Windows 365 admin setup and management tutorial for Cloud PCs
Get your Cloud PCs up and running with Windows 365. Explore the prerequisites, what the imaging and provisioning process looks like, as well as ongoing management. Christiaan Brinkhoff, Principal Program Manager for Windows 365, joins Jeremy Chapman to walk you through the administrator setup in Azure and Microsoft Endpoint Manager, as well as the user experience in the browser and the additional functionality you get when you access your Cloud PC with Remote Desktop apps.
If you’re new to Windows 365, it’s a Cloud PC that lets you securely stream your Windows experience, including your desktop, apps, settings, and content to any device. Everything is kept simple and familiar from a deployment configuration perspective. If you’re a device admin, it will be easy to get everything started and running with Windows 365.
00:50 — Setup experience
01:29 — Build and assign Cloud PCs
02:35 — Configure Cloud PC environment in MEM
04:36 — Create provisioning policy in MEM
06:15 — Assign policies to a group
08:22 — User experience in the browser
10:15 — Benefit of Remote Desktop apps
11:58 — Wrap up
Access a trial for Windows 365 at https://aka.ms/CPCTrial
Find our Windows 365 introduction video with Scott Manchester at https://aka.ms/cloudPCMechanics
For guidance on choosing the right Cloud PC for your specific user types, check out https://aka.ms/CPCsizing
Get a detailed step-by-step guide for setting up Windows 365 at https://aka.ms/deploycpc
Unfamiliar with Microsoft Mechanics?
We are Microsoft’s official video series for IT. You can watch and share valuable content and demos of current and upcoming tech from the people who build it at Microsoft.
- Subscribe to our YouTube: https://www.youtube.com/c/MicrosoftMechanicsSeries?sub_confirmation=1
- Join us on the Microsoft Tech Community: https://techcommunity.microsoft.com/t5/microsoft-mechanics-blog/bg-p/MicrosoftMechanicsBlog
- Watch or listen via podcast here: https://microsoftmechanics.libsyn.com/website
Keep getting this insider knowledge, join us on social:
- Follow us on Twitter: https://twitter.com/MSFTMechanics
- Follow us on LinkedIn: https://www.linkedin.com/company/microsoft-mechanics/
- Coming up on Microsoft Mechanics, we continue our series on Windows 365 to take a closer look at your options for getting everything up and running. We’re going to explore the prerequisites and what the imaging and provisioning process looks like as well as ongoing management. So, today I’m joined by engineering lead, Christiaan Brinkhoff, welcome to the show.
- Thanks for having me.
- Thanks so much for joining us today. So we just announced Windows 365, and if you’re new to it, it’s a Cloud PC that lets you securely stream your Windows experience, including your desktop, your apps, your settings, your content, really about any device. And if you’ve missed our introduction with Scott Manchester, you can find that at aka.ms/cloudPCMechanics, and one of the more important points here is really keeping everything simple and familiar from a deployment configuration perspective. So if you’re a device admin right now, it’s going to be really easy to get everything started and up and running with Windows 365. So Christiaan, can you walk us through that setup experience?
- Yeah, sure. So let’s start by going over the prerequisites. So the first thing you will need is an Azure subscription to connect to your current on-premises environment. Next, in Azure Active Directory, you will want to get your directory servers wired up using Hybrid Azure AD join. And then in Azure networking controls, you will need to ensure your Cloud PC can access any necessary on-premises resources. This makes it possible to reach your file servers, your local intranet, for example. Importantly, your DNS servers need to work and be properly configured. This is also important because your Cloud PCs will be assigned to this virtual network in a later step.
- Okay, so once you have your on-prem network and domain connected to Azure, how do we start building and assigning our Cloud PCs then to users?
- So there are a few ways to do this. You can either start with the user or build the environments and provisioning policies, and then assign users. In our case, we will start with the user. So first you or your licensing admin will need to onboard users into the Microsoft 365 admin center. So in Active Users, I can select Mason, my newborn son, an avid Windows user as well. So you can see, we have purchased two of the different Cloud PC options to meet the needs of our light users to power users. So I will give Mason a general purpose Windows 365 Enterprise Cloud PC, which is optimized for Microsoft 365 apps. And this was the more manual approach, but of course you can also bulk assign licenses by either group or via PowerShell. And for guidance on choosing the right Cloud PC for your specific user types, you can check out aka.ms/CPCsizing.
- Okay, so now Mason is licensed, but is there anything else that needs to happen for him to get up and running?
- Yes, you need to configure the Cloud PC environment in Microsoft Endpoint Manager. So in fact, this will be where you will spend most of the time managing your Cloud PCs, just like you’re probably doing now managing your Windows devices. In terms of roles, you will perform the initial setup as an Intune Administrator with the owner rights to the Azure subscription, where the virtual network lives. So for your day-to-day operations, we even created a new role for Windows 365 called the Cloud PC Administrator. Now let’s create a connection to configure the network for our Cloud PCs that we set up earlier as a prerequisite in Azure. This is specific to your Cloud PCs, so they can reach your on-premises network across clouds or your private clouds, as well as your other Cloud PCs. Here, we will define the connection name, select our subscription, then my resource group, next my network, and finally the subnet. Then we will put in the Active Directory DNS name, optionally an organizational unit, but I will skip this. And then I will input the Active Directory username as a user principal name and a password. And then, one more time to confirm and then hit next. Next I can go ahead and create a connection. This process will also kick off the watchdog service. This is our service that works behind the scenes to validate your connection settings, and it will make sure that your connections are healthy or alert you when they are not with recommended actions. So everything looks good. I can see Azure Active Directory, our device sync, and our numbers of IPs available in the subnet are green. But if you hit a snag, like you can see here in my other tenant, you get an alert with proactive recommendations. Here, for example, I’m notified that my Active Directory is not configured properly and I can see how to fix it.
- Okay, so now we’ve licensed a few users, we’ve wired up our network resources, then are users like Mason, ready to go?
- So there’s one more step that needs to happen before they can log on. So we still need to create a provisioning policy in MEM. This will kick off the provisioning of Mason’s Cloud PC, and others that are, as you can see, currently in a Not Provisioned state. The provisioning policy process is the core configuration for your Cloud PCs. So let’s create one. I need to give it a name and whatever name you give it is how your Cloud PCs appears to users in the Cloud PC portal. So try to make sure that you choose a user-friendly name like East US-Finance users for your finance department on the east coast. And remember that VNet we created earlier? Here’s where you will specify the use of that virtual network’s location for your Cloud PCs. Note that you can have more than one Vnet depending on your regional needs. And after that, you have to select the image of Windows you want. You can use gallery images available with Microsoft Teams and the Microsoft 365 apps for enterprise pre-install and optimized for Cloud PC out-of-the-box. The nice thing about these gallery images is that they are always kept up-to-date and you will use MEM to layer on additional apps, policies, and customizations once a Cloud PC comes online. And you also have the option to continue using your own custom images with everything you need preinstalled.
- Right, and this is really using the shared image gallery service under the covers. So for example, if you have an automated imaging process right now, you can keep doing that with your Cloud PCs. And also the nice thing here is that these get geographically replicated so that your deployment source can stay local to where your users are. So Christiaan what’s next then?
- So now we just need to assign this policy to a group. So I’ll assign this one based on the department name of my users. So I will choose finance users here. And after that, I get a summary screen. Next, when I confirm this is correct, it will start provisioning a Cloud PC for anyone in this group with a Windows 365 license assigned. And this process will take a few minutes. Here we’ll see that the status displays provisioned for the Cloud PC, with the image we just selected. But of course we will want to make sure that our standard settings and configurations are applied to these Cloud PCs. So from here, the nice thing is that you can use the same app and policy configurations you would normally use in MEM for any other managed device. So in my case, I’ll click into All Apps and then you will see all my line-of-business apps and other standard apps. In fact, most of these applications are assigned to all Windows devices. So if that’s the case, all your Cloud PCs will just get them and no additional work is required. Or if you want to deploy a new app to my Cloud PCs, I can click into one like Notepad++, and then next I’ll go into properties and edit, and then assignments for deployment. I will add my new group of Cloud PCs into it. Now it will deploy to current and future members of that group. And I can repeat this process for any other apps as well. And by the way, MEM also supports MSIX packages.
- So a big part of Microsoft Endpoint Manager though is the policy and the settings configuration management. So are those controls also shared now with Cloud PCs?
- Yes, your Cloud PCs can be managed in the same way with configuration profiles, compliance policies and other controls. So in this case, I’ll exclude my Cloud PCs from a policy which doesn’t make sense for them. I will choose this one with Wi-Fi policies. Again, go into assignments for exclusion, and then add my group and save it. Again, I’ll repeat this process for any other configurations. This includes conditional access, scripts, update policies, and more.
- Okay, so now your Cloud PCs are business ready with all the apps and policies that are needed. So can we take a look then what the user experience looks like?
- Yeah, let’s try it out. So from Edge, I’m navigating directly into the Cloud PC portal. It will prompt me to sign in and then I’ll enter my username. My Cloud PC is configured to use multi-factor authentication with conditional access and with passwordless authentication. And once I match the number and approve, this is the portal where you access your Cloud PC. And there it is. I can join here straight away from the browser, or I can download and install native apps for Windows, MacOS, Android, and iOS. Of course, for Linux, you can use the browser and we have also a partner solution and a first party app coming soon. Here, there options for restart, rename and troubleshooting available. So now we’ll open my Cloud PC in the browser. It will ask me for permission to access my local devices like clipboard, printer, microphone, or access my local C drive if my IT has given me those permissions. So now we’ll enter in my domain passwords. And once I do that, I’m in. You can see that our user-specific policies are getting applied and our device settings have been applied before I logged in. I can open the start menu and I can see that my required apps are pre-installed. You will also notice that Notepad++ is here already. And our MEM policies have been applied as well. And because we are using OneDrive Known Folder Move and Enterprise State roaming and Edge browser synced settings, your desktop files, docs, pictures will be there as well as your roaming settings, like your desktop background and personalization. And in Edge, as you can see here, you’re syncing your favorites, your browser history and your browser extensions.
- Okay, so now you’re set up and ready to use your Cloud PC from just about any modern browser, but how would you sign in then with the native apps and what are the benefits of using those native apps versus the browser?
- So these apps will give you a lot more capabilities, especially when it comes to accessing your local devices, like your webcam, your monitors, a USB bus, and more. Plus on the software side, you will get Microsoft Teams optimizations, start menu integration, and more. And with any of these apps installed, you need to configure a few more things to connect to your Cloud PC. So we start with subscribing the user into the app. Enter your Azure AD credentials, including MFA, assuming that’s been configured. Now we will choose my Cloud PC, and then you will need to enter in your local domain credentials, your username, your password. And by the way, this also works with Windows Hello. Additionally, Azure AD Join authentication and single sign-on is coming soon. But for now you can also save your credentials in the local credential store on your device by clicking the remember me checkbox. So you won’t get prompted for credentials next time. So now I’m logged into my Cloud PC and have additional capabilities I mentioned before compared to the browser experience. So for example, I can go into display settings and you can see that I have two monitors connected to this Cloud PC, and my webcam via Windows camera apps as well.
- Cool, and those are all really great capabilities as we’ve shown in the past. You also have something called Teams AV redirect pre-configured. So that way your webcam actually acts like a direct feed between the devices accessing your Cloud PC and other devices to really avoid lag, improve quality, and also reduce CPU and RAM usage on your Cloud PC. So for the people who are watching and they want to get started with Windows 365, what do you recommend?
- So you can access a trial for Windows 365 now at aka.ms/CPCTrial, and start testing the user experience. And for a detailed step-by-step guide for setting up Windows 365, check out my comprehensive blog at aka.ms/deploycpc. So I hope you’re ready to kick the tires on this new cool service.
- Thanks so much for joining us today, Christiaan, and a great overview on Windows 365. Of course, to stay up-to-date with all the latest news, keep watching Microsoft Mechanics. And if you haven’t yet be sure to subscribe to our channel. Thanks for watching. We’ll see you soon.