Windows 365 - What's New

Transcript

1. Windows 365 What’s new? Maura Perra – [email protected] Cloud Endpoint

   Technical Specialist Microsoft Italia

2. Welcome to your Windows 365 Cloud PC A new solution

   for today’s flexible work needs Windows 365 provides a personalized, powerful, simple, and secure full Windows experience Productivity on any device: Equip all your employees with Windows 365 Cloud PCs to help them be productive and perform at their best. Secure by design: Provide secure access to your organization’s apps and data with a protected, compliant Windows experience on Windows 365 Cloud PCs. Manage more with less: Easily deploy and manage Windows 365 Cloud PCs using your existing tools and team, maximizing your technology investment.

3. Windows 365 unlocks key flexible work scenarios Data security Improve

   regulatory compliance and IP protection via data centralization and a reduced threat surface. Disaster recovery Help ensure continuity and access for your workforce and company data, even in the most challenging circumstances. BYOPC programs Enable secured Cloud PCs, even on personal devices. Temporary workforces Simplify and accelerate the onboarding and offboarding process for elastic workforces. High-capacity computing Cloud-scale compute and storage to support specialized workloads such as design and manufacturing. Limited or shared physical device Give frontline and shift workers affordable Cloud PCs without the hassles of sharing physical PC resources. Mergers & Acquisitions Provide seamless transitions and access for growing businesses.

4. Windows 365 Enterprise: Versatile options to meet your needs Access

   from a variety of devices and operating systems Form factor Desktop, Laptop, Tablet, and Phone Platform Windows, Mac, iOS, and Android Provision with your choice of Windows Windows 11 Windows 10 Choose from a range of compute and storage configurations, each offered at a predictable monthly per-user price. GPU Standard 1 Super 2 Max 3 16vCPU 64GB / 512GB 64GB / 1TB 8vCPU 32GB / 128GB 32GB / 256GB 32GB / 512GB 4vCPU 16GB / 128GB 16GB / 256GB 16GB / 512GB 2vCPU 4GB / 64GB 4GB / 128GB 4GB / 256GB 8GB / 128GB 8GB / 256GB 1 Minimum specifications for primary drive: 4vCPU / 16GB / 8GB vRAM / 512 GB primary storage / 176GB temporary storage 2 Minimum specifications for primary drive: 8vCPU / 56GB / 12GB vRAM / 1TB primary storage /352 GB temporary storage 3 Minimum Specifications for primary drive: 16vCPU / 110GB / 16GB vRAM / 1TB primary storage / 352 GB temporary storage

5. Windows 365 Frontline Cloud PCs that meet your employees’ needs

   One license provides access to multiple users across your organization (non-concurrently) Windows 365 Frontline offers several key benefits to optimize your Cloud PCs: Allocate Cloud PCs to more users, rather than providing each user with a dedicated Cloud PC 24/7. Reduce costs while still providing the full desktop experience and productivity tools. Manage the same as other Cloud PCs, with security and simple deployment with Microsoft Intune.

6. Expanding access across your organization with Windows 365 Frontline Choose

   the Windows 365 Frontline mode that fits your workers and business needs DEDICATED MODE Personalized Cloud PCs For employees who need consistent and personalized access Dedicated Cloud PC access only during their shift One Windows 365 Frontline license enables up to three dedicated and personalized Cloud PCs to be used non- concurrently Personalized, full Windows experience Deploy and manage in Microsoft Intune SHARED MODE Designed for task productivity For employees who need brief access to complete tasks Cloud PC access for productive specialized use One Windows 365 Frontline license enables a single Cloud PC that can be shared across groups of users non-concurrently (one active session at a time) Non-personalized Windows desktop experience that resets between sessions (data removed after sign-off) Deploy and manage in Microsoft Intune

7. Meeting Cloud PC demands with Windows 365 Frontline Full time

   Windows 365 Enterprise 9AM 10AM 11AM 12PM 1PM 2PM 3PM 4PM 5PM 6PM Part time Windows 365 Frontline in dedicated mode Intermittent Windows 365 Frontline in shared mode User 1 User 2 User 3 User 1 User 2 User 3 User 4 User 5 User 6 User 1 User 2 User 3

8. Windows 365 Link

9. Introducing Windows 365 Link The first Cloud PC device purpose-built

   by Microsoft to connect securely to Windows 365 in seconds. Cloud-powered performance Secure by design Simplified IT management Aligned with sustainability goals Currently for Windows 365 users in Australia, Canada, Germany, Japan, New Zealand, the United Kingdom, and the United States.

10. Built for secure productivity Ideal for desk-based workers using Windows

    365 in shared workspaces Hot desking Enable hybrid workers to pick up where they left off​ Financial analysts Consultants Banking associates Call centers Provide frontline workers secured access to tools and information Customer support agents Tele-sales reps Specialized spaces Empower people working in labs, training centers, reception desks, etc. Industry frontline workers Receptionists Scientists, researchers

11. Windows 365 Link tech specs Hardware Built as a compact,

    fanless, light-weight device: 4.72 inches x 4.72 inches x 1.18 inches and weighs less than one pound Boasts dual 4K monitor support with one HDMI and one DisplayPort, 3 USB-A, 1 USB-C port, a 3.5mm audio port, an Ethernet Port, Wi- Fi 6E, and Bluetooth 5.3 Windows-based operating system Purpose-built to boot directly to Windows 365 Small OS footprint with minimal applicable configuration policies Security baseline policies enabled by default

12. Windows 365 Link main benefits Currently for Windows 365 users

    in Australia, Canada, Germany, Japan, New Zealand, the United Kingdom, and the United States. Cloud-powered performance Offer users responsive, high-fidelity, cloud-powered productivity experiences in shared workspaces Security Help ensure corporate data is protected with Cloud PC devices that are dataless, adminless, and passwordless IT efficiency Lower TCO with Cloud PC devices that are easy to set up, use, manage, update, support, and reuse Sustainability Reduce energy costs and meet increasingly important sustainability KPIs with energy-efficient, long-lasting devices

13. Maximize productivity with Cloud PC devices that offer responsive, high-fidelity

    experiences Cloud-powered performance Windows 365 Link takes seconds to boot and instantly wakes up so users can quickly get started Connects directly to Windows 365 where users can work in a familiar Windows experience Offers local processing for high-performance video playback and conferencing, including high-fidelity Microsoft Teams meetings and Webex by Cisco Seamless to use with wired or wireless peripherals

14. Devices leveraging Windows class drivers are compatible Class drivers provide

    a reduced attack surface, simplified management, and increased reliability Supported class drivers: Audio and camera Human Interface Devices (HID): Keyboard, mouse/touchpad, etc. Mass Storage Hub 3rd party drivers for devices are not supported. Seamless to use your wired and wireless peripherals Peripheral support

15. Reduce the attack surface with locked-down devices and passwordless authentication

    Secure by design Windows 365 Link has no local data, no local apps, and no local admin users Security baseline policies are enabled by default and security features cannot be turned off Login is simple and secure with passwordless authentication using Microsoft Entra ID and the Microsoft Authenticator app or USB security keys Includes a Kensington lock port for physical security

16. Efficiently configure and manage alongside other PCs using Microsoft Intune

    Simplified IT management Windows 365 Link is compact and lightweight, convenient to ship to users Configurable within minutes in a few simple steps Simple to manage alongside other PCs using Microsoft Intune, with familiar actions such as Restart or Wipe Automatically stays up to date

17. Advance sustainability with energy efficient, long-lasting, and repairable devices Aligned

    with sustainability goals Windows 365 Link contains a minimum of 50% recycled content1 and has 100% paper-based packaging ENERGY STAR®-certified device, with a lower energy consumption than most desktops for users with external monitors and peripherals connecting to Windows 365 Designed to be long-lasting and repairable 1Based on draft validation performed by Underwriter Laboratories, Inc. using Environmental Claim Validation Procedure, UL 2809, final validation pending

18. Windows 365 Security Features

19. Passwordless authentication End-to-end passwordless authentication can be enabled by leveraging

    the single sign-on and WebAuthn redirection features. Single sign-on helps ensure that both the service and OS authentications leverage Microsoft Entra and support all credential types supported by Microsoft Entra, including phish-resistant credentials such as passkeys and third-party identity providers. Once inside the session, WebAuthn redirection sends authentication requests to the local device to be completed using locally attached security devices, passkeys or Windows Hello for Business.

20. Faster re-authentication Faster re-authentication enables IT admins to require that

    users re-authenticate when launching a new connection if it’s been more than 5-10 minutes since they last authenticated to Microsoft Entra. This functionality leverages the sign-in frequency option in Conditional Access policies.

21. Secured access to Cloud PCs or Cloud VMs with MAM

    Scenarios: 1. Customers want to minimize sensitive data exfiltration and/or block malware infiltration • Users can access local drives and clipboard on a managed device • Users cannot access local drives and clipboard on an unmanaged device 2. Customers want to raise the security bar for access based on device conditions With MAM integration, customers can customize the allowed device redirections and strengthen security of the physical devices used to access Windows 365 Cloud PCs or Azure Virtual Desktop VMs (such as, requiring min OS version, AV to be on, etc.). • Solution applies to both Azure Virtual Desktop and Windows 365 • Available for Windows app • Supports all three scenarios below Unmanaged • User’s personal device • Windows 11 Home or Windows 10 Home edition • Can’t be managed due to technical limitation or corporate policy 1 Managed by external tenant • Already managed means it can’t be enrolled into another tenant for configuration policies or conditional access 2 Managed by organization • Enrolled into Microsoft Intune and Microsoft Entra joined (Optional: Microsoft Entra Hybrid Join) • Available for conditional access posture checks 3 Preview on iOS/Android: 24H2 / Preview on Windows: 25H1

22. Windows data protection Watermarking Add a traceable watermark to Cloud

    PCs Screen capture protection Block/Hide remote content in screenshots and screen sharing

23. Unidirectional clipboard redirection Unidirectional clipboard redirection restricts the flow of

    data to a single direction—either from the Cloud PC or Cloud VM to the client or vice versa. This capability allows organizations to limit the direction and configure the type of data that can be copied at a user or device level. With this, organizations can prevent accidental or intentional data leaks.

24. Microsoft Purview Customer Key Customer Key offers greater flexibility for

    customers to use their own keys for encryption for data at rest. This provides ability for customers to revoke access at any time.

25. Microsoft Purview Customer Lockbox Customer Lockbox is now enabled in

    Windows 365. It ensures that Microsoft can't access your content to do service operations without your explicit approval.

26. Microsoft Purview Insider Risk Management with Forensic Evidence Signals to

    identify insider risks • Visual context aids security teams during forensic investigations. • Helps identify malicious or insider risks (e.g., IP theft, data leakage). Privacy by design • User privacy is protected through multiple levels of approval for the activation of the capturing feature. • Role-based access controls (RBAC) and audit logs help ensure user privacy. Selective capturing • Organizations set policies based on priority events and sensitive data. • Users can be notified when forensic capturing is activated.

27. Place a Cloud PC under review for forensic investigation Enables

    an authorized administrator, when required, to take a snapshot of one or more Cloud PCs and transfer it to a secure Azure Storage Account hosted in the customer's Azure subscription, for the explicit purpose of analyzing the content of a Cloud PC Disk (as in support of eDiscovery). • Navigate to the Device page • Click on the Ellipses • Place Cloud PC Under Review • Choose a Storage Account • Initiate Review • Remove Cloud PC from review Screenshot(s)

28. Windows 365 Disaster Recovery Options

29. Cloud PC point-in-time restore Point-in time-restore allows an administrator (or

    an end user, if enabled by the organization) to restore a Cloud PC to a known good state. Administrators may restore single Cloud PCs or in bulk. Also facilitates service continuity; if the infrastructure where the Cloud PC is deployed is not healthy, Point-in-time will automatically provision in different infrastructure, in a different Azure Zone (if available). Feature is automatically enabled for all Cloud PCs. • Cadence of restore points may be adjusted in User Settings when configuring Cloud PCs • Whether or not an end user can self-restore may be set in User Settings when configuring Cloud PCs

30. Windows 365 Cross-region Disaster Recovery Windows 365 Cross-region Disaster Recovery

    extends data resilience and disaster recovery for Cloud PCs. It is a resilient and cost-effective service to protect workloads against regional outages. Key benefits include: • Enhance resilience and reduce risk of user downtime and productivity • Best in class and simple in-built IT administrator controls • Automated alerts and actionable insights, helping customers remediate issues instantly Windows 365 Cross-region Disaster Recovery is provided as an add-on license to Windows 365 Enterprise SKUs. It is not currently available for any other Windows 365 SKU.

31. Windows 365 Analytics

32. Windows 365 Endpoint analytics* | Six categories Resource performance •

    CPU Spike time % • RAM Spike time % • Top Spiking Processes Remoting connection • End user connection/ sign-in time – Time taken for end user to connect • Round Trip Time (RTT) – Streaming Quality of Connection/Session Include CPC sign-in time Start-up performance • Boot time for Windows 365 Endpoint • Sign-in duration/time for Windows 365 Endpoint Include CPC remediation scripts Proactive Remediations • Automated actions to remediate common issues with Windows 365 Include CPC devices Recommended Software • Windows 11 Enterprise or Windows 10 Enterprise version • Microsoft Entra (formerly Azure Active Directory) devices • Microsoft Intune devices Include CPC devices Application Health • Cloud PC App usage and crashes *All reports are available for Windows 365 Cloud PCs. Resource performance and Remoting connection are exclusive to Cloud PCs.

33. Windows 365: AI capability for Cloud PC recommendation An AI-powered

    feature for Windows 365 that will help you find the optimal configuration for your Cloud PC based on employee usage patterns and performance needs. • Provides a method to optimize TCO by reducing license costs (both for oversized SKU costs and unused licenses) • Improves performance (end-user experience) by identifying Cloud PCs that need more resources. No setup is required to enable this capability

34. © Copyright Microsoft Corporation. All rights reserved. Thank you.