What is Windows 365?

A location-independent and secure workplace in dynamic times

by Sven Köppel


21 December 2021

Since the Corona pandemic at the latest, flexible working has been on everyone's lips and will remain so. Whether at home, in a café or on the train is no longer important; users want to access their data and applications from anywhere. With Windows 365, Microsoft provides a service, , that is intended to make it easier to start using virtual desktops regardless of location. The speed of the user's internet connection should not play a major role, because the actual work takes place on the Windows 365 cloud PC.

What is Windows 365?

Windows 365 is basically a virtual desktop infrastructure built in enterprise quality - in simple terms - a Windows computer in the cloud. The licensing model allows it to be used in a small business or in a multinational company.

The end user works with a virtual desktop hosted in the Microsoft 365 Cloud. The interesting thing about Windows 365 is that it is fully implemented in Microsoft 365 and Azure. For example, a dynamic AzureAD group can be used to automatically provide a user with a cloud PC with all the desired settings and applications, in short a "zero-touch deployment". It also simplifies flexible working, which is becoming increasingly important. Users can access their Windows 365 cloud PC from any device (e.g. BYOD), regardless of the operating system and internet connection.

The existing on-premises environment can be supplemented with Windows 365 Enterprise. A connection can be established between the company network and the Microsoft Cloud so that users working on a Windows 365 Cloud PC can also access company data. In addition, a Windows 365 cloud PC can be managed in Endpoint Manager like a physical desktop.

Advantages and disadvantages


  • Reliability through standardised hardware
  • Enables flexible working
  • Enterprise security standards
  • Dynamic provision of jobs


  • Vulnerability to cyber attacks against cloud providers
  • Limited control
  • Licence costs
  • Internet addiction

The use of standardised hardware increases the reliability of the operating system, as the cloud provider can concentrate on a few components. Automated updates prevent the neglect of important system or security-related updates. Flexible enterprise-quality work becomes widely accessible and users always work on the same desktop, regardless of location.

Basically, the general disadvantages related to cloud computing apply. An increased vulnerability to cyber attacks against the cloud provider or a limited control over the services, as they are managed by Microsoft. In addition, dependency increases in terms of internet speed and latency. Working without an internet connection becomes impossible.

Windows 365 Enterprise / Business

There are two versions of Windows 365 Cloud PCs: Enterprise and Business.

Windows 365 Enterprise is for organisations that have invested in Microsoft Endpoint Manager and already use this platform to manage their existing physical Windows 10 devices.

Windows 365 Business is intended for individual users and SMEs with up to 300 employees. These can subscribe to a modern cloud PC from Microsoft, which is ready for use within an hour and can be used regardless of the end device. Windows 365 Business cloud PCs do not require an Intune licence and are fully managed by the user, similar to a standalone physical PC.

Windows 365 Enterprise / Business

There is also a significant difference between Windows 365 Enterprise Cloud PCs and Business Cloud PCs:

Windows 365 Enterprise Cloud PCs run in a Microsoft-managed Azure subscription, but their network cards (virtual NICs) are "injected" from the customer's Azure subscription. The Business Cloud PC VMs reside entirely within the Microsoft-managed Azure subscription, with no components connected to a customer's Azure subscription.

The figure below shows this graphically for better understanding.

Windows 365 Enterprise Cloud PCs and Business Cloud PCs


In order to use Windows 365, a streaming-enabled internet connection, a Microsoft 365 tenant and subscription are required.

As with any cloud service, the following must be clarified before implementation:

  • Speed, latency and stability of the internet connection
  • Data management
  • Compliance, Governance

Cloud Only Setup

In most cases, this setup is aimed at start-ups that can begin on a greenfield site. If a cloud-only setup is the goal, no further requirements need to be met.

Hybrid Setup

The hybrid approach is still the most common. Companies cannot move the entire infrastructure to the cloud overnight. In most cases, it fails due to industry-specific applications, compliance or governance guidelines.

To integrate Windows 365 Enterprise into the existing on-premises infrastructure, a network connection can be set up between an Azure and the local network.

To establish a connection, there are the following requirements:

  • Windows 365 Enterprise Licenses
  • An Azure Subscription
  • Microsoft Endpoint Administrator in Azure AD
  • Administrator in the local Active Directory
  • "Owner" permissions for the Azure subscription, which contains the virtual network with connectivity to your local domain controller and network.

Hybrid Azure-AD Join

In order for existing and future Windows clients, both physical and virtual, to be able to access cloud and local resources simultaneously, the hybrid Azure-AD join is required. This means that each Windows client is automatically joined to Azure AD and AD during deployment.

To implement the hybrid Azure-AD join, a tool (Azure AD Connect Sync) is required in addition to the network connection between the Azure Cloud and on-premises network. Azure AD Connect Sync establishes a connection between local and Azure Active Directory (AAD).

If your organisation is already using Microsoft 365, it is very likely that Azure AD Connect Sync is already set up for user synchronisation.

In the following diagram, it is assumed that no synchronisation has yet taken place between local AD and AAD. If this is already the case, it must be ensured that the hybrid join mechanism works.

Synchronization between local AD and AAD


Trip hazards:

  • Windows 365 Business cannot be managed in Endpoint Manager
  • Azure AD DS is not supported
  • Internet connection must be at least streaming capable
  • Outgoing network traffic is chargeable
    • Enterprise model (runs over Azure Virtual Network, Azure bandwidth prices apply here)
    • Business model (limited volume between 14 - 70GB / user and month)

Windows 365 is particularly suitable for companies that...

  • are interested in a VDI solution but cannot or do not want to raise the capital.
  • want to offer their employees a secure workplace that is as independent of location as possible.
  • want to introduce BYOD.
  • want to be flexible in terms of clients.
  • Zero-Touch Deployment.
  • have a "cloud first" strategy.
  • have a specific use case for it.

In principle, Microsoft has an exciting offer in enterprise quality ready, which can be provided quickly and easily. The basic technical requirements for an implementation are low and only presuppose a streaming-capable internet connection and corresponding licences. The preliminary clarifications of a specific use case for the implementation of such a solution should not be underestimated. Especially with regard to the costs, which should not be disregarded.

The atrete IT consultants will be happy to support you in testing and evaluating a solution with Windows 365.