Today, we are sharing details on what security capabilities Windows 365 provides out of the box and additional actions you can take to secure your Cloud PCs. We'll break down the guidance for both Windows 365 Business and Windows 365 Enterprise.
As we navigate the most complex cybersecurity environment we’ve ever seen, every organization wants to know what they can do to ensure they’re protected. All Cloud PCs, like their physical PC counterparts, come with Microsoft Defender—securing the device beginning with the first-run experience. Cloud PCs are also provisioned using a gallery image that is automatically updated with the latest cumulative updates for Windows 10 through Windows Update for Business.
Windows 365 Business was designed for smaller businesses, particularly organizations without central IT management solutions or IT staff. As a result, Windows 365 Business grants end users local admin rights to their Cloud PCs. This is similar to what happens in many small businesses: users purchase a physical PC themselves from a retailer and they retain local admin rights for that device.
If you are an IT department that wants to use Windows 365 Business for a particular scenario, you should follow standard IT security practices to set those users as standard users on their devices. If you want to use Microsoft Endpoint Manager (part of Microsoft 365 Business Premium) for this approach, you will need to:
There are some notable differences between Windows 365 Business and Windows 365 Enterprise when viewed through the IT management lens. We designed Windows 365 Enterprise for organizations with dedicated IT teams. It is designed around the management and security provided by Microsoft Endpoint Manager. Out of the box, all Cloud PCs in Windows 365 Enterprise:
We would recommend that all Windows 365 Enterprise customers:
Finally, you may have noticed that we do not yet leverage trusted launch in Windows 365. Trusted launch is a series of technologies in Azure that improve the security of virtual machines (such as enabling TPM 2.0 and secure boot). As announced at Windows 365 launch, we are working on bringing Windows 11 to Windows 365 once it’s generally available later this calendar year. As part of that work, we are working to ensure that trusted launch is available in the Azure regions where Windows 365 is available today.
Please keep the feedback coming. We’re learning so much every day from our customers and partners, and we will continue to listen, learn, and innovate so we can offer you a great Windows 365 experience.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.