Man Working at Computer in Office Closeup

Microsoft has quietly shipped a capability that could reshape how organizations grant secure access to contractors, partners, and vendors. Windows 365 and Azure Virtual Desktop (AVD) now support external identities, allowing people outside your tenant to log into cloud PCs or virtual sessions using their own Microsoft Entra ID credentials. This means no more temporary accounts, no more duplicated identities, and far fewer operational headaches.

For many businesses, this is the update you’ve been waiting for.

The Old Way Was Clunky, Costly, and Hard to Secure

Until now, Windows 365 and AVD required users to be members of your tenant. For external collaborators, this meant IT teams had to:

  • Spin up temporary accounts

  • Manage passwords

  • Enforce enrollment policies

  • Clean up access when the project ended

That process was slow, error-prone, and expensive. It also created unnecessary security risk for temporary accounts often linger unmonitored, lack proper MFA, and fall outside onboarding/offboarding routines.

In a world where supply-chain access risk is rising, this approach simply didn’t scale.

The New Way is Simple, Secure Access for Anyone You Trust

With Microsoft’s update (now generally available) you can invite external identities directly into your Windows 365 or AVD environment. They log in with the credentials they already use for their home organization.

No more creating guest accounts. No more managing extra identities. No more cleanup after the fact.

Once onboarded, you can apply the same governance and security controls you use internally, including:

  • Conditional Access tailored for external identities

  • MFA enforcement, even if their home tenant doesn’t require it

  • Global Secure Access (GSA) to protect the sessions they run

  • FSLogix profile support (now in preview) so external users get persistent, managed profiles just like your internal workforce

For the first time, businesses can deliver a consistent, secure virtual desktop experience to anyone who needs access, without expanding their identity footprint.

Why This Matters for Your Business

This shift has huge implications for real-world operations.

  1. Faster onboarding for contractors and partners

Instead of provisioning local accounts, your team can invite a user and have them online in minutes. This is especially valuable for seasonal staff, temporary project teams, and vendor technicians.

  1. Stronger security with less friction

Because external users authenticate with identities you don’t manage, you reduce attack surface while still enforcing your own security policies. It’s a rare win-win: more control with fewer management tasks.

  1. Better experience for external users

They sign in once, with their own ID, and get straight to work. No juggling credentials. No new password policies. No new apps.

  1. Reduced operational overhead

By removing temporary accounts, you eliminate a major cleanup burden and avoid orphaned identities, a common gap highlighted in IAM assessments.

  1. Standardized virtualization strategy

You can finally run a unified, cloud-based desktop approach for internal and external users. No exceptions. No parallel systems.

Where External Identity Support Really Shines

We expect early adoption in industries where collaboration is constant and highly sensitive:

  • Healthcare: giving specialists or partner clinicians access to approved environments

  • Manufacturing: letting vendor engineers access diagnostic systems

  • Finance: providing auditors and consultants with secure workspaces

  • Education: enabling visiting faculty or remote contractors

  • Professional services: creating isolated client environments for engagement teams

If your business often hosts external collaborators and struggles to secure or scale access, this update is worth a closer look.

Considerations Before You Roll It Out

While this feature is powerful, there are a few nuances to keep in mind:

  • Your Conditional Access policies for external identities may need a tune-up to ensure the right friction and risk controls.

  • FSLogix support is still public preview, so test carefully before rolling it into production.

  • Licensing implications vary depending on Windows 365 vs. AVD and the external user’s home tenant.

Small details matter when you’re opening your environment to people outside your business.

Conclusion

This change is one of the most meaningful improvements to AVD and Windows 365 in years. It directly aligns with the way modern businesses work with fluid teams, cross-tenant collaboration, and increasing security expectations.

Get the Guide to Modern Digital Identity

Key Topics include:

  • How to find and adopt a Modern Idp

  • Identity Governance

  • The benefits of going modern

  • Modern Authentication and Authorization Practices

Andrew Reade