if the network is lost or the device goes to sleep, maintaining continuous productivity.
- Device Redirection: The app supports redirecting local devices such as printers, microphones, USBs, and cameras, making it more suitable for users needing hardware integration.
- Optimized Performance: The app offers better performance, including lower latency and improved graphics for tasks like video conferencing, ensuring a smoother experience.
- Display Features: It supports multiple monitors and dynamic display scaling, making it ideal for users with complex visual setups.
Before using the app, you’ll need to install it from the Microsoft Store. If you’re on a managed device, it might already be installed via Intune or available in your company’s portal.
Installing Windows 365 App from Microsoft Store:
- Open the Microsoft Store on your Windows device.
- In the search bar, type Windows 365.
- Select the app from the search results.
- Click Install.
- Once installed, open the app and sign in with your Microsoft 365 account.
Now, you’re ready to start using the Windows App version of Windows 365!
Conclution
We’ve made it through the first part of the “Windows 365: From Zero to Hero” series. By now, we’ve covered how Windows 365 can simplify everything, from choosing the right license to setting up and managing Cloud PCs like a pro. We’ve laid the foundation, but there’s still a bit of work ahead before we can get everything fully up and running.
In the next part, we’ll dive into user and admin controls for Cloud PCs, walking through how to deploy existing Intune policies and figure out which ones may need a little tweaking to work seamlessly. We’ll make sure everything’s running smoothly for both admins and users.
As always, if you have any questions or feedback, feel free to reach out your input is always appreciated! This is just the beginning of a multi-part series, so if there’s anything you’d like me to dive deeper into, don’t hesitate to let me know.
One Comment