Event banner

Windows 365: Ask Microsoft Anything

Event Ended
Wednesday, Jul 21, 2021, 01:00 PM PDT
Online

Event details

Get answers to your questions about Windows 365, the end user experience, the IT admin experience, and how you can manage Cloud PCs using the same workflows and tools you use today with traditional PCs.

On July 14th, we announced Windows 365, a new service that takes the Windows operating system to the Microsoft cloud. Windows 365 streams a full, personalized Windows experience to end users–including their apps, content, and settings–to any device. Unlike traditional virtual desktop infrastructure (VDI), it does this by leveraging the same skills and tools you already use to deploy and manage physical PCs, at a predictable per-user, per-month price. Windows 365 delivers a Windows 10 or Windows 11 (when generally available) personalized desktop experience that is fully integrated with Microsoft 365. Now we're offering you a chance to Ask Microsoft Anything (AMA) about this new service!

Submit your questions for our engineering and product experts to answer live--or post your questions early in the Comments below and catch up when it's convenient for you.

Heather_Poulsen
Updated Dec 27, 2024
AMA

78 Comments

Show More
  • bdam55's avatar
    bdam55
    Iron Contributor
    Jul 17, 2021

    Can you elaborate on the management story a bit lot?

    >Procure, provision, and deploy in minutes, with optional automated OS updates (here).
    When you say 'optional automated OS updates' what does that mean exactly? Is that a built-in feature of W365 or just referring to it being auto-enrolled into Intune which will manage updates?  In other words: is there a feature here that auto-magically keeps the golden image up to date and abstracts that away from the user entirely?

     

    It's clear that W365 Enterprise can automatically provision the device into Intune which is great.  Is that also true for customer provided images?  Is there a way to provision a Enterprise Cloud PC without Intune if that's not the customer's chosen device management solution?

    The 'Getting Started' article mentions ConfigMgr and co-management. Is it safe to say then that you could provision an Enterprise Cloud PC, have it automatically enroll into Intune and have Intune/GPO/whatever deliver the ConfigMgr client to put it in co-management? Or is there a more direct-to-ConfigMgr co-management pathway that I'm missing?

     

    Lastly, not a lot has been said about the (small) Business Edition. There's no assumed Intune license to enroll with but post provisioning what are the options?  Can they enroll them into Intune? ConfigMgr? 3rd Party Tool of their choice?

    Thanks again, excited about getting this into the hands of customers.
       Bryan

    • Saud Al-Mishari's avatar
      Saud Al-Mishari
      Icon for Microsoft rankMicrosoft
      Jul 21, 2021
      Hi Bryan, We have two options to provide update. For our gallery image, we will maintain those for new provisioned devices (so we keep the image up to date). Once provisioned, you're correct and the Cloud PCs are updated by Microsoft Endpoint Manager. For customer provided images, they are automatically MDM enrolled into Microsoft Endpoint Manager as part of provisioning. Yes, it is possible to then enable co-management in MEM between Intune and Configuration Manager. The best way to do this is to allow Intune to install the ConfigMgr client similar to Autopilot. You can use the steps from the existing ConfigMgr docs for this: see https://docs.microsoft.com/en-us/mem/configmgr/core/clients/deploy/deploy-clients-to-windows-computers#bkmk_mdm. One recommendation would be to disable AD System Discovery in SCCM/ConfigMgr for the OU where the Windows 365 Cloud PCs are provisioned. This will help prevent a race condition between client push installation and Intune push installation. On Windows 365 Business - it does not include integration with Microsoft Endpoint Manager. Customers are free to layer their management solution of choice, including MEM, on that like they would with physical PCs on their devices. Hopefully I have answered all your questions - if not let me know and we'll get them answered 😊
      • bdam55's avatar
        bdam55
        Iron Contributor
        Jul 21, 2021
        Thanks Saud! Is it correct to say then that there's no way to have an Enterprise Cloud PC without MEM? Sure, you could conceivably lay some other management tool on top of that (ex. PDQ, Altiris) but that it would have to coexists with MEM.
  • Karthik_Iyer's avatar
    Karthik_Iyer
    Occasional Reader
    Jul 16, 2021
    I would like to ask Microsoft the following question: If #Microsoft was so serious about "Zero-Trust" security, then, it could have made all forms of their log dumps - read-only - so that, #B2B clients, & Microsoft support agents alike, would be assured that the data uploaded by the former to the latter's #FTP site has genuine integrity ! So, why hasn't it done so ?!? This has already been done for the online, & on-premises #B2C consumers alike, with the Microsoft Support Diagnostic Tool, (#MSDT); whereby an "#ActiveX control...is used to securely transfer files, & diagnostic utilities from Microsoft, & to upload information back to Microsoft. This file is stored in the %windir%\Downloaded Program Files folder." (Source: https://tinyurl.com/54arvefa) Verbosity-levels too, are set before logs are collected. So, with this tool, operator error isn't possible either inadvertently, or intentionally, as the process is automated, & the logs are read-only. However, with the case of #B2B customers' logs, only those who are cloud-based customers, have such protection. "If you sign in to the Microsoft Support & Recovery Assistant, (#SaRA), by using an account in #Office365, you also see an option to send your files to Microsoft. This option is helpful if you are working with a Microsoft support engineer. Select Send to have your log files securely uploaded." (Source: https://tinyurl.com/hb3by3v3) However, on-premises B2B customers are not so well-protected, & the integrity of their data can be doubtful, when it is in the hands of IT admins or agents alike ! This has proved costly, recently, when an IT Admin intentionally damaged his firm's #M365 cloud network. (Source: https://tinyurl.com/ad3vffrt) So, IT Admins aren't above reproach ! The only possible reason I could think of why Microsoft has left this gaping loophole open is that, some diagnostic packages may require enabling tracing, or specific logs that may "remain" enabled on the computer until the diagnostic uploads troubleshooting information to Microsoft Support. A support agent cannot simply have the IT admin client upload these logs while on call with them, as these logs have to "remain" enabled for sometime, longer than the duration of the average phone call between any parties, for these logs to be useful enough to Microsoft utilities to identify & analyze the root cause. In hindsight, an urgent work-around is necessary to restore confidence in the Integrity of Microsoft support !
Date and Time
Jul 21, 20211:00 PM - 2:00 PM PDT