Sometimes, setting up remote access can be complex and it is even more difficult to secure such access. Microsoft Windows 365 Cloud PC can be easily set up in an environment with Entra ID and Intune. This solution can provide secure remote access to the environment, quickly and at a reasonable cost.

This blog post will explain the essentials of getting started with Intune Windows 365 Cloud PC.

Benefits of using Intune Windows 365 Cloud PC

There are many benefits to adding Windows 365 Cloud PC to your infrastructure :

  • Users (Employees, consultants, external resources) can access the environment from any device, including their own personal device
  • Securitized access to corporate data
  • Integrated managed like physical devices with Microsoft Intune
  • Quick scalability and onboarding.
  • Cost-efficient with a variety of performance choices

For more details, see Microsoft docs.

Prerequisites

Intune Windows 365 Cloud PC

Here are some of the key differences that Windows 365 Enterprise Cloud PC offers compared to Business license.

  • Can use of Azure Virtual Network(VNet )
  • Require users to be licensed for Windows 10/11 Enterprise
  • There is no limit to Cloud PCs, business is limited to 300.
  • Provisioning can be customized
  • GPO and Intune device configurations are supported
  • Windows Update can be managed
  • See the full list of differences between the 2 licenses on Microsoft Docs.

Step-by-step configuration of Intune Windows 365 Cloud PC

The first step to providing a Cloud PC to a user is to assign them a provisioning policy.

  • Login to the Intune portal and navigate to Device / Device Onboarding / Windows 365
  • Select Provisioning Policies and Create Policy
Intune Windows 365 Cloud PC

Note that if you can’t see the customization, there is not at least one license for Windows 365 Enterprise and should look like this.

Intune Windows 365 Cloud PC
  • Provide the Name and Description. Also, select the License type.
Intune Windows 365 Cloud PC
  • Finalize the configuration by choosing the Join type.
    • for more details about Join type, see Microsoft docs.
    • For this demo, we will use a Microsoft-hosted network, which limits access to online resources only.
Intune Windows 365 Cloud PC
  • Select the Image type
    • By default, only 2 types of images are available. Blank image, or with Microsoft 365 Apps.
    • Select the Windows 10/11 build you desire to use.
    • A custom image is possible, but we’ll keep that for future posts.
Intune Windows 365 Cloud PC
  • Define the Device name template
    • 5 to 15 characters
    • can include letters, numbers and hyphens
    • can’t have blank
    • can use %Username:X% variable
    • Required to add %RAND:Y%
      • Y must but 5 or more, for random characters at the end.
Intune Windows 365 Cloud PC
  • Under Additional Services, select which type of management for the Windows Update.
    • If Autopatch isn’t configured or used, it is possible to manage with standard Windows Update for business rings.
  • Once created, assign the policy to a group, knowing that the user license is already associated with the user.
Intune Windows 365 Cloud PC

Create a user settings policy

  • Navigate to Device / Device Onboaring / Windows 365 and select User Setting Policies and Create Policy
Intune Windows 365 Cloud PC
  • A few options exist, but none are mandatory. It’s only mandatory to have a policy defined and assigned to users who will use the Cloud PC
Intune Windows 365 Cloud PC
  • Once created, assign the policy to a group with the Cloud PC users.

Manage Windows 365 Cloud PC

Once the license, the provisioning profile, and the user policy are assigned, the Cloud PC will be provisioning automatically for the user. This process takes a few minutes. While provisioning, the user won’t see the CloudPC in their portal access.

  • Under Devices / Windows 365 / All Cloud PCs, the provisioning status is available.
Intune Windows 365 Cloud PC
  • Once Provisioned, under Devices / Windows, the device is like any other Windows device.
    • Azure joined
    • Intune enrolled and managed
    • Assign Device configurations, applications, and any security policy.
Intune Windows 365 Cloud PC
  • There are additional available in the Windows 365 portal.
    • under Update organization settings
Intune Windows 365 Cloud PC
  • While not mandatory, some fine-tuning can be done
Intune Windows 365 Cloud PC

Access your Intune Windows 365 Cloud PC

End-user can access their Windows 365 Cloud PC by 3 different methods :

  • Web client through https://windows365.microsoft.com/
    • The requirements are pretty basic as it needs a supported OS(Windows, macOS, ChromeOS or Linux) and a supported modern browser.
Intune Windows 365 Cloud PC
Intune Windows 365 Cloud PC
Intune Windows 365 Cloud PC
  • Via the modern Remote desktop app
    • this is transitioning to Windows Apps to use Microsoft wording… so not deprecated, yet.

Additional steps

There are way more to be configured depending on various scenarios.

To name a few items to look for:

  • Azure Network connection
    • To access the internal network
    • To set up devices in Hybrid Microsoft Entra Join
  • Setup Hybrid Microsoft Entra Join
    • process GPO
    • File access to file servers
  • Various policies
    • Conditional access
    • Device configurations
    • Windows Update for Business rings
  • Application assignment
    • just like any standard devices, apps can be enforced and/or published in the Company portal
  • Custom images instead of using default images provided by Microsoft
    • By default, a clean image and an image with Microsoft 365 Apps are available.

Keep an eye on the What’s new page for new and updated features.

For more information about Microsoft 365 Cloud PC, see Microsoft docs.

Comments (0)