After lifting the lid on its Windows 365 desktop streaming platform, the software giant has shared guidance to help its enterprise customers secure their cloud PC instances.
Windows 365 is a virtualization service that lets users stream a Windows desktop along with all its apps to any of their devices, including those that run on macOS, Linux or Android, and from any location.
“All Cloud PCs, like their physical PC counterparts, come with Microsoft Defender—securing the device beginning with the first-run experience,” wrote Christiaan Brinkhoff, Principal Program Manager for Windows 365.
Talking about their update policy, Brinkhoff added that all cloud PCs are provisioned using a gallery image that is kept updated with the latest cumulative updates for Windows 10.
Security in the cloud
Designed for smaller businesses, users in the Windows 365 Business plan are automatically granted local admin rights, since such organizations usually lack a dedicated IT department.
To help such users secure their cloud PCs, Brinkhoff suggests following standard IT security practices to tune down the permissions of the users to that of standard users. He’s also shared how users can use the Microsoft Endpoint Manager to simplify this task.
On the other hand, all cloud PCs in the Windows 365 Enterprise plan are enrolled in Microsoft Endpoint Manager by default, making them easier for IT admins to manage. Furthermore, all end users are added as standard users, with admins retaining the ability to elevate permissions on a per-user basis.
Brinkhoff shared that the team is working to include Windows 11 as part of Windows 365 offerings, once the next version of Windows is generally available later in the year, bringing with it additional security benefits such as Trusted Launch to improve the security of Azure virtual machines.