Azure Virtual Desktop (AVD), Windows 365, and the Role of Virtual App Delivery

Most organizations have pivoted to a hybrid work (if not a completely remote work) model for employees since the onset of the global pandemic.  And historically, replacing physical work machines for employees working on-premises was accomplished by implementing a Virtual Desktop Infrastructure (VDI) solution.  

But VDI represents a significantly costly investment for most organizations due to the hardware requirements, software licensing, and network infrastructure needed to deliver the solution.  Since organizations are pivoting to the cloud for other services, many are now looking at Azure Virtual Desktop (AVD) services and the newly announced Windows 365 (Cloud PC) from Microsoft. Let’s look closer at these new cloud-based VDI – also known as Desktop-as-a-Service (DaaS) – solutions. And then we’ll discuss when those solutions are appropriate, and when it’s best to utilize virtual application delivery (spoiler: sometimes organizations can benefit from a mix of both).

Advantages of cloud VDI

Cloud VDI technologies such as Azure Virtual Desktop and the newly announced Windows 365 appeal to many organizations who have already migrated many solutions to the cloud, including storage and email. So why are some customers considering cloud VDI/DaaS over traditional VDI environments when looking at provisioning remote & hybrid work environments?  

Traditional VDI environments are notoriously expensive and complex to provision, manage, and troubleshoot.  Especially for smaller organizations, it often takes weeks or months to provision a VDI environment. However, cloud VDI solutions such as Azure Virtual Desktop and Windows 365 aim to provide businesses a more streamlined approach to VDI.  

With cloud VDI solutions from Microsoft, such as Azure Virtual Desktop and Windows 365, the traditional management and technical overhead entailed with VDI on-premises aims to be simpler for the customer.  The complicated infrastructure still exists, but Microsoft manages the underlying infrastructure components such as gateways, brokers, diagnostics, load balancing, and others, so the customer does not have these to deploy, manage, and troubleshoot. Instead, they simply consume the cloud-based infrastructure as a service.

Azure Virtual Desktop vs. Windows 365 (Cloud PC)

Due to the similarities between these two different DaaS technologies, many customers may wonder which solution is a better fit for their business.  Both Azure Virtual Desktops (AVD) and Windows 365 offer similar capabilities, but with significant differences of note that may cater to different use cases. 

Azure Virtual Desktop (AVD) is relatively new, and Windows 365, announced just a week or so ago at the time of this writing, is released in the first part of August.  Microsoft’s AVD and Windows 365 provide Desktop-as-a-Service solutions that allow businesses to have cloud desktops available to end-users with the infrastructure managed by Microsoft.

Both aim to abstract the complexities of VDI from the end-user and offload management from an organization’s IT teams.  While both are similar infrastructures, there are technical differences between the two to note.  Azure Virtual Desktops (AVD) is a service that utilizes the customer’s Azure subscription to deploy virtual desktops to the end-user and is charged based on usage.  

Windows 365, slated for availability August 2nd, 2021, is a service based on an idea floating around Microsoft for some time, “Cloud PC.” It is delivered to customers using a Microsoft-managed Azure subscription and charges customers based on a fixed price Windows 365 cloud PC license.  Between the two, the Windows 365 service abstracts even more of the management of the environment as IT admins don’t see or manage the VMs running in Azure as they do with Azure Virtual Desktops. 

With the Windows 365 solution, customers can configure two types of desktops, Enterprise and Business.  Enterprise desktops require additional licensing since they also leverage an Intune license.  So, each user assigned a cloud PC license must also be provisioned with an Intune license. In addition, the Enterprise Windows 365 desktop network “plugs into” the customer’s Azure vNet.  So, there are network egress charges for the Windows 365 Enterprise desktop since it exits from the customer’s Azure network.  

The Business Windows 365 license is more for SMB markets and companies that typically buy a standalone PC for business use.  The Windows 365 Business license does not require Intune and has no costs associated with network traffic since it entirely lives in the Microsoft-managed Azure subscription.  However, there are fewer possibilities for management, such as assigning a static IP address or controlling inbound and outbound traffic.

Azure Virtual Desktops have more “enterprisey” features for customers to take advantage of, including auto-scaling and reserved instances as examples. In addition, with AVD, admins can customize desktop storage like the OS disk storage size and types, including auto-scaling storage.  

Cloud PCs by way of Windows 365 have a fixed-disk size and type that cannot be customized since the service is a fixed price.  Customers also cannot auto-scale storage, and FSLogix is not used with Windows 365.  Cloud PCs powered by Windows 365 also store Windows profile data using standard Windows profiles located on the C: drive of the Windows 365 PC like a traditional PC.  

Azure Virtual Desktops make use of FSLogix profile container technology.  It allows multiple users to have their profile data dynamically attached to the AVD virtual machine to access their data easily.  While this removes the additional complexity of managing the centralized profile storage, it reintroduces the challenges of moving users from one Cloud PC to another using Windows 365.  

Both of the Microsoft DaaS technologies can make use of Active Directory in varying ways.  Azure Virtual Desktops require you have an existing Windows Active Directory infrastructure in place.  Azure AD join is not currently supported, but it is expected very soon.  Windows 365 Cloud PCs are natively joined to the Microsoft-managed Azure AD environment and do not support traditional Active Directory using a hybrid join or joining Azure ADDS PaaS service.  

But, is VDI the best solution for you?

There is no question that cloud-based services such as Azure Virtual Desktop and Windows 365 make the VDI provisioning and management experience easier for organizations looking to provide desktop infrastructure for remote end-users. Additionally, these cloud-based DaaS solutions can potentially offer real benefits to organizations wanting to deliver remote desktops to end-users.

And don’t get me wrong – there are plenty of use cases where full virtual desktops make sense.  Usually full desktops make the most sense for power users in any given organization – typically engineers, graphic artists, developers, and others who need constant access to heavy graphics processing power with GPU acceleration. But the reality is that for a majority of users, they don’t need a full desktop – they simply need ultra-secure access to all of their business-critical applications on any device.   

Which is why with AVD and Windows 365 – and any other DaaS solution – organizations would do well to start by examining the actual needs of end-users. As mentioned, cloud-based VDI/virtual desktops can be overkill for remote end-users who only need access to a handful of business-critical applications.  Their interaction with a virtual desktop only serves to launch the applications they need, but the virtual desktop is not needed to deliver those applications.

As seen with the pivot to remote work at the onset of the pandemic, many businesses found that accessing applications was the actual need of most office workers.  Virtual Application Delivery is a secure remote access technology that presents applications to the end-user instead of full desktop sessions.  It provides many benefits for application access use cases over traditional VDI and even cloud-based DaaS solutions like Azure Virtual Desktops (AVD) and Windows 365 (Cloud PC).

Enter Virtual Application Delivery

Even with the simplified delivery of VDI desktops offered by AVD and Windows 365, these can still be overkill for pure application access. Virtual application delivery solutions, such as Cameyo, allow businesses to quickly and securely provide remote access to applications from any device, from the browser.  

Cameyo is simple (can be deployed in minutes instead of weeks/months) and provides foundational, native Zero Trust security.  And in addition to being a more simple, secure, and cost-effective alternative to virtual desktops, Cameyo is also the most flexible solution. Organizations can utilize Cameyo as a fully-hosted service in their choice of Google Cloud (GCP) or Azure, or they can self-host Cameyo in any environment including any cloud, hybrid, or on-premises. 

With Cameyo, no VPNs are required, and no other software client is required to access the Cameyo-powered digital workspace. In addition, users can access the full Windows desktop version of all of their applications on any device, in any modern browser session.

As you evaluate your organization’s needs, you may find that you need a combination of full VDI desktops (for a subset of power users) with Virtual Application Delivery (VAD) delivering ultra-secure access to business-critical applications for the remainder of your user base. 

Wrapping Up

The cloud has revolutionized the way businesses today deploy infrastructure.  With new Desktop-as-a-Service offerings by the likes of Microsoft and others, this even includes VDI.  Azure Virtual Desktop (AVD) and Windows 365 are new offerings from Microsoft that aim to simplify the complexity of VDI for organizations looking to deploy virtual desktops for end-users.

But even with cloud-based Desktop-as-a-Service solutions like AVD and Windows 365, full virtual desktops are typically overkill when providing secure access to applications is the end-goal.  Virtual Application Delivery solutions like Cameyo provide simple, secure, cost-effective and flexible delivery of your applications to end-users without the need for full desktop sessions.  This approach reduces cost, complexity, and your attack surface.

Like tools in a toolbox, specific tools fit certain jobs.  VDI is an excellent tool for the subset of power users in any given organization who may still require a full desktop.  However, when it comes to delivering secure access to applications to the majority of your people, Virtual Application Delivery is often the better choice. Which is why third-party data from the 2021 VDI Like a Pro survey shows that more organizations are shifting from virtual desktops to virtual apps. 

Want to learn if Virtual Application Delivery is a good fit for your organization’s use cases? You can get started in 5 minutes or less with a free trial of Cameyo here, or you can book a demo and we’ll be happy to show you the platform in action and discuss whether or not it’s the right fit for your org.