How to configure Windows 365 Boot

"Windows 365 Boot" is a feature that provides users with the ability to log in directly from a physical Windows 11 device to their Windows 365 Cloud PC. This feature offers the same login experience users are familiar with when logging in locally. It proves particularly advantageous in scenarios in which shared devices and thin clients are used as it allows them to quickly access their personalized Windows 365 Cloud PC without any extra steps and required configuration. It also prevents data from being stored locally, ensuring centralized and secure storage in the cloud.

If your new to Windows 365, please take a look at one of my previous blogs where I explain step-by-step what Windows 365 is, and how to set it op.

In this blog I will cover the following steps:

1. Requirements
2. Windows 11 Insider configuration
3. Microsoft Intune configuration
4. User experience

Requirements

For Windows 365 Boot, the following requirements need to be met.

• Physical device running Windows 11 (Pro or Enterprise), running the latest Insiders DEV build (at this moment of writing this blog)
• Microsoft Intune
• Windows 365 Cloud PC up-and-running

Windows 11 Insider configuration

As mentioned in the requirements, the Windows 11 Insiders Build of Windows 11 needs to be installed on the physical device at this moment. There are several ways to get the Insiders Build.

You can get it from the Windows Update page in Settings by clicking on the Windows Insider Program option and completing the steps to get onboarded.

But if you want to enable multiple devices, and those devices are already Intune managed you can do this easily with a Windows Update policy setting.

In a view minutes the Windows 11 Insiders Build will be downloaded and installed on the device.

Microsoft Intune configuration

For the following steps, login to the Microsoft Intune admin center.

Navigate to Devices > Windows 365 and click Windows 365 Boot

Click Next: Basics

First you need to fill in a prefix name for the devices that will be enrolled for Windows 365 Boot (will be used for configuring the Autopilot profile).

This wizard will create several resources in Microsoft Intune like, Apps, ESP, Autopilot profile and Device Configuration Policies. You need to fill in a prefix name for those resources as well. In my case I will use Windows365_Boot_Config, but use what works best for you.

Click Next: Endpoint updates

Because no shell is available on the physical device for the user, it is important to configure a Windows Update policy to keep this device up-to-date with the latest security patches. This policy will be created by this wizard and in this window you have the options to configure Windows Updates the way you want it.

Click Next: Settings

Here you have the option to configure a VPN Profile, Wi-Fi profile and the Language (Region). These settings are optional. Click Next : Assignments

Create a new security group or select an existing one for assigning the resources.

Click Next : Create

Click the blue botton

In a few second the wizard have created the resources created in the overview listed on the screen.

Now it is important to add the physical devices to the created or selected security group. Once the devices are assigned to all the resources, including the correct Autopilot profile, it is recommended to wipe the devices (if already in use) to give them a clean configuration and and enable shared device mode.

User experience

Once the devices are enrolled with the new configuration, the user experience will look like the screenshots below.

When powering up the physical device, the login screen looks like this. Mentioning that you will sign in to your organization's Cloud PC.

Next it will connect to the Cloud PC in a few seconds.

When in your desktop and are done with your work, you can logout the way you normal do.

This will sign you out from the Cloud PC and brings you back to the login page of the local/physical devices.