Azure Virtual Desktop on Surface

Azure Virtual Desktop on Surface lets you run Virtual Desktop Infrastructure (VDI) on a Surface device — blurring the lines between the local desktop experience and the virtual desktop where touch, pen, ink, and biometric authentication span both physical and virtual environments. Representing another milestone in the evolution of computing, Azure Virtual Desktop on Surface 1 combines Microsoft 365 — virtualized in the Azure cloud — with the advanced security protections, enterprise-level manageability, and enhanced productivity tools of Windows 11 on Surface. This fusion of premium form factors and Virtual Desktop Infrastructure in Azure equips organizations to deliver advanced user experiences, portability, security, business continuity, and modern management.

Azure Virtual Desktop

Azure Virtual Desktop (AVD) is a comprehensive desktop and app virtualization service running in the Azure cloud. It's the only virtual desktop infrastructure that delivers simplified management, multi-session Windows 11, optimizations for Microsoft 365 Apps and support for Remote Desktop Services (RDS) environments. With AVD, you can quickly deploy and scale Windows desktops and apps on Azure and get built-in security and compliance features.

Azure Virtual Desktop partner integrations

For a list of approved partner providers and independent software vendors, visit the Azure Marketplace and search for Azure Virtual Desktop. Some partners also provide Virtual Desktop as a Service (DaaS). DaaS frees you from having to maintain your own virtual machines (VMs) by providing a fully managed, turnkey desktop and virtualization service. The ability to deliver customized desktops to users globally enables companies to quickly adjust to changing market conditions by spinning up cloud desktops on-demand — when and where they're needed.

Microsoft Surface Devices

Surface engineering has long set new standards for innovation by going beyond the keyboard and mouse to imagine more natural ways of interacting with devices, whether by touch, voice, ink, or Surface Dial. And with chip-to-cloud integration of Microsoft 365 and the security and manageability of Windows 11 Pro, Surface delivers connected hardware, software, apps, and services the way they were intended. Although it's possible to run AVD from Windows devices dating back to Windows 7, Microsoft Surface devices provide unique advantages, including support for:

  • Flexible form factors - like 2-in-1 devices such as Surface Pro 10 with pen, touch and detachable keyboard.
  • Persistent, on-demand, just-in-time work scenarios - with offline and on-device access for more productive experiences.
  • Modern device security and manageability - providing the flexibility to be productive anywhere.

Flexible form factors and premium user experience

The Microsoft Surface for Business family comprises a diverse portfolio of form factors, including traditional laptops, all-in-one machines, and 2-in-1 devices. Surface devices deliver experiences people love with the choice and flexibility they need to work on their terms.

The modern virtual desktop endpoint

Surface 2-in-1 devices, including Surface Go 4 and Surface Pro 10 provide users with the ideal cloud desktop endpoint bringing together the optimal balance of portability, versatility, power, and an all-day battery. From site engineers relying on Surface Go 4 in tablet mode to financial advisers attaching Surface Pro 9 to a dock and multiple monitors, 2-in-1 devices deliver the versatility that has come to define the modern workplace.

Unlike traditional, fixed VDI terminals, Surface devices allow users to work from anywhere and enable companies to remain viable and operational during unforeseen events -- from severe weather to public health emergencies. With support for persistent, on-demand and just-in-time scenarios, Surface devices effectively help companies sustain ongoing operations and mitigate risk from disruptive events. Features designed to enhance productivity on Surface 2-in-1 devices include:

  • Vibrant, high-resolution displays with a 3:2 aspect ratio to get work done.
  • Natural inking and multi-touch for more immersive experiences.
  • With a wide variety of built-in and third-party accessibility features, Surface devices let you choose how to interact with your device, express ideas, and get work done.
  • Far-field mics and high-performance speakers for improved virtual meetings.
  • Biometric security includes a built-in Windows Hello camera that comes standard on every Surface device.
  • Long battery life 2 and fast charging.
  • Mobile connectivity options 3 on modern devices like Surface Pro 10 with 5G for hassle-free and secure connectivity.
  • Support for a wide range of peripherals such as standard printers, 3D printers, cameras, credit card readers, barcode scanners, and many others. A large ecosystem of Designed for Surface partners provides licensed and certified Surface accessories.
  • A broad range of Device Redirection support.

Device Redirection Support

The Surface-centric productivity experiences listed above become even more compelling in Azure Virtual Desktop environments by taking advantage of the device redirection capabilities. Surface provides a broad range of device redirection support, especially when compared to OEM thin clients and fixed terminals, Android, iOS/macOS and web-based access. The Windows Inbox (MSTSC) and Windows Desktop (MSRDC) clients provide the most device redirection capabilities, including Input Redirection (keyboard, mouse, pen and touch), Port Redirection (serial and USB) and Other Redirections (cameras, clipboard, local drive/storage, location, microphones, printers, scanners, smart cards and speakers). For a detailed comparison of device redirection support, refer to the device redirection documentation.

Familiar Desktop Experience

Not only does running the Windows Desktop Client on Surface devices provide users with a broad set of device redirection capabilities, but it also lets everyone launch apps in familiar ways — directly from the Start Menu or Search bar.

Persistent, on-demand and just-in-time work scenarios

Azure Virtual Desktop on Surface helps customers meet increasingly complex business and security requirements across industries, employee roles, and work environments. These include:

  • Multi-layered security of access to data and organizational resources
  • Compliance with industry regulations
  • Support for an increasingly elastic workforce
  • Employee-specific needs across a variety of job functions.
  • Ability to support specialized, processor-intensive workloads.
  • Resilience for sustaining operations during disruptions.

Table 1. Azure Virtual Desktop business conversations

Security & regulation Elastic workforce Work Roles Special workloads Business continuity
- Financial Services
- Healthcare
- Government
- Merger & acquisition
- Short term employees
- Contractors & partners
- BYOD & mobile
- Customer support/service
- Branch workers
- Design & engineering
- Support for legacy apps
- Software dev & test
- On-demand
- Just-in-Time (JIT)
- Work @ Home

Offline and on-device access for more productive experiences

Traditionally, VDI solutions only work when the endpoint is connected to the internet. But what happens when the internet or power is unavailable?

To support business continuity and help employees be productive, Microsoft designed Surface devices to augment the virtual desktop experience with offline access to files, Microsoft 365 and third-party applications. Traditional apps like Microsoft Office, available across multiple platforms (x86, x64, Universal Windows Platform, ARM), enable users to stay productive in offline mode. Files from the virtual desktop cloud environment can be synced locally on Surface using OneDrive for Business for offline access. You can be confident that all locally cached information is up-to-date and secure.

In addition to adding support for offline access to apps and files, Surface devices are designed to optimize collaborative experiences like Microsoft Teams "On-Device." Although some VDI solutions support the use of Teams through a virtual session, users can benefit from the more optimized experience provided by a locally installed instance of Teams. Localizing communications and collaboration apps for multimedia channels like voice, video, live captioning allows organizations to take full advantage of Surface devices' ability to provide optimized Microsoft 365 experiences. The emergence of AI brings new capabilities to life on compatible devices, such as eye gaze technology that adjusts the appearance of your eyes, so the audience sees you looking directly at the camera when communicating via video.

An alternative to locally installing traditional applications is to take advantage of the latest version of Microsoft Edge, which comes with support for Progressive Web Apps (PWA). PWAs are just websites that are progressively enhanced to function like native apps on supporting platforms. The qualities of a PWA combine the best of the web and native apps with additional features, such as push notifications, background data refresh, offline support, and more.

Virtual GPUs

GPUs are ideal for AI compute and graphics-intensive workloads, helping customers to fuel innovation through scenarios like high-end remote visualization, deep learning, and predictive analytics. However, this isn't ideal for professionals who need to work remotely or on the go because varying degrees of internal GPU horsepower are tied to the physical devices, limiting mobility and flexibility.

To solve this, Azure offers the N-series family of Virtual Machines with NVIDIA GPU capabilities (vGPU). With vGPUs, IT can either share GPU performance across multiple virtual machines or power-demanding workloads by assigning multiple GPUs to a single virtual machine. For Surface, this means that no matter what device you're using, from Surface Go 4 to Surface Laptop 6, your device has access to powerful server-class graphics performance. Surface and vGPUs allow you to combine all the things you love about Surface, including pen, touch, keyboard, trackpad and PixelSense displays, with graphics capability only available in high-performance computing environments.

Azure N-series brings these capabilities to life on your Surface device, allowing you to work in any way you want, wherever you go. Learn more about Azure N-Series and GPU-optimized virtual machine sizes.

Microsoft 365 and Surface

Even in a virtualized desktop environment, Microsoft 365 and Surface deliver the experiences employees love, the protection organizations demand, and flexibility for teams to work their way. According to Forrester Research: 4

  • Microsoft 365-powered Surface devices give users up to five hours in weekly productivity gains with up to nine hours saved per week for highly mobile workers, providing organizations with 112 percent ROI on Microsoft 365 with Surface.
  • Seventy-five percent agree Microsoft 365-powered Surface devices help improve employee satisfaction and retention.

Security and management

From chip to cloud, Microsoft 365 and Surface helps organizations stay protected and up to date. With Surface hardware and software — designed, built, and tested by Microsoft — users can be confident they're productive and protected by leading technologies from chip to cloud. As more users work remotely, corporate data and intellectual property protection become more paramount than ever. Azure Virtual Desktop on Surface is designed around a zero-trust security model. Every access request is strongly authenticated, authorized within policy constraints, and inspected for anomalies before granting access.

By maximizing efficiencies from cloud computing, modern management enables IT to better serve the needs of users, stakeholders and customers in an increasingly competitive business environment. For example, you can get Surface devices up and running with minimal interaction from your team. Setup is automatic and self-serviced. Updates are quick and painless for both your team and your users. You can manage devices regardless of their physical location.

Security and management features delivered with Azure Virtual Desktop on Surface include:

  • Windows Update. Keeping Windows up to date helps you stay ahead of security threats. Windows 11 has been engineered from the ground up to be more secure and utilize the latest hardware capabilities to improve security. With a purpose-built UEFI 5 and Windows Update for Business that responds to evolving threats, end-to-end protection is secure and simplified.
  • Hardware encryption. Device encryption lets you protect the data on your Surface so only authorized individuals can access it. All Surface for Business devices feature a discrete Trusted Platform Module (dTPM) that is hardware-protected against intrusion while software uses protected keys and measurements to verify software validity.
  • Microsoft Defender Microsoft Defender for Endpoint brings together machine learning, big-data analysis, in-depth threat resistance research, and the Microsoft cloud infrastructure to protect devices. The tool is built-in and needs no extra agents to be deployed on devices or in the VDI environment, simplifying management and optimizing device startup.
  • Removable drives. Most newer Surface devices feature removable SSD drives, providing greater control over data retention.
  • Modern authentication. Microsoft 365 and Surface is a unified platform delivering every Windows security feature (subject to licensing and enablement). All Surface portfolio devices ship with a custom-built camera, designed for Windows Hello for Business, providing biometric security that persists seamlessly from on-device to VDI-based experiences.
  • Modern firmware management -Using Device Firmware Configuration Interface (DFCI), IT administrators can remotely disable hardware elements at a firmware level such as mics, USB ports, SD card slots, cameras, and Bluetooth, which removes power to the peripheral. Windows Defender Credential Guard uses virtualization-based security so that only privileged system software can access them.
  • Backward and forward compatibility. Windows 10 and Windows 11 devices provide backward and forward compatibility across hardware, software and services. Microsoft has a strong history of maintaining legacy support of hardware, peripherals, software and services while incorporating the latest technologies. Businesses can plan IT investments to have a long useful life.
  • Bridge for legacy Windows 7 workloads. For solution scenarios dependent on legacy Windows OS environments, enterprises can use VDI instances of Windows 7 running in Azure. This enables support on modern devices like Surface without the risk of relying on older Windows 7 machines that no longer receive the latest security updates. In addition to these "future-proofing" benefits, migration of any legacy workloads becomes greatly simplified when modern Windows 11 hardware is already deployed.
  • Zero-Touch Deployment. Autopilot is the recommended modern management deployment option for Surface devices. You can use Windows Autopilot on Surface to remotely deploy and configure devices in a zero-touch process right out of the box. Windows Autopilot-registered devices are identified over the internet at first startup through a unique device signature called a hardware hash. They're automatically enrolled and configured using modern management solutions such as Microsoft Entra ID and mobile device management.

Surface devices: Minimizing environmental impacts

Surface performs life cycle assessments to calculate the environmental impact of devices across key stages of the product life cycle enabling Microsoft to minimize these impacts. Each Surface product has an ECO profile with data on greenhouse gas emissions, primary energy consumption and material composition, packaging, recycling, and related criteria. To download profiles for each Surface device, see ECO Profiles.

Summary

Azure Virtual Desktop on Surface provides organizations with greater flexibility and resilience in meeting the diverse needs of users, stakeholders, and customers. Running Azure Virtual Desktop solutions on Surface devices offers unique advantages over continued reliance on legacy devices. Flexible form factors like Surface Go 4 and Surface Pro 10 connected to the cloud (or offline) enable users to be productive from anywhere, at any time. Whether employees work in persistent, on-demand, or just-in-time scenarios, Azure Virtual Desktop on Surface affords businesses the versatility to sustain productivity throughout disruptions from unforeseen events. Using the built-in, multi-layered security and modern manageability of Windows 10 and Windows 11, companies can take advantage of an expanding ecosystem of cloud-based services to rapidly deploy and scale Windows desktops and apps. Simply put, Azure Virtual Desktop on Surface delivers critically needed technology to organizations and businesses of all sizes.

Learn more

For more information, see the following resources:

References

1. Azure Virtual Desktop on Surface refers to running Azure Virtual Desktop Infrastructure on a Surface device and is described here as an architectural solution, not a separately available product.
2. Battery life varies significantly with settings, usage and other factors.
3. Service availability and performance subject to service provider's network. Contact your service provider for details, compatibility, pricing, SIM card, and activation. See all specs and frequencies at surface.com.
4. Forrester Consulting, "A Forrester Total Economic Impact™ Study: Maximizing Your ROI from Microsoft 365 Enterprise with Microsoft Surface," commissioned by Microsoft, 2018.
5. Surface Go and Surface Go 2 use a third-party UEFI and don't support DFCI.