Event details
81 Comments
- Can Windows365 Cloud PCs be used for a Privileged Access Workstation?
- Christian_Montoya
Microsoft
PBeiler1 - Our only official guidance for deploying a secure access workstation is here (link to documentation). With that being said, Windows 365 is an easier way to deploy a Windows machine in the cloud already assigned to the user.
If you'd like specific guidance for using Windows 365 Cloud PCs as a Secure Access Workstation, please submit feedback at https://aka.ms/w365feedback.
- We are porting phone numbers out of Teams into another provider. Now what is happening, when you dial the DID you get a recording that you must press 1 or zero. This only happens on AT&T WiFi calling - other carriers on WiFi - no problem. Also using an AT&T phone on cell data - calls goes through. Could there be something with NOT a complete port out of Teams?
- Heather_Poulsen
Community Manager
Hi Rich - We don't have any Teams product team members in this Office Hours event, but I will work to find the right people to answer your question!- As soon as you can - we have a major issue where people are not able to call us on the numbers we are porting out of Teams.
- When will Office 365 Backup become GA in the UK?
- Heather_PoulsenHi Chris - We don't have any Microsoft 365 apps/Office folks in this Office Hours event, but I will work to find the right people to answer your question!
- Round of applause for WinLAPS. Works seamlessly across our tenant, win10+11. Straightforward implementation and access to credentials via Intune is VERY useful.
- JaySimmonsThank you - much appreciated!
- JaySimmonsI should add, we're not done yet - more features coming. Stay tuned!
- The Windows 10 and Server 2019 monthly cumulative patches are getting quite large and longer to apply. Is there any consideration of bringing back "Security Only - Quality Updates" for these platforms?
- Jason_SandysThere is one "easy" answer here: move to Windows 11 (as Jay called out and which you will need to do within the next two years anyway). Out of curiosity, how long is is taking to apply? I've never had a Win 10 CU (since about 20H1 or 20H2) take more than about 10 minutes to apply to my systems (that I've ever noticed at least).
Windows Server 2019 and Windows 10 are now averaging 20 to 30 minutes. Upgrading to server 2022 is not a valid answer as it will receive servicing until 2029 and there is no compelling reason to upgrade at this point.
- JaySimmonsHi Steve - to best of our collective knowledge, there no plans for bringing back Security-only updates. (Of course, this problem may self-solve as you eventually migrate away to Win11 and Server 2022?)
- Hi, we have experienced a different local admin architecture on W365-Cloud PCs. Is there a difference approach to the normal Windows 11 Operating Systems? Is there a different posiblity to provide a non dedicated useraccount local admin rights on a dedicated cloud pc?
- Christian_Montoya
Hi flavioloscalzo , thanks for the question! That's correct, in Windows 365 you can create a User settings policy (link to documentation) that is assigned to users, and contains a setting for "Enable as local admin". This is more targeted than a few other ways than Intune since it only applies to those users on their Cloud PCs.
- Hi, thank you for you answer. Is it possible to add a additional useraccount to the local admin group for the user of the cloud pc? we want to have user and admin account separated.
- We're an MSP with a customer in France. They have a single Azure tenant with offices around the world. Is their a way we can have GDAP access to the tenant, but only be granted permission to administer, (Intune/Defender etc) users & devices in the UK? The customer has other MSPs in other countries who will have the same issue. Thanks!
- Heather_Poulsen
JaySimmons is "in the office" this morning. Bring on the Windows LAPS questions!
Can LAPS rotate the password immediately after it has been used (like a one-time use)? I believe we currently have it set to change after 3 hours, which iirc was as tight as we could make it. But it doesn't feel good that the user has admin creds for longer than they realize. It's really just a hope that they don't try it on more stuff. (Note: this is my memory from when my team discussed it, I didn't configure it).
- JaySimmonsHi Vaughn, We have no plans to support such a LAPS feature at this time, but thanks for the idea. Just talking off-the-cuff, I would question the value-add of such a mechanism - for example, it would not be suitable if the task being performed required a reboot, etc. IMO, the PAA feature covers the majority of the use-case scenarios with reasonable security.
- When will Azure LAPS tighten up from 7 days to 1 day to match on-prem? Is that planned?
- JaySimmons
There are no plans to change that constraint for Azure LAPS. The basic underlying reason is to prevent excessive overload on the Azure infrastructure for what is essentially a free feature. I do not think there would be any meaningful security improvement in moving from a 7 day rotation period to a 1 day period. Especially since with the new Post-authentication-actions feature, you can now do automatic rotation after the account is used to login to the device.
- What is the thinking behind releasing Teams Premium to users who can start licensing that software themselves (self-service) in an Enterprise environment?
- Heather_PoulsenHi Derek - We don't have any Teams product team members in this Office Hours event, but I will work to find the right people to answer your question!
- When does 23H2 arrive? What are the license costs for Co-Pilot?
- Heather_Poulsen
Here's the licensing information for Microsoft 365 Copilot and Bing Chat Enterprise: https://blogs.microsoft.com/blog/2023/07/18/furthering-our-ai-ambitions-announcing-bing-chat-enterprise-and-microsoft-365-copilot-pricing.
- Heather_Poulsen
It was announced that the next feature update for Windows 11 will be released in the second half of this calendar year.
I believe they are $30 add-on to E5 or E3 (365 Co-pilot), Github Co-Pilot $19
