Who will it benefit and what is the future workspace?

Windows 365 Boot, the feature to automatically boot from a Windows 11 Sign-in screen to your Cloud PC. Who will benefit from this feature? Can this create better security, freedom of choice and enable the lesser lucky parts of the world?

Lets grab a coffee a talk about the personas where this comes in hand, but first I am sorry this is a long article, with a lot of information to process. Bare with me, perhaps with big cup of coffee 🙂

Shared Device

There are multiple ways to share a device, it could be stationary or you can hand it over like shift workers hand over their task to the next shift.

Shared devices are specially configured, but it requires even more administration knowing it needs to work for each person that sign-in into Windows, and without waiting for installation and configuration after sign-in. Usually a device will have some configuration and installation after the user has entered the operating-system in the era of Intune and Autopilot, while custom images will benefit this scenario.

So instead of having a complicated shared device, we can have the device automatically boot into the users Cloud PC. Which would be a regular Cloud PC or a frontline Cloud PC for shift workers, configured the same way as any Windows device managed by Intune.

Persona – Frontline workers

For users with limited need to bring a device out of the office, they can share devices in a common area in the office or they may hand over a device to the co-worker starting the next shift.

Just like shared device, it makes it easier to administrate the local device and grants the users same setup as them with a dedicated device, but without the need to have a dedicated physical device.

Shared devices for the many

I am constantly carrying a laptop with me, but would it be awesome if the office already had computers around the office, just like they have monitors, keyboard and mouses? Then I could use any of them, and still have my individual desktop in a Cloud PC opened right after sign-in on any device.

Most organization still only provide two-three options to chose between computers for employees, so even a consultancy company like Sopra Steria there is not many percent special cases when it comes to devices. And among those who order changes, its mainly to add memory for virtualizing additional machines for test purposes. This can be done in a Cloud PC like Windows 365 too.

This is mainly because managing all sorts of devices, or a wide option of devices, is quite time consuming work done by IT. Also if your buying 2-300 devices each year, you will get a discounted price, not so easy if your buying 20-30 different type of devices.

I also do a lot of work from my mobile phone, meaning I have less need for my own PC while out of office.

Home office

Although the heal is I need to work from home, which means I need a device to work efficiently. After the pandemic rocket launched us into home offices, its also being more common to use home office. It reduces the need for desks in our company offices, just like consultants used to sit in the customers office. But these days we don’t even do that.

Security recommendation

I could use my private device and Windows 365, which would create better security when separating private and business tasks on separate devices (physical+virtual). But I haven’t had a private device for a long time, so there might not be to many (beside gamers and security officers) that has a private device to jump from. And it is pretty damn hard to change peoples way to work and expectations, especially when its due to security.

Savings

So, in my case, I would probably need a laptop anyway provided by my company, because I am not that much in our office. It could be my private device, because I want to enter the Cloud PCs when I am working.

But then I also have buy a private device, so it would save my company for supplying devices and up the security, but it would push that cost on to my budget. Previously we had deals to buy home/private equipment through our employer, so it would make it cheaper to purchase out of our paycheck, before calculating income taxes.

Device life cycle

Today we also see devices usually lasting around three years, as that is normally when they run out of warranty. Some might argue devices looses performance after about three years, depending on the spec you got initially. You can upgrade memory, but what if we don’t need to buy expensive laptops or even change the physical device due to performance inefficiency?

This is the future with Windows 365. It will keep up with performance efficiency year after year, and it might not require anything from your local device, besides connectivity to input devices (mouse, keyboard, mic, camera).

It works like multi session, as Microsoft are running Cloud PCs as virtual desktops, hence we are not saving a device, while Microsoft is using a new device for each device we save. Its bringing the benefit from virtualizing to every user, and not only server.

New era for thin clients coming?

But the fun doesn’t stop after adding a shiny tool to Frontline worker:

Windows 365 Boot eliminates even more of the physical device, which already is significant lowered with introduction to Windows 365 or Azure Virtual Desktop in itself.

There is no longer need to run Windows in Kiosk mode, which was an option for shared devices only used to enter a Cloud PC. Togethere with Windows 365 Boot it eliminates the need to administrate the local desktop very much.

Short answer, we can still leverage punch from the local device to aid the Cloud PCs performance, so only in some cases would it benefit having a low budget thin client when you don’t need the local punch to your Cloud PC aid.

But will we see a Microsoft thin client soon? Running a thin version of Windows, administrated by Intune and Autopatch?

What about third party vendors?

We have seen new vendors on the market the last couple of years, making smaller operating systems, specially designed to be placed on any device and require the minimum of administration. For example Igel OS, with specially user friendly connectivity for remoting to Citrix, Azure Virtual Desktop and Windows 365.

Microsoft develops a lot of services, and sometimes buy products which will be integrate with their portfolio of services. Its a big factory of developers, so it takes a bit of time before we have all features we can desire.

This leaves room for third parties to develop services and features to accommodate our everyday Microsoft services, but at some point if the service or feature is well adopted by customers, we will see the birth of a native service from Microsoft.

It might not be the perfect service out of the starting blocks, but it will catch up and it will probably be favorized by many customers because it will be integrated with the rest of Microsoft Cloud Services. Also the cost/billing of the service might be cheaper then third party solutions, or even better become part of your already license suite in Microsoft 365.

Configure W365 Boot with Intune

Microsoft has created a wizard in Intune under Windows 365 administration, to help us create the necessities for Windows 365 Boot:

The wizard explains everything, so no need to dive into that, but these are the components created to enable Windows 365 Boot:

Remember these devices are not meant to have a local desktop available to anyone, so Intune will create and manage these devices for us. The wizard also supports deploying WiFi-Profiles and VPN-Profiles, in case you require those for connectivity.

It takes about 5 seconds to create it all, and during creating we see the progress, but it was that quick, so it went almost straight to successful deployment:

Configuration Profiles:

During the wizard you create or choose a group, this is the group you add devices which should become Windows 365 Boot enabled. This can be a dynamic group adding devices based on tags.

Windows 365 Boot is currently in public preview.

Meaning it currently requires the device using Windows 365 boot to be running on latest insider version of Windows 11 Dev Channel.

Keep in mind, this is currently in Public Preview and requires the latest Windows Insider version in the Dev-channel installed on devices which should be enabled for Windows 365 Boot.

#SecurityTip

Try your best to separate private tasks from your work tasks, this will minimize the risks of your work related access and data become available to outside people. Spotify may seem safe, but its even safer if you don’t need to install Spotify or any private software.

If you like to read more of my work, please subscribe to my newsletter and have a look at my blog for additional content.


Leave a Reply

Ehlo!

I am Roy Apalnes, a Microsoft Cloud Evangelist working av Sopra Steria. Main focus in Microsoft Security and Endpoint Management, with a bigger picture in mind.

Featured Posts