You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Windows 365 Government is cloud-based service that automatically creates virtual machines (Cloud PCs) for US government users. This service spans across a regulated US Government Community Cloud (GCC) and a public facing cloud. It meets federal, state, and local US government needs to securely stream Windows apps, data, content, and settings on Cloud PCs from regulated clouds to any device at any time.
34
+
35
+
Windows 365 Government customers are government agencies or public entities that qualify to use services hosted in GCC and GCC High. The services in the GCC and GCC High clouds must meet specific requirements and pass rigorous audit reviews before customers are allowed to use them.
36
+
37
+
For GCC environments, users that access Windows 365 Government Cloud PCs have an identity in the public cloud while the underlying resources and content are secured in a regulated US government cloud.
38
+
39
+
Windows 365 Government supports this scenario in a secure, scalable, and transparent manner. It provides flexibility to administrators to manage users in the public cloud, resources in the government cloud, and the dynamic relationship between the two.
40
+
41
+
Windows 365 Government is available GCC and GCC High customers in the US, as well as contractors (in US entities) holding or processing data on behalf of US government agencies.
42
+
43
+
For more information about Cloud PCs and Windows 365, see [What is Windows 365?](..\overview.md) For more information about purchasing, see [How to buy Windows 365 Government](https://aka.ms/win365).
44
+
45
+
## Features not yet supported Windows 365 Government
46
+
47
+
The following features are not yet supported for Windows 365 GCC and/or GCCH.
|Provision Cloud PCs with Secure Boot and vTPM|||
53
+
|Configure installed language and region for provisioning Cloud PCs|||
54
+
|Digital forensics and placing a Cloud PC under review|||
|RDP Shortpath for public networks|||
60
+
|Windows 365 System based alerting on Microsoft Endpoint Manager for Cloud PCs|||
61
+
|User initiated feedback in End User Portal and Windows 365 Web Client|||
62
+
63
+
## Next steps
64
+
65
+
To learn more about Windows 365, see [What is Windows 365?](..\overview.md)
Copy file name to clipboardExpand all lines: windows-365/enterprise/requirements-network.md
+96-4Lines changed: 96 additions & 4 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -39,7 +39,9 @@ Each customer has its specific requirements based on the workload they use to pr
39
39
40
40
## General network requirements
41
41
42
-
To use your own network and provision Azure AD joined Cloud PCs, you must meet the following requirements:
42
+
### [Windows 365 Enterprise](#tab/enterprise)
43
+
44
+
To use your own network and provision Azure Active Directory (Azure AD) joined Cloud PCs, you must meet the following requirements:
43
45
44
46
- Azure virtual network: You must have a virtual network (vNET) in your Azure subscription in the same region as where the Windows 365 desktops are created.
45
47
- Network bandwidth: See [Azure’s Network guidelines](/windows-server/remote/remote-desktop-services/network-guidance).
@@ -50,8 +52,33 @@ To use your own network and provision Hybrid Azure AD joined Cloud PCs, you must
50
52
- The Azure virtual network must be able to resolve DNS entries for your Active Directory Domain Services (AD DS) environment. To support this resolution, define your AD DS DNS servers as the DNS servers for the virtual network.
51
53
- The Azure vNet must have network access to an enterprise domain controller, either in Azure or on-premises.
52
54
55
+
### [Windows 365 Government](#tab/government)
56
+
57
+
All of the Windows 365 Enterprise requirements apply to [Windows 365 Government](introduction-windows-365-government.md) with the following additions:
58
+
59
+
#### Azure Active Directory joined Cloud PCs
60
+
61
+
To use your own network and provision Azure AD joined Cloud PCs, you must meet the following requirements:
62
+
63
+
- The customer must have a subscription in the Azure Government environment.
64
+
- Azure virtual network: You must have a virtual network (vNET) in your Azure Government subscription in the same region as where the Windows 365 Cloud PCs are created. For Government Community Cloud (GCC) and Government Community Cloud High (GCCH), this will be a US Gov region.
65
+
- Network bandwidth: See [Azure’s Network guidelines](/windows-server/remote/remote-desktop-services/network-guidance).
66
+
- A subnet within the vNet and available IP address space.
67
+
68
+
#### Hybrid Azure AD joined Cloud PCs
69
+
70
+
To use your own network and provision Hybrid Azure AD joined Cloud PCs, you must meet the above requirements, and the following requirements:
71
+
72
+
- The customer must have a subscription in the Azure Government environment.
73
+
- The Azure virtual network must be able to resolve DNS entries for your Active Directory Domain Services (AD DS) environment. To support this resolution, define your AD DS DNS servers as the DNS servers for the virtual network.
74
+
- The Azure vNet must have network access to an enterprise domain controller, either in Azure or on-premises.
75
+
76
+
---
77
+
53
78
## Allow network connectivity
54
79
80
+
### [Windows 365 Enterprise](#tab/ent)
81
+
55
82
You must allow traffic in your Azure network configuration to the following service URLs and ports:
56
83
57
84
-[Network endpoints for Microsoft Intune](/mem/intune/fundamentals/intune-endpoints)
@@ -101,12 +128,78 @@ You must allow traffic in your Azure network configuration to the following serv
You must allow traffic in your Azure network configuration to the service URLs and ports listed in this section. All endpoints connect over port 443 unless specified otherwise.
140
+
141
+
- GCC: [Network endpoints for Microsoft Intune](/mem/intune/fundamentals/intune-endpoints).
### Remote Desktop Protocol (RDP) broker service endpoints
111
204
112
205
Direct connectivity to Azure Virtual Desktop RDP broker service endpoints is critical for remoting performance to a Cloud PC. These endpoints affect both connectivity and latency. To align with the [Microsoft 365 network connectivity principles](/microsoft-365/enterprise/microsoft-365-network-connectivity-principles#new-office-365-endpoint-categories), you should categorize these endpoints as **Optimize** endpoints. We recommend that you use a direct path from your Azure virtual network to those endpoints.
@@ -115,7 +208,6 @@ To make it easier to configure network security controls, use Azure Virtual Desk
115
208
116
209
Changing the network routes of a Cloud PC (at the network layer or at the Cloud PC layer like VPN) might break the connection between the Cloud PC and the Azure Virtual Desktop RDP broker. If so, the end user will be disconnected from their Cloud PC until a connection be re-established.
117
210
118
-
119
211
## DNS requirements
120
212
121
213
As part of the Hybrid Azure AD Join requirements, your Cloud PCs must be able to join on-premises Active Directory. That requires that the Cloud PCs be able to resolve DNS records for your on-premises AD environment.
Copy file name to clipboardExpand all lines: windows-365/enterprise/requirements.md
+24-1Lines changed: 24 additions & 1 deletion
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -7,7 +7,7 @@ keywords:
7
7
author: ErikjeMS
8
8
ms.author: erikje
9
9
manager: dougeby
10
-
ms.date: 08/30/2022
10
+
ms.date: 10/03/2022
11
11
ms.topic: how-to
12
12
ms.service: cloudpc
13
13
ms.subservice:
@@ -34,6 +34,8 @@ To use Cloud PCs, you must meet the following requirements:
34
34
35
35
## Azure requirements
36
36
37
+
### [Windows 365 Enterprise](#tab/enterprise)
38
+
37
39
None, if you plan on provisioning Azure AD joined Cloud PCs on a Microsoft hosted network.
38
40
39
41
If you choose to provision Cloud PCs on your own network, an active Azure subscription with the following configurations is required:
@@ -43,6 +45,18 @@ If you choose to provision Cloud PCs on your own network, an active Azure subscr
43
45
- Network contributor permissions on the resource group.
44
46
- A network contributor role on the vNet.
45
47
48
+
### [Windows 365 Government](#tab/government)
49
+
50
+
All of the Windows 365 Enterprise requirements apply with the following additions.
51
+
52
+
A subscription in Azure Government is required for Windows 365 Government customers who would like to use any of the following capabilities:
53
+
54
+
- Hybrid AADJ
55
+
- AADJ and with the customer providing their own network
56
+
- Custom Images
57
+
58
+
---
59
+
46
60
## Azure Active Directory and Intune requirements
47
61
48
62
- A valid and working Intune and Azure Active Directory tenant.
@@ -76,6 +90,8 @@ You must use [Microsoft Endpoint Manager admin center](https://admin.microsoft.c
76
90
77
91
## Supported Azure regions for Cloud PC provisioning
78
92
93
+
### [Windows 365 Enterprise](#tab/ent)
94
+
79
95
Windows 365 manages the capacity and availability of underlying Azure resources as part of the service. Windows 365 partners closely with Azure to select regions that meet our Windows 365 service requirements for availability and capacity. On availability, we use features like availability zones in Azure to provide in-region resiliency as built-in value to the service. You can create a virtual network or use the Microsoft hosted network for provisioning Cloud PCs in the following Azure regions:
80
96
81
97
- US Central
@@ -99,6 +115,13 @@ Windows 365 manages the capacity and availability of underlying Azure resources
0 commit comments