Operating system and security
On the software side, Microsoft has developed a minimalist operating system, including only the components required to connect to Windows 365. For example, this endpoint does not need the entire Windows 11 shell or the UWP or Win32 runtimes since no apps run locally on the device. The apps and data are stored in the Microsoft Cloud and are accessible via the Windows 365 service.
Security first
Security is a top priority at Microsoft, and Windows 365 Link is no exception. The device is secure-by-default with discrete TPM, Secure Boot, VBS, HVCI, BitLocker, and security baselines enabled out of the box. It has a strict integrity policy, ensuring it can only run the intended code, giving it a high-security posture. Additionally, there is no way to install local apps, store local data, or have local users with administrative rights.
Figure 10.10: Security layers
