The news of Windows 365 and the CloudPC piqued my interest this week. For some time I have been hoping for a persistent virtual desktop experience in the cloud that is unique for me. My vision for what it should look like was that I could use my existing Office 365 credentials, login to a desktop spec’d to my choosing and use my Office 365 within the desktop, as well as consume the other 3rd party apps that are important to me. Most importantly though, I would like to pay a predictable flat price subscription each month just like I do for Spotify or Netflix.
The Windows 365 offering looks like it will partially meet my vision. CloudPC will be a flat fee subscription per month. No more trying to guess how much compute you will use month to month to predict your bill. What was announced this week is tailored to Business and Enterprise customers. Active Directory running on-prem with VPN connecting back to Azure or Active Directory hosted within Azure appears to be a requirement at least with initial product launch for the Enterprise offering BUT a few weeks ago, somewhat discreetly Microsoft announced an upcoming Azure Active Directory Join feature and Scott Manchester confirmed that can be used with the Business offering immediately at launch.
Tom Hickling has published a pretty comprehensive article on the feature. This would enable a company without Active Directory on-prem today to consume virtual desktops without a need to spin up Active Directory Services in Azure. This is huge. Azure Active Directory Domain Services is pretty expensive! If you can find a way to just use the CloudPC and the services provided as part of that flat monthly fee, there could be no need to pay for any other Azure resources. No storage accounts, no Azure Files File Shares, no additional services. Now getting away from those dependencies in enterprise environment is easier said than done but not impossible.
Note: I updated this blog post. I originally thought Azure Active Directory Join would not be available on August 2nd. Scott reached out to set me straight. Thank you, Scott.
If you can get to a point of just using Windows 365 and no other resources, you would be able to provision a virtual desktop that uses one of the provided Microsoft images in the Azure image gallery and automatically joins to your tenant’s Azure Active Directory. At that point, you have a desktop available for your users to login to with the basics like Office 365 and the latest Windows 10 ready to rock and roll. You might be thinking, what about my other apps and setting my policies?
One of the big announcements for CloudPC is that Microsoft Endpoint Manager can be used for managing the desktops just like a physical endpoint in your office today. With this you can set policies, deploy patches and deploy applications. An important difference with CloudPC vs Azure Virtual Desktop is that right now CloudPC is only 1:1. The desktop a user gets is their desktop. It’s persistent. There is no need for profile management. It is their Personal Computer in the cloud. Unlike with AVD, Citrix MCS/PVS, Horizon etc. there is no re-composition of the desktops needed. One potential advantage or disadvantage depending on how you feel about it is that once the desktop has been provisioned, it has to be patched and maintained like any other PC. You don’t rely on patches added into an image updated centrally and deployed through a desktop recompose or re-provision. The approach is an old fashioned push the patches to the device methodology. The good thing is, it will be familiar to all admins. The bad thing is patching and deploying apps this way is not without its problems. Lack of speed and agility being the obvious impacts.
I wonder if some of this will change in future or maybe even when the product launches in August…
What I would like is that type of persistent PC in the cloud but rather than writing to a local profile, the user data and app settings get stored in FSLogix and/or a mix of SharePoint Online, Teams and OneDrive. In my last job, we had an ambitious project to get rid of all mapped network drives. I left before it really got started but some of those healthcare apps like OnBase provide an option to write to SharePoint Online rather than a network location. The EHRs store all data in a database. Users don’t need a home drive if they have OneDrive AND for those department drives for shared documents Teams Files
is a great option. Everything else currently depending on a mapped network drive can be migrated to one solution or another. Not only does removing the tie to mapped network drives make your IT more agile, it also speeds up user logons.
If the data is not committed to the desktop itself, we could re-provision the desktops to the latest image in the gallery on a set schedule rather than deploying patches. It wouldn’t take much longer and it would act as a refresh for the entire desktop once a month.
I also would not be all that inclined to use MEM for deploying apps to the desktops, at least not many apps. I might possibly use it for only a couple of agents. SCCM/MEM can be kind of flakey and slow. Perhaps when the Azure version is managing centrally hosted devices, it will be better but I’m once bitten, twice shy. Also, for my want of refreshing the desktop once a month, I’m not sure app deployments from MEM would be up to that task. It is too slow at processing app deployments on startup, in my opinion.
I have blogged and tweeted about MSIX. At this time, I think it’s still not ready for prime time which hampers the use of MSIX App Attach. With Azure AD Join, I am also a little confused on the hosting of the VHD, VHDX and/or CIM disks. Can we share the file share these are hosted on with access for the desktops without an Active Directory tie in? That would be preferable. Maybe it’s possible today already and I am just confused or maybe it will be possible by the time AADJ is generally available with the Business Windows 365 in August. If that is possible, I might consider using it but would still prefer not to have to pay for the storage required for hosting the apps.
Above is a video demo of using Numecent Cloudpaging Content Delivery Network on a virtual desktop in Azure
In an effort to keep things as simple as possible and predictable as possible I would prefer to just pay the flat fee for the desktop and not pay for any other resource based consumption in Azure…like AADDS, Storage or other hosted servers etc. I have already worked with Cloudpaging Content Delivery Network which is a cloud hosted version of Cloudpaging. This does not suffer from the same compatibility limitations as MSIX or even other products like App-V or ThinApp. With it, you can optionally just allow the users to go to a the web portal to launch their apps after the desktop starts up. If the Cloudpaging Player is not installed, on the first app launch it installs the player…which it can do as a user. Then all subsequent launches of apps don’t need to install the Player. Also, you can have it set to cache the apps so they can just be launched from the start menu or desktop shortcuts. Updates of the apps can also be greatly streamlined with Cloudpaging vs local installs with MEM as Cloudpaging dynamically delivers the apps and their updates.
With Cloudpaging, I can deliver 100% of my apps that are not part of that Microsoft provided image. Numecent is also a Microsoft AVD partner already. As written about in my last blog post, users could also choose to run certain apps on their physical windows device too like Jabber for example…which I find provides a superior end user experience over running in a virtual desktop and relying on redirection.
If you would like to use the new flat fee pricing with RemoteApp available in Azure Virtual Desktop you could still use Cloudpaging for delivering those apps too… though, personally I’m not too sure I see the appeal in that approach anymore since CCDN allows me to manage my applications completely outside of the image and I’m already paying a flat fee for the desktop, I can just pay a per user fee for the app consumption to Numecent and not have to deal with managing apps in RemoteApp. Then pay a flat fee to Microsoft for the desktop. There are also other alternatives to RemoteApp like Cameyo, which enables the simple, secure delivery of all your apps to any device. Cameyo is already integrated with and can run in Azure (or any other cloud of your choice if you’re looking to avoid vendor lock-in), and provides a predictable subscription pricing model that eliminates the potential for bill shock.
Policies can be set via MEM too. Scott Manchester in his video I embedded above showed the layers of security in Windows 365. The desktop itself is secure and well protected for added security inside the OS, I would choose to use Windows Defender managed through MEM and PolicyPak for setting other policies like some app settings and importantly for the Least Privilege Manager. Being a ControlUp employee, I am completely bias but I would also mention that I would use ControlUp for monitoring and as an automation engine and management framework. When I worked for a ControlUp customer, I spent my entire work day in ControlUp as an Engineer. I would continue to lean on it heavily for Windows 365 too.
As of this blog post, the price has not been revealed. They did reveal the different desktops specs available and as reported by the Verge while doing one of the demos they show one configuration and it’s cost. It was a Business Desktop with 2 CPUs, 4GB of Memory and 128 GB storage showed as $31 per user, per month.
CHEAT SHEET 😍 Here you go. All in one place.
The Ultimate Windows 365 Cloud PC Vs. Azure Virtual Desktop Cheat Sheet 👌
If you would like to compare Azure Virtual Desktop and Windows 365, Bas and Vadim at Nerdio shared a really great cheat sheet covering some of the differences I already mentioned like the face it is 1:1, no profile management required etc. plus they cover much more than I did.
With Microsoft’s might data centers and the greatly improved RDP protocol, I know I can get a rich user experience with CloudPC or indeed Azure Virtual Desktop. A benefit of using a desktop hosted in a Microsoft data center is that their download speed is tremendous and I get to use that! They have also built the infrastructure and intertwined services with a secure Zero Trust approach. With PolicyPak and MEM, I have a great way for managing my policies and securing the desktop itself. ControlUp can allow me to measure service availability and alerts on performance degradation, it can help me right size my desktops for cost efficiency, it provides an easy to interpret guided troubleshooting when there are issues and an incredibly powerful automation engine and management framework! With the Azure image gallery, I don’t have to worry about creating and maintaining my own images anymore. With Cloudpaging, I have a way to deploy and dynamically update all of my 3rd party apps without requiring image updates and with the same predictable subscription pricing that I want. All of this without having panic attacks about a potential spike in compute costing me a fortune. What is not to like!?
Join the first-ever cloudpaging user group online meetup