1 00:00:02,700 --> 00:00:03,750 Today on Microsoft Mechanics, 2 00:00:03,750 --> 00:00:06,600 we're going to go deep on setting up Windows 365, 3 00:00:06,600 --> 00:00:09,840 Microsoft's solution for Cloud PCs for your organization, 4 00:00:09,840 --> 00:00:11,160 and if you're new to the concept, 5 00:00:11,160 --> 00:00:13,260 these are full Windows desktops 6 00:00:13,260 --> 00:00:15,030 that you can access directly from the cloud 7 00:00:15,030 --> 00:00:18,450 from almost any device, from your browser, the Windows app 8 00:00:18,450 --> 00:00:21,540 or even the new Windows 365 Link device. 9 00:00:21,540 --> 00:00:24,060 It's the familiar Windows experience that you're used to, 10 00:00:24,060 --> 00:00:26,100 but it's accessible from anywhere. 11 00:00:26,100 --> 00:00:28,230 In fact, in the next few minutes, we'll show you 12 00:00:28,230 --> 00:00:31,440 how to set up a complete running Windows 365 environment 13 00:00:31,440 --> 00:00:32,910 for multiple users. 14 00:00:32,910 --> 00:00:36,060 Then show the resulting experiences of what we set up 15 00:00:36,060 --> 00:00:38,730 on both managed and unmanaged devices 16 00:00:38,730 --> 00:00:41,430 and finally, how to manage your Cloud PCs 17 00:00:41,430 --> 00:00:42,420 once they're up and running. 18 00:00:42,420 --> 00:00:44,430 And joining me today is Scott Manchester 19 00:00:44,430 --> 00:00:47,910 who leads the Windows 365 team who built the product, 20 00:00:47,910 --> 00:00:49,380 and he's no stranger to Mechanics as well. 21 00:00:49,380 --> 00:00:50,213 Welcome to the show. 22 00:00:50,213 --> 00:00:51,570 - Thanks, Jeremy. It's great to be back. 23 00:00:51,570 --> 00:00:52,650 - So why don't we dive in? 24 00:00:52,650 --> 00:00:55,680 So for people used to physical PCs 25 00:00:55,680 --> 00:00:57,930 and really new to the Cloud PC concept, 26 00:00:57,930 --> 00:00:58,830 what are the reasons 27 00:00:58,830 --> 00:01:01,380 that somebody might use Windows in the cloud? 28 00:01:01,380 --> 00:01:03,720 - Yeah, that's a question we get a lot, Jeremy. 29 00:01:03,720 --> 00:01:07,320 First, it's just how seamless the end user experience is. 30 00:01:07,320 --> 00:01:09,540 Now, even though this experience is being streamed 31 00:01:09,540 --> 00:01:11,850 from the Cloud, Windows 365 just feels 32 00:01:11,850 --> 00:01:13,740 like using a physical PC. 33 00:01:13,740 --> 00:01:15,390 With all of your apps and settings, 34 00:01:15,390 --> 00:01:18,090 everything just works as you'd expect it to. 35 00:01:18,090 --> 00:01:20,310 And with all of the available sizing options, 36 00:01:20,310 --> 00:01:21,960 there's something for any use case, 37 00:01:21,960 --> 00:01:24,120 from graphics-intensive GPUs, 38 00:01:24,120 --> 00:01:26,790 all the way to shared frontline worker scenarios. 39 00:01:26,790 --> 00:01:28,590 Now, that said, unlike a physical PC, 40 00:01:28,590 --> 00:01:31,080 the specs of your Cloud PC, like your storage, 41 00:01:31,080 --> 00:01:33,960 compute, and RAM, can be changed over time 42 00:01:33,960 --> 00:01:35,520 as your needs evolve. 43 00:01:35,520 --> 00:01:37,230 And from a security perspective, 44 00:01:37,230 --> 00:01:39,270 you have control over network access 45 00:01:39,270 --> 00:01:41,280 based on the connecting device 46 00:01:41,280 --> 00:01:44,010 where you can tailor permissions and protections 47 00:01:44,010 --> 00:01:45,300 for your data and resources, 48 00:01:45,300 --> 00:01:48,510 depending on whether that device is managed or unmanaged. 49 00:01:48,510 --> 00:01:50,460 And they're also more resilient. 50 00:01:50,460 --> 00:01:53,580 Backup and restore services are provided by default. 51 00:01:53,580 --> 00:01:56,280 A non-functioning Cloud PC can be restored back 52 00:01:56,280 --> 00:01:58,325 to a healthy state in just minutes. 53 00:01:58,325 --> 00:02:00,060 - And this is great because even recently, 54 00:02:00,060 --> 00:02:02,370 we've seen, and some of us have even felt situations 55 00:02:02,370 --> 00:02:06,480 where third-party updates can take down thousands of PCs, 56 00:02:06,480 --> 00:02:09,570 so with Windows 365, there's a fast path to recovery. 57 00:02:09,570 --> 00:02:12,600 - Yeah, it really provides next-level resiliency. 58 00:02:12,600 --> 00:02:14,100 And there's another important reason 59 00:02:14,100 --> 00:02:16,320 for considering a Cloud PC. 60 00:02:16,320 --> 00:02:17,910 If you're currently on Windows 10, 61 00:02:17,910 --> 00:02:21,240 with support ending in October of this year, 2025, 62 00:02:21,240 --> 00:02:24,690 Windows 365 is a nice option to migrate to Windows 11 63 00:02:24,690 --> 00:02:26,340 as part of your PC refresh, 64 00:02:26,340 --> 00:02:29,070 and Extended Security Updates for the Cloud PCs, 65 00:02:29,070 --> 00:02:32,070 and Windows devices connecting to them are included. 66 00:02:32,070 --> 00:02:33,900 - And this'll be a great option for a lot of people, 67 00:02:33,900 --> 00:02:35,250 a lot of different devices, 68 00:02:35,250 --> 00:02:36,870 and it's also pretty easy to set up. 69 00:02:36,870 --> 00:02:39,990 - Yeah, it really is, even if you have zero experience 70 00:02:39,990 --> 00:02:41,730 with desktop virtualization. 71 00:02:41,730 --> 00:02:43,890 In fact, let me show you how. 72 00:02:43,890 --> 00:02:46,290 From the Microsoft Intune admin center, 73 00:02:46,290 --> 00:02:49,080 you can get one or hundreds of Cloud PCs up and running 74 00:02:49,080 --> 00:02:50,640 in just a few minutes. 75 00:02:50,640 --> 00:02:53,580 Now, the first step is to create a Provisioning Policy, 76 00:02:53,580 --> 00:02:55,440 so I'll head over to that tab. 77 00:02:55,440 --> 00:02:57,750 And you can see that I already have a few set up, 78 00:02:57,750 --> 00:02:59,820 but let's go ahead and create a new one. 79 00:02:59,820 --> 00:03:03,060 Now, there are six simple steps to setup a new policy. 80 00:03:03,060 --> 00:03:05,070 First, let's give this policy a name. 81 00:03:05,070 --> 00:03:08,550 In this case, let's use East US Engineers. 82 00:03:08,550 --> 00:03:09,570 Now, for these users, 83 00:03:09,570 --> 00:03:13,590 we will provision Windows 365 Enterprise Cloud PCs. 84 00:03:13,590 --> 00:03:17,760 And this group of users also are using Microsoft Entra join, 85 00:03:17,760 --> 00:03:19,410 but if you're also using Active Directory, 86 00:03:19,410 --> 00:03:21,900 you have an option to choose hybrid join. 87 00:03:21,900 --> 00:03:23,430 Now, if you do use hybrid join, 88 00:03:23,430 --> 00:03:25,380 you'll need to set up an Azure Network Connection 89 00:03:25,380 --> 00:03:27,810 and have access to a domain controller. 90 00:03:27,810 --> 00:03:29,520 But it's easier with Entra join 91 00:03:29,520 --> 00:03:32,520 where you can use the Microsoft Hosted Network option. 92 00:03:32,520 --> 00:03:34,590 Now, this is similar to putting these Cloud PCs 93 00:03:34,590 --> 00:03:36,660 on the public internet behind a NAT, 94 00:03:36,660 --> 00:03:39,300 and optionally securing that network traffic with a VPN, 95 00:03:39,300 --> 00:03:42,570 like you might use now with your managed physical devices. 96 00:03:42,570 --> 00:03:45,240 Now, next, because our users are in North Carolina, 97 00:03:45,240 --> 00:03:47,820 for this geography, I'm going to choose US East. 98 00:03:47,820 --> 00:03:49,740 For the region, I'll let Microsoft choose 99 00:03:49,740 --> 00:03:51,450 within that geography. 100 00:03:51,450 --> 00:03:54,450 You'll see there are two options here in US East. 101 00:03:54,450 --> 00:03:56,880 Choosing this option allows seamless migration 102 00:03:56,880 --> 00:03:59,280 to closer or higher-performing Azure datacenters 103 00:03:59,280 --> 00:04:00,690 as they become available. 104 00:04:00,690 --> 00:04:03,360 And the last option is to support Single Sign-On, 105 00:04:03,360 --> 00:04:05,940 which allows users to authenticate just once 106 00:04:05,940 --> 00:04:08,550 for their Cloud PC and other Entra-enabled services, 107 00:04:08,550 --> 00:04:10,485 like Microsoft 365. 108 00:04:10,485 --> 00:04:12,030 Now, next, I can choose one 109 00:04:12,030 --> 00:04:14,130 of the curated images available here 110 00:04:14,130 --> 00:04:16,740 or even upload my own custom image. 111 00:04:16,740 --> 00:04:18,780 Now, I'm going to keep the latest Windows 11 image 112 00:04:18,780 --> 00:04:22,200 with the Microsoft 365 apps pre-installed. 113 00:04:22,200 --> 00:04:24,450 Now, it's also optimized to run in the cloud 114 00:04:24,450 --> 00:04:26,970 for experiences like Teams video calls. 115 00:04:26,970 --> 00:04:28,980 When I move on to the Configuration tab, 116 00:04:28,980 --> 00:04:31,290 I can choose from dozens of alternate languages 117 00:04:31,290 --> 00:04:33,090 to have pre-installed. 118 00:04:33,090 --> 00:04:35,580 Now, below that, I even have the option 119 00:04:35,580 --> 00:04:38,220 to enroll these Cloud PCs into Autopatch 120 00:04:38,220 --> 00:04:40,740 To save time, I'll skip Scope Tags for now, 121 00:04:40,740 --> 00:04:42,840 but I can add those later. 122 00:04:42,840 --> 00:04:44,340 Now in the Assignment tab, 123 00:04:44,340 --> 00:04:46,560 I'll just need to assign what group of users 124 00:04:46,560 --> 00:04:48,090 will get Cloud PCs provisioned 125 00:04:48,090 --> 00:04:50,220 using this Provisioning Policy. 126 00:04:50,220 --> 00:04:53,760 Now, I've created a group for East US Engineers in advance, 127 00:04:53,760 --> 00:04:55,710 so I'll add this group to the policy. 128 00:04:55,710 --> 00:04:58,590 And now I can review all of my settings and select Create. 129 00:04:58,590 --> 00:05:00,720 - So is that going to start the provisioning process then 130 00:05:00,720 --> 00:05:02,640 for everyone that you scoped in that group? 131 00:05:02,640 --> 00:05:04,920 - Almost. We have one more step. 132 00:05:04,920 --> 00:05:07,860 I still need to configure the Cloud PCs' sizes and specs, 133 00:05:07,860 --> 00:05:09,921 like CPUs, RAM, and storage, 134 00:05:09,921 --> 00:05:12,960 by assigning licenses with those specs to the group. 135 00:05:12,960 --> 00:05:14,670 Let me walk through that process. 136 00:05:14,670 --> 00:05:17,400 In the Microsoft 365 admin center, 137 00:05:17,400 --> 00:05:20,820 in advance, I've pre-purchased a few different licenses. 138 00:05:20,820 --> 00:05:24,000 Now, we'll give our engineers fairly high-spec Cloud PCs. 139 00:05:24,000 --> 00:05:26,220 Now, of course, you can change these at any time. 140 00:05:26,220 --> 00:05:27,120 In the Groups tab, 141 00:05:27,120 --> 00:05:30,120 I just need to assign my East US Engineers, 142 00:05:30,120 --> 00:05:31,950 so I'll filter the list. 143 00:05:31,950 --> 00:05:34,650 There's my group. I'll go ahead and select it, 144 00:05:34,650 --> 00:05:36,000 and now just confirm. 145 00:05:36,000 --> 00:05:38,250 And this will start the VM creation process. 146 00:05:38,250 --> 00:05:40,650 In about 20 minutes, all users in this group 147 00:05:40,650 --> 00:05:42,960 will have a personal Cloud PC up and running. 148 00:05:42,960 --> 00:05:44,430 - So while the provisioning process runs, 149 00:05:44,430 --> 00:05:46,470 why don't you explain what's happening behind the scenes? 150 00:05:46,470 --> 00:05:49,140 - Sure, there's a lot more going on under the covers here. 151 00:05:49,140 --> 00:05:53,670 Each Windows 365 supported region has multiple Azure zones. 152 00:05:53,670 --> 00:05:55,260 When the Cloud PCs are provisioned, 153 00:05:55,260 --> 00:05:58,230 they are split between the Azure zones in that region. 154 00:05:58,230 --> 00:05:59,580 And within the zone itself, 155 00:05:59,580 --> 00:06:02,070 three copies are made of the Cloud PC's disc 156 00:06:02,070 --> 00:06:03,810 for additional resiliency. 157 00:06:03,810 --> 00:06:05,610 And then after the Cloud PC is provisioned, 158 00:06:05,610 --> 00:06:07,680 the service immediately starts taking backups 159 00:06:07,680 --> 00:06:09,270 of the Cloud PC. 160 00:06:09,270 --> 00:06:12,480 And these backups can be restored by the Windows 365 admins, 161 00:06:12,480 --> 00:06:14,490 and optionally, if you allow it, 162 00:06:14,490 --> 00:06:16,680 even directly by the users themselves. 163 00:06:16,680 --> 00:06:18,180 - Okay, so now let's fast forward a few minutes. 164 00:06:18,180 --> 00:06:20,400 With the Cloud PCs provisioned, 165 00:06:20,400 --> 00:06:21,600 what does that experience look like? 166 00:06:21,600 --> 00:06:22,433 - So yeah, sure. 167 00:06:22,433 --> 00:06:23,520 So now we're ready to go. 168 00:06:23,520 --> 00:06:25,530 And as a user, I have a few options 169 00:06:25,530 --> 00:06:27,750 to connect to my Cloud PC. 170 00:06:27,750 --> 00:06:29,730 I'm going to use a locally installed Windows app 171 00:06:29,730 --> 00:06:32,100 on my managed surface Laptop here. 172 00:06:32,100 --> 00:06:35,310 Now, this is my new Cloud PC that was just provisioned, 173 00:06:35,310 --> 00:06:37,050 and I'll go head and connect to it. 174 00:06:37,050 --> 00:06:39,090 And because we configured single sign-on, 175 00:06:39,090 --> 00:06:42,300 I don't need to enter my credentials a second time. 176 00:06:42,300 --> 00:06:44,760 And you'll see this is a full desktop experience, 177 00:06:44,760 --> 00:06:46,590 and if I open the Start menu, 178 00:06:46,590 --> 00:06:50,400 there are all of my provisioned apps in Microsoft 365. 179 00:06:50,400 --> 00:06:51,750 Now, because I'm in the cloud, 180 00:06:51,750 --> 00:06:53,130 let me open the Edge browser 181 00:06:53,130 --> 00:06:56,640 to show you the network connection speed from the Cloud PC. 182 00:06:56,640 --> 00:06:58,260 I'll go ahead and run this, 183 00:06:58,260 --> 00:07:02,130 and in this case, you can see I'm seeing 2.4 gigabits down. 184 00:07:02,130 --> 00:07:05,190 Now, my home network is only 50 megabits but that's okay 185 00:07:05,190 --> 00:07:07,710 because I'm just remoting the screen content, 186 00:07:07,710 --> 00:07:09,780 whereas my Cloud PC can collaborate 187 00:07:09,780 --> 00:07:11,100 with people all over the world, 188 00:07:11,100 --> 00:07:13,953 and share large files, which is a much faster network. 189 00:07:14,850 --> 00:07:18,030 And if I open File Explorer, my policy allows me 190 00:07:18,030 --> 00:07:20,430 to see the local drive on a corporate managed device, 191 00:07:20,430 --> 00:07:22,290 like my Surface laptop here. 192 00:07:22,290 --> 00:07:24,480 In fact, as an admin, you have full control 193 00:07:24,480 --> 00:07:25,680 over connected peripherals, 194 00:07:25,680 --> 00:07:28,740 like clipboard redirection, even more based on your needs. 195 00:07:28,740 --> 00:07:30,120 And as I'll show you in a bit, 196 00:07:30,120 --> 00:07:31,560 this can vary by device type, 197 00:07:31,560 --> 00:07:34,050 and whether other devices are enrolled in management. 198 00:07:34,050 --> 00:07:35,340 - And it's really a huge advantage here 199 00:07:35,340 --> 00:07:36,173 in terms of being able 200 00:07:36,173 --> 00:07:38,220 to leverage superior network performance 201 00:07:38,220 --> 00:07:40,410 that you get from the cloud effectively. 202 00:07:40,410 --> 00:07:42,660 Now, we've talked a lot about resiliency, 203 00:07:42,660 --> 00:07:45,000 how easy is it then to restore Cloud PCs 204 00:07:45,000 --> 00:07:46,230 if you need to do that? 205 00:07:46,230 --> 00:07:47,550 - Well, let me show you. 206 00:07:47,550 --> 00:07:49,230 With backup and restore capabilities 207 00:07:49,230 --> 00:07:51,000 built into Windows 365, 208 00:07:51,000 --> 00:07:53,190 I can show you how you can restore a Cloud PC 209 00:07:53,190 --> 00:07:55,470 from a previous restore point. 210 00:07:55,470 --> 00:07:57,660 So I'm in the All Cloud PCs view, 211 00:07:57,660 --> 00:08:00,120 and I've filtered the list to show my devices. 212 00:08:00,120 --> 00:08:02,397 The top one here is my GPU Max Cloud PC, 213 00:08:02,397 --> 00:08:04,560 and I'll take a look at its properties. 214 00:08:04,560 --> 00:08:06,600 I can take a quick action to restore here 215 00:08:06,600 --> 00:08:07,620 from the overview page, 216 00:08:07,620 --> 00:08:10,067 but let's go the Restore Points menu. 217 00:08:10,067 --> 00:08:12,990 Now, here you can see there are 14 restore points. 218 00:08:12,990 --> 00:08:13,950 And for 10 of these, 219 00:08:13,950 --> 00:08:15,900 I can configure the restore point objective 220 00:08:15,900 --> 00:08:17,880 from 4 to 24 hours. 221 00:08:17,880 --> 00:08:19,170 Now, mine in this case are set up 222 00:08:19,170 --> 00:08:21,600 to create a backup every six hours. 223 00:08:21,600 --> 00:08:24,680 Now, the bottom four are hard set as rolling weekly backups 224 00:08:24,680 --> 00:08:27,990 of one per week for the last four weeks. 225 00:08:27,990 --> 00:08:30,630 From here I can create another new restore point. 226 00:08:30,630 --> 00:08:32,160 I just need to configure the basics 227 00:08:32,160 --> 00:08:34,080 of my Azure subscription, 228 00:08:34,080 --> 00:08:36,450 here the storage account I want to use for backups, 229 00:08:36,450 --> 00:08:37,860 and the access tier. 230 00:08:37,860 --> 00:08:40,770 Now, I'll keep the recommended Hot tier here. 231 00:08:40,770 --> 00:08:43,200 And once I create this, it takes a few moments 232 00:08:43,200 --> 00:08:44,970 to create the additional manual restore point 233 00:08:44,970 --> 00:08:46,830 while the Cloud PC is still running. 234 00:08:46,830 --> 00:08:48,360 And since this manual restore point 235 00:08:48,360 --> 00:08:50,070 is in my defined own storage account, 236 00:08:50,070 --> 00:08:52,350 I can keep that as long as I want to restore from it. 237 00:08:52,350 --> 00:08:55,710 - Okay, so aside from cases like maybe reactive ransomware 238 00:08:55,710 --> 00:08:57,930 or other issues, where else might you use this? 239 00:08:57,930 --> 00:08:59,280 - Well, this also can be used 240 00:08:59,280 --> 00:09:01,650 when I want to run PC forensics. 241 00:09:01,650 --> 00:09:04,050 For example, you might place a Cloud PC under review 242 00:09:04,050 --> 00:09:06,600 as part of an ongoing investigation. 243 00:09:06,600 --> 00:09:08,160 So let me show you this. 244 00:09:08,160 --> 00:09:11,040 So I'm back here in the Cloud PC overview page. 245 00:09:11,040 --> 00:09:12,210 And here in the ellipse menu, 246 00:09:12,210 --> 00:09:15,450 you can see an option to place this Cloud PC under review. 247 00:09:15,450 --> 00:09:17,190 Now, I can use the same subscription 248 00:09:17,190 --> 00:09:19,950 and storage account details as the backup I just showed you 249 00:09:19,950 --> 00:09:22,830 to archive the full image of the Cloud PC. 250 00:09:22,830 --> 00:09:25,530 Under that, I have two Access modes to select from: 251 00:09:25,530 --> 00:09:27,780 Block access, which will notify the user 252 00:09:27,780 --> 00:09:29,460 that their Cloud PC is under review, 253 00:09:29,460 --> 00:09:31,740 and block their access until complete, 254 00:09:31,740 --> 00:09:33,600 or I can allow access, 255 00:09:33,600 --> 00:09:35,760 which will capture the image at this moment in time 256 00:09:35,760 --> 00:09:39,000 and allow the user to continue to use their Cloud PC. 257 00:09:39,000 --> 00:09:41,250 And once I place the Cloud PC under review, 258 00:09:41,250 --> 00:09:42,900 I can use the stored backup image 259 00:09:42,900 --> 00:09:44,700 to mount it and then run those forensics. 260 00:09:44,700 --> 00:09:47,280 - And these are all important enterprise-ready capabilities 261 00:09:47,280 --> 00:09:48,870 in terms of using backups. 262 00:09:48,870 --> 00:09:51,330 Now, failover, it's also pretty important 263 00:09:51,330 --> 00:09:53,550 for high availability and disaster recovery planning. 264 00:09:53,550 --> 00:09:55,800 So what options do we have there? 265 00:09:55,800 --> 00:09:58,830 - Right, this is super important for business continuity. 266 00:09:58,830 --> 00:10:01,110 Let me show you a couple options. 267 00:10:01,110 --> 00:10:03,420 So this time I'm going to start in the Reports view 268 00:10:03,420 --> 00:10:04,800 in the Intune admin center, 269 00:10:04,800 --> 00:10:07,650 and I'll move over to the Cloud PC overview page. 270 00:10:07,650 --> 00:10:09,570 Now I'll head over to the Business Continuity 271 00:10:09,570 --> 00:10:11,700 and Disaster Recovery status report. 272 00:10:11,700 --> 00:10:13,320 If you look at the license type column, 273 00:10:13,320 --> 00:10:15,870 you'll see that there's a new optional paid add-on 274 00:10:15,870 --> 00:10:18,720 that extends backups to an additional alternate region 275 00:10:18,720 --> 00:10:22,350 and all of these Cloud PCs are licensed for cross-region. 276 00:10:22,350 --> 00:10:24,390 So it's another layer of resilience in the case 277 00:10:24,390 --> 00:10:26,250 of a natural disaster or other event 278 00:10:26,250 --> 00:10:28,200 that could impact a region. 279 00:10:28,200 --> 00:10:30,375 It also allows these Cloud PCs to be recovered 280 00:10:30,375 --> 00:10:32,643 from a backup in that alternate region. 281 00:10:33,639 --> 00:10:35,460 Now, back in the Windows 365 page, 282 00:10:35,460 --> 00:10:37,440 I'm in the User Settings tab now. 283 00:10:37,440 --> 00:10:40,410 And here you can see I've have created two policies. 284 00:10:40,410 --> 00:10:41,850 I'll open the second policy 285 00:10:41,850 --> 00:10:44,700 with cross-region disaster recovery enabled. 286 00:10:44,700 --> 00:10:46,380 Now, if I open the policy settings, 287 00:10:46,380 --> 00:10:49,500 you'll see this is where you can enable admin privileges, 288 00:10:49,500 --> 00:10:51,840 allow users to restore their Cloud PCs, 289 00:10:51,840 --> 00:10:54,630 and also, how often those restore points are made. 290 00:10:54,630 --> 00:10:57,060 You can also enable cross-region disaster recovery 291 00:10:57,060 --> 00:10:58,470 from here as well. 292 00:10:58,470 --> 00:11:00,060 Now, if I click on edit, 293 00:11:00,060 --> 00:11:03,360 you can see even more details for the cross-region backups. 294 00:11:03,360 --> 00:11:05,640 This dropdown for additional DR options 295 00:11:05,640 --> 00:11:08,610 also has a new option for Disaster Recovery Plus, 296 00:11:08,610 --> 00:11:12,210 which enables faster recovery time, lower risk of data loss, 297 00:11:12,210 --> 00:11:14,100 and pre-allocated capacity compared 298 00:11:14,100 --> 00:11:15,870 to the standard disaster recovery 299 00:11:15,870 --> 00:11:17,820 if you experience an outage. 300 00:11:17,820 --> 00:11:20,010 Now, for geography, the Cloud PCs in scope 301 00:11:20,010 --> 00:11:23,010 for this policy are provisioned in US East, 302 00:11:23,010 --> 00:11:27,180 so I set my cross-region DR geography to Central US. 303 00:11:27,180 --> 00:11:29,640 Now, if there was any type of geographical outage 304 00:11:29,640 --> 00:11:32,850 in the East Coast, my users can recover from a backup 305 00:11:32,850 --> 00:11:36,120 in a nearby region in the Central or South Central US. 306 00:11:36,120 --> 00:11:38,192 - Right, and all of these different resiliency options 307 00:11:38,192 --> 00:11:42,180 make Windows 365 ideal for mission-critical desktops 308 00:11:42,180 --> 00:11:43,380 with really minimal downtime. 309 00:11:43,380 --> 00:11:45,300 Now, earlier, you also mentioned 310 00:11:45,300 --> 00:11:47,430 we could change Cloud PC specs 311 00:11:47,430 --> 00:11:48,660 from what was originally provisioned. 312 00:11:48,660 --> 00:11:50,970 So how would I make these types of decisions? 313 00:11:50,970 --> 00:11:52,170 - Yeah, it's pretty easy. 314 00:11:52,170 --> 00:11:55,140 So this is where reports help guide you in these decisions. 315 00:11:55,140 --> 00:11:57,000 Now, remember, you don't need to future-proof 316 00:11:57,000 --> 00:11:58,590 and over-spec your Cloud PCs 317 00:11:58,590 --> 00:12:00,270 like you do with physical hardware. 318 00:12:00,270 --> 00:12:02,820 If anything, you want to start with a size smaller, 319 00:12:02,820 --> 00:12:05,220 and then as needed, you can scale them up from there. 320 00:12:05,220 --> 00:12:07,260 Let me show you where you find that information. 321 00:12:07,260 --> 00:12:09,477 Now, back in our Cloud PC overview reports, 322 00:12:09,477 --> 00:12:10,950 you'll see that we have reporting 323 00:12:10,950 --> 00:12:12,870 for Cloud PC recommendations. 324 00:12:12,870 --> 00:12:16,050 These actually leverage AI to analyze compute utilization 325 00:12:16,050 --> 00:12:17,850 and how well the Cloud PC is performing 326 00:12:17,850 --> 00:12:19,710 for each individual user 327 00:12:19,710 --> 00:12:21,750 so that you can make data-driven decisions 328 00:12:21,750 --> 00:12:23,310 about Cloud PC sizing. 329 00:12:23,310 --> 00:12:24,720 For example, in my small tenant, 330 00:12:24,720 --> 00:12:27,060 I have nine rightsized Cloud PCs, 331 00:12:27,060 --> 00:12:30,330 two that look undersized and one that's underutilized, 332 00:12:30,330 --> 00:12:32,850 and you can dig into the details for each of these. 333 00:12:32,850 --> 00:12:34,860 Now, this way you're matching the right spec 334 00:12:34,860 --> 00:12:36,090 for how a Cloud PC 335 00:12:36,090 --> 00:12:38,190 and how it's being used versus just guessing 336 00:12:38,190 --> 00:12:39,570 or waiting for people to contact you 337 00:12:39,570 --> 00:12:41,310 and tell you that they're having performance issues. 338 00:12:41,310 --> 00:12:42,900 - So this process is really painless then 339 00:12:42,900 --> 00:12:44,940 for both admins, as well as end users. 340 00:12:44,940 --> 00:12:47,610 The nice thing here is that you just need to log out 341 00:12:47,610 --> 00:12:49,380 and back in, and all those spec changes 342 00:12:49,380 --> 00:12:51,120 are automatically applied. 343 00:12:51,120 --> 00:12:53,070 Now, you also mentioned that you can also connect 344 00:12:53,070 --> 00:12:56,190 from an unmanaged device, so how does that work? 345 00:12:56,190 --> 00:12:57,810 - Well, so far, I've been using 346 00:12:57,810 --> 00:13:00,120 this corporate managed Surface laptop here, 347 00:13:00,120 --> 00:13:01,860 but I also have my own iPad 348 00:13:01,860 --> 00:13:04,710 that I can connect to Windows 365 as well. 349 00:13:04,710 --> 00:13:06,990 Now, even without enrolling this device in Intune, 350 00:13:06,990 --> 00:13:08,490 we can control the experience 351 00:13:08,490 --> 00:13:10,530 to keep the work data protected. 352 00:13:10,530 --> 00:13:12,900 Let me show you the policies we set up for this. 353 00:13:12,900 --> 00:13:16,560 I have the Conditional Access policies page open in Intune. 354 00:13:16,560 --> 00:13:19,380 Now, this first policy uses Mobile Application Management 355 00:13:19,380 --> 00:13:20,490 to ensure that I can control 356 00:13:20,490 --> 00:13:23,160 how the Windows 365 app is used, 357 00:13:23,160 --> 00:13:25,920 even on unmanaged devices, like my iPad. 358 00:13:25,920 --> 00:13:28,020 Now, the second one requires mobile devices 359 00:13:28,020 --> 00:13:30,330 to use passkey authentication. 360 00:13:30,330 --> 00:13:33,150 And the third one here triggers multifactor authentication 361 00:13:33,150 --> 00:13:35,610 when users are outside of their home region. 362 00:13:35,610 --> 00:13:37,980 And I can show you the effects of these policies 363 00:13:37,980 --> 00:13:40,950 on my iPad here, so you can see just how this compares 364 00:13:40,950 --> 00:13:43,890 to what I showed you earlier on a managed device. 365 00:13:43,890 --> 00:13:47,280 Now, on my own iPad, there's the Cloud PC 366 00:13:47,280 --> 00:13:48,480 that we just provisioned, 367 00:13:48,480 --> 00:13:51,930 and that I connected to on my managed machine. 368 00:13:51,930 --> 00:13:53,430 Now, I'll go ahead and connect to it. 369 00:13:53,430 --> 00:13:54,263 And you'll see 370 00:13:54,263 --> 00:13:56,040 that I need to use multi-factor authentication 371 00:13:56,040 --> 00:13:58,140 to securely connect with a passkey, 372 00:13:58,140 --> 00:13:59,220 so it's already different 373 00:13:59,220 --> 00:14:01,650 from what we saw before with the single sign-on experience 374 00:14:01,650 --> 00:14:03,900 on my corporate managed PC. 375 00:14:03,900 --> 00:14:05,640 Now, once I'm in, you'll see the session 376 00:14:05,640 --> 00:14:07,860 is exactly how I left it with the browser 377 00:14:07,860 --> 00:14:09,273 and File Explorer open. 378 00:14:10,170 --> 00:14:13,230 Notice how the local iPad file system is not visible here, 379 00:14:13,230 --> 00:14:14,063 and, of course, 380 00:14:14,063 --> 00:14:16,200 the previous Windows host file system disappears 381 00:14:16,200 --> 00:14:18,960 because I'm no longer connected to that device. 382 00:14:18,960 --> 00:14:20,430 So this file system integration 383 00:14:20,430 --> 00:14:23,550 is only permitted for trusted and managed devices. 384 00:14:23,550 --> 00:14:24,383 - Right, and this way you're able 385 00:14:24,383 --> 00:14:28,440 to control the access level based on the connected device. 386 00:14:28,440 --> 00:14:31,110 And it's been a great deep-dive to see how everything works, 387 00:14:31,110 --> 00:14:33,300 along with how easy everything is to set up. 388 00:14:33,300 --> 00:14:34,830 So for anyone who's watching right now, 389 00:14:34,830 --> 00:14:36,870 looking to get started, what do you recommend? 390 00:14:36,870 --> 00:14:37,830 - It's easy. 391 00:14:37,830 --> 00:14:42,810 For admins, check out aka.ms/W365Docs. 392 00:14:42,810 --> 00:14:45,420 It's the best place to go to to get all of the options 393 00:14:45,420 --> 00:14:48,540 around Windows 365 and to get up and running fast. 394 00:14:48,540 --> 00:14:49,373 - Good stuff. 395 00:14:49,373 --> 00:14:50,206 Thanks for joining us today, Scott. 396 00:14:50,206 --> 00:14:51,450 And thank you for joining us as well. 397 00:14:51,450 --> 00:14:53,490 And be sure to subscribe if you haven't already. 398 00:14:53,490 --> 00:14:55,907 And we'll see you again soon.