Pro Tips for Windows 365 Configuration

Posted on by No Comments ↓

This post has been republished via RSS; it originally appeared at: Healthcare and Life Sciences Blog articles.

Windows 365 makes it easy to configure and deploy a PC in the cloud. Once configured, you may ask yourself, “How are Cloud PCs different from a system management perspective? Should I do anything different for these endpoints?” The fact is you can manage your Windows 365 environment the same way you have been managing your physical fleet of Windows endpoints. But there are a few configurations that can improve the experience for you and your users. This blog will provide guidance on each of the features below to help you get the most out of your investment in Windows 365.

  • Cloud PC Dynamic Groups and Filters
  • Conditional Access policies specifically for Cloud PCs
  • Endpoint Analytics
  • Multimedia Redirection
  • RDP Shortpath

Targeting Windows 365 Devices

As you create more Cloud PCs, you may want to target specific subsets of your devices for specific applications or configurations. This can be done with either dynamic groups or device filters. Below are the most common groups and filters used by Cloud PC administrators. See these articles if you are looking for step-by-step instructions on how to create a dynamic group or filter.

Target Devices

Dynamic Group Query

Filter

Windows 365 Devices

(device.deviceModel -contains "Cloud PC")

(device.model -contains "Cloud PC")

All Windows 365 Devices of Model 2vCPU/8GB/128GB
or other model

(device.deviceModel -contains "Cloud PC Enterprise 2vCPU/8GB/128GB")

(device.model -contains "Cloud PC Enterprise 2vCPU/8GB/128GB")

All Windows 365 Devices with Provisioning Policy “Microsoft Hosted Network - US East 2”
Modify this to your Provisioning Policy name

(device.enrollmentProfileName -eq "Microsoft Hosted Network - US East 2")

(device.enrollmentProfileName -eq "Microsoft Hosted Network - US East 2")

If you’re unsure when to use a Dynamic Group vs a Filter, see the Intune Support Team’s blog Intune grouping, targeting, and filtering: recommendations for best performance.

Conditional Access

You’re likely comfortable with using Conditional Access to enforce MFA to protect your information in Office 365. You can also configure Azure Active Directory (Azure AD) Conditional Access to tighten your Windows 365 security posture in a multi-step approach:

  1. Control access methods
  2. Enforce session limits on the local device
  3. Require Intune compliance for organization access

Control Access to Cloud PCs

Windows 365 can be accessed by using the Windows 365 app, navigating to the web portal, or using the Remote Desktop client. Access via all three is controlled via Conditional Access policies targeted at the Windows 365 Azure AD application. However, because Windows 365 is built on the same technology as Azure Virtual Desktop, Conditional Access policies targeting Azure (or Windows) Virtual Desktop will still apply to connections initiated from the Windows 365 app and the Remote Desktop client.

Enforce Session Limits

The Sign-in frequency Session Control can be used to force reauthentication after a specific amount of time. For example, configuring this to 24 hours can ensure that your users are prompted to reauthenticate to the Windows 365 service at least once per day. If a user’s authentication token expires while they are using their Cloud PC, the user will be allowed to continue their active session and will only be prompted for re-authentication the next time they connect to their Cloud PC.

See the Set conditional access policies for Windows 365 docs page for step-by-step instructions on creating a basic Windows 365 Conditional Access policy.

Enforce Intune Compliance

Once connected to a Cloud PC, the same Conditional Access rules targeted at the rest of your client environment apply. However, if you are using the Require device to be marked as compliant configuration in your Conditional Access Grant Rules, there are a few Compliance policy settings that may report inaccurately on Cloud PCs. To avoid these issues, consider excluding this requirement for both the Azure Virtual Desktop (AVD) and Windows 365 apps. Reference the Known Issues page for specific details.

Enable Endpoint Analytics

Endpoint Analytics provides you with insights into the quality of the endpoint experience in your environment. The information the reports provide can help you optimize the end user experience across your physical and virtual endpoint platforms.

The resource performance report provides insights into CPU and RAM usage to help identify devices that may need more resources.

Phil_Urban_0-1669739078960.png

In addition to the core reports available in Endpoint Analytics, there are reports specifically targeted for usage with Windows 365. The Remoting Connection report provides insights into both Round-Trip Time and Sign-in Time. And the Cloud PC Performance & Utilization report helps you ensure your Cloud PCs are efficiently being used.

Phil_Urban_1-1669739078969.png

The Endpoint Analytics enrollment process is different depending on if your devices are managed by Intune or Co-Managed with Configuration Manager. Once enrolled, device information can take several days to start to populate into reports.

Multimedia Redirection

Multimedia redirection allows for smooth playback of video in Teams live events and streaming video platforms in both Microsoft Edge and Google Chrome. Smooth playback is enabled by offloading the video processing to the local machine for faster rendering. This feature is in preview on Azure Virtual Desktop and supported on Windows 365 endpoints. It is enabled by installing an extension for Edge or Chrome and configuring a few additional policies. Once configured, you’ll see the extension appear in the upper right of your Edge and Chrome browser.

Phil_Urban_2-1669739078972.png

For specific details on how to configure multimedia redirection see Multimedia redirection on Azure Virtual Desktop on the Microsoft Docs site.

RDP Shortpath

RDP Shortpath is a feature that changes how users connect to their Cloud PC from a TCP connection to a secure UDP connection. Enabling RDP Shortpath has several key benefits that can improve end user experience and allow for added control at network layer. These include:

  • Changing the connection protocol from TCP to Universal Rate Control Protocol (URCP). This is a low delay and low loss protocol that dynamically adapts to network parameters.
  • Reduces network hops between RDP Clients and Cloud PCs to improve connection reliability and bandwidth.
  • Improves performance of latency dependent applications by reducing connection round-trip time.
  • Enables support for QoS on RDP connections (Azure Network Connection Only).
  • Enables support for bandwidth throttling on outbound network traffic (Azure Network Connection Only).

Because Windows 365 is built on the same technology as Azure Virtual Desktop, the configuration of RDP Shortpath is the same for both technologies. Be sure you review the correct requirements and configuration steps depending on if you use a Azure Network Connection or a Microsoft Hosted Network for your Windows 365 environment.

Summary

After configuring each of these features, you’ll be well on your way to delivering the best Cloud PC experience to your end users. Keep an eye on the What's new in Windows 365 and Windows 365 In Development pages for upcoming service enhancements and features. There are a lot of exciting capabilities coming soon!

Leave a Reply

Your email address will not be published. Required fields are marked *

*

This site uses Akismet to reduce spam. Learn how your comment data is processed.