Mobile Jon's headlines



Building a Windows 365 Custom Image

Mobile Jon Presents Windows 365 Capabilities

Mobile Jon Presents Windows 365 Capabilities

intune, Uncategorized, Windows 365
Mobile Jon's Capabilities

Welcome to part two of our Windows 365 series. Last week, we covered a comparison between Windows 365 and traditional VDI. Now we shift to discuss some of the great capabilities available in Windows 365. This is going to be a session heavily focused on videos, where we show why this platform has a ton to offer. Let’s discuss provisioning, configuration, app deployment, security, and user experience that help drive some great value.

Windows 365 Capabilities

Now, let’s move into the capabilities in Windows 365 as they exist today. We are going to cover a few areas:

  • Provisioning
  • Configuration
  • App Deployment
  • User Experience

Windows 365 Provisioning

The provisioning is pretty simple. You can check that out here:

As you can see, the provisioning is pretty effective. My main issue is that it takes about an hour for one of these machines to come up, which in some companies is going to be far too long. I will be doing some work on custom images, but since they now have optimized images it’s not as crucial for me.

I’d also like to strongly recommend reading more about Windows Autopatch which you saw in the video, and I hope to write more about as it’s a nice advancement on Windows Update for Business.

Windows 365 Configuration

From a configuration perspective, we focus on a few key areas to properly secure our Windows 365 Cloud PCs. We can’t look at that without first covering the Windows 365 Security Baseline now in public preview.

Windows 365 Security Baseline

Like with all baselines, you can access them from Endpoint Security > Security Baselines. Microsoft has a list of settings so I won’t list it here, but let’s call out some of the notable features:

  • Blocks app installs with elevated privs
  • Enforces Tamper Protection so Defender can’t be disabled
  • Blocks connections to non-domain networks
  • Enables Windows SmartScreen
  • Blocks Basic Auth
  • Blocks storing run as credentials
  • Does not allow unencrypted traffic
  • Blocks drive redirection
  • Blocks password saving
  • Require TLS 1.2
  • Blocks Adobe Flash
  • Enables Defender

There are many more settings in the Baseline, but those are just some of the hits. Now, we hit on the one item missing, device redirection!

Windows 365 Redirection Policy

Next, we move onto building our redirection policy via configuration profiles to ensure that our DLP concerns are addressed on our new Cloud PCs:

As you saw, that was relatively simple. Any additional configurations you want to do like SCEP certificates, additional controls, etc can be done in a similar fashion to deliver excellent user experiences.

Windows 365 App Deployment

In App Deployment, it is all driven by Intune. We have basically a few main paths for deploying apps:

  • Microsoft Store Apps
  • MSI App Deployment
  • MSIX Apps Deployments
  • Intune Win App Utility Deployments

Let’s see how they work. You can do a Microsoft Store deployment like this below:

MSI app deployments are SO easy so I won’t waste any time on those as you just choose “Line-of-business” app, upload the MSI, put in optional information, and off you go!

MSIX app deployments work the same way, but you need to first build your MSIX application, which this video below will help:

The final option is the Intune Win App type, which we build with the utility:

Deploying one of those Intune apps is slightly more complex. Check out this video below to show you how to deploy a Win32 app:

Windows 365 User Experience

It’s probably best to highlight some of the great things you can do that focus on user experience.

Managing Restore Points is the first nice example. Let’s check out this video to see how simple they are to use!

Another nice aspect with Windows 365 are the “Endpoint Analytics” which you can see below (and can access inside of the user experience section):

You can see that they focus on a few categories like Startup Performance, Application Reliability, Resource Performance, and Remoting Connection.

You can see the sort of data provided below for a few of these categories.

Startup Performance:

Application Reliability:

Endpoint Analytics still isn’t a pristine solution for DEEM/DEX but it does give you some nice intelligence for your Cloud PC fleet.

Microsoft Teams on Cloud PCs

One under the radar item is the special Microsoft Teams client available only on Cloud PCs. This will deliver the best experience for Microsoft Teams for any VDI platform on the market today. You will get a new optimized experience including some of these features:

  • High-performance P2P streaming powered by WebRTC and rendered directly on your Windows 365 device.
  • Devices are redirected as the same hardware device, resulting in better hardware redirection support.
  • Windows 10/11 and macOS endpoints get all the benefits of the modern media stack, including HW video decoding.

With the good, there is a bit of bad. Below are some of the gaps they currently have on this special client:

Video Calling:

  • Only a single video stream from an incoming camera or screen share is supported. When a stream share is shown the camera of the dominant speaker disappears.
  • Sharing the camera and screen at the same time isnt supported.
  • Incoming/Outgoing video streams are capped at 720P.

Audio Calling:

  • Teams doesnt automatically use the last audio device that a user chose on a reconnect.
  • Shared system audio during presenting is not supported.


  • You cannot give or take control during screen sharing or application sharing. ONLY supported during PowerPoint sharing.

General Calling and Meetings:

  • Creation of live events is not possible


  • Audio devices cannot be configured from the Teams app. The client will automatically use the default client audio device. All changes must be done from audio preferences.

Unsupported Features:

  • Video 3×3 gallery view
  • Dynamic video call quality
  • Sharing applications
  • Sharing local client desktop
  • Live reactions (Like, Heart, Applause, Laugh, and Surprised)
  • QOS settings for Teams
  • Proxy support
  • Remote volume control support

Final Thoughts

Over the last few weeks, we have discussed the new kid on the block in Windows 365, which debuted about a year ago. Many people have posited that Windows 365 is a VDI replacement, VDI is dead, blah blah. I would suggest that Windows 365 is actually a great hybrid solution delivering some of the great things about VDI and some of the great things about PC-as-a-Service (PCaaS) in one nice package.

Many of us are trying to move away from persistent VDI, which is basically what Microsoft is delivering, but this is a solution that is here to stay. VMware last week announced their new partnership with Microsoft to bring AppVolumes, Blast Extreme, and deeper integrations between VMware and Windows 365 which addresses some of the gaps in Windows 365 today. The good thing is that when you have a persistent VDI some of the things they do not do might not even matter. We can possibly focus more on being reliable and scalable than fast thus delivering something really special.



Social Media

Get The Latest Updates

Subscribe To Our Weekly Newsletter

No spam, notifications only about the latest posts and updates.