If you are new to Windows 365 Link or are still in the progress of evaluating if it can fit your needs, I want to give you some insights on how to get started and what and how you can manage them.
Enrollment
There are plenty of unboxing videos / blogs out there, so I will skip that and start directly with the enrollment of the device.
You have basically two options here, my recommended option would be to let the individual users enroll their devices with their user account.
Since the Windows 365 Link does not support Autopilot, if you are blocking personal devices using enrollment restrictions, you will need to create a corporate identifier for your Link devices to be able to enroll them.
You can do that either manually by creating a csv file with Manufacturer, Model, SN and upload them to Intune or you can use something like my PowerApp, which I created a while ago, that will let you do that more easily by just scanning the barcode on the box: New Autopilot Companion App for Corporate Identifiers – Mike’s MDM Blog
If you for whatever can’t let you users do the enrollment and you need to do it centrally, you can also enroll the devices by leveraging a DEM Account for the enrollment: (https://learn.microsoft.com/intune/intune-service/enrollment/device-enrollment-manager-enroll) Just keep in mind that just because a DEM Account can enroll up to 1000 devices in Intune, that limit does not reflect a possible Entra device join limit (https://learn.microsoft.com/intune/intune-service/enrollment/device-limit-intune-azure) So you need to check and either adjust that limit as well, or use multiple DEM Accounts.
Regardless of your decision, the enrollment itself is done really easily and fast, just connect them to the internet, either via ethernet or Wi-Fi:
Accept EULA:
And enter your UPN and authenticate:
Then the actual enrollment starts:
Once the enrollment is complete (usually within a couple of minutes), you will automatically be connected to your CloudPC and you are ready to go:
Configs and Settings
Let’s see what we can and should configure in Intune for our W365 Link devices. In general, the Windows 365 Link does not support all CSPs, but there is a list of supported providers: https://learn.microsoft.com/en-us/windows-365/link/configuration-service-provider-support
There is also a filter option available in Settings Catalog to filter, just filter for Windows CPC and you should be good to go, just one caution from my side, just because a policy is technically applicable, does not automatically mean that is makes to set it on the Link devices…
I would suggest to exclude the Link devices from all your policies by using an assignment filter like described here: https://learn.microsoft.com/en-us/windows-365/link/create-intune-filter and just include the policies that you actually need on the Link devices, like your Wi-Fi config, your certificates or your defender for endpoint enrollment.
Time zone
One of the first things that you may be noticing is that most probably the time is incorrect at the first start of the device. Just like in “real” windows, there is no option to set the time zone during OOBE, so we need something different. The recommended way is to enable Location Services on the device, so it can detect the time zone automatically. You can enable that using the Privacy CSP to force enable Location services:
If you for whatever reason cannot use location services to automatically detect the time zone, you can also set it statically:
Screen Timeout
By default, the W365 has a screen timeout of about 5min, if you want to change that you can use the “Turn off the display” policy to modify it to a value of your choice.
Authentication
The sign in to the device is handled though web sign in, allowing you to use a lot of passwordless authentication methods like passkeys or phone-sign-in:
If you are planning to use a FIDO2 Key, there is a cool option to enable on the devices, if you enable the “Use security key for Signin” option from the WHfB Settings:
This will enable a second credential provider on the logon page, which makes it even easier and faster to sign in with a FIDO2 Key:
You even can connect a USB NFC Reader and use an NFC enabled FIDO2 Key like the YubiKey 5 NFC or an employee badge that supports the FIDO2 standard
Tipps and Tricks
Searching for Updates
You can manually search for updates on the device from the control pane:
Connection Center
If a user has more than one CloudPC he will be presented with the Connection Center upon signing in, allowing him to select which one he wants to use:
You can access the connection center at all times from the CTRL + ALT + ENTF menu as well, giving you the option to switch between machines:
You can also configure which of your CloudPCs should be automatically connected to, instead of showing you the Connection Center:
Conclusion
In my opinion, the Windows 365 Link is a really cool addon if you already have Windows 365 CloudPCs in your environment. I’m using it as my daily in the office for a few months now and while it is not (yet) perfect, it’s a great experience. Only things that I would wish to be different, would be to have an integrated NFC Reader and a few more USB-C Ports (which should support to power the device), but besides that it’s probably the fastest way to connect to your CloudPC.
While you can get some parts of that experience with Windows 365 Boot as well, the Link device is the next logical step in my opinion, bringing you the benefits of Boot while reducing the challenges like driver management and configurations that are needed for Boot to be secure and easy.
Leave a Reply