This chapter covers Windows 365 Cloud PC, a key Microsoft 365 productivity service that delivers a full Windows desktop experience from the cloud to any device. For the MS-900 exam, this topic falls under Objective 2.5, 'Describe the productivity solutions of Microsoft 365,' and typically appears in 5-10% of exam questions. You will need to understand the difference between Windows 365 Cloud PC and Azure Virtual Desktop, the licensing requirements, provisioning options, and key technical characteristics. This chapter provides the depth required to answer exam questions confidently.
Jump to a section
Imagine you need a high-performance gaming PC for a week, but you don't want to buy one. You go to a rental service that provides a fully configured PC in a remote data center. The rental PC has its own CPU, RAM, storage, and OS, all dedicated to you. You connect to it using a lightweight client device (like a thin client or even a tablet) over the internet. The rental service handles all maintenance, updates, and security. You don't share this PC with anyone else—it's yours for the rental period. If you stop paying, the PC is deallocated. You can also pause the rental (stop billing) while keeping the PC configuration saved. This is exactly how Windows 365 Cloud PC works: Microsoft hosts a full Windows 10/11 VM in Azure, dedicated per user, streamed via Remote Desktop Protocol (RDP) to any device. The user gets a personal, persistent, full Windows desktop experience without local hardware limitations.
What is Windows 365 Cloud PC?
Windows 365 is a cloud-based service that provisions and hosts full Windows 10 or Windows 11 desktops (called Cloud PCs) in Microsoft Azure, streamed to any device via Remote Desktop Protocol (RDP). It is a Desktop-as-a-Service (DaaS) offering aimed at organizations that want to provide a consistent, secure, and personalized Windows experience to their users without managing physical hardware or complex VDI infrastructure.
Why Windows 365 Exists
Traditional remote desktop solutions (like on-premises VDI) require significant capital expenditure, specialized skills, and ongoing maintenance. Windows 365 simplifies this by offloading the infrastructure to Microsoft. It provides: - Personal persistent desktops: Each user gets their own dedicated Cloud PC that retains settings, applications, and data between sessions. - Instant provisioning: Cloud PCs can be created from pre-defined configurations (called provisioning policies) in minutes. - Scalability: Organizations can add or remove Cloud PCs based on subscription needs. - Security: Data never leaves the cloud; only the screen image is streamed. The device accessing the Cloud PC only needs a supported browser or the Microsoft Remote Desktop client.
How It Works Internally
User Assignment: A user is assigned a Windows 365 license (a per-user subscription) and a Cloud PC is provisioned based on a provisioning policy. The policy defines the Azure region, virtual machine size (vCPU/RAM/storage), and image (Windows 10/11 Enterprise).
Azure VM Creation: The service creates an Azure virtual machine in the specified region, using the selected size (e.g., 2 vCPU, 8 GB RAM, 128 GB storage). The VM is joined to Azure Active Directory (Azure AD) or hybrid Azure AD.
Image Deployment: The VM is deployed with a pre-configured Windows Enterprise image that includes Microsoft 365 Apps, Microsoft Edge, and security baseline settings.
User Connection: The user connects via the Windows 365 portal (https://windows365.microsoft.com) or the Microsoft Remote Desktop app. The connection uses RDP over HTTPS (port 443) with a reverse connect transport. The user's session is established with single sign-on (SSO) using Azure AD.
Persistence: All user data, settings, and installed applications persist across sessions because the VM's OS disk is a managed disk that remains attached. The user's profile is stored on the VM.
Management: IT administrators manage Cloud PCs via the Microsoft Intune admin center or the Windows 365 node in the Microsoft 365 admin center.
Key Components, Values, and Defaults
Licensing: Windows 365 Enterprise or Business. Enterprise requires Azure AD P1 and Microsoft Intune (included in Microsoft 365 E3/E5 or as standalone). Business is for up to 300 users and includes Azure AD P1.
VM Sizes: Predefined configurations (e.g., 1 vCPU/2GB/64GB, 2 vCPU/4GB/128GB, 4 vCPU/16GB/256GB, 8 vCPU/32GB/512GB). The exact sizes are called 'Cloud PC configurations' and are tied to license SKUs.
Provisioning Policy: Defines the region, configuration, image, and network (Azure virtual network). Policies are applied to Azure AD groups.
Image: Windows 10 Enterprise or Windows 11 Enterprise (multi-session not supported; each Cloud PC is single session).
Storage: OS disk is a standard SSD managed disk. Users cannot resize or change the VM size after provisioning (must reprovision).
Networking: Cloud PCs can be connected to an Azure virtual network for on-premises resource access (hybrid benefit). By default, they use Microsoft's network.
Backup: Cloud PCs are backed up automatically via Azure Backup (retention is configurable, default 7 days).
Grace Period: If a user's license is removed, the Cloud PC enters a 7-day grace period before being deallocated (data is preserved for 90 days).
Configuration and Verification
Provisioning is done through the Microsoft Intune admin center (Endpoint Manager). The process: 1. Create a provisioning policy (name, region, image, configuration, network). 2. Assign the policy to an Azure AD group. 3. Assign licenses to users in the group. 4. The service automatically provisions Cloud PCs for licensed users.
To verify provisioning status:
In the Intune admin center, go to Devices > Windows 365 > Provisioning policies and check the status.
For a specific user, go to Users > select user > Devices > Cloud PC.
PowerShell cmdlets: Get-MgDeviceManagementVirtualEndpointCloudPC (Microsoft Graph PowerShell).
Interaction with Related Technologies
Azure AD: Cloud PCs are joined to Azure AD (or hybrid). User authentication and SSO rely on Azure AD.
Microsoft Intune: Used for provisioning policies, device compliance, and application deployment. Intune manages the Cloud PC as a managed device.
Microsoft Endpoint Manager: Centralized management console for both Intune and Configuration Manager. Cloud PCs appear as managed devices.
Azure Virtual Desktop (AVD): AVD is a multi-session virtualization service; Windows 365 is single-user persistent. Both use RDP but have different licensing and use cases.
Microsoft 365 Apps: Pre-installed on Cloud PC images, licensed via the user's Microsoft 365 subscription.
Microsoft Teams: Optimized for RDP with hardware acceleration (Teams media optimizations).
Key Numbers for the Exam
License types: Windows 365 Business (up to 300 users) and Windows 365 Enterprise (unlimited).
User limit for Business: 300.
Grace period: 7 days after license removal; 90 days for data retention.
Default backup retention: 7 days.
Supported devices: Windows, macOS, iOS, Android, and web browsers (HTML5).
Protocol: RDP over HTTPS (port 443).
Image: Windows 10/11 Enterprise single session.
Management portals: Microsoft Intune admin center and Microsoft 365 admin center.
Common Exam Traps
Trap: Windows 365 Cloud PC is the same as Azure Virtual Desktop. Reality: They are separate services. AVD is multi-session (pooled) or single-session, more customizable, and requires Azure infrastructure management. Windows 365 is a fully managed, per-user persistent desktop service.
Trap: Cloud PCs are shared among multiple users. Reality: Each Cloud PC is assigned to a single user and is persistent.
Trap: Windows 365 requires an Azure subscription. Reality: Windows 365 Business does not require an Azure subscription; Windows 365 Enterprise may require an Azure virtual network for hybrid connectivity but not a full Azure subscription for the Cloud PC itself.
Trap: Users can resize their Cloud PC. Reality: Resizing is not supported; you must reprovision with a new configuration.
Trap: Windows 365 supports multi-session. Reality: No, each Cloud PC is single session (one user at a time).
Summary
Windows 365 Cloud PC is a managed DaaS solution that provides persistent, single-user Windows desktops from the cloud. It is ideal for organizations wanting to simplify remote work, ensure security, and provide a consistent experience. For the MS-900 exam, focus on the licensing (Business vs Enterprise), the fact that it is persistent and single-user, and how it differs from Azure Virtual Desktop.
Assign License and Policy
An administrator assigns a Windows 365 license (Business or Enterprise) to a user. The user must also be a member of an Azure AD group targeted by a provisioning policy. The policy specifies the Cloud PC configuration (vCPU/RAM/storage), Azure region, image (Windows 10/11 Enterprise), and optional network connection. Without a license and policy, the Cloud PC will not be provisioned.
Provisioning Trigger
Once the license is assigned and the user is in the policy scope, the Windows 365 service initiates provisioning. This process automatically creates an Azure virtual machine in the specified region using the predefined size. The VM's OS disk is a managed SSD disk. Provisioning typically takes 10-30 minutes, depending on the size and region. The user receives an email notification when the Cloud PC is ready.
Azure VM Creation
The service deploys an Azure VM with the selected compute size (e.g., 2 vCPU, 8 GB RAM) and attaches a managed disk (e.g., 128 GB). The VM is joined to Azure AD (or hybrid Azure AD if configured). The image includes Windows Enterprise with Microsoft 365 Apps, Edge, and security baselines. The VM is placed in a Microsoft-managed virtual network unless a custom network is specified in the policy.
User Connection via RDP
The user connects using the Windows 365 portal (https://windows365.microsoft.com) or the Microsoft Remote Desktop app. The connection uses RDP over HTTPS (port 443) with a reverse connect transport. The user authenticates via Azure AD with single sign-on (SSO). The session is encrypted. The user sees their full Windows desktop with all personal settings and applications preserved from previous sessions.
Ongoing Management and Backup
IT administrators manage Cloud PCs via Intune, applying compliance policies, deploying apps, and monitoring health. Azure Backup automatically backs up the Cloud PC (default retention 7 days). If the user's license is revoked, the Cloud PC enters a 7-day grace period; after that, it is deallocated but data is retained for 90 days. Administrators can also perform remote actions like restart, reset, or reprovision from the admin center.
Enterprise Scenario 1: Remote Workforce with Security Requirements
A global financial services firm with 5,000 employees needs to provide secure remote access to corporate applications without allowing data to reside on personal devices. They deploy Windows 365 Enterprise Cloud PCs for all employees. Each employee gets a persistent Cloud PC with 4 vCPU, 16 GB RAM, and 256 GB storage. The provisioning policy specifies the nearest Azure region (e.g., East US for US employees) and uses a custom image with line-of-business apps pre-installed. The Cloud PCs are joined to the corporate Azure AD and connected via a custom Azure virtual network to access on-premises databases. Employees access their Cloud PCs from company-issued laptops, iPads, and home PCs. The IT team manages compliance policies via Intune, enforcing BitLocker encryption and requiring MFA. Because data never leaves the cloud, the firm meets regulatory requirements. A common issue is network latency for users far from the Azure region; the firm uses Azure Front Door to optimize RDP traffic. When misconfigured (e.g., wrong Azure region), users experience poor performance; the fix requires reprovisioning with the correct region.
Scenario 2: Seasonal Contractors
A retail company hires 200 temporary workers for the holiday season. They need quick access to a standard Windows desktop with inventory management software. They use Windows 365 Business (up to 300 users) to provision 200 Cloud PCs with 2 vCPU, 4 GB RAM, and 128 GB storage. The provisioning policy is created in minutes, and users are assigned licenses. The Cloud PCs are ready within 15 minutes. After the season, the company removes the licenses, and the Cloud PCs enter a 7-day grace period, then are deallocated. Data is retained for 90 days in case of audit. The company saves on hardware costs and avoids managing physical PCs. A pitfall: if the provisioning policy specifies a region far from the contractors' locations, RDP performance suffers; the company learned to choose the Azure region closest to the majority of users.
Performance Considerations
Network latency: Each Cloud PC session streams screen updates. Latency above 150 ms degrades user experience. Use Azure regions close to users.
Bandwidth: RDP requires at least 1.5 Mbps for a good experience; 4K video may need 10+ Mbps.
VM sizing: Under-provisioning (e.g., 1 vCPU for power users) leads to slow performance. Use the recommended configurations from Microsoft.
Storage: Users with large data requirements (e.g., 500 GB) may need custom configurations; Windows 365 currently caps at 512 GB for standard SKUs.
What Goes Wrong
Provisioning failures: Often due to insufficient Azure region capacity, incorrect network configuration, or license assignment issues. Check provisioning logs in Intune.
Slow performance: Usually caused by incorrect VM size or high latency. Use the 'Performance' tab in the Windows 365 portal to diagnose.
Connectivity issues: Firewalls blocking port 443 or RDP over UDP. Ensure endpoints are allowed (see Microsoft docs for URL/IP ranges).
Data loss: If a Cloud PC is reset (reprovisioned), all data is lost. Always back up critical data externally.
License expiration: After grace period, the Cloud PC is deallocated; data is retained for 90 days but the VM is stopped. Users cannot connect until license is reassigned.
MS-900 Objective Coverage
This chapter directly supports Objective 2.5: 'Describe the productivity solutions of Microsoft 365.' Specifically, the exam tests your ability to:
Identify the characteristics of Windows 365 Cloud PC (persistent, single-user, per-user license).
Differentiate between Windows 365 Business and Enterprise.
Compare Windows 365 Cloud PC with Azure Virtual Desktop.
Understand licensing requirements (Windows 365 license, Azure AD P1 for Enterprise, Intune for management).
Know the provisioning process and management portals.
Most Common Wrong Answers and Why Candidates Choose Them
Wrong answer: 'Windows 365 Cloud PC is a multi-session desktop service.' Candidates confuse it with Azure Virtual Desktop (which supports multi-session). The exam tests that Windows 365 is single-user persistent.
Wrong answer: 'Windows 365 requires an Azure subscription for each Cloud PC.' Candidates think because it runs on Azure VMs, they need an Azure subscription. In reality, Windows 365 Business does not require an Azure subscription; Enterprise may need a virtual network but not a full subscription.
Wrong answer: 'Cloud PCs can be resized by the administrator.' Candidates assume you can change VM size like in Azure. But Windows 365 does not support resizing; you must reprovision with a new configuration.
Wrong answer: 'Windows 365 is included in Microsoft 365 E3.' Candidates see 'Windows 10/11 Enterprise' and think it's included. Actually, Windows 365 is a separate per-user add-on subscription. Microsoft 365 E3 includes Windows 10/11 Enterprise for local devices, not Cloud PCs.
Specific Numbers and Terms on the Exam
Grace period: 7 days (after license removal).
Data retention: 90 days.
User limit for Windows 365 Business: 300.
Supported connection: RDP over HTTPS (port 443).
Management portals: Microsoft Intune admin center (for Enterprise) and Microsoft 365 admin center (for Business).
Provisioning policy: Defines region, configuration, image, network.
Cloud PC configurations: Predefined sizes like 2 vCPU/4GB/128GB.
Edge Cases and Exceptions
If a user has multiple licenses (e.g., Windows 365 Business and Enterprise), the Enterprise policy takes precedence.
Windows 365 Business does not support custom Azure virtual network connections; Enterprise does.
Cloud PCs can be 'reprovisioned' (reset) which deletes all user data. This is different from 'reboot' or 'restart'.
Windows 365 Frontline (a separate SKU) allows sharing of Cloud PCs among multiple users for shift workers, but this is not commonly tested on MS-900.
How to Eliminate Wrong Answers
If the question mentions 'persistent' and 'single-user', the answer is Windows 365.
If the question mentions 'multi-session' or 'pooled', the answer is Azure Virtual Desktop.
If the question asks about licensing, remember: Windows 365 is a per-user add-on; it is not included in Microsoft 365 E3 (though E3 includes Intune and Azure AD P1 needed for Enterprise).
If the question asks about management, Enterprise uses Intune admin center; Business uses Microsoft 365 admin center.
If the question mentions 'resize', the correct answer is 'not supported' or 'reprovision'.
Windows 365 Cloud PC is a per-user, persistent, single-session DaaS service.
Windows 365 Business supports up to 300 users; Enterprise has no user limit.
Cloud PCs are managed via Microsoft Intune admin center (Enterprise) or Microsoft 365 admin center (Business).
After license removal, there is a 7-day grace period; data is retained for 90 days.
Cloud PCs cannot be resized; reprovisioning is required to change configuration.
Windows 365 does not include multi-session; use Azure Virtual Desktop for shared desktops.
Licensing is a per-user add-on; not included in Microsoft 365 E3/E5.
Supported connection: RDP over HTTPS (port 443).
These come up on the exam all the time. Here's how to tell them apart.
Windows 365 Cloud PC
Per-user persistent desktop (single session).
Fully managed by Microsoft; no Azure infrastructure management required.
Licensed per user (Windows 365 subscription).
Predefined VM configurations (cannot customize).
Ideal for small to medium organizations or those wanting simplicity.
Azure Virtual Desktop
Supports multi-session (shared) and single-session desktops.
Requires Azure subscription and management of VMs, networking, and scaling.
Licensed per user (Microsoft 365 E3/E5 or separate per-user access license).
Full control over VM size, image, and configuration.
Ideal for large enterprises needing flexibility and cost optimization.
Mistake
Windows 365 Cloud PC is included with Microsoft 365 E3.
Correct
Windows 365 is a separate per-user subscription. Microsoft 365 E3 includes Windows 10/11 Enterprise for local devices but not Cloud PCs. You need an additional Windows 365 license.
Mistake
Cloud PCs can be shared by multiple users simultaneously.
Correct
Each Cloud PC is single-user and persistent. Only one user can be signed in at a time. For shared desktops, use Azure Virtual Desktop multi-session.
Mistake
Windows 365 requires an Azure subscription.
Correct
Windows 365 Business does not require an Azure subscription. Windows 365 Enterprise may require an Azure virtual network for hybrid connectivity, but the Cloud PC itself is managed by Microsoft.
Mistake
You can change the VM size of a Cloud PC after provisioning.
Correct
Resizing is not supported. To change the configuration, you must reprovision the Cloud PC, which deletes all data. Always choose the correct size initially.
Mistake
Windows 365 Cloud PC supports both Windows 10 and Windows 11 multi-session.
Correct
Windows 365 supports only single-session Windows 10/11 Enterprise. Multi-session is exclusive to Azure Virtual Desktop.
Reveal each answer, then mark whether you got it right. Score 60%+ to unlock the next chapter.
Windows 365 Business is designed for organizations with up to 300 users and does not require an Azure subscription. It is managed from the Microsoft 365 admin center. Windows 365 Enterprise is for unlimited users, requires Azure AD P1 and Microsoft Intune (often included in Microsoft 365 E3/E5), and is managed from the Intune admin center. Enterprise also supports custom Azure virtual networks for hybrid connectivity.
No, Windows 365 requires a continuous internet connection to stream the desktop via RDP. If the connection drops, the session is disconnected. However, the Cloud PC continues running in Azure. The user can reconnect when the connection is restored.
Microsoft provides predefined configurations based on vCPU, RAM, and storage (e.g., 2 vCPU, 4 GB, 128 GB). Choose based on the user's workload: basic tasks (1 vCPU/2GB), standard (2 vCPU/4GB), advanced (4 vCPU/16GB), or power (8 vCPU/32GB). You cannot customize beyond these options.
Yes. Data never leaves the Azure cloud; only the screen image is streamed. The connection uses RDP over HTTPS with encryption. Cloud PCs are joined to Azure AD, supporting MFA and conditional access. Intune enforces compliance policies like BitLocker and antivirus. Microsoft also provides built-in backup with 7-day retention.
Yes, if you use Windows 365 Enterprise and configure a custom Azure virtual network that connects to your on-premises network via VPN or ExpressRoute. Windows 365 Business does not support custom networks, so on-premises access is limited to cloud-only resources.
When the license is removed, the Cloud PC enters a 7-day grace period where the user can still access it. After that, it is deallocated (stopped) but data is retained for 90 days. An administrator can reassign the Cloud PC to another user or delete it. After 90 days, the data is permanently deleted.
Yes, users with administrative rights can install software on their Cloud PC. IT can also deploy applications via Intune. However, if the Cloud PC is reprovisioned (reset), all custom installations are lost. It is recommended to use Intune for application management to ensure persistence.
You've just covered Windows 365 Cloud PC — now see how well it sticks with free MS-900 practice questions. Full explanations included, no account needed.
Done with this chapter?