Placing Cloud PCs On Hold - Digital Forensics for W365
See who’s been been tampering with things around here…
Windows 365 saw a new feature enter preview recently - an ability to place a Cloud PC under review/on hold. Microsoft notes the following use cases:
A request from an internal Security Operation Center (SOC) team.
A response to a request from an internal or external third party auditor.
As a response to a pending or ongoing legal investigation.
I can see a number of use cases - a legal hold is the first thing that came to mind for me. However, this could also be useful in other scenarios…
Option 2 above could see a big win here, specifically in the form of a SOC audit. That scenario is interesting - a hold and subsequent review of logs, etc. could serve as proof that an organization did in fact follow documented procedures, which is what SOC is really all about.
It’s worth noting that this requires Windows 365 Enterprise - it is not supported for the Business edition.
A link to the full documentation can be found here.
Credit to community standout Stefan Dingemanse, a Microsoft MVP and former colleague of mine, for being the first post I saw on the subject on Twitter. Stefan can be found on Twitter here.