W365 Frontline GCC/GCCH, W365 Cloud Apps Preview and W365 Boot Updates

There were a couple new announcements with Windows 365 (W365) that are interesting.

W365 Frontline is now available in GCC and GCCH Clouds

W365 Frontline is developed to provide organizations with cost-efficient cloud PC solutions for users who require part-time or occasional access to virtual desktops. The service offers two distinct modes: Dedicated and Shared.

• Dedicated Mode: Tailored for shift-based, part-time, or temporary personnel, this mode permits Cloud PC usage exclusively during working hours. Each license allows up to three distinct user assignments; however, only one Cloud PC may be active at any given time. This configuration is well-suited for environments with rotating shifts or non-overlapping schedules.
• Shared Mode: In this arrangement, a single license can be utilized sequentially by multiple users within a group. Upon user logout, the desktop session is reset, ensuring no user data is retained.

The advantages of W365 Frontline include enhanced cost optimization by eliminating the need for individual licenses for every user. Additionally, it serves as an efficient replacement for legacy VDI systems, offering a scalable, secure, and straightforward Cloud PC management solution.

Reference: https://techcommunity.microsoft.com/blog/windows-itpro-blog/announcing-windows-365-frontline-for-gcc-and-gcch/4452096

W365 Cloud Apps in Public Review

Administrators can assign users access to specific cloud-delivered apps instead of a Cloud PC. This approach is suitable for organizations aiming to streamline app delivery and reduce the overhead associated with virtual desktop infrastructure (VDI). W365 Cloud Apps operates on W365 Frontline Cloud PCs in Shared Mode. W365 Frontline licensing permits Cloud PC access for shift-based or part-time workers and supports unlimited users per license, with one active session allowed at a time. W365 Cloud Apps provides streaming access to essential applications such as Outlook, Word, PowerPoint, Excel, and Edge without requiring users to load a full desktop environment.

Reference: https://techcommunity.microsoft.com/blog/windows-itpro-blog/windows-365-cloud-apps-are-now-in-public-preview/4453397

W365 Boot and Connection Center new experiences

When using a Windows 11 device, W365 Boot enables users to sign directly into their Cloud PC as the main Windows interface. This provides a streamlined method for accessing Cloud PCs. New features include:

• Connection Center now supports selection among multiple Cloud PCs during login.
• Improved troubleshooting and diagnostics capabilities.
• More consistent connection process.
• Built-in cross-region disaster recovery, allowing users to connect through different regions if one is unavailable.

Reference: https://techcommunity.microsoft.com/blog/windows-itpro-blog/windows-365-boot-connection-center--improved-experience---generally-available/4453399 

M365 Copilot Readiness and Remediation

 This concise article provides an overview of how organizations can effectively prepare for the introduction of M365 Copilot. A primary concern often encountered is the risk of data oversharing accumulated over time and determining where to initiate data remediation. Much of this remediation should focus on SharePoint Online and OneDrive for Business. Common issues include:

• Site privacy settings that grant organizational-wide access.
• Default sharing options configured to “everyone.”
• Broken permission inheritance, where site permissions differ from those at the folder or file level.
• Sharing with the “everyone except external users” domain group.
• Sites and files lacking sensitivity labels.

It is important to note that solutions such as M365 Copilot will access all data available to a user when generating results. While this data is also accessible via search, M365 Copilot significantly streamlines the discovery process.

One of the key tools for identifying areas requiring remediation is SharePoint Advanced Management (SAM). Key features of SAM include:

• Content Management Assessment: Generates reports highlighting misconfigurations, inactivity, permission issues, and lifecycle risks across SharePoint sites.
• Site Lifecycle Management: Automatically detects inactive or ownerless sites and recommends remediation actions, such as marking sites as read-only, archiving them, or prompting owners to maintain content.
• Oversharing Control with Permission State Reports: Offers comprehensive reports on site permissions across M365, identifying broken inheritance, public links, and excessive group permissions. Remediation actions can be initiated, including site access reviews or the application of Restricted Access and Restricted Content Discovery controls.
• Restricted Access Control: Enables administrators to restrict site access to a specified user list, overriding existing permissions for rapid content lock-down until remediation is completed.
• Restricted Content Discovery (RCD) and Delegation: RCD allows administrators to prevent overshared sites from being accessed by M365 Copilot.

While SAM offers a robust starting point, additional solutions such as Data Security Posture Management (DSPM) can further address oversharing risks. DSPM assesses active SharePoint sites, surfaces risks related to sensitive files and their protection, identifies overexposed sharing patterns, and provides insights into site usage.

Organizations are also encouraged to utilize Microsoft Purview Data Loss Prevention policies to prevent Copilot from processing data with certain sensitivity labels. Moreover, implementing Microsoft Purview Information Protection enables the creation of auto-labeling policies that apply protections like encryption for file access control.

Finally, it is advisable to use Microsoft Purview Data Lifecycle Management to establish retention policies for data governance and automated deletion of outdated information. This ensures Copilot does not reference obsolete content when generating responses.

Reference: https://techcommunity.microsoft.com/blog/microsoft365copilotblog/mitigate-oversharing-to-govern-microsoft-365-copilot-and-agents/4448744 

M365 Copilot Chat now available in Office Apps

There was an important announcement this week.  M365 Copilot Chat is now available in Word, Excel, PowerPoint, Outlook and OneNote for all users without additional licensing.

Some important notes:

• This is for web-grounded chat only.
• This is the same Copilot Chat experience that all users have access to via a browser.
• If you want M365 Copilot Chat to return data from the M365 Graph with data from Teams, Exchange, SharePoint and OneDrive, you must have a M365 Copilot add-on license for the user.

Reference: https://techcommunity.microsoft.com/blog/microsoft365copilotblog/copilot-chat-comes-to-the-microsoft-365-apps/4453349