Ignite 2023 has been an amazing experience this year, meeting some incredible people, but I wanted to take a little bit of time to catch people up on the Windows 365 capabilities introduced this week at Ignite. Let’s get started and breakdown what has changed.
Overview of the New Windows 365 Capabilities at Ignite 2023
You can also read about many of these new capabilities inside of the Book of News, but I wanted to focus on the new and interesting stuff for Windows 365:
- The Windows App
- Windows 365 GPU Support
- Windows 365 AI Capabilities
- Windows 365/AVD SSO
- Windows 365 Customer Lockbox
- Windows 365 Custom Managed Keys
- Windows 365 New Security Capabilities
Let’s talk a little bit more about some of these new features so you can see how cool some of this stuff is.
The New Windows App
A short disclaimer, to get the Windows App in my experience you just want to uninstall the Windows 365 application, reboot, and then go-reinstall it. If you want a code approach there:
##Uninstall the Windows 365 App## winget uninstall --name 'Windows 365' ##Don't forget to reboot first## ##Install Windows App## winget install --name 'Windows App'
Simply, the new Windows App is a single pane-of-glass for Windows 365 Cloud PCs, AVD, DevBox, RemoteApp, and more. You can see that in the screenshot below.
This app is also super inclusive as you can see it is now available on Windows, macOS, iOS, iPadOS, Web, with Android coming soon.
To get the new app, you can get them here:
The Capabilities of the Windows App
Feature capabilities will vary based on the product you’re connecting to.
Additionally there are many other great capabilities you can read about more on Microsoft’s article.
- Extensive display settings like multi-monitors
- Support for multiple user accounts
- Keyboard, mouse, touch, and pen supportability for accessibility
- Redirection support for printers, USB, audio, smart cards, clipboard, microphones, and cameras** (varying on platform)
Windows 365 GPU Support
GPU support is very exciting and closes a gap between AVD and Windows 365. The public preview is now live and can be signed up for here (only available in a paid preview format)
There are 3 available form factors:
- Windows 365 Enterprise GPU 4 vCPU, 16 GB RAM, 4 GB vRAM, 512 GB
- Windows 365 Enterprise GPU 8 vCPU, 56 GB, 12 GB vRAM, 1TB
- Windows 365 Enterprise GPU 16 vCPU, 110 GB, 16 GB vRAM, 1TB
The question is which one should you use? These are the Microsoft recommendations:
GPU 4: This is for apps needing basic graphic acceleration on 3840×2160 monitors or up to two 1920x1080p displays. This is similar with integrated graphics.
GPU 8: This is for apps with needing high-end graphics workloads on up to four 3840×2160 displays. This is similar to a dedicated graphics GPU.
GPU 16: This is for demanding graphics workloads that require a fully dedicated GPU for the highest performance available.
A nice screenshot of the performance can be seen below. I can see a major use case of Windows 365 AI will be helping to identify what sizes you need and sizing up/down for more crucial workloads:
It’s key to point out there’s a difference between needing GPU and needing memory, which the recent 16vCPU offerings might make more sense.
Windows 365 AI Capabilities
This section is a work in progress. I expect more details later today after Scott Manchester’s session.
The gist is the new AI integration, which we might as well call it Windows 365 CoPilot is intended to increase efficiency, enhance security, and improve management for Cloud PCs. One of the examples they are discussing is using AI to asset your CPC deployment and utilization to help you easily right-size your fleet, which is a major challenge for people today. Luckily, Windows 365 has some great capabilities to upsize machines without major user impact (just logs out a user)
Windows 365 and AVD SSO
The text on this feature was confusing to someone until you actually break it down. Microsoft states:
Single-sign on (SSO) and passwordless authentication support for both Windows 365 and Azure Virtual Desktop is now generally available for Azure Virtual Desktop and Windows 365, along with third-party identity provider (IDP) support. Microsoft is also actively working on enabling the same capabilities for Azure Virtual Desktop approved providers.
So, let’s break it down real quick:
- Passwordless authentication support means you can use stuff like Windows Hello For Business or a FIDO key/Yubikey, etc to authenticate to either service is now in GA
- The 3rd party IDP support means you can use 3rd party IDPs proided they are federated with Entra ID, Entra ID auth is enabled, and that the CPCs or session hosts are Entra-joined or hybrid Entra joined.
- AVD-approved providers is referencing active work to deliver the same capabilities for providers like Citrix and VMware.
Windows 365 New Security Capabilities
Some very cool new security capabilities are coming soon as well:
- Windows 365 Customer Lockbox: ensures Microsoft support cannot access your data needed for service operations without implicit approval
- Windows 365 Custom Managed Keys: lets customers do BYOK for CPC disks
- Windows 365 Watermarking: enforces that users can only use the native client to connect to cloud PCs by projecting the watermarking QR code in a remote session.
- Windows 365 Screen Capture Protection: This prevents screen capture of the applications running on the Cloud PC.
- Windows 365 Tamper Protection: Tamper protection helps protect certain security settings, such as virus and threat protection, from being disabled or changed.
Quickly, I will cover how to enable the last 3 capabilities in Intune.
Enabling Windows 365 Watermarking, Screen Capture Protection, and Tamper Protection
Enabling these features are relatively easy. In Intune, we create a configuration profile (settings catalog) with the Azure Virtual Desktop template:
The settings you enable are pretty easy:
Tamper protection is also pretty easy. You just create an Antivirus profile under “Windows Security Experience” and enable Tamper Protection.
It’s a very exciting time and I feel incredibly blessed to have gotten to work at Ignite. I probably went over the top as I usually do (I worked the entire day because I wanted to talk to people about how much I love Windows 365). I really love how they chose the right things to focus on this year, while shifting focus to the features that people truly desire like Windows 365 Offline.