Merge pull request #16692 from MicrosoftDocs/main

Windows 365 Ignite release

windows-365/breadcrumb/toc.yml

@@ -25,4 +25,6 @@ items:
     - name: Windows 365
       tocHref: /azure/virtual-desktop/
       topicHref: /windows-365/enterprise/index
-
+    - name: Windows 365 Link
+      tocHref: /windows-365/link/
+      topicHref: /windows-365/link/index 

windows-365/enterprise/TOC.yml

@@ -223,6 +223,8 @@ items:
         href: rdp-shortpath-private-networks.md
       - name: Reprovision a Cloud PC
         href: reprovision-cloud-pc.md
+      - name: Bulk reprovision Frontline Cloud PCs
+        href: frontline-shared-bulk-reprovision.md
       - name: Windows 365 Switch
         href: windows-365-switch-overview.md
       - name: Resize a Cloud PC

windows-365/enterprise/alerts.md

@@ -31,13 +31,15 @@ ms.collection:
 
 # Alerts in Windows 365
 
-The Windows 365 Alerts system notifies you when specific events occur in your Cloud PC environment, like connection, provisioning, or image upload failures. By default, these alerts appear in the Microsoft Intune admin center as pop-up notifications (you can also turn on email notifications). You can customize the built-in alert rules:
+The Windows 365 Alerts system notifies you when specific events occur in your Cloud PC environment, like connection, provisioning, or image upload failures. There are also alerts to notify you when you've reached or passed the maximum concurrency threshold for Windows 365 Frontline Cloud PCs. By default, alerts appear in the Microsoft Intune admin center as pop-up notifications (you can also turn on email notifications). You can customize the built-in alert rules:
 
 - Set conditions and thresholds for triggering alerts.
 - Define the severity of alerts.
 - Turn each alert rule on or off.
 - Configure each alert to notify you in the console and/or by email.
 
+If emails are turned on, when an alert rule is triggered, one email is sent to the designated email address. After the alert is resolved, if it's triggered again, anohter emila is sent to the designated address.
+
 ## Requirements
 
 To see alerts, your account must meet the following requirements:

windows-365/enterprise/assign-licenses.md

@@ -7,7 +7,7 @@ keywords:
 author: ErikjeMS  
 ms.author: erikje
 manager: dougeby
-ms.date: 07/24/2024
+ms.date: 10/15/2024
 ms.topic: how-to
 ms.service: windows-365
 ms.subservice: windows-365-enterprise
@@ -32,16 +32,20 @@ ms.collection:
 
 # Assign licenses
 
-Before a user can use a Cloud PC, you must assign a [Windows 365 license](https://www.microsoft.com/windows-365/all-pricing) to that user. You can assign the licenses using either of these methods:
+[Windows 365 licenses](https://www.microsoft.com/windows-365/all-pricing) must be assigned before users can use a Cloud PC.
+
+## Windows 365 Enterprise
+
+Before a user can use a Cloud PC, you must assign a [Windows 365 license](https://www.microsoft.com/windows-365/all-pricing) to that user. You can assign the licenses using any of these methods:
 
 - Microsoft 365 admin center for individual users. For steps on how to use admin center to assign licenses, see [Assign licenses to users](/microsoft-365/admin/manage/assign-licenses-to-users).
 - [Microsoft Entra admin center](https://aad.portal.azure.com/) for group license assignments. For more information about group license assignments, see [Assign licenses to users by group membership in Microsoft Entra ID](/azure/active-directory/enterprise-users/licensing-groups-assign).
 - To assign direct licenses to a list of individual users, see [Assign licenses for Windows 365](/microsoft-365/enterprise/assign-licenses-to-user-accounts-with-microsoft-365-powershell) or see [Assign license](/graph/api/user-assignlicense) to perform through Graph.
 
 ## Windows 365 Frontline
 
-This article doesn't apply to Windows 365 Frontline. Windows 365 Frontline licenses are managed directly in provisioning policies when assigning users in a targeted Microsoft Entra group.
+Licenses for Windows 365 Frontline are assigned to your tenant and shared across Cloud PCs provisioned in dedicated mode and shared mode. The licenses are assigned by selecting a  Microsoft Entra group during the [creation of provisioning policies](create-provisioning-policy.md).
 
-## Next steps
+## Next steps 
 
 [Create Azure network connection](create-azure-network-connection.md).

windows-365/enterprise/assign-users-as-local-admin.md

@@ -37,15 +37,17 @@ The **User settings** page lets IT administrators manage the following settings
 - **Enable local admin**: If enabled, each user in the assigned groups is elevated to a local administrator of each of their own Cloud PCs. These permissions apply at the user level.
 - **Enable users to reset their Cloud PCs**: If enabled, a **Reset** option is shown in the Windows App and portal for users in the assigned groups. Resetting wipes and reprovisions the Cloud PC, deleting all user data and apps.
 - **Allow user to initiate restore service**: If enabled, each user in the assigned groups can restore their own Cloud PCs to any available backup version.
+- **Cross region disaster recovery configuration (optional)**: Lets you protect Cloud PCs during regional outages. For more information, see [Cross region disaster recovery](cross-region-disaster-recovery.md).
 
 When managing settings, keep the following points in mind:
 
 - The settings can be applied before or after a Cloud PC is assigned.
 - Changes to the settings take effect when the user logs on. If the user is currently logged on, they must sign out and then sign in again to see the change.
+- User settings don't apply to Windows 365 Frontline Cloud PCs in shared mode.
 
 ## Add a new setting
 
-1. Sign in to the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431), select **Devices** > **Windows 365** (under **Provisioning**) > **...** > **User Settings** > **Add**.
+1. Sign in to the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431), select **Devices** > **Windows 365** (under **Device onboarding**) > **...** > **User Settings** > **Add**.
 ![Screenshot of add user setting](./media/assign-users-as-local-admin/user-settings.png)
 2. Under **Settings**, enter a **Name** for the setting.
 3. Select the boxes for the settings that you want to enable for the users.

windows-365/enterprise/configure-single-sign-on.md

@@ -40,6 +40,7 @@ To get started, following the steps to [Configure single sign-on](/azure/virtual
 - If the Kerberos Server object isn't present for Microsoft Entra hybrid joined provisioning policies, a new error appears in your Azure Network Connection (ANC) [health check for single sign-on](health-checks.md#supported-checks).
 - If you have conditional access policies that apply when accessing Windows 365, review the recommendations to [set conditional access policies](set-conditional-access-policies.md) for Windows 365 to make sure users have the expected experience.
 - SSO can be enabled on any provisioning policies. You can find the **Use Microsoft Entra single sign-on** option under the **Join type** on the **General** page. This can be done when [creating a new provisioning policy](create-provisioning-policy.md#continue-creating-a-provisioning-policy) or when [editing an existing provisioning policy](edit-provisioning-policy.md), with an option to apply SSO to existing Cloud PCs.
+- When provisioning Frontline Cloud PCs in shared mode, [hide the consent prompt](/azure/virtual-desktop/configure-single-sign-on#hide-the-consent-prompt-dialog) so that users don't see it with each shared device. You can use a dynamic device group based on the provisioning policy name to scope this configuration.
 
 ## Next steps
 

windows-365/enterprise/create-provisioning-policy.md

@@ -34,7 +34,7 @@ ms.collection:
 
 Cloud PCs are created and assigned to users based on provisioning policies. These policies hold key provisioning rules and settings that let the Windows 365 service set up and configure the right Cloud PCs for your users. After provisioning policies are created and assigned to the Microsoft Entra user security groups or Microsoft 365 Groups, the Windows 365 service:
 
-1. Checks for appropriate licensing for each user.
+1. Checks for appropriate licensing.
 2. Configures the Cloud PCs accordingly.
 
 A few things to keep in mind:
@@ -44,10 +44,15 @@ A few things to keep in mind:
   - If a user in an assigned group doesn’t have a Cloud PC license assigned, Windows 365 won’t provision their Cloud PC.
   - For each Cloud PC license assigned to a user, only one provisioning policy is used to set up and configure the Cloud PC. The Windows 365 service always uses the first assigned policy to provision the Cloud PC.
 
-- Windows 365 Frontline
+- Windows 365 Frontline in dedicated mode
 
   - If you have more users in your Microsoft Entra user group than the number of Cloud PCs available for the selected size, some users might not receive their Cloud PC.
-  - If you remove users from your Microsoft Entra user group, their Cloud PC is automatically moved into a grace period.  
+  - If you remove users from your Microsoft Entra user group, their Cloud PC is automatically moved into a [grace period](device-management-overview.md#column-details) .  
+
+- Windows 365 Frontline in shared mode
+
+  - If you remove users from your Microsoft Entra user group, the user loses access to the Cloud PC.
+  - If you remove the Microsoft Entra user group from the assignment, the Cloud PCs are automatically deprovisioned.
 
 ## Create a provisioning policy
 
@@ -62,10 +67,13 @@ A few things to keep in mind:
 3. On the  **General** page, select a **License type**:
     - **Enterprise**: Provision Cloud PCs for Windows 365 Enterprise.
     - **Frontline**: Provision Cloud PCs for [Windows 365 Frontline](introduction-windows-365-frontline.md).
-4. On the **General** page, select a **Join type**:
+4. If you choose **Frontline**, you must also select a **Frontline type**:
+    - **Dedicated**: Provision Cloud PCs in dedicated mode.
+    - **Shared**: Provision Cloud PCs in shared mode.
+5. On the **General** page, select a **Join type**:
     - **Microsoft Entra Join**: You have two options for **Network**:
         - **Microsoft hosted network**: Select a **Geography** where you want your Cloud PCs provisioned. Then, for [**Region**](requirements.md#supported-azure-regions-for-cloud-pc-provisioning), you can select:
-            - **Automatic (Recommended)**: The Windows 365 service automatically chooses a region within the selected geography at the time of provisioning. Microsoft strongly recommends using the **Automatic** option. This automation decreases the chance of provisioning failure.
+            - **Automatic (Recommended)** (*not supported for Frontline in shared mode*): The Windows 365 service automatically chooses a region within the selected geography at the time of provisioning. Microsoft strongly recommends using the **Automatic** option. This automation decreases the chance of provisioning failure.
             - A specific region: This option makes sure that your Cloud PCs are only provisioned in the region that you choose.
         - **Azure network connection**: Select an ANC to use for this policy.
     - **Hybrid Microsoft Entra join**: You must select an ANC to use for this policy.
@@ -85,46 +93,61 @@ To select an ANC, follow these steps:
 
   As long as the first ANC in the list is **Healthy**, it's always used for provisioning Cloud PCs using this policy. If the first ANC isn't healthy, the policy uses the next ANC in the list that is healthy.
 
+> [!NOTE]
+>
+>For Frontline in shared mode, the ANC must be in the same region.
+
 ### Continue creating a provisioning policy
 
-1. On the **General** page, you can check the box so that your users **Use Microsoft Entra single sign-on**.
+1. On the **General** page, you can check the box so that your users **Use Microsoft Entra single sign-on**. If you want to make sure that users aren't prompted each time they connect to a Frontline in shared Cloud PC, see [Hide consent prompt dialog](/azure/virtual-desktop/configure-single-sign-on#hide-the-consent-prompt-dialog).
 2. Select **Next**.
 3. On the **Image** page, for **Image type**, select one of the following options:
     - **Gallery image**: Choose **Select** > select an image from the gallery > **Select**. Gallery images are default images provided for your use.
     - **Custom image**:  Choose **Select** > select an image from the list > **Select**. The page displays the list of images that you uploaded using the [Add device images](add-device-images.md) workflow.
 4. Select **Next**.
 5. On the **Configuration** page, under **Windows settings**, choose a **Language & Region**. The selected language pack is installed on Cloud PCs provisioned with this policy.
 6. Optional. Select **Apply device name template** to create a Cloud PC naming template to use when naming all Cloud PCs that are provisioned with this policy. This naming template updates the NETBIOS name and doesn't affect the display name of the Cloud PC. When creating the template, follow these rules:
-    - Names must be between 5 and 15 characters.
-    - Names can contain letters, numbers, and hyphens.
-    - Names can't include blank spaces or underscores.
-    - Optional. Use the %USERNAME:X% macro to add the first X letters of the username.
-    - Required. Use the %RAND:Y% macro to add a random string of characters, where Y equals the number of characters to add. Y must be 5 or more. Names must contain a randomized string.
-
-    Examples of custom naming templates:
-
-    - %RAND:5%
-    - ABC-%RAND:5%
-    - ABC-%USERNAME:5%-%RAND:5%
+    - Enterprise and Frontline dedicated mode
+      - Names must be between 5 and 15 characters.
+      - Names can contain letters, numbers, and hyphens.
+      - Names can't include blank spaces or underscores.
+      - Optional. Use the %USERNAME:X% macro to add the first X letters of the username.
+      - Required. Use the %RAND:Y% macro to add a random string of characters, where Y equals the number of characters to add. Y must be 5 or more. Names must contain a randomized string.
+    - Frontline in shared mode
+      - Names must be exactly 15 characters.
+      - Names can contain letters, numbers, and hyphens.
+      - Names can't include blank spaces or underscores.
+      - Prefix must be 7 or less characters.
+      - Required. Use the %RAND:Y% macro to add a random string of characters, where Y equals the number of characters to add. Y must be 8 or more. Names must contain a randomized string.
+
+    Example of custom naming templates:
+
+    - ABCDEF-%RAND:8%
+
 7. Optional. Under **Additional services**, choose a service to be installed on Cloud PCs provisioned with this policy:
-    - **Windows Autopatch** is a cloud service that automates updates for Windows, Microsoft 365 Apps for enterprise, Microsoft Edge, and Microsoft Teams on both physical and virtual devices. For more information, see [What is What is Windows Autopatch?](/windows/deployment/windows-autopatch/overview/windows-autopatch-overview) and the [Windows Autopatch FAQ](https://go.microsoft.com/fwlink/?linkid=2200228).
+    - **Windows Autopatch** is a cloud service that automates updates for Windows, Microsoft 365 Apps for enterprise, Microsoft Edge, and Microsoft Teams on both physical and virtual devices. For more information, see [What is What is Windows Autopatch?](/windows/deployment/windows-autopatch/overview/windows-autopatch-overview) and the [Windows Autopatch FAQ](https://go.microsoft.com/fwlink/?linkid=2200228). The Windows Autopatch option isn't available for Frontline in shared mode.
         - If you already have Windows Autopatch configured to manage your cloud PCs, this option replaces the existing policy. This replacement might disrupt any dynamic distribution that is already configured in Autopatch.
         - When this option is selected, the system assigns devices to a new ring as the last ring of the Autopatch group.
         - To manually enable dynamic distribution for your Cloud PCs, modify your Autopatch Groups dynamic distribution list to include the Entra ID group to which your Cloud PCs are being added.
     - **None**. Manage and update Cloud PCs manually.
 8. Select **Next**.
 9. On the **Assignments** page, choose **Select groups** > choose the groups you want this policy assigned to > **Select**. Nested groups aren't currently supported.
-10. For Windows 365 Frontline, you must also select a Cloud PC size for each group in the policy. Choose **Select one** > select a size under **Available sizes** > **Select**. After you select a size for each group, select **Next**.
-11. On the **Review + create** page, select **Create**. If you used Microsoft Entra hybrid join as the join type, it can take up to 60 minutes for the policy creation process to complete. The time depends on when the Microsoft Entra Connect sync last happened.
+10. For Windows 365 Frontline dedicated mode, you must also select a Cloud PC size for each group in the policy. Choose **Select one** > select a size under **Available sizes** > **Select**. After you select a size for each group, select **Next**.
+11. For Windows 365 Frontline in shared mode you must also:
+  1. Choose **Select one** > select a size under **Available sizes** > **Select**.
+  2. Type in a **Friendly name** > select a **Cloud PC number** > **Next**.
+12. On the **Review + create** page, select **Create**. If you used Microsoft Entra hybrid join as the join type, it can take up to 60 minutes for the policy creation process to complete. The time depends on when the Microsoft Entra Connect sync last happened.
 
-After the provisioning policy is created and assigned, Windows 365 automatically starts to provision Cloud PCs and assigns them to users in the assigned groups.
+After the provisioning policy is created and assigned, Windows 365 automatically starts to provision Cloud PCs.
 
-### Windows 365 Frontline
+### Windows 365 Frontline in dedicated mode
 
 Microsoft Entra group members don't receive Cloud PCs if the number of users in the Microsoft Entra user group exceeds the maximum number of Cloud PCs allowed to be provisioned (based on the number of purchased licenses).
 
 Admins can confirm the list of members who received Cloud PCs by reviewing the **Provisioning policy** > choose the policy > review the users in the groups under **Assignments**.
 
+Windows 365 Frontline licenses are for both Frontline Cloud PCs in dedicated mode and shared mode. Frontline Cloud PCs in dedicated mode are prioritized over shared mode when you add licenses.
+
 <!-- ########################## -->
 ## Next steps
 

windows-365/enterprise/delete-provisioning-policy.md

@@ -31,12 +31,14 @@ ms.collection:
 
 # Delete provisioning policies from Cloud PCs
 
-Only a provisioning policy that has no assignments can be deleted. You can remove assignments by following the steps in [Edit provisioning policy](edit-provisioning-policy.md). After completing those steps, follow the steps below to delete a provisioning policy.
-
-1. Sign in to the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431) > **Devices** > **Windows 365** (under **Provisioning**) > **Provisioning policies**.
+1. **Only a provisioning policy that has no assignments can be deleted**. Therefore, you must first remove assignments. You can remove assignments by following the steps in [Edit provisioning policy](edit-provisioning-policy.md). After completing those steps, follow the steps below to delete a provisioning policy.
+2. Sign in to the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431) > **Devices** > **Windows 365** (under **Provisioning**) > **Provisioning policies**.
 ![Screenshot of delete policy](./media/delete-provisioning-policy/delete-policy.png)
-2. Select the ellipses (**…**) next to the policy you want to delete > **Delete**.
-3. Select **Confirm** when asked to delete the policy.
+3. Make sure that **Assigned** is **No**. If **Assigned** state is **Yes**, select the provisioning policy and remove assignments.
+
+    For Windows 365 Enterprise and Windows 365 Frontline in dedicated mode, if you remove the assignments, the Cloud PCs move into the [grace period](device-management-overview.md) state.
+4. Select the ellipses (**…**) next to the policy you want to delete > **Delete**.
+5. Select **Confirm** when asked to delete the policy.
 
 <!-- ########################## -->
 ## Next steps