Welcome to the Windows 365 Enterprise interactive demo

Select Start to continue.

Windows 365 securely streams your desktop, apps, settings and content from the Microsoft cloud to all of your devices to provide a personalized Windows experience anywhere. Windows 365 extends end-user computing from the client to the cloud for business of all sizes, simplifying the experience with a complete service to securely buy, manage, and scale, all in one place.

Windows 365 Enterprise leverages Microsoft Intune to enable customers to provision and manage Cloud PCs using the same skills they use to deploy physical PCs, fully integrated with Entra ID and built on Azure.

This interactive demo walks you through key aspects of the Windows 365 Enterprise experience including:

• Provisioning Windows 365 Enterprise Cloud PCs - Utilize Microsoft Intune to deploy, configure and manage Cloud PCs - and then review the employee experience when using their Cloud PCs.
• Business Continuity – Configure and test Windows 365 Cross Region Disaster Recovery
• Securing Client Access - Configure Intune Mobile Application Management (MAM) for Windows App
• Windows 365 Link – learn more about the simple, secure, purpose-built device for Windows 365 You can use the interactive experience by following the prompts to click and fill out highlighted links and form fields, or you can simply sit back and watch.

To get started, choose one of the demos at left.

There are a number of Windows 365 Interactive Demos available.

Select one to open in a new tab or select Continue to begin this interactive demo.

Windows 365 Enterprise leverages Microsoft Intune to enable customers to provision and manage Cloud PCs using the same skills they use to deploy physical PCs, fully integrated with Entra ID and built on Azure.

This interactive demo will walk you through utilizing Microsoft Intune to deploy, configure and manage Cloud PCs - and then reviewing the employee experience when using their Cloud PCs (including a preview of the new GPU capabilities coming to Windows 365 Enterprise Cloud PCs).

To get started, choose an exercise at left.

This exercise assumes that you have already purchased the appropriate Windows 365 license(s) in the Microsoft 365 admin center (https://admin.microsoft.com) or via another channel. To learn more about the features and pricing for Windows 365 Enterprise consult this Microsoft site (Windows 365 enterprise plans and pricing | Microsoft).

Beginning in the Microsoft 365 admin center, logged in as admin@contoso.com, select Users > Active users in the left navigation.

On the Active Users page, locate the user that you want to assign a Windows 365 - Cloud PC license.

In this case, select Adele Vance.

On Adele’s person card, select the Licenses and apps tab.

Windows 365 offers a wide range of Cloud PC sizes/configurations to suit your employees’ computing needs. Included in these offerings are GPU-enabled Cloud PCs (currently in public preview) that are suitable for graphics intense workloads that need to be performance optimized. These offerings can help with graphic design, image and video rendering, 3D modeling, data processing and visualization applications that require a GPU to perform.

In this exercise, Contoso’s admin has already purchased licenses for GPU-enabled Windows 365 Enterprise Cloud PCs and wants to assign one to Adele Vance to support their work on advanced 3D modeling.

Select the checkbox next to Windows 365 Enterprise GPU Super to assign that license to Adele.

Click the Save changes button to finalize the license assignment.

Once the changes have been saved, you can click anywhere on the screen to complete this exercise and continue on to provision Adele’s GPU-enabled Cloud PC in Microsoft Intune.

Select an exercise to continue.

Cloud PCs are created and assigned to users based on provisioning policies defined in Microsoft Intune. In this exercise, you will be using the Microsoft Intune admin center to create and assign a Cloud PC provisioning policy. Provisioning policies allow you to define key parameters including which network will host the Cloud PC and whether it will be joined to the enterprise Active Directory and synced to Microsoft Entra (Hybrid Microsoft Entra join) or joined directly to Microsoft Entra (Microsoft Entra join).

Once a provisioning policy is assigned to a user or group, the Windows 365 service will check for appropriate licensing for those users and then provision and configure Cloud PCs accordingly.

Note: The administrator account being used in this demo has the Intune Service Admin role assigned.

Picking up in the Microsoft Intune admin center, logged in as Contoso’s administrator, select Devices in the left navigation.

On the Devices | Overview page, select Windows 365.

On the Devices | Windows 365 page, select the Provisioning policies tab.

On the Provisioning policies tab, click the Create policy button.

On the Create a provisioning policy page, select the Name field and type or copy/paste Windows 365 GPU and press Enter.

Contoso will be taking advantage of the option to join Cloud PCs directly to Microsoft Entra and host those Cloud PCs on Microsoft’s network. This is a great way to enable the benefits of Cloud PCs for your organization without the need to create and manage a connection to on-premises infrastructure.

Verify that the Join type is set to Microsoft Entra join and then select Microsoft hosted network as the network.

If you select the combination of Microsoft Entra Join and Microsoft Hosted network, you will need to select a geography and region.

To ensure the best experience for Contoso’s employees, you will be creating a provisioning policy for each of the regions in which Contoso has branch offices and then assigning those policies to the users in those regions. For this exercise, you will be starting with the US West.

Click to expand the Geography menu and then click to scroll down and Select US West.

Leave the Region set to the recommended default (automatic) and click the Next button at the bottom of the Create a provisioning policy page.

When creating a provisioning policy you have the option of using a custom device image or selecting from the built-in gallery of images. The customer is free to pick whatever solution fits best for their needs.

Select Change under Windows 11 Enterprise + Microsoft 365 Apps H2 to review the images available in the gallery.

Contoso will be using the default – the latest Windows 11 + Microsoft 365 Apps image from the gallery, so select the X to close the select an image panel and then click Next at the bottom of the Create a provisioning policy page.

Windows 365 allows you to specify the default language and region settings for Cloud PCs created with this policy. Contoso will be leaving this set to the default value of English (United States) for this particular provisioning policy. Windows 365 also supports Windows Autopatch, enabling you to shift the planning and operation of the Windows and Microsoft 365 update process from your organization to Microsoft.

Contoso isn’t yet taking advantage of this service – so leave Additional Services set to None and then click Next.

On the assignments tab, click the Add groups button.

On the select groups to include pane, click in the Search field to type and then type or copy/paste Windows 365 and press Enter.

Select Windows 365 GPU Users from the search results and then click Select at the bottom of the pane.

Verify that the Windows 365 GPU Users group is listed under Groups on the Assignments tab and then click the Next button.

Review your settings and then click the Create button. After clicking Create, the new Cloud PCs will start to provision directly for the Microsoft Entra group members that you assigned to the provisioning policy.

Once you get confirmation that the provisioning policy has been created, select the All Cloud PCs tab.

On the All Cloud PCs tab, you can see that Adele Vance’s GPU-enabled Windows 365 Cloud PC is now being provisioned. Click anywhere on the screen to continue to the point when provisioning is complete.

Now that Adele’s new Cloud PC is provisioned, select CPC-adele-01DYT to open the detailed view for that Cloud PC and learn more about the management capabilities in Intune.

Microsoft Intune provides comprehensive management and security options for administrators overseeing Windows 365 Cloud PCs through the Microsoft Intune admin center, reviewing the top toolbar, these options include:

• Sync: This option allows you to synchronize the Cloud PC with Intune to ensure that the latest configurations and policies are applied to the device.
• Restart: This option enables you to remotely restart the Cloud PC, which can be useful for applying updates or resolving issues that require a reboot.
• Restore: This feature allows you to restore the Cloud PC to a previous state, which can help in recovering from problematic configurations or software issues.
• Reprovision: This option allows you to reprovision the Cloud PC, essentially resetting it and reapplying all initial configurations and applications.
• Resize: This feature enables you to change the hardware configuration of the Cloud PC, such as increasing or decreasing the allocated resources like CPU, RAM, or storage.
• Collect diagnostics: This option allows you to collect diagnostic logs from the Cloud PC to help troubleshoot and diagnose issues.
• Quick scan: This initiates a quick security scan on the Cloud PC to check for any potential security threats or issues.
• Full scan: This performs a more thorough security scan compared to the quick scan, potentially taking longer but providing a more comprehensive check for security threats.
• Update Windows Defender security intelligence: This option updates the security intelligence data for Windows Defender on the Cloud PC, ensuring it has the latest definitions to detect and prevent threats.
• Rotate local admin password: This feature allows you to rotate the local administrator password on the Cloud PC, enhancing security by regularly changing the password.

When you are done reviewing the management capabilities, click anywhere on the screen to complete this exercise and continue with the interactive demo.

Select an exercise to continue.

The Cloud PC recommendations report in the Intune admin center is an AI-powered feature that provides Windows 365 administrators with tailored recommendations to optimize the use and performance of Windows 365 Cloud PCs. Leveraging an evolving machine learning model, Windows 365 analyzes factors such as end user Cloud PC usage patterns, platform-level resource utilization data, and user/application performance needs to provide actionable recommendations as to whether Cloud PCs are:

• Rightsized: Cloud PCs used frequently and sized appropriately for the workload that end users are putting on them.
• Undersized: Cloud PCs underpowered for the workload they’re supporting. Users might be having a poor experience. To improve results, IT can increase the device’s resources by resizing to a larger SKU.
• Oversized: Cloud PCs overpowered for the workload they’re supporting. For these devices, the same quality of experience can be delivered to users with fewer resources, enabling IT to reduce costs by resizing the devices to a smaller SKU.
• Underutilized: Cloud PCs used rarely or not at all. Any Cloud PC with less than 40 hours of active connected time over a 28-day period falls into this category. These Cloud PCs might not be needed—providing an opportunity to reduce or optimize costs by removing or re-allocating Cloud PC licenses.

These AI-powered recommendations help you optimize total cost of ownership (TCO) while providing a productive employee experience — enabling you to ensure you have the appropriate number and allocation of licenses and that Cloud PCs are right-sized for employee needs. As employee usage evolves and changes over time, you can continue to utilize this intelligent resource to help make informed decisions that enhance the overall Windows 365 experience and optimize costs.

Starting in the Microsoft Intune admin center, signed in as admin@contoso.com, select Reports in the left navigation.

On the Reports page, under Device management in the left navigation, select Cloud PC overview.

On the Cloud PC overview reports page, you have at a glance access to information about connection quality, Cloud PC utilization and availability, Frontline Cloud PC usage (if applicable to your organization), cross-region disaster recovery status, and the new AI-based Cloud PC recommendations.

Select Cloud PC recommendations to explore the recommendations in more detail.

On the Cloud PC recommendations page, you can see that, while many of Contoso’s Cloud PCs have been determined to be rightsized for employee usage, there are also many that are undersized, oversized, or underutilized. Cloud PCs in these categories present opportunities to optimize total cost of ownership and improve the employee experience by right-sizing Cloud PCs and appropriately allocating licenses.

Before drilling down into those reports, let’s review the other pivots available when reviewing the overall data set. Select Insights by device to see that view.

On the Insights by device tab, you will be presented with a list of all Cloud PCs in the report which you can quickly search or column sort to get a picture of overall usage, whether specific clusters of users or Cloud PC sizes are currently underutilized, over/undersized, etc.

When you are ready, select Insights by model to review that alternative view.

The Insights by model tab provides an easily digested consolidated view of how the Cloud PC recommendations land across the various Cloud PC sizes in your organization. For example, in this case, you can quickly see that there is a small cluster of users on 4vCPU/16GB/128GB who would benefit from a higher-powered Cloud PC.

Let’s return to the overview page to drill down further. Select the Overview tab.

On the Cloud PC recommendations page, under Underutilized, select View report.

On the Underutilized Cloud PCs report, you will see all of the Cloud PCs that have been determined to have low or no usage. These Cloud PCs are potential candidates for license removal or re-allocation to optimize your organization’s costs. In addition to allowing you to sort on properties like total time connected or the Cloud PC size, you can export a report from this page to facilitate follow-up (for example, focusing first on Cloud PCs with no utilization as candidates for license removal or re-allocation).

From this view, you can also drill into specific Cloud PCs to glean additional insight into metrics such as CPU utilization over the time period.

Select Cloud PC recommendations in the Home > Reports | Cloud PC overview > Cloud PC recommendations breadcrumb at the top of the page to return to the overview page.

Next, we’ll review the Undersized Cloud PC report—select View report under that heading.

On the Undersized Cloud PC page, you will find a list of Cloud PCs that have been determined to be underpowered for the workload they are currently supporting. In addition to providing insight into CPU and RAM utilization (enabling you to quickly sort to find the most resource-constrained Cloud PCs), you will find recommendations on Cloud PC sizes that would provide a better experience for affected users/devices, making it easier to follow up by increasing the device’s resources by resizing to a more powerful SKU.

Let’s continue and review the Oversized Cloud PC recommendations. Select Cloud PC recommendations in the Home > Reports | Cloud PC overview > Cloud PC recommendations breadcrumb at the top of the page to return to the overview page.

Select View report under Oversized to navigate to that report.

On the Oversized Cloud PC page, you will find the Cloud PCs that have been deemed to be overpowered for the workload they are currently supporting. For these users/devices, a high-quality experience can be provided with fewer resources. These devices are good candidates to resize to a smaller/less expensive SKU—reducing cost while preserving the user experience.

You have now completed this exercise. Click anywhere on the screen to continue with the interactive demo.

Select an exercise to continue.

Supported by all Windows 11 devices (as well as Windows, macOS, iOS and iPadOS, Android, and web browsers), Windows App provides a direct path to your Cloud PC from the taskbar or start menu. Windows App enables employees to enjoy the full Windows 11 experience while moving between your local and Cloud PCs. With the app, you can use your Cloud PC as a window or full screen.

Windows App is designed with a customizable home screen to cater to your unique workflow needs. You can access Windows across multiple different services and remote PCs from a single place, and pin your favorites you access most. The app delivers high-performing and reliable experiences for Microsoft Teams and your other Microsoft 365 apps as well as other features to enhance your remote experience, such as:

• Multiple monitor support.
• Custom display resolutions.
• Dynamic display resolutions and scaling.
• Device redirection, such as webcams, audio, storage devices, and printers.
• Regular and automatic app updates mean you’re always using the most up-to-date version of Windows 365.

In addition to Windows 365 Cloud PC, Windows App securely connects you to Windows devices and apps on a device of your choice from:

• Azure Virtual Desktop
• Microsoft Dev Box
• Remote Desktop Services
• Remote PC

Windows App is available on Windows, macOS, iOS and iPadOS, Android, and web browsers.

Windows App can also be downloaded and installed from the Microsoft Store.

Starting in the Windows App on Adele’s Windows 11 PC, select Sign in.

Sign in as Adele Vance using passwordless authentication:

Username: select Adele’s account (adelev@contoso.com) to continue.

Approve sign in request: Click anywhere on the screen to simulate approving the request using the Authenticator app on Adele’s phone.

Review and click through the introductory content.

Adele currently has 2 Windows 365 Cloud PCs, as you can see from the indicators on the device tiles. You can also see that the right tile corresponds to their new GPU Enabled Cloud PC.

Select the ‘…’ (three dots) management menu for Adele's Cloud PC to review the available capabilities. The Windows 365 App supports a number of management actions for Cloud PCs.

• Favorite – Add this Cloud PC to the Favorites view in the Windows App.
• Restart - Restarts the Cloud PC.
• Reset - Reset does the following:
  • Reinstalls Windows.
  • Removes your personal files (OneDrive data remains).
  • Removes any changes you made to settings.
  • Removes your apps.
• Restore – Using Windows 365 Point-in-time restore, you can restore your Cloud PC to the exact state it was in at a previous point in time.
• Rename - Changes the name of the Cloud PC shown to the user in the Windows App and on windows365.microsoft.com.
• Inspect Connection – Makes it easy to review your Cloud PCs connectivity and get steps for resolving any issues discovered.
• Pin to – pin this Cloud PC to the Windows Taskbar for quick access.
• View details – Provides basic information about the Cloud PC, user and license assigned.
• Add to Task view – Add this Cloud PC to Windows Task view for quick context switching between the local desktop and Cloud PC.
• Settings – Configure display and view settings.

Adele wants to add their GPU-enabled Cloud PC to the Windows App Favorites screen.

Select Favorite from the menu.

Once the Cloud PC has been marked as a favorite, select Go to Favorites in the notification.

Select Connect to connect to Adele’s GPU Enabled Cloud PC.

Adele’s GPU-enabled Cloud PC is now open in full screen mode. GPU-enabled Windows 365 Cloud PCs offer significant advantages over standard Enterprise Cloud PCs by providing enhanced graphical and computational performance for workloads requiring:

• Graphics-Intensive Applications: GPU-enabled Cloud PCs are designed to handle graphics-intensive applications such as CAD (Computer-Aided Design), 3D modeling, video editing, and rendering software. This ensures smooth performance and quick rendering times, which are critical for professionals in creative and engineering fields.
• Improved Compute Power: The inclusion of GPUs significantly boosts the computational capabilities of Cloud PCs, making them suitable for data-intensive tasks, machine learning, and AI workloads. This can accelerate complex computations and improve efficiency for data scientists and researchers.

These capabilities benefit many disciplines, including:

• Creative Professionals: Graphic designers, video editors, and animators who rely on software such as Adobe Creative Cloud, Autodesk Maya, and Blender benefit from the enhanced graphical capabilities and performance.
• Engineers and Architects: Professionals using CAD software like AutoCAD, SolidWorks, and Revit can perform complex modeling and simulations more efficiently.
• Data Scientists and Researchers: Those working with large datasets, machine learning models, and AI can utilize the GPU power for faster data processing and model training.
• Financial Analysts: Users involved in financial modeling and quantitative analysis can leverage GPU resources to run complex simulations and calculations.

Adele uses Blender for their work – let’s review how the GPU enabled Cloud PC handles a complex 3D particle simulation benchmark for Blender.

Click on Windows Start to open the start menu, then select Blender from the list of pinned applications.

Once Blender has loaded – select File > Open and select basic_particle_simulation.blend to open that Blender benchmark simulation.

When the simulation has loaded, click Play to view the simulation in action.

After the simulation has completed – close the Blender window.

You have now completed this exercise.

Click anywhere on the screen to continue with the interactive demo.

Congratulations on completing the Windows 365 Enterprise Cloud PC Provisioning and Monitoring interactive demo.

You can choose any exercise to review or select the Home button to return to the beginning of the Windows 365 Interactive Demo.

In an era where remote work and cloud computing have become integral to business operations, ensuring the resilience and availability of virtual desktop environments is more critical than ever. Windows 365 provides organizations with Cloud PCs that offer the flexibility of the cloud combined with the familiarity of Windows desktops. Windows 365 Cross-region Disaster Recovery is an optional service for Windows 365 Enterprise that offers a robust, cost-effective way to safeguard your Cloud PCs against regional outages and ensure uninterrupted access for end users. By replicating Cloud PC disk snapshots across multiple regions, users can increase availability and preserve productivity with extra disaster recovery capabilities -- all with the control and ease of Windows 365 management.

Key benefits of implementing cross-region disaster recovery for Windows 365 Cloud PCs include:

• Enhanced Business Continuity: Minimize downtime by enabling failover capabilities across different Azure regions during regional disruptions.
• Data Resiliency: Protect critical workloads by replicating Cloud PC environments across multiple geographic locations.
• Regulation and Compliance: Allows the designation of a backup Cloud PC to be in a recovery region that is a sufficient distance from the primary Cloud PC location, while adhering to data residency / compliance requirements.
• Optimized End-User Experience: Ensure seamless access and productivity for end users, even in the face of regional outages.

This demo will guide you through the steps to license, configure, validate, and test cross-region disaster recovery for Windows 365 Cloud PCs, enhancing your organization's business continuity strategy.

When you are ready, select an exercise to continue.

The Windows 365 cross-region disaster recovery add-on license is required for each Windows 365 Enterprise user added to the cross-region disaster recovery service. In this exercise, we will begin having already purchased the add-on license for Contoso (this add-on license can be easily purchased via the Microsoft 365 admin center).

Starting in the Microsoft 365 admin center, select Users > Active users in the left navigation.

In the list of Active users, first select Adele Vance and then select Bianca Pisoni.

Once you’ve selected Adele and Bianca, select Manage product licenses in the toolbar.

On the Manage product licenses panel, choose Assign more.

Under Licenses, select Windows 365 Cross Region Disaster Recovery Add-On and then click Save changes.

Once the license assignment is complete, you are ready to configure Windows 365 Cross-region Disaster Recovery for those users.

Select Done to close the panel and then click anywhere on the screen to transition to the Microsoft Intune admin center to continue.

Select an exercise to continue.

Now that you have assigned the required licenses to employees – you are ready to configure Windows 365 cross-region disaster recovery for those users.

Starting in the Microsoft Intune admin center, select Devices in the left navigation.

On the Devices | Overview page, under Device onboarding in the navigation, select Windows 365.

On the Devices | Windows 365 page, select the User settings tab.

On the User settings tab, select +Add.

On the Add user settings tab, select the Name field to type, then type or copy/paste Cross Region Disaster Recovery - West US and press Enter.

Select the check box to Enable users to reset their Cloud PCs.

Set the values under Point-in-time restore service per Contoso’s requirements. These values also apply to cross-region disaster recovery:

• Select the check box to Allow users to initiate restore service.
• Click to expand the dropdown menu and select 4 hours as the Frequency of restore point service.

Click to expand Cross region disaster recovery configuration (optional) and then set the Enable cross region disaster recovery toggle to Yes.

Contoso’s Cloud PCs run on Microsoft’s hosted network, so leave the Network type as is. With Windows 365 cross-region disaster recovery, full copies of your Cloud PCs are kept in the backup location, including all data stored on the Cloud PC disk. When configuring a backup location, it is important to consider things like data sovereignty and geographic distance between the user and the Cloud PC backup location.

In this case, you are configuring cross-region disaster recovery for Contoso’s Western US region and want to ensure sufficient distance between locations to provide resilience without introducing too much latency (greater distance between your backup Cloud PC and your user’s connection location increases network latency and impacts performance).

Click to expand the Geography menu and select US East.

Leave the region set to Automatic (default) and select Next.

On the Assignments page, you can add the groups that you want this user setting applied to. All Cloud PCs associated with a user share the same cross-region disaster recovery settings.

Select Add groups.

On the Select groups to include panel, select the Search field to type and then type or copy/paste West US and press Enter.

Select the West US Employees group (note: Adele Vance and Bianca Pisoni are members of this group) and then click Select.

Verify West US Employees is now listed under Groups and select Next.

Review your settings and then select Create.

You have now successfully configured cross-region disaster recovery. After you finish this configuration, the first backup of the Cloud PCs may take several days. To see the current state of backups, you can check the Cross-region disaster recovery report.

Click anywhere on the screen to learn how to access that report.

Select an exercise to continue.

The Cloud PCs cross region disaster recovery status report shows you pertinent information about the health of your cross region disaster recovery.

Starting on the home page of the Microsoft Intune admin center, select Reports in the left navigation.

On the Reports page, select Cloud PC Overview in the left navigation.

On the Reports | Cloud PC Overview page, select Cross-Region Disaster Recovery status.

The Cross-Region Disaster Recovery status report will show you pertinent information for the Cloud PCs in your organization, including:

• Configuration alert - indicating whether the Cloud PC is in a healthy or unhealthy state.
• License type & Cross region enabled
• Disaster recovery status: Active outage, Activation expiring, or Not active
• Current restore point: indicates the date/time corresponding to the backup copy stored in the recovery location.

Click anywhere on the screen to scroll to the right and verify the current restore point for these Cloud PCs.

The Cloud PCs are appropriately licensed and enabled for cross-region disaster recovery, and the backup copies are active – you are now ready to test cross-region disaster recovery.

Select Devices in the left navigation to continue.

Select an exercise to continue.

Using bulk actions in Microsoft Intune, you can activate/deactivate cross-region disaster recovery for individual devices or devices for all users in a group.

Activating cross-region disaster recovery moves users to a new Cloud PC in a temporary region (previously configured to be US East for Contoso’s US West Cloud PC users). Users can’t access their Cloud PCs until the move is complete. Until the cross-region disaster recovery is deactivated, users will work from a Cloud PC in this region.

On the Devices | Overview page, select All devices in the left navigation.

On the Devices | All devices page, select Bulk device actions.

On the basics tab, click to expand the OS menu and then select Windows.

Click to expand the Device type menu and select Cloud PCs.

Expand the Select action menu and choose Cross region disaster recovery.

Select Activate cross region disaster recovery and then select Next.

On the devices tab, you will select the devices to which this action applies.

Click to expand the Selection type menu and then choose Apply this action to devices registered to its group members.

Under No group selected, click Select a group.

On the Select groups to include panel, click in the Search field to type, then type or copy/paste West US and press Enter.

Choose the West US Employees group and then click Select.

Confirm that you now see 3 Cloud PCs (2 assigned to Adele and 1 assigned to Bianca) – then select Next.

Select Create to initiate the bulk action.

Once this action is executed, Contoso’s US West Cloud PC users will be temporarily moved to their backup Cloud PCs in US East. When you deactivate cross-region disaster recovery (using the same bulk action approach) or the activation expires, users will be transitioned back to their primary Cloud PC in US West.

Click anywhere on the screen to continue and briefly review the employee experience when using their temporary Cloud PC.

After the cross-region disaster recovery activation is complete, when a user signs in to their Cloud PC they receive a temporary Cloud PC. With this device, they get full user context, including:

• Configuration
• Data stored on the local disk
• User-installed applications up to the RPO for the device

When cross-region disaster recovery is activated, affected users receive a warning the next time they sign in to their Cloud PC.

When the cross-region disaster recovery is deactivated, the temporary device is discarded. The user is returned to their primary device, as it was before the disaster recovery event. No applications, settings, data, or other information saved to the Local OS disk (C drive) is preserved. Data stored in cloud storage, cloud applications, and so on, are unaffected by the Cloud PC disaster recovery event.

You have now successfully configured, validated, and tested (by activating through bulk actions) Windows 365 Cross-region Disaster Recovery.

Click anywhere on the screen to complete this exercise.

Congratulations on completing the Windows 365 Cross Region Disaster Recovery interactive demo.

You can choose any exercise to review or select the Home button to return to the beginning of the Windows 365 Interactive Demo.

Select Start to continue.

Microsoft recently announced that Windows App - your secure gateway to Windows environments across Windows 365, Azure Virtual Desktop, Microsoft Dev Box, and more - is now supported by Microsoft Intune Mobile Application Management (MAM) on both iOS and Android devices.

Microsoft Intune MAM enables administrators to manage and protect corporate data at the application level on both managed and unmanaged devices. This means you can secure your organization's data within applications without requiring full device enrollment, making it ideal for Bring Your Own Device (BYOD) scenarios.

With this announcement, Windows App joins a comprehensive ecosystem of applications supported by Intune MAM. For a more complete picture, you can refer to the official list of Microsoft Intune protected apps.

In this interactive demo – you will learn how to configure Intune MAM for Windows App on unmanaged iOS and iPadOS devices at Contoso.

When you are ready, select an exercise to continue.

As a first step, you will define a filter for unmanaged iOS/iPadOS devices. Intune allows you to define filters for devices enrolled in Intune (managed devices) or apps managed by Intune (managed apps). Filters enable you to assign a policy based on rules you create – narrowing the assignment based on criteria such as manufacturer, OS version, whether the device is personal or organization-owned, etc.

Starting in Microsoft Intune admin center, logged in as admin@contoso.com, select Devices in the left navigation.

Click to scroll down in the left navigation of the Devices | Overview page and select Filters.

On the Devices | Filters page, click Create then select Managed apps.

On the Create Filter page, click in the Filter Name field to type, then type or copy/paste Unmanaged iOS devices and press Enter.

Click to expand the Platform menu and select iOS/iPadOS - then click Next.

Use the rule builder to define a rule for unmanaged devices:

• Click to expand the Property menu and select deviceManagementType.
• Expand the Operator menu and select Equals.
• Expand the Value menu and select Unmanaged.
• Click in the Rule syntax field to generate the expression and then click Next.

Review the settings and then select Create.

You have successfully created a filter for unmanaged iOS and iPadOS devices and are ready to define an App Protection Policy for Windows App on these devices – select Apps in the left navigation of the Intune admin center to continue.

Select an exercise to continue.

Intune app protection policies (APP) are rules that ensure an organization's data remains safe or contained in a managed app. These policies allow you to control how data is accessed and shared by apps on mobile devices. A policy can be a rule that is enforced when the user attempts to access or move "corporate" data, or a set of actions that are prohibited or monitored when the user is inside the app.

On the Apps | Overview page navigation, under Policy, select App protection policies.

On the Apps | App protection policies page, click Create policy and then choose iOS/iPadOS.

On the Create Policy page, select the Name field to type and then type or copy/paste Unmanaged iOS / iPadOS App Protection Policy and press Enter.

Select the Description field to type and then type or copy/paste Requirements for unmanaged devices to access corporate resources and then press Enter.

Click Next to continue.

Select the app to target with this policy – click + Select public apps.

On the Select apps to target panel, click in the Search field to type, then type or copy/paste Windows and press Enter.

Choose Windows App and then click Select.

Verify that Windows App is now listed under Public apps and click Next.

This page provides settings for data loss prevention (DLP) controls, including cut/copy/paste, and save-as restrictions. These settings determine how users interact with data in the apps that this app protection policy applies. Click anywhere on the screen to scroll down and then block clipboard and third-party keyboard access:

• Expand the Restrict cut, copy and paste between other apps menu and then choose Blocked.
• Choose Block to prevent the use of third-party keyboards to mitigate against third parties accessing sensitive company data.

Select Next to continue to the Access requirements page.

The Access requirements page provides settings to allow you to configure the PIN and credential requirements that users must meet to access apps in a work context. Contoso will be using the default settings for iOS/iPadOS managed apps – select Next to continue.

The Conditional launch page provides settings to set the sign-in security requirements for your app protection policy:

• Under Device conditions, expand the Setting menu and choose Min OS Version.
• Select the Value field to type and then type or copy/paste 17.4.1 and press Enter.
• Expand the Action menu and choose Block access.

Configure the Maximum allowed device threat level:

• Expand the Setting menu and choose Max allowed device threat level.
• Expand the Value menu and select Secured.
• Expand the Action menu and choose Block access.

Specify the MTD service:

• Expand the Setting menu and choose Primary MTD Service.
• Expand the Value menu and select Microsoft Defender for Endpoint.

Select Next to continue.

The assignments page enables you to assign the app protection policy to groups of users. Under included groups – click Add groups.

On the Select groups to include panel, choose Contoso Engineering and then click Select.

To associate a filter with this assignment, select Edit filter in the Contoso Engineering row.

On the Filters panel, select Include filtered devices in assignment, then choose Unmanaged iOS devices and click Select.

Verify the assignment settings and click Next.

Click anywhere on the screen to scroll down and review your App Protection Policy settings, then click Create.

Congratulations, you have successfully created an App Protection Policy for unmanaged iOS/iPadOS devices at Contoso and assigned it to the Contoso Engineering group. Select App configuration policies to continue.

Select an exercise to continue.

Intune app configuration policies enable administrators to remotely customize and manage the settings of Windows App on iOS/iPadOS and Android devices, ensuring a consistent and secure user experience when accessing Windows environments. By deploying these policies, IT teams can pre-configure essential settings within Windows app—such as device, camera and clipboard redirection—without requiring manual setup on individual devices. This streamlines the deployment process, reduces the potential for user error, and ensures compliance with organizational policies.

On the App | App configuration policies page, select +Add and then choose Managed apps.

On the Create app configuration policy page, select the Name field to type, then type or copy/paste Unmanaged iOS / iPadOS redirections and press Enter.

Select the Description field to type, then type or copy/paste No drive and clipboard redirection on an unmanaged device and press Enter.

Next, click +Select public apps.

On the Select apps to target panel, click in the Search field to type, then type or copy/paste Windows and press Enter.

Choose Windows App and then click Select.

Verify the basic settings and select Next.

We will not be configuring settings from the settings catalog – select Next.

On the Settings page, click to expand General configuration settings.

Under General configuration settings, you can specify configuration settings for Windows App using the existing AVD RDP properties. Start with the drive redirection settings:

• Select the Name field to type, then type or copy/paste drivestoredirect and press Enter.
• Select the Value field to type, then type or copy/paste 0 and press Enter. A value of 0 corresponds to ‘disabled’ and will prohibit access to the local drive on iPadOS.

Specify the redirectclipboard setting:

• Select the Name field to type, then type or copy/paste redirectclipboard and press Enter.
• Select the Value field to type, then type or copy/paste 0 and press Enter. A value of 0 corresponds to ‘disabled’ and will prevent local clipboard access.

Verify the settings, then click Next to continue to the Assignments page.

The assignments page enables you to assign the app configuration policy to groups of users. Under included groups – click Add groups.

On the Select groups to include panel, choose Contoso Engineering and then click Select.

To associate a filter with this assignment, select Edit filter in the Contoso Engineering row.

On the Filters panel, select Include filtered devices in assignment, then choose Unmanaged iOS devices and click Select.

Verify the assignment settings and click Next.

Verify the app configuration policy settings and select Create.

You have successfully created and assigned an App Configuration policy. Select Endpoint security in the left navigation of the Intune admin center to continue to create a Conditional Access policy.

Select an exercise to continue.

In the Endpoint security | Overview left navigation under Manage, select Conditional access.

On the Conditional Access | Overview page navigation, select Policies.

Select New policy.

On the new Conditional Access policy page, select the Name field to type, then type or copy/paste AVD and W365 MAM enabled clients only and press Enter.

Specify which users the policy applies to - Select 0 users and groups selected and then, under Include, select All users.

Now, specify the target resources to protect. Select No target resources selected and then under Include, choose Select resources, and then under Select click None.

Your policy should target both Azure Virtual Desktop and Windows 365 Apps:

• On the Select panel, click in the Search field to type, then type or copy/paste Azure Virtual Desktop and press Enter.
• Select Azure Virtual Desktop from the search results.
• Click in the Search field again to type, then type or copy/paste Windows 365 and press Enter.
• Select the Windows 365 app and then click Select.

Under Conditions, click 0 conditions selected.

Under Device platforms, select Not configured.

Select iOS and Android:

• Set the Configure toggle to Yes.
• Under Include, choose Select device platforms.
• Select Android, then select iOS.
• Click Done.

Under Client apps, select Not configured

Select the client apps this policy will apply to:

• Set the Configure toggle to Yes.
• De-select Browser, Exchange ActiveSync, and Other clients.
• Click Done.

Specify MFA and App Protection Policies as requirements for access:

• Under Access controls > Grant, click 0 controls selected.
• On the Grant panel, select Require multifactor auth.
• Select Require app protection policy and then click Select.

Given that this is Contoso's initial test deployment - you'll be creating the policy in report-only mode.

Review your Conditional Access policy settings and then click Create.

Congratulations, you have completed the interactive demo. Click anywhere on the screen to continue.

Congratulations on completing the Intune Mobile Application Management (MAM) Support for Windows App on iOS and Android interactive demo.

You can choose any exercise to review or select the Home button to return to the beginning of the Windows 365 Interactive Demo.

Select start to continue.

As more organizations adopt Desktop as a Service to enhance security and flexibility, Microsoft is expanding its Cloud PC solution by introducing the first Cloud PC device that connects securely to Windows 365 in seconds. Windows 365 Link – the simple, secure, purpose-built device for Windows 365 – is available now in preview, enabling users to work securely in a familiar Windows desktop with responsive, high-fidelity experiences.

Select continue for a closer look at this new Cloud PC device.

This compact, lightweight, fanless device is convenient to place on a desk or mount behind a monitor, and it is seamless to use with wired or wireless peripherals. It boasts dual 4K monitor support with one HDMI and one DisplayPort, 3 USB-A, 1 USB-C port, a 3.5mm audio port, an Ethernet Port, Wi-Fi 6E, and Bluetooth 5.3.

To learn more about this new Cloud PC device select Continue.

Ideal for organizations with desk-based workers who are using Windows 365 in shared workspaces, let’s take a closer look at how this new device can help:

1. Make the most of productive time
2. Reduce the attack surface
3. Simplify IT management

Select an exercise to continue.

Turn on the device and you’ll land on this sign-in screen within seconds. Notice how you have the option to sign-in securely using a security key or multifactor authentication.

Select the security key option to continue.

Enter your security key PIN.

Select the PIN field to type, then type or copy paste 1234 and press Enter.

After entering your PIN you'll be prompted to touch your security key.

Click anywhere on the screen to simulate touching the security key.

Upon signing in successfully, notice how you are connected directly to your Windows 365 Cloud PC within seconds.

Your Cloud PC is exactly how you left it, for example, here you can see some apps are open from the last time you connected.

Click to join the ongoing meeting in Microsoft Teams.

Windows 365 Link is optimized out-of-the-box to provide high-fidelity video playback and conferencing experiences leveraging local processing.

You have completed this exercise.

Click anywhere on the screen to continue.

Select Exercise 2: Reduce the attack surface to continue.

Click the Power -> Lock button to lock the device.

Notice how it returns back to the sign in experience and no corporate data or account information are stored on the local device. The dataless nature of this device makes it great as a shared use device for hot-desking, contact centers, and more.

Click anywhere on the screen to continue.

The device is secure by design, offering a locked-down experience with security baseline policies enabled by default and security features that cannot be turned off: Trusted Platform Module, Secure Boot, BitLocker drive encryption, Hypervisor Code Integrity, and Microsoft Defender EDR Sensor.

You have completed this exercise. Select Continue.

Select Exercise 3: Simplify IT Management to continue.

The device can be set up in a few simple steps when first turned on - it just needs to be connected to Wi-Fi or a wired Ethernet connection

Select ContosoNetwork5 and then click Next to connect to a network.

Sign in as Elvia Atkins:

• Select the username field to type, then type or copy/paste Elvia.Atkins@contoso.com and press Enter.
• Contoso has configured passwordless authentication for Elvia – click anywhere on the screen to simulate using the Authenticator app to approve the sign in request

After signing in, Elvia's Cloud PC loads, with all of their context and apps just where they left off.

Upon the first sign-in, the device joins with Microsoft Entra and enrolls automatically into the Microsoft Intune environment. The device also automatically stays up to date.

Click anywhere on the screen to switch to the IT experience in Intune.

You are now on the Devices | Overview page in the Microsoft Intune admin center, logged in as Connie Wilson - an administrator for Contoso.

Under Platforms in the Devices page navigation, select Windows to view all of the Windows devices at Contoso.

Notice how Windows 365 Link devices (the highlighted ones with the WCPC prefix in their name) appear alongside other PCs as compliant devices, this is because they have a Windows based OS and the policies you had set for Windows 10 and later devices were automatically applied to them.

Select the Windows 365 Link device at the top of the list (WCPC-328PY43R3) to view more information and management options for that device.

As you can see from the device model, this is a Windows 365 Link device.

Notice how familiar actions are available to manage this device like any other PC e.g. Restart, Restore or Remote Wipe.

Select Wipe to view the experience when wiping the device.

Review the text of the dialog - note that by default, wipe will remove all personal and company data from the device, reset to default settings, and un-enroll from Intune.

When you are ready, click Wipe to execute the action.

The Windows 365 Link device has been successfully wiped.

Beyond the familiar management actions available in Intune - you can also create custom device configuration policies.

Click anywhere on the screen to continue.

Microsoft Intune enables you to create profiles for different devices and different platforms - including Android, iOS/iPadOS, macOS, and Windows.

This Create Profile page shows the final step in creating a new configuration profile for Windows 365 Link devices to prohibit the use of any removeable storage devices

Select Create to finalize the creation of the configuration profile.

Once the profile has been successfully created - external storage devices will no longer be allowed on Windows 365 Link devices at Contoso.

You have completed the interactive demo for Windows 365 Link.

Click anywhere on the screen to continue.

Thank you for completing the Windows 365 Link interactive demo.

You can review any of the demo exercises or select Home in the toolbar to start over.

Visit https://aka.ms/Windows365Link to learn more about this new device which is now available in preview in select markets.