Windows 365

One of the announcements from Inspire this week that has everyone talking is, of course, Windows 365. What is it? Where does it fit? What about Azure Virtual Desktop? Just some of the many questions I’ve seen raised, and received directly in the last few days. It’s an exciting launch – one that dramatically simplifies the approach towards Cloud Desktop for many organisations – but one that also raises questions in terms of its positioning, and its general suitability against certain use cases. Whilst the detailed technical information on Windows 365 is still sparse, there is some detail working its way through. I thought I’d take the chance to summarise what we know so far and tackle some of these questions. This won’t be close to exhaustive (and subject to change pre-release on August 2nd)… but it should help to address some of the initial things you may find yourself questioning…

So what is it?

A screenshot referencing some of the benefits of Windows 365: simplicity, security, and the ability to stream to any device

At its core, Windows 365 is another form of Desktop as a Service - iterating the previous move by Microsoft into this space with what was Windows Virtual Desktop (WVD) - now Azure Virtual Desktop (AVD). It’s built on much of the same architecture but operates on a fixed (with some caveats) price per month vs. the consumption based model applied to AVD. I’ve written about AVD before, and covered off some of the long history I’ve had with various Remote Desktop and VDI solutions in general. The way the market for this type of technology continues to reinvent itself to address the needs of users and business is something I find fascinating, but I can’t argue with the need. In spite of an underlying shift to “cloud-native”, centralised / hosted / managed desktops (whatever term you prefer) have a place. Not only this, but advances in connectivity and technology have the potential to make this way of working more seamless than ever before.

Windows 365 is published in the same way as AVD so accessible across devices and platforms (Windows, MacOS, Linux, Android and iOS) using a combination of clients, apps, and browsers. You’ll be able to subscribe to either a Business or Enterprise Windows 365 desktop in a variety of VM sizes as outlined in Christian Brinkhoff’s excellent blog post on the Tech Community:

A screenshot of a table summarising the different VM sizes available with Windows 365

In terms of key differences to AVD (beyond the charging model):

  • The subscription and related Azure services are managed by Microsoft
  • Desktops are dedicated to the user (there’s no concept of a multi-session / pooled desktop)
  • Profiles are local (save OneDrive redirections), no FSLogix support
  • Monitoring is limited to Endpoint Analytics and in-guest / agent based alerting
  • Backup is restricted to in-guest agent based solutions, or redirection (e.g. ODfB)
  • Sizing is restricted to specific CPU / RAM combinations

These differences are unsurprising in many respects… it’s more of a “Managed Service” than AVD, and there are constraints on access and management as a result. The more important distinctions come when you start to look at the differences between the Business and Enterprise editions of Windows 365:

Business Windows 365 Desktops:

  • Are provisioned as Azure AD joined VMs
  • Cannot be integrated with an Azure or on-premises network
  • Need to be managed like standalone desktop endpoints
  • Are limited to 300x endpoints per organisation

Enterprise Windows 365 Desktops:

  • Are attached to customer managed Azure VNets at the point of deployment
  • Are provisioned as hybrid joined VMs
    • The virtual network specified must have sight of Active Directory
    • Users must be synchronised between AD & Azure AD
    • Azure AD Domain Services is not supported (Active Directory only)
  • Can access corporate applications in Azure / on-premises (subject to Azure networking)
  • Connect to the internet via the customers Azure subscription (egress charges apply)
  • Require the assigned user to be licensed for Endpoint Manager
  • Are enrolled into and managed by (patching, application deployment etc.) Endpoint Manager
  • Require an Endpoint Manager license to be assigned to each user allocated a desktop

The two flavours are very different in terms of pre-requisites, capability, and configuration, and further still from AVD. There are some important questions to ask when determining which is right for you:

  • Is corporate application access required?
  • Do you use traditional Active Directory, or Azure AD only?
  • Is the storage of desktops outside of your own Azure tenant an issue?
  • Are you looking for cost-benefits associated with pooled desktops, out-of-hours shutdown, or Reserved Instances?
  • How important is centralised management of your desktop and applications?
  • Does you require host-level management of the underlying VMs?

Summary

There’s obviously much more to come on Windows 365, so any judgment or opinion now is likely to change. As it stands I find the release really exciting (a viable alternative to AVD which is highly attractive to organisations who just want simplicity), yet also slightly frustrating… Why the need for hybrid join in Enterprise? Why no support for Azure AD Domain Services? Why no VNet integration for Business Desktops? I appreciate the need for distinction, but the feature mapping seems off to me when I consider the sorts of use cases we will encounter at Transparity. As was the case with A(W)VD, I’m confident we’ll see rapid progress when it comes to features and functionality… I’m just a little impatient!

A side note, but I’m not the only one excited for native Azure AD join (preview) in AVD, right?! 🙂