cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Windows 365 Boot - Simple (Complimentary) Step-by-Step

JJGuirola
Microsoft

‎Jul 24 2023 09:34 AM - edited ‎Sep 26 2023 12:37 PM

‎Jul 24 2023 09:34 AM - edited ‎Sep 26 2023 12:37 PM

Windows 365 Boot - Simple (Complimentary) Step-by-Step

Simple steps to enabling Windows 365 Boot

July 24, 2023

 

Contributors:

 Juan José Guirola Sr. (Microsoft)

 

Much excitement has been introduced by the announcement and availability of Windows 365 Boot. Especially now that, as of time of this writing, Windows 365 Boot is in Public Preview.  To assist you with the configuration and deployment, you may be following the articles below:

 

These are all great starting points to get you started with enabling Windows 365 Boot in your environment.  This article is meant to compliment the above articles to offer additional guidance and help clarify some of the steps mentioned in the articles above and simplify the deployment of Windows 365 Boot.

 

Complimentary Steps:

  1. Start by following the steps as described in Windows 365 Boot guided Scenario:
    1. https://learn.microsoft.com/en-us/windows-365/enterprise/windows-365-boot-guide
  2. Next follow the guidance as described in Restrict user access to Windows 365 Boot physical device:
    1. https://learn.microsoft.com/en-us/windows-365/enterprise/windows-365-boot-restrict-user-access-physi...
    2. These particular steps can be accomplished in Intune by introducing a Configuration profile with admin templates.  Recommend creating a specific Configuration profile for each policy that you want to enforce.  The article has us creating profiles for the following:
      1.        Prevent access to physical device’s Task Manager
      2.        Prevent users from changing the physical device’s password
      3.        Set default credential provider
      4.        Remove Notifications and Action Center from the task bar
      5.        Prevent physical device notifications
      6.        Prevent automatic launch of apps during user sign-in
      7. Improve sign-in on touch screen devices
    3. Follow Appendix Section “Restrict access to Physical Device” found in this document for detailed steps for creating each of these policies in Intune.
  3. Next follow the guidance as described in Windows 365 Boot physical device setup and requirements:
    1. https://learn.microsoft.com/en-us/windows-365/enterprise/windows-365-boot-physical-device-requiremen...
    2. NOTE: The instructions in the above link assumes that you are working with a physical device that has already been enrolled in Intune management.  If you are working with a physical device that is currently not enrolled in Intune management, follow the steps in the link below to enroll the device into Intune.  Once the device is enrolled in Intune, you can execute a device “Wipe” as instructed in the steps documented in the above link.https://learn.microsoft.com/en-us/mem/intune/user-help/enroll-windows-10-device
    3. After initiating the wipe and you complete the Autopilot process and follow all prompts, you ultimately end up with login in directly into your Windows 365 Cloud PC.

Appendix

Restrict access to Physical device.

Policy #1 - Prevent Access to physical device’s Task Manager

Steps to create policy “Prevent Access to physical device’s Task Manager

  1. Go to Microsoft Intune admin center: https://endpoint.microsoft.com
  2. Select “Devices”.  Then select “Configuration profiles” under Policy
  3. Ensure “Profiles” is selected, then click “Create profile”

JJGuirola_0-1690211471221.png

 

  1. In “Create a profile Screen”, under Platform select “Windows 10 and later from drop down, and “Templates” from Profile type drop down.  Select "Administrative templates” then Create

JJGuirola_1-1690211471229.png

 

JJGuirola_2-1690211471230.png

 

  1. Follow the prompts as presented in the profile creation – 5 total steps
    1. BasicsJJGuirola_3-1690211471233.png
    2. Configuration settings
      1. Select "User Configuration" and in the search bar type Task Manager
      2. Select Remove Task Manager
      3. Select "Enabled" and then click on OKJJGuirola_4-1690211471239.pngJJGuirola_5-1690211471248.png
    3. Scope tags
      1. You can choose to configure Scope tags.  For this article we are electing to bypass this.  Click Next.
    4. Assignments
      1. Select group that you want to target and click Next.JJGuirola_6-1690211471252.png
    5. Review + create
      1. Review configuration and click on Create.
  1.  

Policy #2 - Prevent users from changing the physical device’s password

Steps to create policy “Prevent users from changing the physical device’s password

  1. Follow steps 1 – 5 as described in creating Policy #1
  2. Then follow the prompts as presented in the profile creation – 5 total steps
    1. BasicsJJGuirola_7-1690211471258.png
    2. Configuration settings
      1. Select "User Configuration" and in search bar type remove change password
      2. Select "Remove Change Password"
      3. Select Enabled and Click on OKJJGuirola_8-1690211471263.pngJJGuirola_9-1690211471272.png
    3. Scope tags
      1. You can choose to configure Scope tags.  For this article we are electing to bypass this.  Click Next.
    4. Assignments
      1. Select the group that you want to target and click Next.
      2. JJGuirola_10-1690211471276.png
    5. Review + create
      1. Review configuration and click on Create.

Policy #3 – Set default credential provider

Steps to create policy “Set default credential provider”

  1. Follow steps 1 – 5 as described in creating Policy #1
  2. Then follow the prompts as presented in the profile creation – 5 total steps
    1. BasicsJJGuirola_11-1690211471281.png
    2. Configuration settings
      1. Select "Computer Configuration" and in search bar type Assign a default credential provider.
      2. Select "Assign a default credential provider".
      3. Select Enabled and enter the following CLSID to set username and password as the default: {60b78e88-ead8-445c-9cfd-0b87f74ea6cd}
      4. Click OKJJGuirola_12-1690211471284.pngJJGuirola_13-1690211471292.pngNote: The CLSID for credential providers can be located in following registry path:  Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers
    3. Scope tags
      1. You can choose to configure Scope tags.  For this article we are electing to bypass this.  Click Next.
    4. Assignments
      1. Select the group that you want to target and click Next.JJGuirola_14-1690211471294.png
    5. Review + create
      1. Review configuration and click on Create.

Policy #4 – Remove Notifications and Action Center from the task bar

Steps to create policy “Remove Notifications and Action Center from the task bar”

 

  1. Follow steps 1 – 5 as described in creating Policy #1
  2. Then follow the prompts as presented in the profile creation – 5 total steps
    1. BasicsJJGuirola_15-1690211471298.png
    2. Configuration settings
      1. Select "User Configuration" and in search bar type Remove Notifications and Action Center.
      2. Select "Remove Notifications and Action Center".
      3. Select Enabled and OK.JJGuirola_16-1690211471301.pngJJGuirola_17-1690211471309.png
    3. Scope tags
      1. You can choose to configure Scope tags.  For this article we are electing to bypass this.  Click Next.
    4. Assignments
      1. Select the group that you want to target and click Next.JJGuirola_18-1690211471313.png
    5. Review + create
      1. Review configuration and click on Create.

Policy #5 – Prevent physical device notifications

Steps to create policy “Prevent physical device notifications”

 

  1. Follow steps 1 – 5 as described in creating Policy #1
  2. Then follow the prompts as presented in the profile creation – 5 total steps
    1. BasicsJJGuirola_19-1690211471318.png
    2. Configuration settings
      1. Select "User Configuration" and in search bar type Turn off toast notifications.
      2. Select "Turn off toast notifications".
      3. Select Enabled and OK.JJGuirola_20-1690211471321.pngJJGuirola_21-1690211471328.png
    3. Scope tags
      1. You can choose to configure Scope tags.  For this article we are electing to bypass this.  Click Next.
    4. Assignments
      1. Select the group that you want to target and click Next.JJGuirola_22-1690211471331.png
    5. Review + create
      1. Review configuration and click on Create.

Policy #6 – Prevent automatic launch of apps during user sign-in

Steps to create policy “Prevent automatic launch of apps during user sign-in”

 

  1. Follow steps 1 – 5 as described in creating Policy #1
  2. Then follow the prompts as presented in the profile creation – 5 total steps
    1. BasicsJJGuirola_23-1690211471335.png
    2. Configuration settings
      1. Select "User Configuration" and in search bar type Do not process the legacy run lis.
      2. Select "Do not process the legacy run list".
      3. Select Enabled and OK.JJGuirola_24-1690211471338.pngJJGuirola_25-1690211471359.png
    3. Scope tags
      1. You can choose to configure Scope tags.  For this article we are electing to bypass this.  Click Next.
    4. Assignments
      1. Select the group that you want to target and click Next.JJGuirola_26-1690211471362.png
    5. Review + create
      1. Review configuration and click on Create.

Policy #7 – Improve sign-in on touch screen devices (OPTIONAL AND APPLICABLE ON DEVICES THAT REQUIRE THE USE OF TOUCH KEYBOARD)

 

Note: This is “enabled” by default on Windows devices.

 

[UPDATE] As of September 26, 2023, Windows 365 Boot is now Generally Available (GA).  Here is the article for additional details:  Windows 365 Boot is now generally available! - Windows IT Pro Blog (microsoft.com)

 

Continue the conversation by joining us in the Microsoft 365 Tech Community! Whether you have product questions or just want to stay informed with updates on new releases, tools, and blogs, Microsoft 365 Tech Community is your go-to resource to stay connected. 

 

 

 

 

 

 

 

799 Views
0 Likes
0 Replies
Reply
0 Replies