Mark Brezicky / / Categories: Azure, Microsoft

Windows 365 Deployment – Licensing and Requirements Part 1

Microsoft introduced Windows Virtual Desktop (now called Azure Virtual Desktop or AVD) in three years ago and released it into General Availability two years ago. AVD allowed for a fully customized virtual desktop and application infrastructure in the cloud providing clients with multiple scenarios for deploying applications, personal desktop assignments, and multi-session desktop capabilities.  However, it came with complex requirements and increased management and governance needs.  Windows 365 is meant to simplify the complexities of AVD by changing the cost model from usage to licensing and reducing the infrastructure required to implement. 

 

There are two different editions of Windows 365: Business and Enterprise.  Business, similarly to Microsoft 365 Business licenses, is for customers with less than 300 users.  While it does not have the granularity, customization, or integrations that Enterprise has, it is meant to be simple.  Procure and assign a license and a PC will be auto provisioned for the user it was assigned to. 

 

Windows 365 Enterprise has a bit more requirements and setup involved to provide virtual desktops to users.  All desktops are directly assigned in a one-to-one relationship to users.  Windows 365 does not support multi-session desktops or application deployments.  Windows 365 Enterprise simplifies and streamlines security and administration of a deployment by taking advantage of three primary Microsoft solutions: 

 

  • Azure Active Directory 
  • Microsoft Endpoint Manager 
  • Azure Virtual Desktop 

 

 

Pricing and licenses 

Most costs associated with Windows 365 are a flat, fixed monthly fee associated with the license procured.  Licenses are based on the size of the VM.  Additional charges may occur within your Azure Subscription based on network usage.  Business edition has outbound data limits based on the VM size, anywhere from 12-70 GB/month of outbound data use per user. 

 

You cannot switch between Business and Enterprise license models; however, you can upgrade VM sizes to a larger size using the Resize feature.  Downgrading the size is currently unavailable and requires reprovisioning the VM. 

 

Users can only be assigned one license from any single VM size.  However, you can assign multiple licenses to a single user if the license types are for different size VMs. 

 

The following chart are all the current available licenses for Windows 365: 

chart blog part 1

Requirements 

Windows 365 Business has a single requirement, Azure AD Join.  Ensure the Device setting Users may join devices to Azure AD is enabled for either All or Selected to ensure any user with a Windows 365 license can join the VM to Azure AD. 

 

Windows 365 Enterprise has a few requirements.  Each requirement is listed below. 

Azure 

 

An active Azure Subscription 

Windows 365 must have the following permissions: 

  • A reader role on the subscription. 
  • Network contributor permissions on the resource group. 
  • A network contributor role on the vNet. 

Supported Azure Region for provisioning PCs 

Azure Virtual Network  

  • Using the same region where Windows 365 VMs are to be created. 
  • Subnet with available IP Address space for all intended VMs 
  • DNS resolution to Active Directory 
  • Line of sight \ Network connectivity to Active Directory Domain Controllers and DNS Servers 
  • Available network bandwidth for intended workloads 
  • Network Connectivity to appropriate service URLs and ports 

Azure Active Directory

 

A valid Azure AD Tenant 

  • Hybrid Azure AD Join configured for automatic setup 
  • Users licensed for Windows 365 Enterprise 

Microsoft Endpoint Manager 

Microsoft Endpoint Manager \ Intune tenant required for management 

  • Intune Admin to provision PCs 
  • No enrollment restrictions for Windows  
  • Automatic enrollment for Windows 10 
  • Users licensed for Microsoft Intune 

Active Directory

 

Valid Organizational Unit to be used.   

  • OU Must be synced to AAD 
  • AD Account with permissions to join the computer into the OU 

Users must be synced via Azure AD Connect 

Networking

 
No network interception, SSL Decryption, deep packet inspection, or other similar technologies used to monitor or intercept Windows 365 provisioning traffic 

Windows 365 has all the typical Azure AD and Intune RBAC Permissions to fully administer the environment.  No custom roles are available to be created, however, two new RBAC roles have been created for least privilege management of Windows 365: 

 

Cloud PC Administrator 

Manages all aspects of Cloud PCs, including: 

  • OS image management 
  • On-premises network connection configuration 
  • Provisioning policies 

  

Cloud PC Reader 

Views Cloud PC data in Microsoft Endpoint Manager but cannot make changes. 

  

Planning 

Once you understand the pricing and requirements of Windows 365 Enterprise, you can begin planning considerations of your deployment.  Each deployment may differ from one customer to the next as all customers have some variance and uniqueness to their needs and current state.  However, there are several areas that all customers should review to ensure a proper plan is put in place for a successful implementation of Windows 365. 

 

Goals and Objectives 

Clarify what you are trying to do and the desired end state that a Windows 365 deployment will satisfy: 

What are you trying to accomplish with a deployment of Windows 365? 

 

Use Cases 

Identify the different use cases and scenarios that require a Windows 365 Cloud PC: 

What scenarios and use cases call for a virtual desktop in your environment? 

Will users connect via web or desktop client? 

Do you have to account for a Microsoft Teams environment? 

 

Existing environmental review 

Many organizations will already have the core infrastructure requirements deployed in some capacity prior to a Windows 365 deployment.  It would be wise to review the current state of each of these area as it relates to the requirements and dependencies of a Windows 365 deployment including: 

  • Azure 
  • Azure AD 
  • MEM\Intune 
  • Windows 10 PCs and current inventory 
  • Networking 
  • Other as necessary 

 

Rollout plan 

With proper identification of a desired end state and review of current state, you can develop a rollout plan and strategy for your Windows 365 deployment including: 

  • Deployment Phases 
  • Success Metrics 
  • Communication plan 

 

Communication and training 

Any deployment, big or small, requires proper communication and training to be successful.  This goes for both end users and administrators.  Be sure to create proper change management and training plans for both users, to ensure successful adoption, and administrators, to ensure successful support and maintenance. 

 

 

 

Windows 365 has significantly less requirements than that of an Azure Virtual Desktop environment.  However, it is still a significant piece of technology that still requires to due diligence of any new implementation.   

 

Enabling Technologies can help you properly prepare for moving to the cloud based on Microsoft Best Practices and utilizing a secure and productive environment.  You can check out more in the Cloud section of our website. 

 

 

Work with our team of Cloud Computing Consultants who have done this so many times they know all of the “minefields” to prevent missteps.

Subscribe to Email Updates

Refine by

To expand the list, please click on the double arrows.

 

Search by Category or Author:

ref:_00D80KtFf._5000y1WwWQD:ref