Pinned Posts
Forum Widgets
Latest Discussions
Enable FIDO Token (RSA DS100) passthrough to W365 Machine via Windows App
Hi There, Working with Enterprise license, trying to establish the approach to allow FIDO Token, specifically the RSA DS100, to redirect from the Host device. The users can only connect via the Windows application, not via the RDP client. I have the Device Class/Driver ID of the token. It is key that removable storage is not enabled as a result of this, for obvious reasons. Ideally the allowance would be scoped to only include the token. Thanks in advance.
What is one must-have intune policy you always deploy to windows 365 Cloud PCs ?
I'm getting deeper into managing Windows 365 Cloud PCs with intune and I'm trying to build out a solid baseline for policy deployment. I know there's a lot that can be configured via intune, from security baselines to user experience tweaks. Do you use for hardening security, streamlining login times, restricting certains apps, enabling Bitlocker or enforcing windows updates ? Have you had any conflict with other policies ? Does it differ from what you push to physical endpionts ?365 stuck at "Setting Up" after license reassignment, is there a way to force reprovisioning?
I am fairly new to managing Windows 365, and I've run into an issue that seems like it should have a simple fix, but hasn't been so straightforward in practice. I have a 365 Business cloud PC under one user (admin). After testing a few things, I removed the license from that user and reassigned it to a new employee. The portal now shows " Setting up Cloud Pc" for that user, and it's been stuck there for several hours with no sign of progress. I have tried : Unassigned and reassigned the license again. Restarted the cloud PC from the portal ( though it's not active). is there a way to manually trigger or force reprovisioning of the Cloud PC after a license reassignment ?Getting Started with Windows 365 Benefits, Use Cases, and Setup Guide
In today’s hybrid work environment, flexibility, security, and scalability are more critical than ever. Windows 365, Microsoft’s Cloud PC solution, addresses these demands by bringing the Windows experience to the cloud — enabling users to securely access their personalized desktop from any device, anywhere. Whether you’re an enterprise IT architect, an SMB owner, or an individual professional, Windows 365 has a lot to offer. Let’s dive into the key benefits, common use cases, and how you can get started with Windows 365. https://dellenny.com/getting-started-with-windows-365-benefits-use-cases-and-setup-guide/
Cannot Access Windows Hardware Developer Program in Partner Center — How to Sign Drivers in 2025?
Hi all, I'm trying to sign a Windows driver and need access to the Microsoft Windows Hardware Developer Program. **What I'm trying to achieve:** - Sign a driver for Windows using the standard Microsoft hardware signing process. **The issue:** - When I try to register for the Windows Hardware Developer Program, I get a message saying "Hardware Program is already in Active state". - However, when I go to Programs > Settings in Microsoft Partner Center, the Hardware Developer Program is NOT visible/available. - I have Global Admin permissions, and I’ve also tried using an account with Owner permissions — no difference, the Hardware Program is missing from the list. **My question:** - How do I get access to the Windows Hardware Developer Program if it's "Active" but not visible in the Partner Center? - Is there any way to manage or join the Hardware Program in 2025 if it's not listed? - Is there an alternative process for signing Windows drivers now? Any up-to-date guidance for 2025 would be super helpful. Any advice or escalation contacts would be highly appreciated! Thanks in advance.Expanded TURN relay regions for Windows 365 and Azure Virtual Desktop
Starting June 15, 2025, we are launching a dedicated TURN relay IP range across the Microsoft Azure public cloud. This new range—51.5.0.0/16—enhances RDP Shortpath connectivity and delivers faster, more reliable performance for Azure Virtual Desktop and Windows 365 users in 40 regions worldwide. What is TURN? TURN (Traversal Using Relays around NAT) enables devices behind firewalls to establish reliable UDP connections. With RDP Shortpath for public networks, TURN acts as a fallback when a direct UDP-based connection isn’t possible—ensuring low-latency, high-reliability remote desktop sessions. As part of this transition, connections will gradually move away from the existing ACS TURN Relay range (20.202.0.0/16). This change will occur behind the scenes, but, to ensure uninterrupted service, you will need to proactively bypass the new TURN relay range (51.5.0.0/16). This new TURN relay range is part of the ‘WindowsVirtualDesktop’ service tag in Azure, making it easier for you to manage access and security configurations at scale. Benefits of the new TURN relay This change isn’t just a technical update—it’s a regional expansion. We’re scaling from 14 to 40 regions globally, bringing the TURN relay infrastructure closer to users, reducing latency, and improving connection reliability. Combined with a dedicated IP range for Azure Virtual Desktop and Windows 365 traffic, this initiative offers you more control, optimized routing, and a higher success rate for UDP-based communications. Here are the benefits in more detail: Expanding regional coverage By expanding from 14 to 40 regions globally, organizations will benefit from: Lower latency: Data travels shorter distances, resulting in faster connections and reduced lag. Improved reliability: Fewer dropped connections and more stable sessions, especially for real-time applications. Higher UDP success rates: Better performance for voice, video, and real-time data—even under variable network conditions. Dedicated IP Range for Azure Virtual Desktop and Windows 365 traffic This rollout introduces a dedicated IP range tailored for Azure Virtual Desktop and Windows 365 traffic, distinct from the ACS TURN relay. Benefits of this improvement include: Optimized traffic flow for Azure Virtual Desktop and Windows 365. Improved control over network security configurations. Customers can navigate restrictive security setups without compromising performance. Enhanced quality and speed for traffic, free from generic filtering Supported regions Below is a list of supported regions with the new TURN relay. A TURN relay is selected based on the physical endpoints, not the Cloud PC or session host. For example, a user physically located in the UK will use a relay in the UK South or the UK West regions. If the client is far from a supported region, the connection may fall back to TCP, potentially impacting performance. Australia East Japan East Spain Central Australia Southeast Japan West Sweden Central Brazil South Korea Central Switzerland North Canada Central Korea South Taiwan North Canada East Mexico Central UAE Central Central India North Central US UAE North Central US North Europe UK South East US Norway East UK West East US 2 Poland Central West Central US East US2 EUAP South Africa North West Europe France Central South Africa West West US Germany West Central South Central US West US 2 Israel Central South India West US 3 Italy North Southeast Asia How to prepare for this change This new IP subnet will form a critical part of the resilient and performant connectivity provided for Windows 365 and Azure Virtual Desktop. As part of the ongoing transition, traffic will be progressively redirected from the current Azure Communication Service (ACS) TURN relay range (20.202.0.0/16) to a newly designated subnet (51.5.0.0/16). While this shift is designed to be seamless, it’s essential that you preemptively configure bypass rules for the new range to maintain uninterrupted service. With both IP ranges properly bypassed, end users will not experience any connectivity issues. You therefore need to ensure that traffic is both accessible and optimized. Accessible Your environment should have this subnet accessible from all networks used for Windows 365 or Azure Virtual Desktop connectivity, both on the physical network and cloud side. For Microsoft Hosted Network deployments in Windows 365 this underlying connectivity is already in place. For Azure Virtual Desktop and Windows 365 – Azure network connection ANC deployments, the ‘WindowsVirtualDesktop’ service tag contains this subnet so connectivity may already be in place. Optimized The subnet should also be optimized to ensure this critical, latency sensitive traffic has the most performant path available, this means: No TLS inspection on the traffic. This traffic is TLS encrypted transport with a nested TLS encrypted tunnel. TLS inspection yields no benefit but carries high risk of performance and reliability impact and puts significant additional load on the inspecting device. Locally egressed, meaning traffic is sent to Microsoft via the most direct and efficient path. In Azure this means directly routed onto Microsoft’ backbone and for customer side networks, directly to the internet where it will be picked up by Microsoft’s infrastructure locally. Bypassed from VPN, Proxy and Secure Web Gateway (SWG) tunnels and sent directly to the service as demonstrated in the example here. On the Cloud side this may involve using a User Defined Route (UDR) to send the Windows Virtual Desktop traffic direct to ‘internet’ instead of traversing a virtual firewall as can be seen in the example here. Learn more To learn more about RDP Shortpath and how to configure it for public networks, see our documentation on RDP Shortpath for Azure Virtual Desktop.Unable to assign license to employee
Hi, I'm new to Windows 365 and just bought it today. Login by main account and installed a couple of software in the Cloud PC without any issues. However, when I go to admin and reassign the license to employee's account. It's been stuck at setting up for hours. Any way to fix this issue? I tried to log back in with admin's account, restart, reset. Yet, unable to get pass the setting up screen when re-assign it to employee's account. Thanks
Saving Cloud PC data for a time and then restoring
Hi, I'm in a position where we have a cloud PC user who is currently on maternity leave. Whilst she is away we have a new starter covering her position. I'm wondering if there's a way to save the data that's on the mat leave user's CPC so we can free up the license for the new starter? Then be able to restore the saved data when the first user is back from mat leave. I couldn't see anything about this online but thought it might be worth a shot asking on here. If not, would it potentially be buying another license and spinning up a new CPC? Thanks in advance! JoelWindows 365 Frontline Cloud PC in shared mode – Quick Start Guide
Windows 365 Frontline Cloud PC in shared mode overview Windows 365 Frontline Cloud PC in shared mode builds upon the flexible licensing and usage model of Windows 365 Frontline by enabling the provisioning of shared Cloud PCs for groups of users to access on an occasional or part-time basis. With Windows 365 Frontline, IT administrators can provision collections of standardized, shared Cloud PCs that are assigned to groups of users and dynamically allocated on a one-user-per-PC basis for the duration of their work. When a user signs in, a new user profile is created to facilitate their task, and upon sign-out, the user profile is deleted, preparing the device for the next user. This efficient model allows for optimized resource utilization and streamlines device management, making it an ideal solution for environments requiring flexible and shared computing resources. Recommended use cases Retail, manufacturing and other Frontline staff: Ideal for environments where multiple users need brief access to a Cloud PC to perform specific tasks. For example, retail staff can use shared Cloud PCs to enter inventory information or update data in a line-of-business application. Contractor Scenarios: Contractors who need temporary or occasional access to a company resource for specific projects. Training and Labs: Shared Cloud PCs can be used in training sessions or educational settings where multiple users need access to the same resources at different times. Not recommended use cases Information workers: If users require regular, persistent and personalized access to their data and applications, a dedicated Cloud PC (provided by either Windows 365 Enterprise or Windows 365 Frontline Cloud PC in dedicated mode) is recommended. Licensing To get started with Windows 365 Frontline Cloud PCs in shared mode, you’ll first need some licenses. If you already have Windows 365 Frontline that you’ve been using for “Dedicated” mode, you can use some of those same licenses for Frontline Cloud PC in shared mode. If you don’t have any licenses yet, you can find them on the Microsoft 365 admin center. The following trial is available: A 2 vCPU, 8 GB, 128 GB (1 license/1 month) It’s important to note that Windows 365 Frontline licenses are not assigned to individual users, instead they are surfaced in the Windows 365 provisioning experience and in shared mode, one license allows you to provision one shared Cloud PC. Learn more about Windows 365 Frontline licensing on Microsoft Learn. Provisioning Cloud PCs Provisioning Windows 365 Frontline Cloud PC in shared mode is simple and familiar if you have already used Windows 365. After purchasing Windows 365 Frontline licenses, go to the Microsoft Intune admin center, then Devices and then find the Windows 365 option under device onboarding. Choose the provisioning policies tab. Create a new provisioning policy: License type choose “Frontline” Frontline type choose “Shared” Continue provisioning policy creation with settings optimal to your organization. For best results, we recommend the following modern and simple, cloud-based settings: Join type: Microsoft Entra Join Network: Microsoft hosted network Geography and Region: Choose based on your needs. The supported regions are listed below. On the Image page, we recommend choosing the default Gallery image option, as this is the latest release of Windows (Windows 11 Enterprise 24H2) and it's automatically updated with the latest Windows updates each month. Depending on your scenario, choose between the gallery image with or without Office (Microsoft 365 Apps) already installed. On the Configuration page, configure any optional settings such as choosing appropriate Language & Region settings, applying a device naming template or linking an Autopilot Device Preparation (Preview) policy to ensure Intune Apps and Scripts are applied during provisioning. The optional Autopilot Device Preparation setup steps are covered in more detail below. On the Assignments page, choose the group of users you’d like to have access to shared Cloud PCs once they are provisioned, then choose additional assignment options: Select Cloud PC size. Here you will see the different Windows 365 Frontline licenses you have available in your tenant. You can also see how many licenses are remaining to use in this provisioning policy. Under Assignment name, choose a friendly name that represents the pool of shared Cloud PCs. Choose a name that users will recognize when navigating between different Cloud PCs in the Windows App. The name that you choose here will also be visible on the All Cloud PC list and on IT admin reporting experiences. Under Number of Cloud PCs, choose how many Cloud PCs you’d like to provision and make available to this group of users. Once you complete creating the Provisioning policy, the Cloud PCs will start Provisioning. Review progress in the All Cloud PCs list. Autopilot Device Preparation (Preview) Autopilot Deployment Preparation (AP-DP) profiles can be included in Windows 365 Frontline shared provisioning policies to ensure that essential Intune required, device-targeted apps and scripts are installed on shared Cloud PCs during the provisioning process, before user sign-in. This feature helps increase standardization of shared Cloud PCs while reducing the management overhead that comes with IT admins creating and managing their own custom images with pre-installed applications. Autopilot device preparation tracks the installation progress of specified Intune applications and scripts during Cloud PC provisioning. Instead of marking Cloud PCs as “provisioned” after Intune enrollment, Autopilot and Windows 365 wait until those workloads are fully installed. IT admins will see a new status of “Preparing” reflected in the console while device preparation is underway. To set up Autopilot Device Preparation for Frontline Cloud PCs in shared mode there are four key steps: 1. Create an Entra ID device group Under Intune > Groups, create a new group. This group is an “assigned” group (also known as a static group) which will initially have no members. It will be populated with Cloud PCs that enroll into Intune during the provisioning process. To enable allow this process to happen, you must assign the “Intune Provisioning Client” as a group owner. Tip: If you have trouble finding this service principle in your tenant, it may have a different name or need to be added. See the Autopilot documentation on Microsoft Learn. 2. Create and assign Intune Apps and Scripts Each Intune Application or Script that you want to install on Cloud PCs must be added to Intune and assigned to the Entra ID device group created in the first step. Tip: You must also ensure that each application and script supports AP-DP and is also configured to install in the “System” context. Learn which Intune app types are supported on Microsoft Learn. 3. Create a Device Preparation Profile In the Intune admin center, under Devices>Enrollment, select Autopilot Device Preparation, create a new Device Preparation Policy: Choose Automatic (Preview) for the type of AP-DP profile. Under Groups, choose the device group you created earlier. As Cloud PCs apply this preparation profile, they will be dynamically added to this group. Under Configuration, choose each of the Intune apps and scripts that must be installed during the Cloud PC preparation phase. 4. Create a Cloud PC provisioning policy Now that you have created the AP-DP profile, the next step is to associate it to your Frontline shared Provisioning policy. Under the configuration tab of a new or existing Windows 365 Provisioning Policy, choose the profile you created in the previous steps and adjust some optional parameters based on your requirements: Minutes allowed before device preparation fails: 30 minutes as a general default but you may need to allow longer for large apps or long-running scripts. Prevent users from connection to Cloud PC upon installation failure or timeout: Unchecked as a recommended default. Enable this checkbox if you want Cloud PC provisioning to fail if AP-DP apps and scripts fail to install or timeout, for example if one of the apps is a mandatory security or compliance requirement. Windows 365 Frontline Cloud PC in shared mode: User experience Once Cloud PCs are provisioned for users, a tile will appear in the Windows app (on web, desktop and mobile platforms) and are tagged with "Frontline shared". Users can have multiple Cloud PCs, including Enterprise, Shared and Dedicated appear for them and can organize and pin them as favorites. When users connect, they are dynamically routed to one of the available shared Cloud PCs in the collection and have a new Windows profile created for them that lasts the duration of their task. The connection and Windows profile creation experience has been optimized to provide employees with a fast connection so that they can get productive immediately. Once signed in, users can access Microsoft and line-of-business applications to complete their tasks. OneDrive sync and Edge are pre-configured so that users can save and persist files and browser settings via between sessions. Once a user finishes their tasks, they can sign out and know that any changes made to the shared Cloud PC will be removed along with their profile, and that the device will be reset for the next user to be immediately productive. Users do have the option to keep sessions active by choosing to “disconnect” from the start menu or closing the Windows app if they need to resume tasks from another physical endpoint. If in any case the Cloud PC becomes unresponsive during use, users are able to get connected with a new Cloud PC by going to the Windows App and selecting “Reset” on the Cloud PC tile. This will restart the currently connected Cloud PC and the user to immediately connect to a new Cloud PC. Planning for and monitoring usage of shared Cloud PCs One consideration for organizations starting out with Windows 365 Frontline Cloud PC in shared mode is determining the appropriate number of shared Cloud PCs (and licenses) needed for a group of users. Windows 365 allows one active user on a shared Cloud PC at a time, so organizations need to consider how many shared Cloud PCs to provision for the scenario at hand. When planning, there are two general approaches for determining the right number of Cloud PCs to provision: If you are migrating a scenario from another VDI solution, it’s helpful to review reports that show maximum concurrency. This is the number of Cloud PCs you will need to provision. If you are designing and building a new solution that requires connection from physical endpoints, for example setting up a new retail store, consider the number of physical endpoints that are available for employees. This is the number of Cloud PCs you need to provision. Concurrent Frontline Cloud PC connections report The Concurrent Windows 365 Frontline Cloud PC connections report can be used to monitor the usage of Windows 365 Frontline Cloud PCs and make adjustments to the number of Cloud PCs over time. For example, if a retail floor staff group is approaching concurrency limits consistently, there is the option to increase the number of shared Cloud PCs available for these users. rrency limits. Coming soon: In addition to observing concurrent usage up to the maximum limit, IT admins will be able to see which users were prevented from connecting to Cloud PCs as pictured above. Learn more about the Connected Frontline Cloud PCs report on Microsoft Learn. Alerts for Frontline Cloud PCs near concurrency limit In addition to the reports, IT Admins can configure email alerts to be informed about approaching concurrency limits and take action. Alerts are configured in the Intune admin center under Tenant Administration > Alerts > Alert rules > Frontline Cloud PCs near concurrency limit. Learn more about the Alert rules and experience on Microsoft Learn. Adjusting Frontline shared assignments Windows 365 Frontline makes it easy to adjust the number of shared Cloud PCs available to users. To increase the number of Cloud PCs: Select the provisioning policy that you have created and assigned to users. In the “Assignments” section click “Edit.” Select “Cloud PC size” which will give the option to adjust the number of Cloud PCs available in the collection. The number of shared Cloud PCs can be increased, for instance, from 20 to 25 Cloud PCs. IT admins can also adjust the idle and disconnect timeout limits for a group of shared devices. By default, Cloud PCs in shared mode will automatically transition shared devices from "Active" to "Idle" after 15 minutes of no user inactivity, and then automatically disconnect and make the Cloud PC available for other users after another 30 minutes. The default policy can be changed based on the organization’s preferences. Learn more about how to set idle session policies on Microsoft Learn. Keeping shared Cloud PCs in a desired state ready for task productivity To ensure task productivity and operational efficiency, many organizations need to standardize the experience for their employees. To revert all devices back to a known-good working configuration or to roll them forward to a newer configuration, IT admins can go to the Provisioning policy and choose Reprovision. When reprovisioning, IT admins can opt for either immediate reprovisioning or a scheduled reprovisioning. When combined with the "Gallery Image" option, scheduled reprovision is a great way to ensure that the collection of Cloud PCs is always running the most up-to-date and secure versions of Windows. For example, IT admins can choose the “Monthly” option and then select “Second Friday of the month” to ensure that devices are reprovisioned with the latest and most up to date Windows 365 Gallery image, which is updated by Microsoft each month. Both Immediate and Scheduled options ensure that user productivity remains unaffected by allowing administrators to designate a percentage of shared Cloud PCs to remain available. Importantly, invoking a bulk reprovision action does not immediately disconnect users with active sessions, but waits until those users sign out to begin the process. Learn more about bulk reprovisioning on Microsoft Learn. Supported regions when provisioning Frontline Cloud PCs in shared mode Windows 365 Frontline in shared mode is expanding into data centers around the world. The following Azure regions are currently supported, with many more on the way: Australia East Canada Central North Europe Central India Japan East Japan West South Africa North UK South Central US East US East US 2 West US 3 South Central US East Asia Southeast Asia UAE North (Coming Soon) Germany West Central (Coming Soon) Norway East (Coming Soon) Switzerland North (Coming Soon) Korea Central (Coming Soon) Next steps This blog post covers key capabilities and features of the new Windows 365 Frontline Cloud PCs in shared mode solution. To get a deeper understanding of the solution, we recommend trying it out in your organization and diving into the product documentation on Microsoft Learn. If you have any feedback on your experience with this solution or if there are things you'd like to see as this product evolves, please let us know!
