deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-07 18:17:22 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Create cloud-desktop-surface.md

Browse Source
This commit is contained in:
John Kaiser 2020-05-13 10:15:46 -07:00
parent dfa2880a69
commit 84b4df63dc
1 changed files with 175 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

175
devices/surface/cloud-desktop-surface.md Normal file
View File

@ -0,0 +1,175 @@
---
title: Cloud Desktop on Surface
description: This article explains how Surface devices deliver an ideal end node for Windows Virtual Desktop solutions, providing customers with flexible form factors, Windows 10 modern device security and manageability, and support for persistent, on-demand & just-in-time work scenarios.
ms.prod: w10
ms.mktglfcycl: manage
ms.localizationpriority: medium
ms.sitesec: library
author: coveminer
ms.author: greglin
ms.topic: article
ms.date: 5/15/2020
ms.reviewer: rohenr
manager: laurawi
audience: itpro
---
# Cloud Desktop on Surface
## Introduction
Cloud Desktop on Surface represents another milestone in the evolution of computing, combining Microsoft 365 -- virtualized in the Azure cloud -- with the advanced security protections, enterprise-level manageability, and enhanced productivity tools of Windows 10 on Surface. This fusion of premium form factor and Virtual Desktop Infrastructure (VDI) in Azure provides exceptional customer value that spans user experiences, portability, security, business continuity, and modern management. Surface blurs the lines between the local desktop experience and the virtual desktop where touch, pen and ink and biometric authentication span both physical and virtual environments.
### Virtual Desktop Infrastructure on Azure
Customers can take advantage of VDI on Azure with first party Microsoft solutions such as Windows Virtual Desktop (WVD) or third-party desktop as a service (DaaS) offerings from partners like Workspot and Rackspace.
### Windows Virtual Desktop
Windows Virtual Desktop (WVD) is a Platform as a Service (PaaS) solution providing a comprehensive desktop and app virtualization service running in the Azure cloud. Its the only virtual desktop infrastructure that delivers simplified management, multi-session Windows 10, optimizations for Office 365 ProPlus, and support for Remote Desktop Services (RDS) environments. Deploy and scale Windows desktops and apps on Azure in minutes and get built-in security and compliance features.
This model of cloud desktop still requires customers to maintain and manage updates of Windows virtual machines.
###Virtual Desktop as a Service
Virtual Desktop as a Service (DaaS) frees customers from having to maintain their own virtual machines (VMs) by providing a fully managed, turnkey desktop and virtualization service. The ability to deliver customized desktops to users anywhere in the world enables companies to quickly adjust to changing market conditions by spinning up cloud desktops on-demand - when and where theyre needed.
## Microsoft Surface Devices
Surface engineering has long set new standards for innovation by going beyond the keyboard and mouse to imagine more natural ways of interacting with devices, whether by touch, voice, ink, or Surface Dial. And with chip-to-cloud integration of Microsoft 365 and the security and manageability of Windows 10 Pro, weve seamlessly connected hardware, software, apps, and services the way they were intended.
Although you can run Windows Virtual Desktop on Windows 7, Windows Server 2012 R2, or virtual machines, or Windows OEM devices, running WVD on Microsoft Surface devices provides unique advantages including support for:
- **Flexible form factors** - like 2-in-1 devices such as Surface Go 2, Surface Pro 7 and Surface Pro X with pen, touch and detachable keyboard.
- **Persistent, on-demand and just-in-time work scenarios** - with offline and on-device access for more productive experiences.
- **Windows 10 modern device security and manageability** - providing the flexibility to be productive anywhere.
- **Reducing your carbon footprint ** to support your efforts to cut carbon emissions and drive towards environmental sustainability.
### Flexible form factors and premium user experience
The Microsoft Surface for Business family comprises a diverse portfolio of form factors including traditional laptops, all-in-one machines, and 2-in-1 devices. Surface devices deliver experiences people love with the choice and flexibility they need in order to work on their terms.
#### Transforming the virtual desktop endpoint
Surface 2-in-1 devices, including [Surface Go 2](https://www.microsoft.com/p/surface-go/ (10.5”), [Surface Pro 7](https://www.microsoft.com/surface/devices/surface-pro-7/) (12”) and [Surface Pro X](https://www.microsoft.com/p/surface-pro-x/) (13”), provide users with the ideal cloud desktop endpoint bringing together the optimal balance of portability, versatility, power, and all-day battery. From site engineers relying on Surface Go 2 in tablet mode to financial advisors attaching Surface Pro 7 to a dock and multiple monitors, 2-in-1 devices deliver the versatility that has come to define the modern workplace.
Unlike traditional, fixed VDI “terminals”, Surface devices allow users to work from anywhere and enable companies to remain viable and operational during unforeseen events -- from severe weather to public health emergencies. With support for persistent, on-demand and just-in-time scenarios, Surface devices effectively help companies sustain ongoing operations and mitigate risk from disruptive events.
Features designed to enhance productivity on Surface 2-in-1 devices include:
- Vibrant, high resolution displays with 3:2 aspect ratio to get work done.
- Natural inking and multi-touch for more immersive experiences.
- With a wide variety of built-in and third-party accessibility features, Surface devices let you choose how to interact with your device, express ideas, and get work done.
- Far-field mics and high-performance speakers for improved virtual meetings.
- Biometric security including built-in, Windows Hello camera that comes standard on every Surface device.
- Longer battery life[[1]](#) and fast charging.
- LTE options[[2]](#), on modern devices like Surface Pro X and Surface Go 2 for hassle-free and secure connectivity.
- Support for a wide range of peripherals such as standard printers, 3D printers, cameras, credit card readers, barcode scanners, and many others. A large ecosystem of Designed for Surface partners provides licensed and certified Surface accessories.
- Broad range of Device Redirection support.
#### VDI Device Redirection Support
The Surface-centric productivity experiences listed above become even more compelling in VDI environments by taking advantage of device redirection capabilities with Windows 10. Surface provides a broad range of device redirection support, especially when compared to OEM thin clients and fixed terminals, Android, iOS/macOS and Web-based access. The Windows Inbox (MSTSC) and Windows Desktop (MSRDC) clients provide the most Device Redirection capabilities including Input Redirection (keyboard, mouse, pen and touch), Port Redirection (serial and USB) and Other Redirections (cameras, clipboard, local drive/storage, location, microphones, printers, scanners, smart cards and speakers). For a detailed comparison of Device Redirection support refer to the [Device Redirection documentation](https://docs.microsoft.com/windows-server/remote/remote-desktop-services/clients/remote-desktop-app-compare#redirection-support).
#### Familiar Desktop Experience
Not only does running the Windows Desktop Client on Surface devices provide users with the broadest set of Device Redirection capabilities but it also provides the additional capability to use the apps in the way that is familiar to the end users by launching an app directly from the Start Menu or launch the apps by searching it in the search bar.
### Persistent, on-demand and just-in-time work scenarios
Cloud Desktop on Surface helps customers meet increasingly complex business and security requirements across industries, employee roles, and work environments. These include:
- Multi-layered security of access to data and organizational resources.
- Compliance with industry regulations.
- Support for an increasingly elastic workforce.
- Employee-specific needs across a variety of job functions.
- Ability to support specialized, processor-intensive workloads.
- Resilience for sustaining operations during disruptions.
**Table 1. Windows Virtual Desktop business conversations**
| Security & regulation | Elastic workforce | Work Roles | Special workloads | Business continuity |
| ---------------------------------------------------- | ---------------------------------------------------------------------------- | ----------------------------------------------------------------- | ---------------------------------------------------------------------------- | ---------------------------------------------------- |
| - Financial Services<br>- Healthcare<br>- Government | - Merger & acquisition<br>- Short term employees<br>- Contractors & partners | - BYOD & mobile<br>- Customer support/service<br>- Branch workers | - Design & engineering<br>- Support for legacy apps<br>- Software dev & test | - On demand<br>- Just-in-Time (JIT)<br>- Work @ Home |
### Offline and on-device access for more productive experiences
Traditionally, VDI solutions only work when the endpoint is connected to the internet. But what happens when the internet or power is unavailable for any reason (due to mobility, being on a plane, or power outages, and so on)?
To support business continuity and keep employees productive, Surface devices can easily augment the virtual desktop experience with offline access to files, Microsoft 365 and third-party applications. Traditional apps like Microsoft Office, available across .x86, x64, Universal Windows Platform, ARM platforms, enable users to stay productive in “offline mode”. Files from the virtual desktop cloud environment can be synced locally on Surface using OneDrive for Business for offline access as well. You can have the confidence that all locally “cached” information is up-to-date and secure.
In addition to adding support for offline access to apps and files, Surface devices are designed to optimize collaborative experiences like Microsoft Teams “On-Device”. Although some VDI solutions support the use of Teams through a virtual session, users can benefit from the more optimized experience provided by a locally installed instance of Teams. Localizing communications and collaboration apps for multimedia channels like voice, video, live captioning allows organizations to take full advantage of Surface devices ability to provide optimized Microsoft 365 experiences. The emergence of Surface artificial intelligence (AI) or “AI-on-device” brings new capabilities to life, such as eye gaze technology that adjusts the appearance of your eyes so the audience sees you looking directly at the camera when communicating via video.
An alternative to locally installing traditional applications is to take advantage of the Chromium version of Microsoft Edge, which comes with support for Progressive Web Apps (PWA). PWAs are just websites that are progressively enhanced to function like native apps on supporting platforms. The qualities of a PWA combine the best of the web and native apps by additional features, such as push notifications, background data refresh, offline support, and more.
### Virtual GPUs
GPUs are ideal for [AI] compute and graphics-intensive workloads, helping customers to fuel innovation through scenarios like high-end remote visualization, deep learning, and predictive analytics. However, this isnt ideal for professionals who need to work remotely or while on the go because varying degrees of internal GPU horsepower are tied to the physical devices, limiting mobility and flexibility.
To solve for this Azure offers the N-series family of Virtual Machines with NVIDIA GPU capabilities (vGPU). With vGPUs, IT can either share GPU performance across multiple virtual machines, or power demanding workloads by assigning multiple GPUs to a single virtual machine. For Surface this means that no matter what device youre using, from the highly portable Surface Go 2 to the slim and stylish Surface Laptop 3, your device has access to powerful server-class graphics performance. Surface and vGPUs allow you to combine all the things you love about Surface, to include pen, touch, keyboard, trackpad and PixelSense displays, with graphics capability only available in high performance computing environments.
Azure N-series brings these capabilities to life on your Surface device allowing you to work in any way you want, wherever you go. [Learn more about Azure N-Series and GPU optimized virtual machine sizes.](https://docs.microsoft.com/azure/virtual-machines/sizes-gpu)
### Microsoft 365 and Surface
Even in a virtualized desktop environment, Microsoft 365 and Surface deliver the experiences employees love, the protection organizations demand, and flexibility for teams to work their way. According to Forrester Research3:
- Microsoft 365-powered Surface devices give users up to 5 hours in weekly productivity gains with up to 9 hours saved per week for highly mobile workers, providing organizations with 112 percent ROI on Microsoft 365 with Surface
- 75 percent agree Microsoft 365-powered Surface devices help improve employee satisfaction and retention
- agree that Microsoft 365- powered Surface devices have helped improve employee satisfaction and retention.
#### Security and management
From chip to cloud, Microsoft 365 and Surface helps organizations stay protected and up to date.
With both Surface hardware and software designed, built, and tested together by Microsoft, users can be confident theyre productive and protected by leading technologies from chip to cloud. With increased numbers of users working remotely, protecting corporate data and intellectual property becomes more paramount than ever. Cloud Desktop on Surface is designed around a zero-trust security model in which every access request is strongly authenticated, authorized within policy constraints, and inspected for anomalies before granting access.
By maximizing efficiencies from cloud computing, modern management enables IT to better serve the needs of users, stakeholders and customers in an increasingly competitive business environment. For example, you can get Surface devices up-and-running with minimal interaction from your team. Setup is automatic and self-serviced. Updates are quick and painless for both your team and your users. You can manage devices regardless of their physical location.
Security and management features delivered Cloud Desktop on Surface include:
- **Windows Update.** Keeping Windows up to date helps you stay ahead of new security threats. Windows 10 has been engineered from the ground up to be more secure and utilize the latest hardware capabilities to improve security. With a purpose-built UEFI[[3]](#) and Windows Update for Business that responds to evolving threats, end-to-end protection is secure and simplified.4
- **Hardware encryption.** Device encryption lets you protect the data on your Surface so it can only be accessed by authorized individuals. All Surface for Business devices feature a discrete Trusted Platform Module (dTPM) that is hardware-protected against intrusion while software uses protected keys and measurements to verify software validity.
- **Windows Defender.** Windows Defender Antivirus brings together machine learning, big-data analysis, in-depth threat resistance research, and the Microsoft cloud infrastructure to protect devices. The tool is built in and needs no extra agents to be deployed on-devices or in the VDI environment, simplifying management and optimizing device start up.
- Windows Defender is built in and needs no extra agents to be deployed on-device or in the VDI environment, simplifying management and optimizing device start up. The true out-of-the-box experience.
- **Removable drives** - A subset of newer Surface devices[[4]](#) feature removable SSD drives5 providing greater control over data retention.
- **Modern authentication -** Microsoft 365 and Surface is a unified platform delivering every Windows security feature (subject to licensing and enablement). All Surface portfolio devices ship with a custom-built camera, designed for Windows Hello for Business providing biometric security that persists seamlessly from on-device to VDI-based experiences.
- **Modern firmware management** - IT administrators can disable hardware elements at a firmware level such as mics, USB ports, SD card slots, cameras, and Bluetooth which removes power to the peripheral. Device Firmware Configuration Interface (DFCI) enables IT managers to manage UEFI via Microsoft Intune, for simple remote management. Windows Defender Credential Guard uses virtualization-based security so that only privileged system software can access them.
- **Backward and forward compatibility** - Windows 10 devices provide backward and forward compatibility across hardware, software and services. Microsoft has a strong history of maintaining legacy support of hardware, peripherals, software and services while incorporating the latest technologies. Businesses can plan IT investments to have a long useful life.
- **Bridge for legacy Windows 7 workloads** - For solution scenarios dependent on legacy Windows OS environments, enterprises can use VDI instances of Windows 7 running in Azure. This enables support on modern devices like Surface without the risk of relying on older Windows 7 machines that no longer receive the latest security updates. In addition to these “future proofing” benefits, migration of any legacy workloads becomes greatly simplified when modern Windows 10 hardware is already deployed.
- **Zero-Touch Deployment** - Autopilot is the recommended modern management deployment option for Surface devices. Windows Autopilot on Surface is a cloud-based deployment technology in Windows 10. You can use Windows Autopilot on Surface to remotely deploy and configure devices in a zero-touch process right out of the box. Windows Autopilot-registered devices are identified over the Internet at first startup through a unique device signature that's called a hardware hash. They're automatically enrolled and configured by using modern management solutions such as Azure Active Directory (Azure AD) and mobile device management.
### Reduce your carbon footprint with Surface
At Microsoft Devices, sustainability is integral to our mission to build products that create magical experiences while empowering every person and organization to achieve more. From product design through sourcing, manufacturing, delivery, and product end-of-life, we are driven to make a difference with our products both in how our customers create with them and in the impact their development has on our environment.
- **Surface Environmental Impact** For each Surface product we produce an ECO profile which consist of data about the environmental impact for the product. In the profile you can find the Product Carbon Footprint as well as the EnergyStar value. Taking the average values from those reports and comparing them to the average values from in market VDI desktop and VDI mobile devices. We can see some big differences. 565 percent difference in kg Co2 and a 158 percent in the energy use.
- **Surface Packaging** - Integrating sustainability into our packaging designs and measuring results is a business priority. We focus on using less packaging and selecting the right materials for the environment. We are committed to designing and delivering packaging materials that achieve measurable sustainability gains. Wood-based fiber packaging materials contain an average of 65 percent post-consumer recycled content. Packaging is 93 percent recyclable. Packaging weight is minimized.
![Surface ECO profiles](images/surface-eco-data.png)
To download profiles for each Surface device, see [ECO Profiles](https://www.microsoft.com/download/details.aspx?id=55974) on the Microsoft Download Center.
## Summary
Cloud Desktop on Surface provides organizations with greater flexibility and resilience in meeting the diverse needs of users, stakeholders, and customers. Running WVD and Azure-based virtual desktop solutions on Surface devices provides unique advantages over continued reliance on legacy devices. Flexible form factors like Surface Go 2 and Surface Pro 7 connected to the cloud (or offline), enable users to be productive from anywhere, at any time. Whether employees work in persistent, on-demand, or just-in-time scenarios, Cloud Desktop on Surface affords businesses with the versatility to sustain productivity throughout disruptions from public health emergencies or other unforeseen events. Using the built in, multi-layered security and modern manageability of Windows 10, companies can take advantage of an expanding ecosystem of cloud-based services to rapidly deploy and scale Windows desktops and apps. Simply put, Cloud Desktop on Surface delivers critically needed technology to organizations and businesses of all sizes
## Learn more
For more information, see the following resources:
- [Windows Virtual Desktop](https://azure.microsoft.com/services/virtual-desktop/)
- [Surface for Business](https://www.microsoft.com/surface/business)
- [Zero-trust security model](https://www.microsoft.com/security/business/zero-trust)
----------
[[1]](#) Battery life varies significantly with settings, usage and other factors.
[[2]](#) Service availability and performance subject to service providers network. Contact your service provider for details, compatibility, pricing, SIM card, and activation. See all specs and frequencies at surface.com.
[[3]](#) Surface Go uses third party UEFI.
[[4]](#) Hard drive is not user removable. Hard drive is only removable a by skilled technician following Microsoft instructions.