Forum Discussion
What is one must-have intune policy you always deploy to windows 365 Cloud PCs ?
I'm getting deeper into managing Windows 365 Cloud PCs with intune and I'm trying to build out a solid baseline for policy deployment. I know there's a lot that can be configured via intune, from security baselines to user experience tweaks.
Do you use for hardening security, streamlining login times, restricting certains apps, enabling Bitlocker or enforcing windows updates ? Have you had any conflict with other policies ? Does it differ from what you push to physical endpionts ?
A must-have Intune policy for Windows 365 Cloud PCs is device compliance + security baseline with BitLocker enabled and Windows Update for Business enforced. This ensures data is protected, updates are applied consistently, and the Cloud PC meets compliance standards. It’s largely the same as physical endpoints, but you’ll want to be careful with performance-impacting settings (e.g., app restrictions, Defender scans) since Cloud PCs run in shared infrastructure. Start with the Microsoft Security Baseline, then layer on BitLocker, update rings, and conditional access.
2 Replies
- Pearl-Angeles
Community Manager
This question was covered during a recent Windows 365 AMA, at around 46:20 during the session.
A must-have Intune policy for Windows 365 Cloud PCs is device compliance + security baseline with BitLocker enabled and Windows Update for Business enforced. This ensures data is protected, updates are applied consistently, and the Cloud PC meets compliance standards. It’s largely the same as physical endpoints, but you’ll want to be careful with performance-impacting settings (e.g., app restrictions, Defender scans) since Cloud PCs run in shared infrastructure. Start with the Microsoft Security Baseline, then layer on BitLocker, update rings, and conditional access.
