Welcome back to the Deep Dive, seasoned Windows 365 and Intune administrators! This session is tailored for you, focusing on the latest Microsoft updates impacting management, security, and monitoring of your Cloud PC environments. We're cutting through the noise to bring you the essentials on new reporting capabilities, the much-anticipated Cloud PC resizing for Frontline (in preview), and critical enhancements to Conditional Access through token protection.

Get ready to explore how these features can refine your daily operations and bolster your overall Cloud PC strategy. We'll cover the general availability of the Connected Frontline Cloud PCs report, the nuts and bolts of resizing dedicated Frontline Cloud PCs, and a detailed look at implementing security token protection with Conditional Access policies. Plus, we touch on other key security enhancements now default in Windows 11 Cloud PCs and compliance updates for forensic snapshots.

High-Level Timeline:

• [00:00:22] - Connected Frontline Cloud PCs Report (Now GA): Dive into enhanced reporting for concurrent license usage. Learn how to leverage real-time and historical data (last 28 days) to optimize your Frontline licenses, identify peak usage, manage the concurrency buffer, and even restart Cloud PCs directly from the report. We'll cover necessary permissions and how to locate this vital tool in Intune.  
• [00:04:03] - Resizing Windows 365 Frontline Cloud PCs (Public Preview): Explore the new Cloud PC resizing capabilities for dedicated mode Frontline Cloud PCs. We discuss admin role requirements, critical technical prerequisites (like the need for a temporary secondary IP for Microsoft Entra Hybrid Join & BYON scenarios), and a step-by-step guide to initiating a resize through provisioning policies.  
• [00:06:51] - Security Token Protection & Conditional Access (Public Preview): A significant segment on bolstering security with token protection for the Windows App on Windows devices. Understand how it cryptographically ties refresh tokens to devices, mitigating token theft. We cover its extension to Windows 365 and AVD sessions, recent changes in sign-in log reporting ("Signin token protection"), incompatible join methods, licensing (Entra ID P2), supported devices/apps, known limitations, and how to troubleshoot using sign-in logs (error code 1003 for unsupported registrations). Crucially, learn how to roll out this feature using Conditional Access policies in "Report-only" mode, including specific app targeting and device filtering for unsupported configurations.  
• [00:13:54] - General Security Enhancements & Compliance: Discover default security uplifts for newly provisioned Windows 11 Cloud PCs, including Virtualization Based Security (VBS), Hypervisor-Enforced Code Integrity (HVCI) / Memory Integrity, and Microsoft Defender Credential Guard. We also touch on an important compliance update for the "Place a Cloud PC under review" feature, allowing admins to configure Azure Blob WORM storage for immutable forensic snapshots, aiding in regulatory adherence (e.g., SEC Rule 17a-4).

We encourage you to get hands-on with these updates in your tenants. Explore the new reporting, test out Cloud PC resizing, and strategically plan your token protection and Conditional Access rollout. These enhancements demonstrate Microsoft's continued investment in making Windows 365 a robust and secure platform for your users.

#Windows365 #Intune #CloudPC #ConditionalAccess #AzureAD #MicrosoftEntra #Windows365Reporting #CloudPCResizing #ITAdmin #SysAdmin #Microsoft365 #EndpointManagement #VirtualDesktop #Windows11 #Security #TechDeepDive