As extra firms use Home windows 365 to empower staff, scale back prices, or reimagine present a managed Home windows expertise, a standard problem we hear is, “How can I make sure that all my required functions are put in earlier than my customers entry their Cloud PCs?” Different frequent statements embrace:

• “I want to make sure all safety instruments are put in earlier than customers can go surfing to cut back danger.”
• “I want to make sure my individuals are instantly productive after they first go surfing.”

This text gives some really helpful approaches that will help you meet your wants round app deployment, providing each technical and course of suggestions.

Technical suggestions

Use Intune to assign functions to gadgets

Moderately than focusing on customers, assigning functions to gadgets can higher guarantee they get put in sooner. When a Cloud PC is provisioned, it is instantly enrolled with Intune. After enrollment, the Cloud PC will sync with Intune to find out what functions, insurance policies, and profiles are required for the system. When you assigning apps to person teams, nevertheless, the Intune sync will happen after the person’s first login, doubtlessly delaying the set up of required apps for a number of minutes.

When you use Configuration Supervisor or a third-party resolution to put in functions, further delays are seemingly. Intune would want to put in the third-party agent or consumer, after which carry out its personal scan and sync to find out what must be put in on the Cloud PC.

The exception to this advice can be these functions which might be extra acceptable to be focused to customers somewhat than gadgets, similar to software program that has particular license necessities.

Use the “All gadgets” group and system filters

Our Home windows 365 documentation gives particulars on use each dynamic teams and system filters for focusing on functions. The problem with utilizing Microsoft Entra ID (previously Azure AD) dynamic teams is {that a} newly provisioned Cloud PC will not be in a dynamic group for a while. It may take wherever from a number of minutes as much as a number of hours. That is as a result of nature of how dynamic teams are processed and synced to Intune. When a Cloud PC is provisioned and enrolled into Intune, the next actions happen:

1. A tool object in each Microsoft Entra ID and Intune are created.
2. Microsoft Entra ID dynamic group membership is periodically calculated for brand spanking new members.
3. Dynamic group membership is synced with Intune.
4. The Cloud PC checks in with Intune to find out what functions, insurance policies, and profiles are relevant.

The above actions happen sequentially and run on a periodic schedule, which leads to a doubtlessly important delay in putting in functions.

To put in functions as quick as potential, use the All gadgets Intune digital group and system filters when assigning functions. Why? Intune evaluates system filters instantly upon enrollment, and the All gadgets Intune group doesn’t require any synchronization exercise.

System filters that you should use with Cloud PCs embrace:

The above hyperlinks describe create a tool filter. The picture under reveals an instance of making a tool filter.

Screenshot of the Create filter menu within the Intune admin heart and the choices to decide on the filter’s property, operator, worth, and rule syntax

Screenshot of the Edit software menu with a crimson field highlighting the group, filter mode, and filter instance

Some functions require a person to be logged on to carry out the set up. These functions ought to be focused to customers and can solely set up after a person logs in to their Cloud PC for the primary time.

Try frequent questions and solutions in our Intune documentation for extra particulars on the problem of utilizing dynamic teams to deploy functions at enrollment. Additionally, try our efficiency suggestions in our Intune documentation when utilizing teams for software focusing on.

What about utilizing an Enrollment Standing Web page?

An ESP is often used to show the provisioning standing when enrolling with Intune. It is a detailed progress indicator designed to be displayed whereas the person is ready for his or her system to be prepared.

When utilizing Home windows Autopilot to provision new bodily Home windows gadgets, the ESP runs in two phases: the system ESP and the person ESP. The system ESP runs solely through the default out-of-box expertise (OOBE). When provisioning Cloud PCs, the system ESP shouldn’t be used, as there is no OOBE section, solely the person ESP. Since a Cloud PC is provisioned with out a person current, an ESP might add complexity to the general provisioning course of. Whereas there’s a setting to Block system use till all apps and profiles are put in, that is solely used through the person ESP section, and never used throughout Cloud PC provisioning when focusing on apps to gadgets. So, for those who’re focusing on functions to system teams, we advocate not utilizing an ESP for Cloud PCs.

If you would like to make use of an ESP for person focused functions and insurance policies, make certain to comply with the Enrollment Standing Web page information. Keep in mind, an ESP is just supported while you use a tool filter that targets a selected provisioning coverage. Utilizing dynamic system teams with an ESP shouldn’t be supported.

Course of suggestions

Planning for onboarding customers to Cloud PCs

With out utilizing the Block system use till all apps and profiles are put in setting, how can we guarantee all of the apps are put in previous to the primary logon? That is when it is essential to contemplate the onboarding course of.

When testing and evaluating Home windows 365, you may assign a license to your self or your co-worker, make sure you’re in a gaggle that’s assigned a provisioning coverage, after which verify the Intune admin console to see when your Cloud PC standing adjustments to provisioned.

When you then instantly connect with your Cloud PC, you may discover that not your whole functions received put in. You’d then suppose, “Effectively, I can not give this to my customers till I do know all my apps might be there!” Surprisingly, this assertion holds the important thing to managing this problem.

Take into consideration how you are going to present Cloud PCs to customers. What number of will you provision at a time? One? 100? One thousand? What’s your communication plan? How will customers know when and use their Cloud PCs?

What we discover is that it is unusual for customers to log in to their Cloud PCs shortly after they’re provisioned. Beneath is a chart that reveals a few of our inside diagnostic information from the final 28 days (based mostly on time of this writing).

Some takeaways from this information:

• Lower than 30% of customers check in to a Cloud PC lower than 1 hour after it has been provisioned.
• Over 50% of customers check in to their Cloud PC 4 hours or extra after it has been provisioned.

Moreover, we discovered that the typical time till the primary login is simply over 32.4 hours, and the median is 4.2 hours as there’s a variety of variation within the outcomes. What we are able to infer from the above is that almost all firms have customers that do not check in instantly after provisioning and wait a number of hours earlier than doing so. Generally that is completed unintentionally, whereas typically that is deliberate throughout a deployment challenge. For instance, a deployment plan might appear to be the next:

• Day 1: Provision 50/500/5,000^[1] Cloud PCs.
• Day 2: Overview the outcomes.
• Day 3: Ship out finish person communications.

You possibly can undoubtedly compress the above deployment plan to construct in a 2-3-hour buffer to make sure all apps are put in. Contemplate how a person will know to go online to their Cloud PC for the primary time. As an IT admin, you possibly can management when to inform those that their Cloud PC is prepared. Throughout your notifications, you possibly can optionally present a hyperlink to obtain the Home windows 365 app by means of the Microsoft Retailer or a hyperlink to the Intune Firm Portal to put in the app.

Lastly, make certain to check your software set up previous to onboarding your Cloud PC customers in a manufacturing atmosphere. Whereas this may increasingly sound apparent, such testing helps remove potential onboarding challenges.

What might be completed to confirm software set up?

You need to use the Intune admin heart to assessment the outcomes and make sure that all system focused apps are put in. As an administrator, you possibly can choose a Cloud PC and examine the Managed Apps listing which might be focused to the system. Utilizing the Intune admin portal is an effective way to assessment the outcomes of some Cloud PCs.

Screenshot of the Managed Apps menu displaying the a number of functions put in and the one which’s now relevant

Moreover, the Graph API might help you automate this course of. Try our documentation that explicitly mentions get the applying set up standing on a person’s system.

Microsoft Hosted Community (MHN) help

When you’re involved about having a Cloud PC related to your community with out instantly having your required safety functions, think about using the Microsoft Hosted Community (MHN) when planning your community deployment of the Home windows 365 service. Utilizing the MHN is the best choice. It aligns with the Zero Belief framework mannequin and is the Microsoft really helpful deployment mannequin for Microsoft Entra (beforehand, Azure AD) joined Cloud PCs. Moreover, a Cloud PC shouldn’t be related to your community till a VPN connection is explicitly established, additional decreasing danger.

Abstract

In relation to the Home windows 365 provisioning course of, the method you utilize to carry out testing and analysis might be vastly completely different from the method to ship Cloud PCs to your customers. In most environments, individuals first check in to Cloud PCs a number of hours after they’re provisioned. This human conduct motivates constructing a ready interval buffer as a method to make sure all of your functions are put in. That is a means so that you can confirm system readiness previous to offering the Cloud PC to customers.

The technical steering above may even make it easier to present the very best provisioning and onboarding expertise to your customers.

Proceed the dialog. Discover greatest practices. Bookmark the Home windows Tech Neighborhood and comply with us @MSWindowsITPro on TwitterX and on LinkedIn. In search of help? Go to Home windows on Microsoft Q&A.

^[1] Earlier this 12 months, we labored with an organization who adopted this mannequin and efficiently provisioned over 10,000 Cloud PCs inside 24 hours.