Windows 365 Getting Preview of Azure Active Directory Join Capability

Organizations using the Windows 365 service's Enterprise edition soon will be getting the ability to create Azure Active Directory joins for Cloud PCs, according to a Wednesday Microsoft announcement.

The Azure Active Directory joins will be available at the preview stage within a week for Windows 365 Enterprise edition users. Microsoft also is previewing adding languages by policy to Cloud PCs for those same Enterprise edition users. In addition, FIDO (Fast Identity Online) passwordless authentication is being planned for a future release.

Windows 365 is Microsoft's desktop-as-a-service offering, which was commercially released last year. The service works with so-called "Cloud PCs," which are client operating system virtual machines housed in Microsoft's datacenters that get remotely accessed by devices of various types.

Windows 365 is available in two editions, Business and Enterprise, which are very different products. The Windows 365 improvements announced on Wednesday, though, were just described as being available for Enterprise edition subscribers.

Azure AD Join Preview
The support for Azure AD joins at the preview stage will be arriving to Enterprise edition Windows 365 tenancies in about a week's time, according to a Feb. 9 "Windows in the Cloud" online presentation (Episode 106), which possibly will become available on demand at this page.

When the Azure AD join preview is available, it'll show up as an option within the Microsoft Endpoint Manager Admin Center.

Previously, Microsoft just let Enterprise edition Windows 365 users join via hybrid Azure AD joins, explained Christian Montoya, a senior program manager on the Windows 365 team, during the online presentation.

With the Azure AD joins for Cloud PCs preview, organizations don't need to have an Azure subscription to provision Cloud PCs for end users. They can just select a region to join the Cloud PCs using a drop-down menu in the Microsoft Endpoint Manager Admin Center interface.

It's also possible for organizations with their own Azure virtual networks to use the Azure AD join feature, but "you'll first need to create a new Azure AD Join network connection," Montoya indicated in the announcement.

Organizations that already are using hybrid Azure AD joins and wanting to switch to Azure AD joins will need to "reprovision your Cloud PC to join Azure AD," Microsoft explained in the Q&A segment of its online presentation.

Language Provisioning by Policy Preview
Microsoft also will soon offer a preview of an expanded "first-run experience" when provisioning Cloud PCs based on the language and region to be used. It'll be coming soon for Windows 365 Enterprise edition users. IT pros will be able to set the language and region by policy, instead of setting it manually using custom images.

Here's how it was described:

Now in Public Preview, when you create a provisioning policy, you can configure a Language & Region pack to be installed on the Cloud PCs during provisioning. There are 38 languages available.

This approach also will permit changing the language for already provisioned Cloud PCs as well.

Microsoft additionally announced that it added two more Windows 365 supported regions this month, namely "US Central" and "Germany West Central," which are "available today."

FIDO Support Planned
Microsoft also explained during the online presentation that it is working to bring FIDO passwordless authentication protections to Windows 365 users at some future point in time:

We'll add this to our In Development as we have more defined timelines, but we're working with Azure AD and Azure Virtual Desktop teams to enable FIDO devices for the logon to your Cloud PC.

FIDO2 is an industry-supported standard for devices that permits the use of PINs, cards, key fobs and biometric readers to secondarily verify the identity of end users when accessing resources. It's a public-private key approach that's deemed to be phishing resistant, in contrast to simple password use, because the private key never leaves the device.

Montoya also suggested during the online presentation that it'll be somewhat easier for Azure AD joined Cloud PCs devices using Windows Hello for Business, Microsoft's biometric authentication service, to take advantage of FIDO protections.

"If you're on your Windows desktop client, you can use [Windows] Hello, and then actually, with Azure AD join, the Windows Hello for Business logon is a little bit easier, because you don't have to be on a corporate VPN or you don't have to be on the corporate network," Montoya said.

About the Author

Kurt Mackie is senior news producer for 1105 Media's Converge360 group.


comments powered by Disqus

Subscribe on YouTube