What is Microsoft Managed Desktop?


As we enter a new growth phase for managed services at Microsoft, Microsoft Managed Desktop will transition to end-of-service (EOS) on July 31, 2024. We're committed to working closely with each customer to provide support and guidance to make the transition as smooth as possible. If you have any questions, concerns, or need assistance, submit a support request.

Microsoft Managed Desktop is a cloud-based device management service that brings together Microsoft 365 Enterprise (including Windows 10/11 Enterprise, and Office apps) and delivers the following functionalities:

  • Device provisioning
  • Device configuration and management
  • IT service management (ITSM) and operations
  • Security monitoring and response

Key features and services

  • Implement and maintain a four deployment ring, staged and sequenced device management solution
  • Devices are kept up to date with the latest monthly Windows quality updates for Windows 10 and Windows 11
  • Users will enjoy the latest versions of Windows 10, Windows 11, and Microsoft 365 Apps for enterprise
  • Monitor managed devices 24 hours a day, seven days a week for security issues

Features, capabilities and services

Microsoft Managed Desktop provides the following services, features, and capabilities:

  • Vendor-registered devices. New OEM-supplied devices can directly be shipped to end users and managed by the service without customer IT involvement.
  • Security baseline to keep users and devices secure according to Microsoft’s best practices.
  • Modern device provisioning through Windows Autopilot to provide:
    • A seamless and curated user experience with minimal downtime
    • Integrated device configuration and management via Microsoft Endpoint Manager, Microsoft Entra ID, Autopilot, and Intune
    • Device naming
    • Device configuration
  • Service management and operational support by a dedicated team of service engineers and delivery managers
  • Device security monitoring and remediation services through a dedicated team of security specialists
  • Proactive management of the most secure and stable versions of Windows 10/11 and Microsoft 365 Apps for enterprise
  • Service integration with the Microsoft App Assurance program to diagnose and remediate application compatibility issues


  • Technical and operational support from Microsoft experts
  • Reduced resource requirements to administer and manage Windows updates and security configurations
  • Visibility into device and app performance
  • Early warning of security issues from the service

Service plan description

For details about the specific services included with Microsoft Managed Desktop, see the following articles:

Service Description
Supported regions and languages Explains which regions and languages are supported with the service.
Device requirements Instead of your IT department researching and figuring out if a device is compatible with the service, we've provided specific hardware and software requirements, tools, and processes so you can choose devices, or work with a partner, with confidence.

You can find recommended devices by filtering for Microsoft Managed Desktop on the Shop Windows Pro business devices site. You can either obtain devices yourself, work with a partner, or reuse devices you already have. Registering devices is easy and straightforward. Before they're deployed, you can also customize certain aspects of the device experience for your users.

For more information, also see:

Device images We provide universal images for reimaging, break and fix, and other scenarios. Driver management and injection are your responsibilities.
Device services Specifies the device-related services that Microsoft will provide to subscribers.
Device configuration Clarifies the default and security-related Mobile Device Management policies that the service will apply to enrolled devices.
Security Specifies the following:
  • Data collected from enrolled devices
  • The features and policies related to device security, identity and access management, network security, and information security.
Updates Describes the various deployment rings that Microsoft Managed Desktop uses to roll out updates to your devices.

Microsoft Managed Desktop sets up and manages all aspects of deployment rings for Windows 10/Windows 11 quality and feature updates, anti-virus definitions, and Microsoft 365 Apps for enterprise updates.

We use deployment rings to ensure operating system updates and policies are rolled out in a safe manner. During deployment, Microsoft Managed Desktop monitors for signs of failure, or disruption based on diagnostic data and the user support system to assure that registered devices are always up to date, minimizing disruptions, and freeing your IT department from that ongoing task.

Application requirements Describes the types of apps and behaviors allowed in Microsoft Managed Desktop, and the division of roles and responsibilities for app deployment and management.

As part of Microsoft 365 Enterprise, Microsoft provides and manages several key Microsoft apps for you.

However, you may also have other apps that you need for your business. Instead of your IT department having to test, package, and deploy those apps, Microsoft helps you deploy them through the FastTrack program.

Additionally, Microsoft's App Assure program can help remediate any app compatibility issues that arise when migrating to the latest versions of our products.

For more information about apps, see:

Device monitoring We help maintain the security of your devices with a dedicated security operations center that monitors your devices and uses data from the unique threats that Microsoft analyzes each month. These security features are built in instead of added on later.

We also monitor device health and provide you with insights about device performance.

Change management Explains how change management works with Microsoft Managed Desktop and includes standard procedures for requesting and preparing for changes in the deployment.
Proactive monitoring Explains how Microsoft Managed Desktop proactively monitors and remediates issues related to stop errors, Microsoft Defender Firewall, and BitLocker.
Support requests and management Clarifies the support Microsoft provides for your organization and users.

If you're ready to come on board, contact your local account team.

More information

For more information about the value of Microsoft Managed Desktop, including customer stories, see the following resources:

Information Description
Overview The articles in this section, but not limited to, detail the division of roles and responsibilities between your organization and Microsoft, technologies used in Microsoft Managed Desktop, and how the service fits into a broader strategy as part of the ITIL framework.
Prepare The articles in this section describe the mandatory steps to enroll your tenant in Microsoft Managed Desktop, including, but not limited to:
Deploy Once your tenant is enrolled in Microsoft Managed Desktop, this section includes, but not limited to, the following articles:
Operate This section includes the following, but not limited to, articles about operating with the Microsoft Managed Desktop service:
What's new To keep up with what's new in Microsoft Managed Desktop, see the What's new section.