Microsoft announced Windows 365 – launching on August 2nd, which is (arguably) Microsoft’s big entry into Desktop as a Service (DaaS). Windows 365 allows you to provide users with persistent virtual desktops without managing the supporting infrastructure.
The core idea behind it from Microsoft is that for a set monthly fee, you can assign a Windows 365 license to a user after picking the appropriate Cloud PC size. These range from 1 vCPU with 2GB RAM and 64GB HDD space, up to 8 vCPUs, 32GB RAM and 512GB of storage space. The license is then provisioned from Microsoft Endpoint Manager, which avoids the need to build out either a traditional VDI environment on-premises, or build-out and manage Azure Virtual Desktop.
The timing of this Windows 365 release is important, as it was announced at Microsoft’s global partner conference, Inspire. If you currently work for a Microsoft Partner, the main message is that if you are currently configuring Microsoft 365 services like Intune today, and also helping roll-out Windows 10 desktops, then it should be straightforward for you to help customers with Windows 365.
In episode 20 of the Practical 365 podcast, we briefly discussed announcements for Azure Virtual Desktop as part of the rename from Windows Virtual Desktop, including the news that a Public Preview of Azure AD Join and Intune management would arrive soon. This week, at the same time as Windows 365, Microsoft announced that these features are now in Public Preview.
What’s the Difference Between Windows 365 and Azure Virtual Desktop?
If you haven’t examined either offering in detail, it’s easy to look at both and think of them as basically the same thing. And the confusing part is there’s a lot of overlap, so you aren’t wrong for making that assumption. Fundamentally speaking, with Windows 365 you are avoiding the core infrastructure & platform piece, leaving that to Microsoft to worry about that. Therefore, it is most definitely a Software-as-a-Service type solution.
With Azure Virtual Desktop, you’re required to manage a supporting Azure subscription, configure and implement the platform services required to allow a thin-client or Remote Desktop client to connect in. Then performed over HTTPS into the environment, must be authenticated and allocated to the correct machine via a session broker, maybe even provision a VM or start one up, and so on. Plus, you need to make the architectural decisions around that, such as how you will configure redundancy, backup and resilience on top of Azure.
The difference between AVD and simply building out a VDI platform on Azure VMs (Infrastructure-as-a-Service) is that AVD is a Platform-as-a-Service offering, built primarily of modules you can configure, alongside infrastructure you deploy to it.
Almost all of the platform configuration melts away with Windows 365, where the key decision for an Enterprise SKU is how you will (today) connect an Azure vNet to your on-premises environment. While you can upload your own custom images for Windows, you can also choose ‘vanilla’ images – i.e. those pre-configured to work, with add-ins for Teams VDI pre-installed and ready to go.
Microsoft provides a table that explains when and why you’ll choose each:
Windows 365 Will Launch with Limitations
There are two versions of Windows 365 that will be available upon launch – a small business version and an enterprise version.
The small business version is intended for those lacking an IT team and is self-service for someone that runs their own business and chooses to buy a Cloud PC to use with their Microsoft 365 Business subscription. It doesn’t include any management capabilities but does allow sign-ins via Azure AD accounts.
The enterprise version (if you’re reading this, this is probably the version you need) will at launch require Hybrid Azure AD Join of each machine. That should make you pause and reflect a little, because that means there are pre-requisites that must be fulfilled prior to using Windows 365, including:
- A local Active Directory on-premises, or as IaaS in Azure (Azure AD Directory Services isn’t supported)
- Synchronization of your local AD to Azure AD
- Network connectivity to an Azure vNet, so that Windows 365 Cloud PCs can join Active Directory as traditional workstations, Hybrid Azure AD Join configured and supporting connectors installed on-premises.
- Plan and configure how network access and internet access will function – however, you can of course connect to the public Internet from Azure as well as route traffic from Azure to on-premises.
(For more info, feel free to read through Microsoft’s step-by-step example guide for setup (which admittedly glosses over a few aspects, but still comprehensive) to get a better idea of what’s involved.)
While not exactly unexpected, this could simply reflect the timing of when Azure Virtual Desktop features are released to General Availability (see below), as Microsoft has already said that this isn’t a permanent limitation, but rather one tied to the underlying platform, Azure Virtual Desktop today.
Therefore, in several months’ time, pure Azure AD joined and Intune/MEM managed Windows 365 Cloud PCs, should be M be easy to get started with.
However, a crucial technical point to expose is that at least today, all features and functionality available in Windows 365 is tied to features and functionality available in Azure Virtual Desktop. If you’ve already deployed Azure Virtual Desktop and wondered whether functionality such as Teams VDI is improved, then the answer is no – there’s no special sauce for Windows 365 such as a different model for local device redirection, or an XBox Cloud Gaming-style set of improvements to the Remote Desktop user experience beyond what is currently offered in Azure Virtual Desktop. The client you’ll use on mobile or on desktop is the same as you use or deploy for AVD – the Remote Desktop app from the respective app stores.
A key thing to remember is that Windows 365 is focused on making everything simpler than AVD, rather than better. While the HAADJ requirement today might be disappointing, it isn’t forever – if you aren’t looking for simply the lowest cost but looking for simplicity – then some of the details like Windows 365 being completely persistent, single-user desktops without the need for FSLogix is a big benefit.
Azure AD Join and Intune/MEM management arrive in Azure Virtual Desktop
The success of AVD over the last 12 months means that there are lots of organizations who will look at Windows 365, consider the amount of work they have done to get AVD up and running, and remain confident with their choice. AVD is likely to be cheaper to run on an ongoing basis over setup Windows 365 but will require specialist skills to successfully implement and manage.
Savings are gained because charges are based upon the compute, network and storage consumed for AVD whereas with Windows 365, you pay per-machine, per-user, per-month (plus Azure network egress charges). With both solutions, you still need licensing for Windows and the applications installed, but you can save money with AVD by using multi-user images and auto-scaling based on usage.
One blocker for urgent AVD requirements has been the requirement for Active Directory – strikingly similar to Windows 365 when it launches on August 2nd. A key ask, especially for organizations deploying laptops that are Azure AD joined and Intune managed, is for the AVD to support Azure AD Join and Intune management so there isn’t a requirement to extend networking from on-premises to Azure to get line-of-sight access to AD, or enable Azure AD DS – not something you want to do even if you have an on-premises AD.
This functionality is now in preview for both Azure AD Join and Intune management, greatly simplifying the ability to deploy VDI in Azure using AVD for the same user types who would also be able to use a pure Azure AD Joined & Intune managed device. Once in GA, this means that a rapid enablement of AVD will be one of the key deciding factors when choosing between that and Windows 365.
Source Practical 365