Token protection (Preview) in Windows App on Windows devices

Week of April 28, 2025 (Service release 2504)

Device management
Guidance when placing a Cloud PC under review
Adhere to SEC Rule 17a-4 by configuring Azure Blob storage for immutability. For more information, see Place a Cloud PC under review and Azure - Cohasset Assessment - WORM Storage (2024) Report.

Resize Windows 365 Frontline Cloud PCs in designated mode
Admins can now resize Windows 365 Frontline Cloud PCs in designated mode. For more information, see Resize Windows 365 Frontline Cloud PCs in dedicated mode.

Device security
Credential Guard and HVCI enabled by default
Newly provisioned and reprovisioned Cloud PCs running a Windows 11 gallery image now have VBS, HVCI, and Credential Guard enabled by default. For more information, see Windows 365 security.

Monitor and troubleshoot
Connected Frontline Cloud PCs report is generally available
The Connected Frontline Cloud PCs report has moved out of preview and into general availability. For more information, see Connected Frontline Cloud PCs report.

Windows App
Token protection (Preview) in Windows App on Windows devices
You can now use a Conditional Access policy to require token protection for sign-in tokens (refresh tokens) on Windows devices. Such policies can reduce attacks using token theft by ensuring a token is usable only from the intended device. For more information, see Microsoft Entra Conditional Access token protection explained.