Examine the Cloud PC lifecycle

• 3 minutes

All devices have a lifecycle, from procurement, through configuration and maintenance, to retiring the device when it's no longer required. While not technically a "device", Cloud PCs also have a lifecycle. Because Cloud PCs exist only in the cloud, with its inherent manageability and security, managing Cloud PC lifecycles is easier than managing physical Windows device lifecycles.

The Cloud PC lifecycle has five stages:

Each Cloud PC lifecycle stage is discussed here:

Provision

Provisioning is the automatic creation of Cloud PCs for your end users. Windows 365 provides optimized experiences for deploying both Business and Enterprise edition Cloud PCs. For both editions, provisioning is as simple as purchasing and assigning a license to your users. Windows 365 includes a gallery of default Windows 10 and Windows 11 operating system images that provide a remote connection experience optimized for both Windows and Microsoft 365. With Windows 365 Enterprise edition, you can use ether gallery images or your own custom images and Windows 365 performs some of the optimizations for you.

While the "behind the scenes" provisioning (and deployment) of Windows 365 Business and Enterprise are identical, there are differences in the steps to initiate these actions, described here:

Windows 365 Business

You can buy Windows 365 Business subscriptions either from the Windows 365 products site (Windows 365.com) or the Microsoft 365 admin center. After you buy a subscription, you can use the Microsoft 365 admin center or windows365.microsoft.com to assign licenses to users in your organization. To use the Microsoft 365 admin center, you must have a Microsoft 365 tenant and be either a Global or Billing administrator.

For more information about buying Windows 365 Business subscriptions, see: Get started with Windows 365 Business and Cloud PCs | Microsoft Learn.

For more information on using the Microsoft 365 admin center to assign licenses to users, see:
Assign licenses to users in the Microsoft 365 admin center - Microsoft 365 admin | Microsoft Learn.

For more information on using windows365.microsoft.com to assign licenses to users, see:
Add a user and assign licenses in Windows 365 Business | Microsoft Learn.
Assign or unassign a license in Windows 365 Business | Microsoft Learn.

Windows 365 Enterprise

You can buy Windows 365 Enterprise subscriptions either from the Windows 365 products site (Windows 365.com), the Microsoft 365 admin center, or your Microsoft account representative. The Windows 365 Enterprise admin experience is integrated into the Microsoft Intune admin center, where you can manage your Cloud PCs alongside your physical devices. For users in a Microsoft Entra ID user group targeted by a provisioning policy, Cloud PCs are automatically provisioned when they are assigned a Windows 365 license. Cloud PCs are provisioned in the Windows 365 service, joined to your Microsoft Entra ID, and enrolled into Microsoft Intune. To use Windows 365 Enterprise, each user must be licensed for Windows 11 Enterprise or Windows 10 Enterprise, Intune, and Microsoft Entra ID P1.

Configure

Windows 365 Enterprise is designed for organizations with dedicated IT teams so it benefits from the management and security capabilities provided by Microsoft Intune. After being provisioned, Windows 365 Enterprise Cloud PCs are immediately ready for Microsoft Entra ID Conditional Access and management through Intune, including co-management if needed.

By default, the management options for Windows 365 Business Cloud PCs are limited to the actions available at windows365.microsoft.com or the Microsoft 365 admin center. The exception is if the user has a Microsoft Intune license and the Windows 365 Business Cloud PC has been enrolled in Intune.

For more information on managing Windows 365 Business Cloud PCs, see: Manage your Windows 365 Business Cloud PCs | Microsoft Learn.

Protect

Windows 365 integrates with the rest of Microsoft 365 to make sure that you can secure your Cloud PCs. You can use Microsoft Intune’s integration with Microsoft Defender for Endpoint to protect your Cloud PCs from the moment that they’re provisioned. This protection includes using the endpoint detection and response capabilities of Microsoft Defender for Endpoint to determine device risk. It's available by default for Windows 365 Enterprise and available for Windows 365 Business with a Microsoft 365 E5 license.

Monitor

Windows 365 Enterprise integrates with Endpoint analytics in Microsoft Intune, enabling rich monitoring and reporting for your Enterprise Cloud PCs. The Cloud PC awareness in Endpoint analytics enables measurement and reporting of the compute and memory load on your Cloud PCs, as well as utilization and connection quality. If you see that CPU and/or memory resources are being stressed, for example, you can use Windows 365 to resize those Cloud PCs to match the demands of your users and their apps. This resize action is surfaced in Microsoft Intune along with other device actions to provide a seamless experience between your Cloud PCs and other endpoints. You can also use Remediation in Endpoint analytics to improve Cloud PC monitoring and remediation.

For more information on Remediation in Intune, see: Remediations | Microsoft Learn.

Deprovision

To securely deprovision a Cloud PC, you remove a user’s access by removing their license. Removing access moves the Cloud PC into a seven-day grace period, during which the user can continue using the Cloud PC. This grace period allows for errors and reinstatement without affecting the user.

After the seven-day grace period expires, the user is logged off the Cloud PC. Windows 365 deprovisions the Cloud PC and its storage completely. The Cloud PCs are encrypted using server-side encryption in Azure Disk Storage (platform-managed keys) so that devices are deprovisioned securely.