You're reading from Mastering Windows 365 The ultimate guide to design and manage Cloud PCs with Intune Suite and Copilot for Windows 365

Product type Paperback

Published in Nov 2024

Publisher Packt

ISBN-13 9781836206712

Length

Edition 2nd Edition

Concepts

Operating Systems

Authors (3):

Christiaan Brinkhoff

Morten Pedholt

Sandeep Patnaik

View More author details

Table of Contents (15) Chapters

Preface

1. Introduction

2. Architecture FREE CHAPTER

3. Deploying Cloud PCs

4. Managing Cloud PCs

5. Intune Suite: Optimize and Secure Your Cloud PC Deployment

6. Application Management and Delivery to Cloud PCs

7. Managing Cloud PCs with Security Copilot

8. Accessing Cloud PCs

9. Securing Cloud PCs

10. Windows 365 Link

11. Analyzing, Monitoring, and Troubleshooting Cloud PCs

12. Windows 365 Partner Solutions

13. Community Experts Hall of Fame

14. Index

Microsoft Entra ID

Microsoft Entra ID acts as the main identity provider and access management service for Windows 365 and Microsoft Intune, which implies that users and groups are always managed within Entra. Microsoft Intune is then used to manage your MDM-enrolled devices, assign apps and configurations to users, groups of users, and/or devices, and enable sophisticated Conditional Access features such as Multi-Factor Authentication (MFA) and compliance-based filtering. With the premium version of Entra ID, you can add several extra features to protect devices, apps, and data, including dynamic groups, auto-enrollment, and Conditional Access.

Microsoft Intune

Microsoft Intune is a comprehensive suite of tools and services designed to help businesses manage and maintain all their devices, whether they are physical or cloud-connected endpoints.

Intune includes:

The Microsoft Intune service
Configuration Manager and co-management
Endpoint Analytics
Windows Autopilot
The Intune admin center
The Intune Suite

Microsoft Intune offers a unified management experience, introducing new features and intelligent actions such as anomaly detection in Advanced Endpoint Analytics and remediation scripts. These scripts can proactively resolve end user issues before they become apparent, all without causing complex migrations or disruptions to productivity.

It provides numerous resources to facilitate your transition to modern management while enhancing security and assisting in a move to the cloud. Microsoft Intune now also includes management capabilities for various endpoints, including:

Windows
Android
Linux
macOS
iPadOS

Please refer to the table below for a detailed explanation of all the management features provided by Microsoft Intune.

Diagram

Description automatically generated

Figure 1.8: Overview of Microsoft Intune Suite features

Microsoft Intune Suite

Microsoft Intune together with Windows 365 are constantly advancing and improving, equipping IT administrators with an expanded toolkit to apply the principle of least privilege on their managed endpoints. The launch of Microsoft Intune Suite has brought sophisticated features that were previously only available through third-party solutions.

Intune Suite addresses numerous challenges that you, as an IT administrator or IT manager/CIO, may face, especially those related to remote work and diverse management solutions and devices. The complexity of IT administration work for enterprises is at an all-time high.

The key advantages of Intune Suite include simplification, the potential to lower IT support costs, the phasing out of third-party software currently used as add-ons, the utilization of cost-effective Microsoft 365 plans, and a reduction in attack surfaces.

A great example of using both Intune Suite and Windows 365 together is combining Enterprise Privilege Management with Cloud PCs. You will learn more about this in Chapter 5, Intune Suite: Optimize and Secure Your Cloud PC deployment!

A diagram of a diagram of a company

Description automatically generated

Figure 1.9: Embracing the future: IT and security challenges and solutions

Windows Autopatch

Windows Autopatch is a fresh Microsoft Cloud service included in your existing Windows E3/E5 subscriptions. It transfers the responsibility of managing Windows devices and their monthly patches after Patch Tuesday from your IT department to Microsoft. It can be thought of as Windows-Updates-as-a-Service. Windows Autopatch is distinct from Windows Update for Business (WUfB), as it combines new and improved cloud service components with WUfB to deliver Windows Autopatch.

Essentially, Windows Autopatch fully automates the planning and deployment of Windows updates for Windows 10 and Windows 11, as well as for Microsoft 365 Apps for enterprise, Microsoft Edge, and Microsoft Teams. This not only simplifies the management of your Cloud and physical PCs but also reduces the risk of security vulnerabilities infiltrating your environment, ultimately enhancing user productivity.

Windows Autopatch is designed to ensure that at least 95% of eligible devices are updated with the latest Windows quality update, within 21 days of its release. Furthermore, it aims to keep at least 99% of eligible devices on a supported version of Windows, allowing them to continue receiving Windows feature updates. For Microsoft 365 Apps for enterprise, Windows Autopatch aims to keep at least 90% of eligible devices on a supported version of the Monthly Enterprise Channel (MEC).

One of the best aspects of this service is its seamless integration with Windows 365 Enterprise during the provisioning policy process, which we will explain later in Chapter 3, Deploying Cloud PCs.

Graphical user interface, diagram, text, application

Description automatically generated

Figure 1.10: Windows Autopatch

Now, let’s talk about Microsoft Dev Box.

Microsoft Dev Box

Microsoft Dev Box is a managed service that empowers developers to generate secure, high-performance, ready-for-coding, project-specific workstations in the cloud on demand – as developer-based Cloud PCs.

Microsoft Dev Box allows developers to concentrate solely on the unique code they write, providing them with easy access to the necessary tools and resources, without the hassle of workstation setup and maintenance. Development teams can preconfigure Dev Box for specific projects and tasks, enabling developers to quickly start with an environment that’s prepared to build and run their app in minutes. Simultaneously, Microsoft Dev Box ensures that unified management, security, and compliance remain under IT control by utilizing Windows 365 to integrate Dev Box with Microsoft Intune.

You can see an example of Dev Box in the screenshot below:

Figure 1.11: Microsoft Dev Box inside Microsoft Azure

In the next section, we will discuss Cloud printing and Windows 365.

Universal Print

You might remember, or perhaps you’re still using, this procedure: establishing a Windows Server environment, integrating the print server role, and then adding your printers and specific drivers to the server. It’s not exactly state of the art or efficient, right? Universal Print offers the same capabilities and more, while eliminating the need for local infrastructure. It enables you to manage printers directly through a centralized portal in Microsoft Azure.

There’s no longer a need to install (and maintain) printer drivers on devices or golden images. As a bonus, everything is compatible with Entra ID. This means users can use the same credentials they use for other Microsoft services, whether they’re logging onto a physical desktop or a cloud-based virtual desktop.

The rest of the chapter is locked