What’s up, everyone!
A question about Windows 365 that I still get a lot is which edition is the right choice for the customer. I wrote a post back in June 2022 comparing the business edition with the enterprise edition. But I thought it was a good idea to go into more technical details. Because some of those details might actually surprise you.
Let’s divide this post into two parts;
- A quick overview describing the most important differences.
- A technical deep dive looking at all the details.
Let’s get to it!
Which is the right edition for you?
Windows 365 Business
Goal: Simplicity for smaller companies
The business edition is intended for smaller companies. It’s really fast to set up and manage using the information worker portal (https://windows365.microsoft.com) and it requires almost no technical expertise. You’ll need to be aware that it does not support a connection to an existing corporate network and it has a 300 license cap per tenant.
Windows 365 Enterprise
Goal: All the Windows 365 features for … anyone?
The enterprise edition supports a lot more features than the business edition. For instance, there’s no license cap. You can set up a connection to an existing corporate network and you can use Intune to manage the Cloud PC’s.
So does that mean this edition only suits enterprise companies? In my opinion, well no. For instance if your company or customer needs a connection to an existing corporate network, you’ll need to choose the enterprise edition. There could be more requirements that you need to meet in order to set up the Cloud PC. Another thing to be aware of is that a business Cloud PC costs basically the same as an enterprise Cloud PC. Here are some screenshots from the Microsoft site at the time of writing:
So there you go, it really is that easy to choose the right edition for you. But is there anything else you need to be aware of?
In-depth comparison of the editions
Let’s talk about some technical details and compare both editions. I’ll add some tips and tricks as we go along.
Machine identity
Where does the computerobject live? You can choose between Azure AD join only or a hybrid configuration. An advantage of a hybrid configuration is that you can use Group Policies to manage your Cloud PC’s. Azure AD joined only Cloud PC’s can’t use Group Policies. They are managed via Intune. My advice here would be to go for Azure AD join only. This design keeps your set up quick and simple and is easier to manage once it’s set up. Most of the other reasons why you would choose for a hybrid deployment (like an on-premise file share) can now be achieved as well in an Azure AD join only deployment.
If you want more information on how to set up a hybrid azure ad joined Cloud PC, then I recommend you have a look at the excellent post of Niall and Paul here.
Purchasing and licensing
Let’s take a look where you can get the licenses for each edition and have a look at the license limits.
Did you know there is a data cap in place for the business edition and the enterprise edition? (enterprise: if you use a Microsoft Hosted Network) This does not apply if you use an Azure VNet. A good thing to know is that you will not lose connectivity once you hit the outbound limit but Microsoft can limit the bandwidth of that Cloud PC. You can find more information on the cap mentioned in the slide below:
Feature comparison
Let’s take a look at the different moving parts and start with the provisioning process. Because the process is different for each edition.
As mentioned before you can manage your enterprise Cloud PC’s with Intune (Azure AD join or Hybrid) or via Group Policies (Hybrid). I would recommend to use Intune as much as possible and only go for GPO’s if there’s no other way.
You can manage your Business Cloud PC’s using the Windows 365 portal or you can connect to Intune if you have Intune licenses. This unlocks a limited set of management options but you won’t get access to the Windows 365 blade for example.
That’s a different story for Enterprise Cloud PC’s. You do get all the features and functions you’d expect as well as the Windows 365 blade with the provisioning policies, image options, user settings etc.
Here’s an overview of the device management options along with monitoring and troubleshooting options;
In the following slide you can see how to manage your Cloud PC. If you’re using enterprise Cloud Pc’s, you can manage them via Intune, third party solutions like Nerdio Manager or via Powershell. Shout out to Stefan Dingemanse and Niels Kok for creating this module!
Universal Print is only supported on the Enterprise edition.
End user capabilities
What management tasks can end users perform? How do you manage their user rights on the Cloud PC?
By default users have standard user rights on the Cloud PC. There are some business cases to be made where users do need local admin rights. In this case I would recommend to use multiple user settings policies and only assign local admin rights to users that need to have those rights. Another thing to consider is that you easily change the user settings. These changes apply pretty fast. Same goes for changing the rights back to standard user rights.
Security
I’ve written a post on security guidelines in the past. Make sure to check it out if you want to learn more on these guidelines. In the following slide you can see what security features each edition supports.
Support
Where can you turn to when everything goes wrong?
That concludes the comparison on the more technical side of the Windows 365 editions.
Awesome stuff, thanks for sharing.
Never knew W365 Business didn’t support Security Defaults.
In your opinion why would someone pick AVD over W365 Enterprise (or visa versa)?
They seem very similar
Thanks Daniel!
They do seem very similar. Windows 365 is built upon AVD. Good question though! When would you use AVD or when would you use Windows 365?
Generally you’ll hear that AVD will give you more flexibility. But that flexibility comes at a cost. You’ll have to manage your session hosts, networking, storage, FSlogix profiles and what not. There’s also the cost argument. If it runs in Azure, you’re paying for it. So scaling your infra is key, as well as other cost saving possibilities. Like reserved instanced, AHB or use a great 3rd party solution like Nerdio Manager to save a lot of costs. Why would you use AVD? Well if you want a full sized and scalable VDI solution with all the options, like only publishing a remote app or maybe you have some users that work with CAD applications. AVD can give you a graphics card so your CAD application works just like on a physical endpoint.
Why would you use Windows 365? Well keep in mind that this service is still pretty new and it’s evolving really quick. True, it gives you a Windows 10 or 11 PC in the cloud. And configuring Windows 365 is really easy to do. So you don’t need a lot of technical expertise to set this up or keep your Cloud PC’s up and running. In terms or cost, you know what each user will cost you. (Microsoft 365 license, Windows 365 Cloud PC license and possibly an Azure subscription if you need a VPN or line of sight to your domain controller.). But keep in mind that Microsoft has announced some awesome features, like boot, switch and offline. These features will further set Windows 365 apart from AVD.
Where would you typically use Windows 365? Think about temporary workers or remote workers. Maybe you have shared devices at a department where many people work depending on the day or week. You could easily move their PC to the cloud. Also think about Bring your own.
Does this mean that you have to choose? Well, no! You can mix-and-match physical desktops, AVD and Windows 365. It all depends on the requirements you have.
Hope this helps!