Windows 365 Frontline for FedRAMP is now generally available
Published Jun 03 2024 08:00 AM 1,039 Views
Microsoft

If you have a US Government Community Cloud (GCC) environment and Microsoft Azure, you can now purchase Windows 365 Frontline for FedRAMP and deploy your Cloud PCs in Microsoft Azure commercial regions.

Windows 365 Frontline is the first Windows solution designed to meet the distinct needs of shift and part-time employees. Windows 365 Frontline for FedRAMP has been assessed by a Federal Risk and Authorization Management Program (FedRAMP) authorized auditor to meet FedRAMP High requirements at datacenters within the Continental US (CONUS) and has an agency authorization at FedRAMP Moderate.

Windows 365 Frontline is included in the Microsoft Office 365 Multi-Tenant & Supporting Services FedRAMP accreditation package. Whether your organization has a specific FedRAMP requirement or is using FedRAMP compliance as part of the overall evaluation criteria, Windows 365 Frontline for FedRAMP provides flexibility and security while simplifying the administration and enhancing the value and experience for end users.

With Windows 365 Frontline for FedRAMP, Cloud PCs are provisioned in an Azure Commercial datacenter and meet FedRAMP requirements when they are properly configured and used within CONUS. If your organization requires additional compliance or regulatory commitments, please see Windows 365 Government. Currently, it is not possible to have a tenant that includes Cloud PCs in both the Azure Commercial and Azure Government regions. Therefore, it is important to evaluate the full scope of compliance and regulatory requirements when deciding which product is appropriate for your organization.

Note: This announcement is for GCC customers only. This change applies to GCC customers who would like to purchase Windows 365 Frontline for FedRAMP in the Azure Commercial cloud. It is not applicable to GCC or GCC High customers that require services to be deployed and operated in US Government regions where additional compliance requirements can be met.

Read on to learn more about Windows 365 Frontline for FedRAMP, its available features, and how they could be a great solution for your organization.

Affordable, flexible Cloud PC access

With Windows 365 Frontline for FedRAMP, instead of purchasing a license for every shift worker, you need to only purchase enough licenses for the number of active employees at any given time. For example, if you have nine employees but only three of them work at the same time, you only need three licenses to meet the needs of all nine employees. IT admins can immediately deploy up to three Cloud PCs per purchased license within the Windows 365 provisioning experience using Microsoft Intune.

As employees sign in, the Cloud PC powers on, and a license is used for the duration of their work. When they sign off, the shared license is returned to the pool of shared licenses, and their Cloud PC is powered off. Any of the users within a defined group can access their Cloud PC without requiring a set schedule. This model empowers organizations to extend access to Cloud PCs to employees who may not have had such opportunities in the past and makes it a great solution for employees on a shift schedule—including customer representatives in call centers, help desk workers, and reception staff across many different verticals.

The benefits in Windows 365 Frontline for FedRAMP begin with affordability and flexibility, but in the coming months that value will expand with even more capabilities tailored to meet the needs of frontline, shift, and part-time workers.

Provisioning Windows 365 Frontline for FedRAMP Cloud PCs

Windows 365 Frontline for FedRAMP licenses will appear in the Microsoft 365 admin center under the Products tab only, and do not need to be assigned to specific users. Licenses purchased will show the number of Cloud PCs you can deploy in the Windows 365 provisioning experience when choosing Frontline as a license type. This makes it easy to remove and add users to your workforce as it changes. Additionally, IT admins have the flexibility to provide each user with multiple frontline Cloud PCs to support scenarios such as consultants who work for many different organizations. For more information on how to provision Cloud PCs for frontline workers, review our provisioning documentation.

Setting up Windows 365 Frontline for FedRAMP Cloud PCs

You can follow these simple steps to set up a Cloud PC with Windows 365 Frontline for FedRAMP:

  1. Create an Entra ID group that includes all the users you wish to provision with a Cloud PC of a given configuration such as 2 vCPU/8 GB/128 GB. In this example, Cloud PCs need to be provisioned for a group of customer service reps. Let’s call this group "Customer service reps Manila."
  2. In the Windows 365 blade of the Microsoft Intune admin center (shown in screenshot below), select Create to create a new provisioning policy and set up the Cloud PCs. For this example, let’s call the Provisioning policy name "Customer service reps."
  3. Select Frontline as the license type, select the join type, and choose the region and network as you would for Windows 365 Enterprise scenarios.

    Screenshot of Microsoft Intune admin center Devices menu with Frontline and Entra Join selectedScreenshot of Microsoft Intune admin center Devices menu with Frontline and Entra Join selected
  4. Choose the image you want to use for the Cloud PC under the Image tab and the appropriate Language & Region in the Configuration tab.
  5. Under the Assignments tab, you can see Windows 365 Frontline for FedRAMP Cloud PCs that have been purchased by your organization and target them to a specific group of individuals. Select the "Customer service reps Manila" group you created earlier and assign the 8 vCPU/32 GB/512 GB Cloud PC configuration to this group.

    Screenshot of Assignments and Select Cloud PC size menu in Microsoft Intune admin centerScreenshot of Assignments and Select Cloud PC size menu in Microsoft Intune admin center
  6. Preview the provisioning policy choices you have made in the Review + create tab and select Create to complete the provisioning process. The provisioning policy will begin calculating and will assign a Windows 365 Frontline for FedRAMP Cloud PC to each user in the group.

    Cloud PCs provisioned to these users will automatically be placed in a powered-off state until an employee signs in to their Cloud PC. Admins can view which users received a Frontline Cloud PC and which users did not by viewing the provisioning policy after creation.

Screenshot of Microsoft Intune with Window 365 provisioning policy for Windows 365 Frontline for FedRAMP selected after creation to view users who received Cloud PCsScreenshot of Microsoft Intune with Window 365 provisioning policy for Windows 365 Frontline for FedRAMP selected after creation to view users who received Cloud PCs

Frontline Cloud PC concurrency report

To deliver cost optimization, admins can use the Frontline Cloud PC concurrency report to understand trends of license usage over time and to adjust the number of licenses to ensure access during peak usage. For more information on how to review frontline Cloud PC concurrent usage, please read the Cloud PC Utilization Report documentation.

Concurrency Alerts

The concurrency report provides alerts to IT admins if they are reaching the concurrency limit or have already reached the limit. IT admins can configure alerts to ensure they aware of when users may be impacted and purchase additional licenses to meet demand.

Screenshot of Microsoft Intune admin center Devices menu with Concurrent Frontline Cloud PC status selectedScreenshot of Microsoft Intune admin center Devices menu with Concurrent Frontline Cloud PC status selected

Easily manage Cloud PCs using existing technology investments

You can use Microsoft Intune to configure, deploy, and manage Windows 365 Frontline for FedRAMP alongside your other Cloud PCs and physical endpoints without additional infrastructure components or special procedures. The key difference in management capabilities relative to Windows 365 Enterprise is that Cloud PCs for frontline workers are powered off when not in use. Some remote actions can only be completed after the Cloud PC is powered on. Restarting a Cloud PC is one such example.

Power on and Power off

There are situations in which you may wish to power on a Frontline Cloud PC to perform a time sensitive action, or you may wish to power off a Cloud PC to free up a session to be used by another user. These new remote actions, along with the ability to view the power state of a Cloud PC, provides a way for you to respond quickly and efficiently. IT admins can power on and off frontline Cloud PCs in bulk using Bulk Remote Actions in Microsoft Intune or Microsoft Intune Graph API. This feature enables organizations to automate the powering on and off of a group of Cloud PCs for frontline workers based on their shifts and scheduling system.

Note: Powering on a Cloud PC for frontline workers will utilize an active session even if the user does not sign in. More information on how to use these remote actions can be found in this technical documentation.

 

Screenshot of the CPC Frontline menu in the Microsoft Intune admin center, with “Yes” selected in the “Power on – CPC-admin-EAV0E” dialogScreenshot of the CPC Frontline menu in the Microsoft Intune admin center, with “Yes” selected in the “Power on – CPC-admin-EAV0E” dialog

Idle timeout default

Windows 365 Frontline for FedRAMP relies on end users to sign out at the end of their Cloud PC session to make the license available for another user. However, frontline workers are often busy working away from their device and may forget to sign off. Windows 365 detects user inactivity and automatically disconnects after two hours by default. IT admins can use Microsoft Intune to modify the value and preferences for their organization to better meet the needs of specific workers. For more information on how to configure session timeout, review our technical documentation.

Optimized for frontline, shift, and part-time employees

Windows 365 Frontline for FedRAMP is designed for the way frontline, shift, and part-time workers work. Employees can use the Windows 365 app and web portal to connect to their Cloud PC. As employees connect, they are reminded to save their data and disconnect when they finish. Based on end-user behavior, an automated system will Power on and Power off frontline Cloud PCs. This functionality will continue to evolve, further optimizing Cloud PC power on based on shift patterns.

Note: Frontline employees can only access their Cloud PC using Windows 365 app or windows365.microsoft.com. Frontline Cloud PCs are not accessible from Remote Desktop app.

Uniquely designed features of Windows 365 Frontline for FedRAMP further enhance productivity for workers across various industries and use cases, including healthcare, manufacturing, retail, technical training, and more. Optimizations that deliver a better experience include:

  • Windows Update optimizations for Frontline Cloud PCs: Many shift workers perform mission-critical jobs. This feature works together with Windows Update for Business to apply OS reboots outside of work hours when the user disconnects, increasing their productivity and minimizing disruption. To take advantage of this feature, be sure to use the recommended settings.
  • Update freshness: Windows 365 will detect Frontline Cloud PCs that have not been powered on for seven days and will perform updates according to the organization’s policies, keeping occasional users or employees productive when they sign in next by updating Cloud PC outside of work hours.

FAQs

Q: Is Windows 365 Frontline for FedRAMP limited to frontline workers?
A: No, Windows 365 Frontline for FedRAMP is not limited to frontline workers. While it is designed for shift and part-time employees, many of whom are frontline workers, it is also for scenarios like contingent staff who may only require access to a Cloud PC for a limited part of the day.

Q: I purchased Windows 365 Frontline for FedRAMP licenses. Why don’t I see them when reviewing my licenses in Microsoft 365 admin center?
A: Windows 365 Frontline for FedRAMP licenses do not follow the same behavior as user-based licensing. As such, they do not show up in the Microsoft 365 admin center Licenses tab and cannot be assigned to users. You can find your Windows 365 licenses in Microsoft 365 admin center > Billing >Your products.

Q: I can’t access Windows 365 Frontline for FedRAMP from Remote Desktop app. Is this expected?
A: Windows 365 Frontline for FedRAMP is only supported through the Windows app and windows365.microsoft.com. End users can access the Remote Desktop app by choosing to “Open in Remote Desktop app” on the Windows 365 web portal.

Q: When do I use Windows 365 Frontline for FedRAMP, and when do I use Windows 365 Enterprise for FedRAMP?
A: Windows 365 Enterprise for FedRAMP is for employees that need dedicated, anytime access to their Cloud PC. Windows 365 Frontline for FedRAMP is for workers that need access to a Cloud PC for a limited amount of time such as during their shift or part-time work.  Each worker will receive a unique frontline Cloud PC, but licenses are shared.

Q: Are trials available?
A: Trial subscriptions are available for qualified customers. Please contact your Microsoft account representative for more information.


Continue the conversation. Find best practices. Bookmark the Windows Tech Community, then follow us @MSWindowsITPro on X and on LinkedIn. Looking for support? Visit Windows on Microsoft Q&A.

Version history
Last update:
‎May 31 2024 03:33 PM
Updated by: