Introduction
Since the release of Windows 365 back in July 2021, Microsoft has been busy adding new features and abilities at a dizzying rate and the offering has become a global success story. 5 years have passed since it’s release and they are still adding new features. The latest is a feature called Windows 365 Reserve, but what is it exactly ?
According to this page Windows 365 Reserve can be described as:
“Your ready-to-use Cloud PC when the unexpected happens.
Whether it’s a hardware failure, software issue, cyberattack, or short-term access need, Windows 365 Reserve ensures your workforce stays connected and your business keeps moving forward.”
This definitely sounds to me like a disaster recovery type of scenario, when something goes wrong with a users physical laptop or desktop, or if it gets stolen or some other calamity happens to it but don’t confuse it with Microsoft’s dedicated Windows 365 Cross-region Disaster Recovery which is an add-on for Windows 365 Enterprise and Flex as that offers different capabilities to Windows 365 Reserve. Instead, think of this as a short-term Cloud PC access for users that use Physical PC’s but need access to their environment to continue working.
What can the user do when a problem occurs ? The user can actually remain productive by using their assigned Windows 365 Reserve Cloud PC for up to 10 days (per year). And how does the user do that ? well if the Intune admin optionally configures Windows 365 Reserve settings to allow the end user to provision their own Reserve Cloud PC then that’s a self service win right there, otherwise the Intune Admin must do the actions on the provisioning policy itself (or use some automation).
The caveat is that the user will still need a physical device of some sort to connect to their Windows 365 Reserve Cloud PC, but luckily there are many choices available such as Windows PC, macOS, iOS, Android, Linux via the Windows app or a web browser.
Another point that’s worth noting and I’ll return to it a few times in this blog post is that setup of the Windows 365 Reserve Cloud PC’s must be done before any incident occurs so the Cloud PCs are ready for use by the users you target when needed, so not only must you set things up in advance, you also need to decide which users in your fleet are to be protected by this.
Prerequisites
Looking at these details, you can see there are some prerequisites.
- Each user requires a Windows 365 Reserve license.
- Licenses allow up to 10 days of Cloud PC access per year for one user.
- Users must also have:
- Windows 11 Enterprise
- Microsoft Intune
- Microsoft Entra ID P1
Windows 10 was included in the prerequisites but why even bother as it’s no longer supported except via ESU (Extended Security Updates). Regarding the other license requirements, if you have E3 or E5 then you are good to go.
Licensing
The licensing is a bit odd, in the admin portal you can see how many licenses are available but cannot assign them, that’s because you use the provisioning policy to actually assign the licenses.
Another thing that’s really important here is you must not wait until a disaster happens for the end users you wish to protect with Windows 365 Reserve. Instead, you must add them to a group targeted by the provisioning policy (more of that later) in advance as the actual license assignment happens via that policy and needs to be done at least 7 days prior to usage.
This detail is listed in the Windows 365 Reserve FAQ. The more I think about it, the more the word reserve in Windows 365 Reserve makes more sense, as you must reserve the Cloud PC for the user in advance of any issue, not after the effect.

Creating the policy
In Intune, browse to the Windows 365 provisioning node and create a new provisioning policy, give it a suitable name and select Reserve from the choices as the License type.
When it comes to the Assignments step, point it to a previously created group where you’ve added your target users for Windows 365 Reserve.
And that’s it. Once the policy is created the Windows 365 Reserve Cloud PC’s will remain in a state of Not Provisioned until you (or the end user, more of that below) take further action.
Provisioning Reserve Cloud PCs
That action must be taken on the provisioning policy level, after the policy is created, when needed by selecting the Cloud PC users tab.
From there you can select one or more users (that are licensed/in the group) and if possible click on the Provision or Deprovision buttons which are greyed out in the screenshot below.
Why are those buttons greyed out ? remember that 7 days in advance rule ? well if you haven’t waited 7 days you can’t do anything at this point and you cannot move forward.
Pay close attention to the Can be provisioned after column as that’s when things can happen and that’s why preparing your Windows 365 Reserve provisioning policy well in advance of a problem (at least 7 days in advance) is super important.
Not only that, but deciding who can avail of this feature is also important, if they are not licensed, and something bad happens, then this won’t help. You cannot assign a Windows 365 Reserve license to a user when the problem occurs and hope that this will help, as you’ll have to wait a full 7 days before provisioning the Cloud PC is even possible.
User initiated provisioning
As the Intune admin, you can modify the settings to allow end-users to initiate the provisioning of their Windows 365 Reserve Cloud PC via settings, shown here. The setting can be found in Windows app settings (preview) and is called Enable users to to provision new Cloud PC instances.
Once enabled and deployed to your Windows 365 Reserve users, they will see a new option in the Windows app called Set up your Cloud PC.
Side note, this option even appears in the web browser version of Windows app, shown below on a computer running Linux, via the Brave web browser.
Fantastic!
Using Reserve Cloud PCs
A Windows 365 Reserve Cloud PC is basically the same as the 4vCPU, 16GB ram, 128GB storage SKU we are all familiar with, which is a good all round Cloud PC spec. So provisioning (aside from what I’ve mentioned above) and using one of the them is something that we should all be familiar with. There may be more SKU’s available in the future depending on demand.
Summary
Windows 365 Reserve is a great way of getting users back up to speed provided that an admin or disaster recovery team (business continuity) has already done the ground work well in advance of an ‘issue’ actually happening. In other words, the admin needs to be proactive, not reactive.
In the real-world unfortunately there will be lots of reactive admins that want to give their users a Windows 365 Reserve Cloud PC, but cannot because they didn’t add the user to the assigned group(s) in time.
I asked Copilot the following question
From an Intune admin perspective, would you say that most admins are proactive or reactive ?
and below is the result.
There are problems with the implementation that I’d like Microsoft to resolve and I wish I had been involved with a private preview of this feature. First of all, I’d suggest to remove the 7 days wait, that’s just a blocker in my opinion at least for those 60-70% of reactive admins mentioned earlier.
If you even look at the common scenarios that this service is supposed to help with (according to Microsoft’s own documentation):
Based on those Common scenarios, imaging you license only some of your users for Windows 365 Reserve, and let’s imagine that you are impacted by an outage or cyber incident and an entire team of users cannot work because they weren’t licensed for Windows 365 Reserve 7 days previously, then you have a problem that this cannot solve.
I’d strongly recommend you read the FAQ, it’s very detailed!
Aside from that, I really like the ability to offer the provisioning of the Reserve Cloud PC to the end user via the Windows app setting, that’s a bonus. And for disaster recovery teams that are proactive rather than reactive, this can be a win as the license fee is decent for what you get.
Thanks Microsoft for letting me try it out!











