Learn more about cloud-native endpoints


When reading about cloud native endpoints, you'll see the following terms:

  • Endpoint: An endpoint is a device, like a mobile phone, tablet, laptop, or desktop computer. "Endpoints" and "devices" are used interchangeably.
  • Managed endpoints: Endpoints that receive policies from the organization using an MDM solution or Group Policy Objects. These devices are typically organization owned, but can also be BYOD or personally owned devices.
  • Cloud native endpoints: Endpoints that are joined to Azure AD. They aren't joined to on-premises AD.
  • Workload: Any program, service, or process.

Organizations are focusing on supporting remote and hybrid workers. With cloud-native endpoints, organizations can:

  • Ship devices directly to users.
  • Automatically configure apps and settings on devices using an internet connection.
  • Have users reset their devices and redeploy apps without losing data.
  • Allow users to be productive from anywhere, while protecting and securing user and organization data.

In this set of articles, you will:

What are cloud-native endpoints

Cloud-native endpoints are devices that can be deployed from anywhere. They receive their applications and configurations dynamically from the cloud, and can easily be reset or restored.

A cloud-native endpoint doesn't necessarily live exclusively in the cloud. Instead, any endpoint that's cloud-native eliminates hard dependencies to on-premises connectivity and on-premises resources.

These endpoints can be located anywhere that has internet access. They can also be physical devices or virtual machines.

From a technical perspective, cloud-native endpoints are Windows devices that are deployed using Windows Autopilot, joined to Azure Active Directory (Azure AD joined), and are automatically enrolled in a Mobile Device Management (MDM) solution, like Microsoft Intune.

A cloud-native endpoint has the following characteristics:

  • Provisioned and managed from cloud-based services
  • Can use and access other cloud-based endpoints from anywhere
  • Azure AD joined
  • Includes configuration, data, and applications that are portable and roam with the user
  • Doesn't generally require a direct connection to any on-premises resources for usability or management

For end users, they only need an internet connection. Their data and critical settings can be automatically preserved and restored using Enterprise State Roaming, or similar solutions. If end users experience issues during deployment or at any time, then they can reset and reprovision the device without contacting support.

Microsoft recommends that organizations focus on adopting cloud-native endpoints.

Benefits for users and IT

Cloud-native endpoints provide many benefits to end users and IT:

  • Best for remote workers

    End users don't worry about connecting to the VPN or other networks. They sign in to devices from anywhere, and run actions, like password reset, without connecting to on-premises AD.

    Azure AD joined (also known as AADJ) endpoints do the initial sign-in using an internet connection. The Azure AD joined sign-in process doesn't use an on-premises domain controller for connectivity, and is faster than a traditional domain-based sign-in.

    Traditional domain joined PCs require connectivity to domain controllers for initial sign-in.

  • Deploy from anywhere

    To deploy new devices, administrators can be anywhere with an internet connection. You can provision or reset devices, and have the devices ready quicker than traditional provisioning, possibly in minutes. The reliance on on-premises resources is reduced, which simplifies the endpoint requirements and endpoint management.

  • Simplified management for all platforms

    Users and administrators get a unified management experience for all platforms, including Android, iOS/iPadOS, macOS, and Windows. With Intune, you can manage mobile and non-mobile devices and operating systems. You don't need to rely on complex group policy management.

  • Provide a secure Single-Sign-On (SSO) experience to cloud and on-premises apps

    Cloud-native endpoints include native single sign-on (SSO) for cloud and on-premises resources, such as file servers, print servers, and web applications.

  • Secure access without passwords

    With Windows Hello for Business, end users can sign in to their device, and access resources without passwords.

    For more specific information, go to Password-less Strategy.

  • Seamless experience for documents, settings, and preferences

    With OneDrive, end users automatically gain access to their documents, can restore any previous Office and Windows settings, and avoid spending time recovering data.

    For example, you can store the following user data on OneDrive:

    • Windows wallpaper
    • Automatic sync of documents and desktop files to OneDrive
    • Office settings
    • Outlook email signatures
    • Microsoft Edge settings

    When user data is stored on OneDrive, it can synchronize the data with all user endpoints.

How to get started

The High level planning guide to move to cloud-native endpoints is a good resource. It covers the following areas:

  • Plan: When ready to move to cloud-native endpoints, organizations focus on several key areas:

    • Review your existing workloads for modernization, and determine the next steps to support cloud-native.
    • Be prepared to change operational processes and procedures.
    • Get your end users ready for change.

    For more specific information, go to the High level planning guide to move to cloud-native endpoints.

  • Create a Proof of Concept: Do an initial proof of concept (POC). The goal is to understand changes and their impact.

    For more specific information, go to the High level planning guide to move to cloud-native endpoints.

Follow the cloud-native endpoints guidance

  1. 🡺 Overview: What are cloud-native endpoints? (You are here)
  2. Tutorial: Get started with cloud-native Windows endpoints
  3. Concept: Azure AD joined vs. Hybrid Azure AD joined
  4. Concept: Cloud-native endpoints and on-premises resources
  5. High level planning guide
  6. Known issues and important information