Forum Widgets
Latest Discussions
Windows 365 and developer environments: how do you balance security and productivity?
Hi everyone, I’d like to raise a topic that we are currently struggling with, and I suspect many other organizations are facing the same challenge. We are in the process of establishing a Windows 365–based development environment, where developers work in Cloud PCs. This is largely driven by: a BYOD strategy security requirements (no sensitive code on unmanaged devices) the need for standardization However, this quickly becomes complex in practice. The core challenge We are trying to balance three competing priorities: 1. Security requirements No sensitive code on local devices Minimal attack surface Zero Trust principles and Conditional Access Full traceability of identity and actions 2. Developer needs Local admin rights to be able to do their work Freedom to install tools, SDKs, and runtimes Flexibility without constant blocking Fast iteration cycles The reality is that if it takes too long to get access or permissions, it breaks the developer workflow. 3. IT and governance Standardization of environments Manageability and patching License and cost control Compliance and auditability The practical dilemma Developers want to be local admins on their machines Security teams prefer: Just-In-Time access (PIM), or No admin privileges at all In practice: PIM tends not to work well for developers It introduces too much friction It disrupts flow and often leads to workarounds What we are currently exploring We are testing a model where: Developers work in Windows 365 Cloud PCs They use their regular corporate identity (Entra ID) Isolation is achieved through the environment, not separate accounts Developers have local admin rights within the Cloud PC However, this raises a new question: How do we secure an environment where the user is an admin? Questions to the community I would really appreciate insights from others who have been through similar scenarios: 1. Identity vs privilege Do you use the same identity for everything, or separate user/admin accounts? How far do you take identity separation? 2. Local admin rights Do you allow developers to have local admin rights? Is it permanent or Just-In-Time? If JIT, how do you make it work without impacting productivity? 3. Cloud-based development environments If you are using Windows 365, Dev Box, or AVD: Has this made it easier to relax restrictions? Or are you facing the same challenges, just in the cloud? 4. Guardrails instead of restrictions Instead of trying to prevent everything: EDR / endpoint protection Conditional Access Network isolation Monitoring and detection Has anyone successfully shifted from strict control to strong guardrails and detection? Current reflection I am starting to think that: Focusing on secure, isolated environments for development may be more effective than trying to tightly control every individual action. In other words: secure the platform not every single user behavior But this is far from straightforward. Purpose of this discussion The goal is to find a realistic blueprint that: maintains high developer productivity meets security requirements minimizes friction in day-to-day work Not something theoretically perfect, but something that actually works. If you have experience in this area, I would really value your input: what has worked well what has not worked key design decisions you would recommend Thanks in advance.
Incident critique : Edge Sync “Uninitialized”, appareils disparus, identité WAM/MSAL corrompue
Bonjour, Je rencontre un incident critique affectant directement mon identité Microsoft (MSA). Il ne s’agit pas d’un problème local mais d’un dysfonctionnement côté serveur. Voici les éléments techniques constatés : - Le conteneur Edge Sync de mon compte est en état “Uninitialized”. - Tous mes appareils ont disparu de mon compte Microsoft (Device Registration cassé). - Les services d’identité WAM / MSAL / OneAuth ne se réinitialisent plus correctement. - Impossible de créer de nouveaux passkeys ou d’utiliser les services dépendants de l’identité cloud. On dirait que ça nécéssite une intervention côté serveur : réinitialisation des identités WAM/MSAL, du conteneur Edge Sync, et du Device Registration. Je reste à l'écoute de toute aide en vous remerciant par avance.
MS designer is NOT WORKING!
It only makes 1 image not 4, it takes way too long time,. and it doesnt follow prompting,. and it makes imegs in 3:2 not 16:9... thsi has been goign on for over 2 weeks,... alsmot 3.. i have been in contact with support many times woith zero help.. HOW can you have a product in your office bunlde ant it not workign an zero supprot on it? I need teh application to make my videos,. im just abptu to cancel all subscritopons to micrposft an switch to apple..
26 ноября
Здравствуйте! Хочу обратиться в службу поддержки с целью продвинуть компанию Microsoft. Дело в том, что мой друг сегодня активировал Windows, чему предшествовало огромное количество шуток на эту тему. Я создал google-форму, а точнее петицию, в которой призываю граждан любой страны утвердить 26 ноября как праздник "Активации Windows". Я бы хотел, чтобы вы рассмотрели мою идею и, как основная сторона, согласились на это, а также расширили этот опрос в больших кругах. Прикрепляю ссылку на google-формы: https://docs.google.com/forms/d/e/1FAIpQLSfrlFcap22IUJhrLBeRp4C8tAcxlGRY_AMPVqxcQJjwxPB4Tg/viewform?usp=publish-editor С уважение, Дмитрий Translation: Hello! I want to contact support in order to promote Microsoft. The thing is, my friend activated Windows today, which was preceded by a huge number of jokes about it. I created a Google form, or rather a petition, in which I urge citizens of any country to establish November 26 as "Windows Activation" Day. I would like you to consider my idea and, as the main party, agree to it, as well as help spread this survey more widely. I am attaching the link to the Google form: https://docs.google.com/forms/d/e/1FAIpQLSfrlFcap22IUJhrLBeRp4C8tAcxlGRY_AMPVqxcQJjwxPB4Tg/viewform?usp=publish-editor Sincerely, DmitryWindows 365 Enterprise Cloud PC Connection Fails - VM Unavailable (Code 10012)
We are facing a critical and persistent connection failure for a Windows 365 Enterprise Cloud PC that appears to be stuck in a state where the VM is not available to the RDP client. Provisioning Policy Configuration: - Cloud PC Type: Windows 365 Enterprise - Experience: Access a full Cloud PC desktop - Use Microsoft Entra single sign-on: Yes - Join type: Microsoft Entra Join - Geography: Canada - Region: Automatic (Recommended) - Network: Microsoft hosted network - Current MDM -Microsoft Intune Checked logs and found that the RDP client connection attempts consistently failing with same error, Disconnected: reason = 10012 [Telemetry :: Event] Type: RDPClient Details: DisconnectReason Subdetails: SessionHostResourceNotAvailable Code: 10012 Troubleshooting steps taken so far: - Restarted the Cloud PC. - Initiated a Reprovision action. - Tried web version but that didn't help either. Since simple restarts and reprovisions have failed to resolve the SessionHostResourceNotAvailable (10012) error, the current VM instance is unusable. Any guidance on resolving this definitive Code 10012 error is highly appreciated.Windows 365 Watermarking - QR Codes Missing in Screenshots/Teams from Within Session?
Hi all, I've implemented watermarking on our Windows 365 setup using the official Microsoft guide, and I'm seeing behaviour that I'd like to confirm is expected. Current Situation: Watermarking is enabled and working (QR codes appear when I screenshot from my local client PC) However, when taking screenshots FROM WITHIN the Cloud PC session itself, no QR codes appear Similarly, when screen sharing via Teams from within the Cloud PC session, participants don't see the QR codes My Question: Is this the intended behaviour? Should QR codes only appear when capturing externally (from the client device) but not when capturing internally (from within the Windows 365 session itself)? I've read through the Microsoft documentation but can't find explicit clarification on whether internal screenshots should show watermarks or if the protection is specifically designed for external capture attempts. Can anyone confirm this behaviour or point me to official documentation that explains the internal vs external capture distinction? Thanks in advance!
Microphone & camera passthrough to Cloud PC from MacBook
I have a M1 MacBook Pro that I use to connect to my Cloud PC for work via the Microsoft App. I try to use the Teams app installed locally on the Cloud PC for making and accepting calls but I am having a lot of audio issues. First of all, the person I am calling sounds very tinny (kinda like a chipmunk!) and they cannot hear me. Video doesn't seem to work properly either. I have had very little luck with my external webcam (some Logitech one, don't actually know the model but I don't think it makes a difference? but it has a microphone). There has the very odd few times that a call is working fine but then after a few seconds or so, or when I start sharing my screen on the Cloud PC after a minute of the call starting, I start to experience the same issues with audio as explained above. I am running Sequoia 15.6, the Mac Windows App is version 11.1.5 (2585). Admittedly I've mostly tried in clamshell mode and connected to external earphones (AirPods Pro). I used to use my earphones via the Citrix app on VDI with no issues previously. Any solutions would be gratefully received. Thank you
