What this book covers
Chapter 1, Introducing Windows 365 and Azure Virtual Desktop, provides an introduction to the worlds of Windows 365 and Azure Virtual Desktop (AVD). It will cover the Windows 365-only features and editions. Licensing for Windows 365 works differently compared to AVD. Want to learn more? This chapter has got you covered! As an added bonus, we included the new Windows app as well!
Chapter 2, Importance of Securing Your Desktop, explains why securing a desktop is a very important task. The desktop tends to be the heart of the workspace. It’s used to access company data and, while doing so, data can be stored on that desktop. What kind of consequences are there if something were to happen to that data? Even worse, what happens when desktops are lost or stolen? What controls do you, as an admin or company, have?
Chapter 3, Modern Security Risks, takes you on a journey to learn about bad actors and cyberattacks. What kind of cyberattacks are there and how do they relate to the desktop? How can a company recover from a cyberattack? How can virtual desktops help in the recovery process?
Chapter 4, Securing User Sessions, describes various security controls that can be used to protect access to the virtual desktop.
Chapter 5, Preventing Data Leakage from Desktops, introduces you to security controls to prevent data leakage from the desktop. We’ll look at screen capture protection along with watermarking and how various screen locking options help to provide a secure environment.
Chapter 6, Update Management Strategies, discusses various strategies to keep your desktops up to date. Learn more about Windows Update for Business and the extra benefit of using Windows Autopatch. Did you know that you can build a template for AVD with customizations and let Azure Image Builder do the actual building of the image? Or perhaps you want to learn more about creating your own custom image manually? This chapter has got you covered on all of these solutions!
Chapter 7, Threat Detection and Prevention, covers how to use Microsoft Defender for Endpoint to protect your Cloud PCs and desktops in AVD against malware. But how do you make sure that all required components are running? Learn how tamper protection does exactly that! BitLocker is commonly used to encrypt the local drive of a desktop. But did you know that Cloud PCs do not support BitLocker? Learn more about the encryption of Cloud PCs and AVD in this chapter.
Chapter 8, Configuring Access Control, explores the world of role-based access control. It covers other access control solutions such as Azure Bastion, just-in-time virtual machine access, Microsoft Entra Privileged Identity Management, and the new Windows LAPS for Windows 365 and AVD.
Chapter 9, Securing Windows 365, covers specific security controls for Windows 365. Did you know that Microsoft has an advanced deployment guide to help you get started the right way? Or security guidelines, specifically for Windows 365? We will extensively cover Endpoint Privilege Management, a technique to run privileged actions with a standard user account. We will also learn how to create and export a Cloud PC restore point. We will end this chapter with some tips and tricks from the field.
Chapter 10, Securing Azure Virtual Desktop, covers specific security controls for AVD. We will learn about backups and securing your AVD environment with private endpoints, and how to use confidential computing or restrict apps that can be executed using AppLocker. Active Directory Domain Services (AD DS) is an important part of managing AVD, so we will learn more about the AD DS structure and security in this chapter.
Chapter 11, Securing Azure Infrastructure, takes you on a journey to secure the infrastructure that is needed for AVD. We will talk about storage, and network security with Azure Firewall, NSGs, and Azure VPN Gateway. We will also learn more about deploying AVD on dedicated hosts and how to configure Defender for Cloud for an AVD subscription.
Chapter 12, Windows 365 Use Cases, gives examples of when to implement Windows 365 for your company. These use cases can help if you already implemented Windows 365 or if you are looking at a new solution to deploy desktops. Are you thinking about replacing an existing VDI infrastructure or using Windows 365 for contractors? Or what about using a Cloud PC as a Privileged access workstation? Learn all about these topics in this chapter.
Chapter 13, Azure Virtual Desktop Use Cases, gives you examples of when to implement AVD for your company.
