W365:Accessing Windows 365 Cloud PC in a Web Browser to Render High Resolution

Imagine you’re working remotely on a high-resolution display, like a 4K or UHD monitor, and need to access your Windows 365 Cloud PC through your web browser. By default, the web client might not fully utilize the native resolution of your physical device, making your Cloud PC appear slightly blurry or less sharp. This is where the High DPI setting comes in handy.

Let’s walk through a scenario where you enable this setting for optimal clarity.

Scenario:

You’ve just connected to your Windows 365 Cloud PC through your web browser to work on a graphic design project. You're using a 4K monitor, and you notice that the display doesn’t seem as sharp as it should be. Text appears slightly fuzzy, and the fine details in your design are not as clear as you'd like them to be.

Instead of struggling with the display, you can easily improve the experience by turning on the High DPI setting. Here’s how:

1.Log in to Windows 365 Cloud PC

Open your preferred web browser and log in to your Windows 365 Cloud PC account.

2. Access the Settings Menu

Once you're connected to your Cloud PC, locate the gear icon (settings menu) at the top-right corner of your screen. Click on it to access the display settings.

3. Enable High DPI 

In the settings menu, look for the High DPI toggle. Simply turn it on. This setting will adjust the display resolution to match your device's native resolution, making use of the higher pixel density available on your monitor.

4. Experience Crisp Display

After enabling High DPI, your Windows 365 Cloud PC will render at the native resolution of your 4K or UHD monitor. You’ll immediately notice the difference: text becomes sharper, images clearer, and your overall experience more precise.

Why Use High DPI?

The High DPI feature is particularly useful for users with high-resolution screens. Without it, the web client might downscale the display resolution, resulting in a less crisp interface. When turned on, this feature optimizes your viewing experience by taking full advantage of your monitor’s capabilities.

This simple adjustment is especially beneficial for tasks that demand visual precision, such as graphic design, video editing, or even reading large amounts of text.

With this feature, you can enjoy a crisp, clear, and efficient experience in web browser when accessing your windows 365 cloud pc, just like you would on a physical PC.

AVD: Can’t connect due to low virtual memory - Solution

Multiple Users started getting the below error while accessing AVD from the Remote Desktop client.

Microsoft has confirmed that it is a known issue and also confirmed that Microsoft's Product Group Team is working on this.

Solution:

1. End all Remote Desktop client Related Tasks from Task Bar and try re-opening again.

2. Install the new Remote Desktop Client App version 1.2.5699(Insider).

W365: Wrong error message when screen capture protection is enabled in Browser is Fixed now

When Screen capture protection is enabled for the windows 365 cloud pc’s and accessed through browsers, it was showing a wrong error message as "you need to enable the screen capture protection", where as it should actually say to disable the screen protection to access cloud pc in the browser session. 

I earlier had raised a Windows 365 cloud pc Feedback request about this bug and also reported in Twitter in their Intune Support Team handle. Thanks to the Microsoft Intune Support Team who have took up this issue and fixed it recently.

Microsoft has fixed the error message with the screen capture protection enabled and accessed through  browsers.

Now, when you access the cloud pc through browsers, it should show you the below error message properly when screen capture  protection is enabled for them.

Thanks once again Microsoft Intune Team 🙏

W365: Fix Latency issue when accessing cloud pc through browsers

 If you are facing any latency issue when accessing the windows 365 cloud pc through browser URL - https://windows365.microsoft.com, the check the below settings to fix the issue.

Option 1:

When you open the cloud pc in bowser, you will be prompted with the below initial screen. click on the show Advanced Settings and turn on the "Use hardware acceleration" option if it has been turned off. By default this will be set to ON only.

Option 2:

After opening the cloud pc through browser, in the top right side check for the gear icon. click the gear icon and select the "Use Hardware acceleration" option. This will improve by decreasing the network latency.

W365: Enable winget inside windows sandbox from windows 365 cloud pc

To enable winget feature inside a windows sandox from the host windows 365 cloud pc, follow the below steps. 

Note: Make sure windows sandbox feature is enabed in add or remove features. If not enable it in add or remove features option or by running the below command in powershell. 

Enable-WindowsOptionalFeature -FeatureName "Containers-DisposableClientVM" -All -Online

Reference: https://learn.microsoft.com/en-us/windows/security/application-security/application-isolation/windows-sandbox/windows-sandbox-overview

Open Powershell as normal user and run the below command

"winget configure https://aka.ms/sandbox.dsc.yaml"

This should enable the winget inside the sandbox.

You can verify this by running "winget -v" in powershell inside windows sandbox.

Demo:

W365: New windows App features refresh button & SSO Lock Screen experience

 The latest Windows App version 1.3.278.0 has been released recently which has two important features like the refresh button and the new SSO Lock Screen experience among other features.

What’s new in Windows App:

Refresh Button:

The Refresh button is used to clear the local cache and refresh to pull the new device assignments from the Intune.User can click on the refresh button that can be found next to the device name in the Windows App to manually trigger the refresh and clear the cache.

SSO Lock Screen Experience:

The Latest version now provides an Improved experience for the single sign-on SSO Lock Screen dialogs.

Microsoft have released a new feature that shows the Lock Screen when the session is timed out due to inactivity or screen saver lock when SSO is enabled. Earlier windows 365 used to show the disconnect screen and prompt user for reconnect or cancel. 

More information can be checked about the latest SSO Lock Screen in my previous blog  here

W365 - Configure the session lock behaviour for the cloud Pc when SSO is enabled in Intune

Configure the session lock behaviour for the cloud Pc when SSO is enabled in Intune:

When single sign-on is enabled for the windows 365 provisioning policy and a remote session gets locked due to session inactivity for 15mins or screensaver settings enabled for 15mins then the session will get disconnected, and a notification will appear informing the user of the disconnection and show Reconnect or Ok to disconnect options like below.

Users can then select the Reconnect option from the dialog whenever they are ready to re-establish the session. It will not ask to re-enter the credentials again and will open the session immediately.

This was a known issue and many users were complaining about this - W365 Known Issue

However Microsoft has released a new feature that enables the remote lock screen experience even when SSO is enabled and when the session gets locked due to inactivity or screen saver settings - What's New in W365

PreReq for Win 11:

• Windows 11 single or multi-session with the 2024-05 Cumulative Updates for Windows 11 (KB5037770) or later installed.

Steps to configure the session lock behaviour on session hosts using Intune:

1. Open Microsoft Intune admin center.

2. Select Devices > Manage devices > Configuration > Create > New policy.

3. Select Platform as Windows 10 and later and Profile type as Settings catalog.

4. In Basics, enter the Name and valid Description.

5. In Configuration settings, select Add settings. Then:

   1. In the settings picker, expand Administrative Templates > Windows Components > Remote Desktop Services > Remote Desktop Session Host > Security.

   2. Select the Disconnect remote session on lock for Microsoft identity platform authentication setting.

   3. Close the settings picker.

       6. Configure the setting to "Disabled" to show the remote lock screen when the session locks.

      7. Select Next.

      8. Add the Scope tags and Assignments and select Create.

      9. Once the policy configuration is created, the setting will take effect after the session hosts sync              with Intune and users initiate a new session or restart the cloud pc.

Alternatively this can be done using the below registry keys.

Value Data	Description
0	Show the remote lock screen.
1	Disconnect the session.

Enable Screen Lock:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services]
"fdisconnectonlockmicrosoftidentity"=dword:00000000

Disconnect the session:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services]
"fdisconnectonlockmicrosoftidentity"=dword:00000001

PowerShell Scripts:

You can find the automated scripts in my GitHub Repo - Windows365-Scripts/SSO-RemoteLockScreen at main · app2pack/Windows365-Scripts · GitHub

Microsoft recommendation:

Microsoft recommends to use the default disconnect when using the SSO due to its security benefits, which are highly recommended and expected by many customers:

• Consistent sign-in experience through Microsoft Entra ID when needed.
• Single sign-on experience and reconnection without authentication prompt when allowed by conditional access policies.
• Supports passwordless authentication like passkeys and FIDO2 devices, contrary to the remote lock screen.

• The Conditional access policies, including multifactor authentication and sign-in frequency, are re-evaluated when the user reconnects to their session.

• Can require multi-factor authentication to return to the session and prevent users from unlocking with a simple username and password.

Especially, When using the new Remote lock screen it won't re-evaluate Conditional access policies.

So for e.g. if the sign-in frequency has already timed out, it won't be checked again until the user is disconnected but this won't happen when using the default disconnect on lock feature.