It had to happen: Microsoft's cloudy Windows 365 desktops are due to land next month

Microsoft today introduced Windows 365 at its Inspire event: a desktop-as-a-service set for general availability on 2 August.

Windows 365, also known as Cloud PC (and previously code-named Deschutes) is a Windows 10 or (when available) Windows 11 PC running on Azure. Does not Microsoft already offer this in the form of Azure Virtual Desktop (AVD), formerly known as Windows Virtual Desktop?

Melissa Grant, Director of Product Marketing, told The Reg: "We think of AVD and Cloud VDI as a PaaS solution and what we're offering with Windows 365 is a SaaS solution... you don't have to be a virtualisation expert. You don't have to interact with the Azure portal."

Microsoft does not want it called VDI (Virtual Desktop Infrastructure). "We're not shipping anything that's infrastructure. We're providing all that as a back-end service... If you were to classify it, it would be most aligned with DaaS (Desktop as a Service)," said Scott Manchester, partner director of program management for Cloud Managed Desktops, in a press briefing. That said, according to Manchester, it goes "way beyond what traditional DaaS provides."

Under the covers, it is built on Azure Virtual Desktop and managed through Microsoft Endpoint Manager (MEM), Microsoft's cloud-hosted device and application management solution, or for those without MEM, tools directly integrated into the Cloud PC portal. A MEM licence is therefore not essential.

Microsoft said that development of Windows 365 was accelerated by the pandemic because of the sudden huge increase in working from home. A remote worker can boot up a family PC or tablet and log on to Windows 365 through a remote desktop client or via a web browser, do their work, and close the session knowing that the state is saved. It is more secure than working on a home PC full of games and untrusted applications, and solves problems like keeping work documents where they belong, within business storage.

Manchester told us that installing an app to access Windows 365 will not be necessary. "We support a very rich browser experience," he said, while in future Windows 11 will have built-in integration, "to easily switch between your experience on that local device and your experience in the cloud with just a swipe of your fingers."

We'll be supporting offline mode where that whole virtualization environment can run locally in a container

There are even plans for an offline mode, though this will not be in the initial release. This is the scenario where a user might check out the virtual desktop at the airport, work offline during the flight, and reconnect on landing. "We'll be supporting offline mode where that whole virtualisation environment can run locally in a container isolated from your local operating system, and then when you get connectivity restored you can then move that workload back up to the cloud," said Manchester.

Is small business the main focus? Grant told us that Windows 365 is for "both small businesses and enterprise customers," but that removing the need for virtualisation or Azure expertise would appeal to SMBs. "You know we have citizen developers. A lot of people are also citizen admins... having something extremely simplified and turnkey we think will be beneficial." There are in fact two distinct products, Windows 365 Business and Windows 365 Enterprise. Screenshots we have seen show a spec varying from 8GB RAM with 2 vCPU and 128GB storage at the low end, or as high as 32GB RAM, 8vCPU, and 512GB storage.

• NEC to move its IT into Azure and give staff – all 110,000 of ’em – a cloudy Windows desktop
• Linux Mint 20.2 is a bit more insistent about updating but not as annoying as Windows or Mac, team promises
• Microsoft broke British and European competition laws, UK reseller tells High Court
• Microsoft releases Windows 11 Insider Preview, attempts to defend labyrinth of hardware requirements

What about the technical details? Windows 365 will use AVD "personal desktops," which means a single VM per user rather than a multi-session server. Although less efficient, Manchester said the intent is to "pattern match" physical devices so that the experience is as familiar as possible. End users log into a portal; most will have just one cloud PC but running several is also supported. Admins have extra features such as user management, adding more cloud PCs, and resetting or troubleshooting instances. "For enterprise, it is at the admin's discretion to expose or not, for different users, options such as reset," Manchester explained. "Coming soon will be an optional resize tool as well."

There are new endpoint analytics tools for Microsoft 365, including latency and performance reporting, accessed through MEM. Manchester demonstrated to us how admins can review performance, identify slow PCs, and allocate a more powerful VM. "They simply log off and log back on, and they've got the bigger machine," he said.

What directory is used? "Windows 365 Business today works with pure AAD (Azure Active Directory) join, no need for Active Directory, no need for a virtual network. We can scale down to users of 1. Windows 365 for Enterprise, today, does rely on hybrid join, so you must maintain an Active Directory that's synched to Azure Active Directory," Manchester said. "Later this calendar year we will start to expose native AAD there."

App deployment is the same for Windows 365 as it is for physical PCs. "You can actually use the same images that you use for physical devices for your cloud PCs," said Manchester, referring to enterprise deployment scenarios.

What about security? Windows 365 will use the multi-factor authentication (MFA) capabilities of AAD and admins can apply security policies to PCs using MEM. Microsoft has designed a custom "security baseline," meaning a set of policies that can be applied to Windows 365 PCs. This can include conditional access policies, to define when login is allowed. Microsoft will also provide PC images "updated monthly, that have all the Patch Tuesday updates applied, Office pre-installed, all the Teams optimisation to run well in a virtualised environment," said Manchester. "I also have the option to give users either standard user access or admin access," he added.

This touches on a difficult aspect of Windows 365. Although Microsoft provides the tools and policies to give users a good start, Windows 365 PCs are long-running instances that are subject to the same risks as other PCs in terms of malware, update failures or registry corruption. "In the enterprise space we want to accept the current policies and processes that they're using, and then provide additional tools to supplement that," said Manchester. "For Windows 365 Business, we turn on Windows updates by default, matching the consumer scenario where updates are applied automatically. If we were to come up with something super disruptive, a different model, and forced that on enterprise customers, that would be an issue for them to accept this new solution."

Microsoft has plumped for familiarity, but in doing so has left users potentially still vulnerable, compared to more secure operating systems like Chrome OS, or pure cloud-based models such as accessing documents entirely through a web browser. The mitigation is that a Cloud PC can easily be reset or replaced, with the user's data still intact provided that documents are synchronised to cloud storage, by default OneDrive or SharePoint online. What about some crufty old Access application that saves data to c:\mydata? There is no magic here; the app will work in Cloud PC but users or admins will have to take care of backup in the same way as before, or do the work of migrating the application to use a modern architecture.

Manchester noted that Windows 365 will have fast connections to Azure and Office 365 data. "Our default recommended configuration for our customers is to use OneDrive and folder redirection. They've got that ability to sync that content up to the cloud." In the event of recovering to a new PC, that data will come back. "I have a 10GB download speed on my cloud PC, but I may only have a 15 or 20MB speed on my local network. If I ever need to resync my data from any Office service or application, it comes down super quick," he said.

What will it cost? "We'll be disclosing the pricing on 1 August," we were told. The product will be available through Microsoft's Cloud Solution Providers, while "enterprise customers can add Windows 365 to their existing enterprise agreement," Grant said.

Microsoft has said that Windows 365 will be priced per user, per month, unlike AVD, which is priced based on resources consumed. A multi-session AVD setup will likely be much cheaper. AVD will continue as before. "We see them as companions," said Grant. ®