April 2, 2025 • 15 mins
Set up and access your Cloud PCs from anywhere with a full Windows experience on any device using Windows 365. Whether you're working from a browser, the Windows app, or Windows 365 Link, your desktop, apps, and settings are always available—just like a traditional PC. As an admin, you can quickly provision and manage Cloud PCs for multiple users with Microsoft Intune.
Scott Manchester, Windows Cloud Vice President, shows how easy it is to set up secure, scalable environments, ensure business continuity with built-in restore, and optimize performance with AI-powered insights.
► QUICK LINKS:
00:00 - Windows 365 Cloud PC
00:51 - Benefits to Cloud PCs
02:32 - How to set it up
04:58 - Provisioning process
06:16 - Options to connect to Cloud PC
07:40 - Restore Cloud PC
08:52 - Backups for PC forensics
09:44 - Failover options
11:36 - Change Cl
Mark as Played
Transcript
Episode Transcript
Available transcripts are automatically generated. Complete accuracy is not guaranteed.
(00:02):
Today on Microsoft Mechanics,
we're going to go deep onsetting up Windows 365,
Microsoft's solution for CloudPCs for your organization,
and if you're new to the concept,
these are full Windows desktops
that you can accessdirectly from the cloud
from almost any device, fromyour browser, the Windows app
or even the new Windows 365 Link device.
It's the familiar Windowsexperience that you're used to,
(00:24):
but it's accessible from anywhere.
In fact, in the next fewminutes, we'll show you
how to set up a completerunning Windows 365 environment
for multiple users.
Then show the resultingexperiences of what we set up
on both managed and unmanaged devices
and finally, how to manage your Cloud PCs
once they're up and running.
And joining me today is Scott Manchester
(00:44):
who leads the Windows 365team who built the product,
and he's no stranger to Mechanics as well.
Welcome to the show.
- Thanks, Jeremy. It's great to be back.
- So why don't we dive in?
So for people used to physical PCs
and really new to the Cloud PC concept,
what are the reasons
that somebody might useWindows in the cloud?
- Yeah, that's a questionwe get a lot, Jeremy.
First, it's just how seamlessthe end user experience is.
(01:07):
Now, even though thisexperience is being streamed
from the Cloud, Windows 365 just feels
like using a physical PC.
With all of your apps and settings,
everything just worksas you'd expect it to.
And with all of theavailable sizing options,
there's something for any use case,
from graphics-intensive GPUs,
all the way to sharedfrontline worker scenarios.
Now, that said, unlike a physical PC,
(01:28):
the specs of your CloudPC, like your storage,
compute, and RAM, can be changed over time
as your needs evolve.
And from a security perspective,
you have control over network access
based on the connecting device
where you can tailorpermissions and protections
for your data and resources,
depending on whether thatdevice is managed or unmanaged.
And they're also more resilient.
(01:50):
Backup and restore servicesare provided by default.
A non-functioning CloudPC can be restored back
to a healthy state in just minutes.
- And this is great because even recently,
we've seen, and some of ushave even felt situations
where third-party updates cantake down thousands of PCs,
so with Windows 365, there'sa fast path to recovery.
- Yeah, it really providesnext-level resiliency.
(02:12):
And there's another important reason
for considering a Cloud PC.
If you're currently on Windows 10,
with support ending inOctober of this year, 2025,
Windows 365 is a nice optionto migrate to Windows 11
as part of your PC refresh,
and Extended SecurityUpdates for the Cloud PCs,
and Windows devices connectingto them are included.
- And this'll be a greatoption for a lot of people,
(02:33):
a lot of different devices,
and it's also pretty easy to set up.
- Yeah, it really is, evenif you have zero experience
with desktop virtualization.
In fact, let me show you how.
From the Microsoft Intune admin center,
you can get one or hundredsof Cloud PCs up and running
in just a few minutes.
Now, the first step is tocreate a Provisioning Policy,
so I'll head over to that tab.
(02:55):
And you can see that Ialready have a few set up,
but let's go ahead and create a new one.
Now, there are six simplesteps to setup a new policy.
First, let's give this policy a name.
In this case, let's use East US Engineers.
Now, for these users,
we will provision Windows365 Enterprise Cloud PCs.
And this group of users alsoare using Microsoft Entra join,
(03:17):
but if you're also using Active Directory,
you have an option to choose hybrid join.
Now, if you do use hybrid join,
you'll need to set up anAzure Network Connection
and have access to a domain controller.
But it's easier with Entra join
where you can use the MicrosoftHosted Network option.
Now, this is similar toputting these Cloud PCs
on the public internet behind a NAT,
and optionally securing thatnetwork traffic with a VPN,
(03:39):
like you might use now withyour managed physical devices.
Now, next, because ourusers are in North Carolina,
for this geography, I'mgoing to choose US East.
For the region, I'll let Microsoft choose
within that geography.
You'll see there are twooptions here in US East.
Choosing this optionallows seamless migration
to closer or higher-performingAzure datacenters
as they become available.
(04:00):
And the last option is tosupport Single Sign-On,
which allows users toauthenticate just once
for their Cloud PC and otherEntra-enabled services,
like Microsoft 365.
Now, next, I can choose one
of the curated images available here
or even upload my own custom image.
Now, I'm going to keep thelatest Windows 11 image
with the Microsoft 365 apps pre-installed.
(04:22):
Now, it's also optimizedto run in the cloud
for experiences like Teams video calls.
When I move on to the Configuration tab,
I can choose from dozensof alternate languages
to have pre-installed.
Now, below that, I even have the option
to enroll these Cloud PCs into Autopatch
To save time, I'll skipScope Tags for now,
but I can add those later.
(04:42):
Now in the Assignment tab,
I'll just need to assignwhat group of users
will get Cloud PCs provisioned
using this Provisioning Policy.
Now, I've created a group forEast US Engineers in advance,
so I'll add this group to the policy.
And now I can review all ofmy settings and select Create.
- So is that going to startthe provisioning process then
for everyone that youscoped in that group?
- Almost. We have one more step.
(05:04):
I still need to configure theCloud PCs' sizes and specs,
like CPUs, RAM, and storage,
by assigning licenses withthose specs to the group.
Let me walk through that process.
In the Microsoft 365 admin center,
in advance, I've pre-purchaseda few different licenses.
Now, we'll give our engineersfairly high-spec Cloud PCs.
Now, of course, you canchange these at any time.
(05:26):
In the Groups tab,
I just need to assignmy East US Engineers,
so I'll filter the list.
There's my group. I'llgo ahead and select it,
and now just confirm.
And this will start theVM creation process.
In about 20 minutes,all users in this group
will have a personalCloud PC up and running.
- So while the provisioning process runs,
why don't you explain what'shappening behind the scenes?
(05:46):
- Sure, there's a lot moregoing on under the covers here.
Each Windows 365 supportedregion has multiple Azure zones.
When the Cloud PCs are provisioned,
they are split between theAzure zones in that region.
And within the zone itself,
three copies are madeof the Cloud PC's disc
for additional resiliency.
And then after theCloud PC is provisioned,
the service immediatelystarts taking backups
(06:07):
of the Cloud PC.
And these backups can be restoredby the Windows 365 admins,
and optionally, if you allow it,
even directly by the users themselves.
- Okay, so now let's fastforward a few minutes.
With the Cloud PCs provisioned,
what does that experience look like?
- So yeah, sure.
So now we're ready to go.
And as a user, I have a few options
to connect to my Cloud PC.
(06:27):
I'm going to use a locallyinstalled Windows app
on my managed surface Laptop here.
Now, this is my new Cloud PCthat was just provisioned,
and I'll go head and connect to it.
And because we configured single sign-on,
I don't need to enter mycredentials a second time.
And you'll see this is afull desktop experience,
and if I open the Start menu,
there are all of my provisionedapps in Microsoft 365.
(06:50):
Now, because I'm in the cloud,
let me open the Edge browser
to show you the network connectionspeed from the Cloud PC.
I'll go ahead and run this,
and in this case, you can seeI'm seeing 2.4 gigabits down.
Now, my home network is only50 megabits but that's okay
because I'm just remotingthe screen content,
whereas my Cloud PC can collaborate
with people all over the world,
(07:11):
and share large files, whichis a much faster network.
And if I open File Explorer,my policy allows me
to see the local drive ona corporate managed device,
like my Surface laptop here.
In fact, as an admin,you have full control
over connected peripherals,
like clipboard redirection,even more based on your needs.
And as I'll show you in a bit,
this can vary by device type,
(07:31):
and whether other devicesare enrolled in management.
- And it's really a huge advantage here
in terms of being able
to leverage superior network performance
that you get from the cloud effectively.
Now, we've talked a lot about resiliency,
how easy is it then to restore Cloud PCs
if you need to do that?
- Well, let me show you.
With backup and restore capabilities
built into Windows 365,
I can show you how youcan restore a Cloud PC
(07:53):
from a previous restore point.
So I'm in the All Cloud PCs view,
and I've filtered thelist to show my devices.
The top one here is my GPU Max Cloud PC,
and I'll take a look at its properties.
I can take a quick action to restore here
from the overview page,
but let's go the Restore Points menu.
Now, here you can see thereare 14 restore points.
And for 10 of these,
(08:13):
I can configure therestore point objective
from 4 to 24 hours.
Now, mine in this case are set up
to create a backup every six hours.
Now, the bottom four are hardset as rolling weekly backups
of one per week for the last four weeks.
From here I can createanother new restore point.
I just need to configure the basics
of my Azure subscription,
(08:34):
here the storage accountI want to use for backups,
and the access tier.
Now, I'll keep therecommended Hot tier here.
And once I create this,it takes a few moments
to create the additionalmanual restore point
while the Cloud PC is still running.
And since this manual restore point
is in my defined own storage account,
I can keep that as long asI want to restore from it.
- Okay, so aside from caseslike maybe reactive ransomware
(08:55):
or other issues, whereelse might you use this?
- Well, this also can be used
when I want to run PC forensics.
For example, you might placea Cloud PC under review
as part of an ongoing investigation.
So let me show you this.
So I'm back here in theCloud PC overview page.
And here in the ellipse menu,
you can see an option to placethis Cloud PC under review.
Now, I can use the same subscription
(09:17):
and storage account details asthe backup I just showed you
to archive the full image of the Cloud PC.
Under that, I have twoAccess modes to select from:
Block access, which will notify the user
that their Cloud PC is under review,
and block their access until complete,
or I can allow access,
which will capture theimage at this moment in time
and allow the user to continueto use their Cloud PC.
(09:39):
And once I place theCloud PC under review,
I can use the stored backup image
to mount it and then run those forensics.
- And these are all importantenterprise-ready capabilities
in terms of using backups.
Now, failover, it's also pretty important
for high availability anddisaster recovery planning.
So what options do we have there?
- Right, this is super importantfor business continuity.
Let me show you a couple options.
(10:01):
So this time I'm going tostart in the Reports view
in the Intune admin center,
and I'll move over to theCloud PC overview page.
Now I'll head over tothe Business Continuity
and Disaster Recovery status report.
If you look at the license type column,
you'll see that there's anew optional paid add-on
that extends backups to anadditional alternate region
and all of these Cloud PCsare licensed for cross-region.
(10:22):
So it's another layer ofresilience in the case
of a natural disaster or other event
that could impact a region.
It also allows theseCloud PCs to be recovered
from a backup in that alternate region.
Now, back in the Windows 365 page,
I'm in the User Settings tab now.
And here you can see I'vehave created two policies.
I'll open the second policy
with cross-regiondisaster recovery enabled.
(10:44):
Now, if I open the policy settings,
you'll see this is where youcan enable admin privileges,
allow users to restore their Cloud PCs,
and also, how often thoserestore points are made.
You can also enablecross-region disaster recovery
from here as well.
Now, if I click on edit,
you can see even more detailsfor the cross-region backups.
This dropdown for additional DR options
(11:05):
also has a new option forDisaster Recovery Plus,
which enables faster recoverytime, lower risk of data loss,
and pre-allocated capacity compared
to the standard disaster recovery
if you experience an outage.
Now, for geography, the Cloud PCs in scope
for this policy areprovisioned in US East,
so I set my cross-regionDR geography to Central US.
(11:27):
Now, if there was any typeof geographical outage
in the East Coast, my userscan recover from a backup
in a nearby region in theCentral or South Central US.
- Right, and all of thesedifferent resiliency options
make Windows 365 ideal formission-critical desktops
with really minimal downtime.
Now, earlier, you also mentioned
we could change Cloud PC specs
(11:47):
from what was originally provisioned.
So how would I makethese types of decisions?
- Yeah, it's pretty easy.
So this is where reports helpguide you in these decisions.
Now, remember, you don'tneed to future-proof
and over-spec your Cloud PCs
like you do with physical hardware.
If anything, you want tostart with a size smaller,
and then as needed, you canscale them up from there.
Let me show you where youfind that information.
Now, back in our CloudPC overview reports,
(12:09):
you'll see that we have reporting
for Cloud PC recommendations.
These actually leverage AI toanalyze compute utilization
and how well the Cloud PC is performing
for each individual user
so that you can make data-driven decisions
about Cloud PC sizing.
For example, in my small tenant,
I have nine rightsized Cloud PCs,
two that look undersized andone that's underutilized,
(12:30):
and you can dig into thedetails for each of these.
Now, this way you'rematching the right spec
for how a Cloud PC
and how it's being usedversus just guessing
or waiting for people to contact you
and tell you that they'rehaving performance issues.
- So this process is really painless then
for both admins, as well as end users.
The nice thing here is thatyou just need to log out
and back in, and all those spec changes
are automatically applied.
(12:51):
Now, you also mentionedthat you can also connect
from an unmanaged device,so how does that work?
- Well, so far, I've been using
this corporate managedSurface laptop here,
but I also have my own iPad
that I can connect to Windows 365 as well.
Now, even without enrollingthis device in Intune,
we can control the experience
to keep the work data protected.
Let me show you thepolicies we set up for this.
(13:12):
I have the Conditional Accesspolicies page open in Intune.
Now, this first policy usesMobile Application Management
to ensure that I can control
how the Windows 365 app is used,
even on unmanaged devices, like my iPad.
Now, the second onerequires mobile devices
to use passkey authentication.
And the third one here triggersmultifactor authentication
(13:33):
when users are outsideof their home region.
And I can show you theeffects of these policies
on my iPad here, so you cansee just how this compares
to what I showed youearlier on a managed device.
Now, on my own iPad, there's the Cloud PC
that we just provisioned,
and that I connected toon my managed machine.
Now, I'll go ahead and connect to it.
(13:53):
And you'll see
that I need to usemulti-factor authentication
to securely connect with a passkey,
so it's already different
from what we saw before withthe single sign-on experience
on my corporate managed PC.
Now, once I'm in, you'll see the session
is exactly how I left it with the browser
and File Explorer open.
Notice how the local iPad filesystem is not visible here,
and, of course,
(14:14):
the previous Windows hostfile system disappears
because I'm no longerconnected to that device.
So this file system integration
is only permitted fortrusted and managed devices.
- Right, and this way you're able
to control the access levelbased on the connected device.
And it's been a great deep-diveto see how everything works,
along with how easyeverything is to set up.
So for anyone who's watching right now,
(14:34):
looking to get started,what do you recommend?
- It's easy.
For admins, check out aka.ms/W365Docs.
It's the best place to goto to get all of the options
around Windows 365 and toget up and running fast.
- Good stuff.
Thanks for joining us today, Scott.
And thank you for joining us as well.
And be sure to subscribeif you haven't already.
And we'll see you again soon.
Today on Microsoft Mechanics,
we're going to go deep onsetting up Windows 365,
Microsoft's solution for CloudPCs for your organization,
and if you're new to the concept,
these are full Windows desktops
that you can accessdirectly from the cloud
from almost any device, fromyour browser, the Windows app
or even the new Windows 365 Link device.
It's the familiar Windowsexperience that you're used to,
(00:24):
but it's accessible from anywhere.
In fact, in the next fewminutes, we'll show you
how to set up a completerunning Windows 365 environment
for multiple users.
Then show the resultingexperiences of what we set up
on both managed and unmanaged devices
and finally, how to manage your Cloud PCs
once they're up and running.
And joining me today is Scott Manchester
(00:44):
who leads the Windows 365team who built the product,
and he's no stranger to Mechanics as well.
Welcome to the show.
- Thanks, Jeremy. It's great to be back.
- So why don't we dive in?
So for people used to physical PCs
and really new to the Cloud PC concept,
what are the reasons
that somebody might useWindows in the cloud?
- Yeah, that's a questionwe get a lot, Jeremy.
First, it's just how seamlessthe end user experience is.
(01:07):
Now, even though thisexperience is being streamed
from the Cloud, Windows 365 just feels
like using a physical PC.
With all of your apps and settings,
everything just worksas you'd expect it to.
And with all of theavailable sizing options,
there's something for any use case,
from graphics-intensive GPUs,
all the way to sharedfrontline worker scenarios.
Now, that said, unlike a physical PC,
(01:28):
the specs of your CloudPC, like your storage,
compute, and RAM, can be changed over time
as your needs evolve.
And from a security perspective,
you have control over network access
based on the connecting device
where you can tailorpermissions and protections
for your data and resources,
depending on whether thatdevice is managed or unmanaged.
And they're also more resilient.
(01:50):
Backup and restore servicesare provided by default.
A non-functioning CloudPC can be restored back
to a healthy state in just minutes.
- And this is great because even recently,
we've seen, and some of ushave even felt situations
where third-party updates cantake down thousands of PCs,
so with Windows 365, there'sa fast path to recovery.
- Yeah, it really providesnext-level resiliency.
(02:12):
And there's another important reason
for considering a Cloud PC.
If you're currently on Windows 10,
with support ending inOctober of this year, 2025,
Windows 365 is a nice optionto migrate to Windows 11
as part of your PC refresh,
and Extended SecurityUpdates for the Cloud PCs,
and Windows devices connectingto them are included.
- And this'll be a greatoption for a lot of people,
(02:33):
a lot of different devices,
and it's also pretty easy to set up.
- Yeah, it really is, evenif you have zero experience
with desktop virtualization.
In fact, let me show you how.
From the Microsoft Intune admin center,
you can get one or hundredsof Cloud PCs up and running
in just a few minutes.
Now, the first step is tocreate a Provisioning Policy,
so I'll head over to that tab.
(02:55):
And you can see that Ialready have a few set up,
but let's go ahead and create a new one.
Now, there are six simplesteps to setup a new policy.
First, let's give this policy a name.
In this case, let's use East US Engineers.
Now, for these users,
we will provision Windows365 Enterprise Cloud PCs.
And this group of users alsoare using Microsoft Entra join,
(03:17):
but if you're also using Active Directory,
you have an option to choose hybrid join.
Now, if you do use hybrid join,
you'll need to set up anAzure Network Connection
and have access to a domain controller.
But it's easier with Entra join
where you can use the MicrosoftHosted Network option.
Now, this is similar toputting these Cloud PCs
on the public internet behind a NAT,
and optionally securing thatnetwork traffic with a VPN,
(03:39):
like you might use now withyour managed physical devices.
Now, next, because ourusers are in North Carolina,
for this geography, I'mgoing to choose US East.
For the region, I'll let Microsoft choose
within that geography.
You'll see there are twooptions here in US East.
Choosing this optionallows seamless migration
to closer or higher-performingAzure datacenters
as they become available.
(04:00):
And the last option is tosupport Single Sign-On,
which allows users toauthenticate just once
for their Cloud PC and otherEntra-enabled services,
like Microsoft 365.
Now, next, I can choose one
of the curated images available here
or even upload my own custom image.
Now, I'm going to keep thelatest Windows 11 image
with the Microsoft 365 apps pre-installed.
(04:22):
Now, it's also optimizedto run in the cloud
for experiences like Teams video calls.
When I move on to the Configuration tab,
I can choose from dozensof alternate languages
to have pre-installed.
Now, below that, I even have the option
to enroll these Cloud PCs into Autopatch
To save time, I'll skipScope Tags for now,
but I can add those later.
(04:42):
Now in the Assignment tab,
I'll just need to assignwhat group of users
will get Cloud PCs provisioned
using this Provisioning Policy.
Now, I've created a group forEast US Engineers in advance,
so I'll add this group to the policy.
And now I can review all ofmy settings and select Create.
- So is that going to startthe provisioning process then
for everyone that youscoped in that group?
- Almost. We have one more step.
(05:04):
I still need to configure theCloud PCs' sizes and specs,
like CPUs, RAM, and storage,
by assigning licenses withthose specs to the group.
Let me walk through that process.
In the Microsoft 365 admin center,
in advance, I've pre-purchaseda few different licenses.
Now, we'll give our engineersfairly high-spec Cloud PCs.
Now, of course, you canchange these at any time.
(05:26):
In the Groups tab,
I just need to assignmy East US Engineers,
so I'll filter the list.
There's my group. I'llgo ahead and select it,
and now just confirm.
And this will start theVM creation process.
In about 20 minutes,all users in this group
will have a personalCloud PC up and running.
- So while the provisioning process runs,
why don't you explain what'shappening behind the scenes?
(05:46):
- Sure, there's a lot moregoing on under the covers here.
Each Windows 365 supportedregion has multiple Azure zones.
When the Cloud PCs are provisioned,
they are split between theAzure zones in that region.
And within the zone itself,
three copies are madeof the Cloud PC's disc
for additional resiliency.
And then after theCloud PC is provisioned,
the service immediatelystarts taking backups
(06:07):
of the Cloud PC.
And these backups can be restoredby the Windows 365 admins,
and optionally, if you allow it,
even directly by the users themselves.
- Okay, so now let's fastforward a few minutes.
With the Cloud PCs provisioned,
what does that experience look like?
- So yeah, sure.
So now we're ready to go.
And as a user, I have a few options
to connect to my Cloud PC.
(06:27):
I'm going to use a locallyinstalled Windows app
on my managed surface Laptop here.
Now, this is my new Cloud PCthat was just provisioned,
and I'll go head and connect to it.
And because we configured single sign-on,
I don't need to enter mycredentials a second time.
And you'll see this is afull desktop experience,
and if I open the Start menu,
there are all of my provisionedapps in Microsoft 365.
(06:50):
Now, because I'm in the cloud,
let me open the Edge browser
to show you the network connectionspeed from the Cloud PC.
I'll go ahead and run this,
and in this case, you can seeI'm seeing 2.4 gigabits down.
Now, my home network is only50 megabits but that's okay
because I'm just remotingthe screen content,
whereas my Cloud PC can collaborate
with people all over the world,
(07:11):
and share large files, whichis a much faster network.
And if I open File Explorer,my policy allows me
to see the local drive ona corporate managed device,
like my Surface laptop here.
In fact, as an admin,you have full control
over connected peripherals,
like clipboard redirection,even more based on your needs.
And as I'll show you in a bit,
this can vary by device type,
(07:31):
and whether other devicesare enrolled in management.
- And it's really a huge advantage here
in terms of being able
to leverage superior network performance
that you get from the cloud effectively.
Now, we've talked a lot about resiliency,
how easy is it then to restore Cloud PCs
if you need to do that?
- Well, let me show you.
With backup and restore capabilities
built into Windows 365,
I can show you how youcan restore a Cloud PC
(07:53):
from a previous restore point.
So I'm in the All Cloud PCs view,
and I've filtered thelist to show my devices.
The top one here is my GPU Max Cloud PC,
and I'll take a look at its properties.
I can take a quick action to restore here
from the overview page,
but let's go the Restore Points menu.
Now, here you can see thereare 14 restore points.
And for 10 of these,
(08:13):
I can configure therestore point objective
from 4 to 24 hours.
Now, mine in this case are set up
to create a backup every six hours.
Now, the bottom four are hardset as rolling weekly backups
of one per week for the last four weeks.
From here I can createanother new restore point.
I just need to configure the basics
of my Azure subscription,
(08:34):
here the storage accountI want to use for backups,
and the access tier.
Now, I'll keep therecommended Hot tier here.
And once I create this,it takes a few moments
to create the additionalmanual restore point
while the Cloud PC is still running.
And since this manual restore point
is in my defined own storage account,
I can keep that as long asI want to restore from it.
- Okay, so aside from caseslike maybe reactive ransomware
(08:55):
or other issues, whereelse might you use this?
- Well, this also can be used
when I want to run PC forensics.
For example, you might placea Cloud PC under review
as part of an ongoing investigation.
So let me show you this.
So I'm back here in theCloud PC overview page.
And here in the ellipse menu,
you can see an option to placethis Cloud PC under review.
Now, I can use the same subscription
(09:17):
and storage account details asthe backup I just showed you
to archive the full image of the Cloud PC.
Under that, I have twoAccess modes to select from:
Block access, which will notify the user
that their Cloud PC is under review,
and block their access until complete,
or I can allow access,
which will capture theimage at this moment in time
and allow the user to continueto use their Cloud PC.
(09:39):
And once I place theCloud PC under review,
I can use the stored backup image
to mount it and then run those forensics.
- And these are all importantenterprise-ready capabilities
in terms of using backups.
Now, failover, it's also pretty important
for high availability anddisaster recovery planning.
So what options do we have there?
- Right, this is super importantfor business continuity.
Let me show you a couple options.
(10:01):
So this time I'm going tostart in the Reports view
in the Intune admin center,
and I'll move over to theCloud PC overview page.
Now I'll head over tothe Business Continuity
and Disaster Recovery status report.
If you look at the license type column,
you'll see that there's anew optional paid add-on
that extends backups to anadditional alternate region
and all of these Cloud PCsare licensed for cross-region.
(10:22):
So it's another layer ofresilience in the case
of a natural disaster or other event
that could impact a region.
It also allows theseCloud PCs to be recovered
from a backup in that alternate region.
Now, back in the Windows 365 page,
I'm in the User Settings tab now.
And here you can see I'vehave created two policies.
I'll open the second policy
with cross-regiondisaster recovery enabled.
(10:44):
Now, if I open the policy settings,
you'll see this is where youcan enable admin privileges,
allow users to restore their Cloud PCs,
and also, how often thoserestore points are made.
You can also enablecross-region disaster recovery
from here as well.
Now, if I click on edit,
you can see even more detailsfor the cross-region backups.
This dropdown for additional DR options
(11:05):
also has a new option forDisaster Recovery Plus,
which enables faster recoverytime, lower risk of data loss,
and pre-allocated capacity compared
to the standard disaster recovery
if you experience an outage.
Now, for geography, the Cloud PCs in scope
for this policy areprovisioned in US East,
so I set my cross-regionDR geography to Central US.
(11:27):
Now, if there was any typeof geographical outage
in the East Coast, my userscan recover from a backup
in a nearby region in theCentral or South Central US.
- Right, and all of thesedifferent resiliency options
make Windows 365 ideal formission-critical desktops
with really minimal downtime.
Now, earlier, you also mentioned
we could change Cloud PC specs
(11:47):
from what was originally provisioned.
So how would I makethese types of decisions?
- Yeah, it's pretty easy.
So this is where reports helpguide you in these decisions.
Now, remember, you don'tneed to future-proof
and over-spec your Cloud PCs
like you do with physical hardware.
If anything, you want tostart with a size smaller,
and then as needed, you canscale them up from there.
Let me show you where youfind that information.
Now, back in our CloudPC overview reports,
(12:09):
you'll see that we have reporting
for Cloud PC recommendations.
These actually leverage AI toanalyze compute utilization
and how well the Cloud PC is performing
for each individual user
so that you can make data-driven decisions
about Cloud PC sizing.
For example, in my small tenant,
I have nine rightsized Cloud PCs,
two that look undersized andone that's underutilized,
(12:30):
and you can dig into thedetails for each of these.
Now, this way you'rematching the right spec
for how a Cloud PC
and how it's being usedversus just guessing
or waiting for people to contact you
and tell you that they'rehaving performance issues.
- So this process is really painless then
for both admins, as well as end users.
The nice thing here is thatyou just need to log out
and back in, and all those spec changes
are automatically applied.
(12:51):
Now, you also mentionedthat you can also connect
from an unmanaged device,so how does that work?
- Well, so far, I've been using
this corporate managedSurface laptop here,
but I also have my own iPad
that I can connect to Windows 365 as well.
Now, even without enrollingthis device in Intune,
we can control the experience
to keep the work data protected.
Let me show you thepolicies we set up for this.
(13:12):
I have the Conditional Accesspolicies page open in Intune.
Now, this first policy usesMobile Application Management
to ensure that I can control
how the Windows 365 app is used,
even on unmanaged devices, like my iPad.
Now, the second onerequires mobile devices
to use passkey authentication.
And the third one here triggersmultifactor authentication
(13:33):
when users are outsideof their home region.
And I can show you theeffects of these policies
on my iPad here, so you cansee just how this compares
to what I showed youearlier on a managed device.
Now, on my own iPad, there's the Cloud PC
that we just provisioned,
and that I connected toon my managed machine.
Now, I'll go ahead and connect to it.
(13:53):
And you'll see
that I need to usemulti-factor authentication
to securely connect with a passkey,
so it's already different
from what we saw before withthe single sign-on experience
on my corporate managed PC.
Now, once I'm in, you'll see the session
is exactly how I left it with the browser
and File Explorer open.
Notice how the local iPad filesystem is not visible here,
and, of course,
(14:14):
the previous Windows hostfile system disappears
because I'm no longerconnected to that device.
So this file system integration
is only permitted fortrusted and managed devices.
- Right, and this way you're able
to control the access levelbased on the connected device.
And it's been a great deep-diveto see how everything works,
along with how easyeverything is to set up.
So for anyone who's watching right now,
(14:34):
looking to get started,what do you recommend?
- It's easy.
For admins, check out aka.ms/W365Docs.
It's the best place to goto to get all of the options
around Windows 365 and toget up and running fast.
- Good stuff.
Thanks for joining us today, Scott.
And thank you for joining us as well.
And be sure to subscribeif you haven't already.
And we'll see you again soon.
Popular Podcasts
Stuff You Should Know
If you've ever wanted to know about champagne, satanism, the Stonewall Uprising, chaos theory, LSD, El Nino, true crime and Rosa Parks, then look no further. Josh and Chuck have you covered.
Dateline NBC
Current and classic episodes, featuring compelling true-crime mysteries, powerful documentaries and in-depth investigations. Follow now to get the latest episodes of Dateline NBC completely free, or subscribe to Dateline Premium for ad-free listening and exclusive bonus content: DatelinePremium.com
24/7 News: The Latest
The latest news in 4 minutes updated every hour, every day.