From Legacy to Cloud PCs: Why the DaaS Market Shift Is No Longer a Future Prediction

In July, I had the chance to speak with The Register's Richard Speed about the challenges many organizations are facing with Windows 11 migration and the fast-approaching Windows 10 end-of-support deadline. I was quoted in their piece on Windows 11 market share, and it’s great to see those themes resurface in their latest article: Gartner bets big on DaaS.

Gartner’s prediction that 80 percent of VDI deployments will move to DaaS by 2027 reflects what we’re already seeing in practice. The shift is not just coming, it’s already happening.

Windows 10 End of Support: A Trigger for Change

For many customers who haven’t made the move yet, the fallback has been to budget for a one-year Windows 10 ESU. Alongside that, they’re reviewing Intune readiness, application compatibility, and hardware lifecycles. But time is running out quickly. These conversations now go far beyond Windows 10, Windows 11, and ESU.

Key areas we’re currently working through with customers include:

• How is the Windows estate managed today? Is it primarily physical devices, virtual desktops, or a mix of both?
• What is the lifecycle status and current condition of the hardware?
• Where are they in their endpoint management journey? Are they using Intune, Configuration Manager, or a co-management approach?
• Are they still relying on traditional on-premises VDI platforms like Citrix or Horizon?

And most importantly: Is now the time to move away from legacy infrastructure entirely?

Rising Costs, Renewals, and the VDI Reality Check

Many customers come to us when their Citrix renewal is due. Often, they’ve only just received the pricing and are shocked to find it has doubled or even tripled compared to previous costs. On top of that, they’re facing hardware refresh deadlines and staffing challenges.

In most of these cases, we are able to move quickly. We deploy a pilot-to-production-ready Windows 365 environment using the Microsoft-hosted network. Applications are packaged, security baselines are applied, a VPN is pushed out, and the customer is testing within hours. This also enables the adoption of cloud-native identity with Microsoft Entra Join, removing the need for legacy domain joins or hybrid identity workarounds.

This is where things get exciting. Customers can now:

• Extend the life of existing Windows 10 devices
  • Repurpose devices as kiosks that connect to Cloud PCs
  • Leverage free ESU entitlement when those devices are used to access Windows 365
• Embrace BYOD and BYOPC initiatives
  • Users actually enjoy using their own kit - such as MacBooks, iPads, Android tablets, and Chromebooks
  • Use USB-C enabled docking stations or monitors for mobile phone hotdesking
• Take advantage of Windows 365 Link
  • Maximize productivity with Cloud PC devices that connect to Windows 365 in seconds and deliver a responsive, high-fidelity experience
  • Reduce your attack surface with Cloud PCs that store no local data, use adminless user accounts, and support passwordless authentication through Microsoft Entra ID
  • Configure and deploy Windows 365 Link in minutes and manage it alongside existing devices using Microsoft Intune

This isn’t a multi-month project. We’re often talking hours, days, or weeks. Most importantly, we’re saving the customer both time and money.

Why Entra Join and Cloud-Native Makes a Difference

More and more organizations are choosing to move away from legacy identity models. With Microsoft Entra join, devices can be deployed faster, managed more securely, and connected to cloud resources without needing a line-of-sight to a domain controller. This simplifies onboarding, strengthens zero trust, and removes the dependency on traditional hybrid join infrastructure.

When devices are Entra-joined and managed with Intune, teams can take full advantage of modern capabilities like:

• Windows Autopilot for touch-free deployment
• Microsoft Intune for unified management and policy enforcement
• Microsoft Autopatch for automated update management
• Conditional Access and passwordless sign-in through Entra ID

This setup reduces complexity, enhances user experience, and ensures endpoints are secure and compliant from day one.

But identity is only part of the story. Customers are also modernizing network access to remove the need for traditional VPNs.

With Global Secure Access and Entra Private Access, Microsoft is delivering a cloud-native alternative to legacy VPN and network perimeter tools. These services allow organizations to:

• Provide granular, identity-based access to private apps
• Secure connectivity without exposing internal IP ranges
• Route traffic through Microsoft’s global edge
• Integrate access policies with Conditional Access and Defender for Endpoint

By combining Windows 365, Entra Join, and Global Secure Access, customers can deliver a fully cloud-native experience that is secure, scalable, and location-independent.

For example, a frontline or hybrid worker can sign into a Cloud PC using passwordless authentication, access internal apps using Entra Private Access, and remain protected through Defender policies and compliant access conditions, all without relying on a traditional VPN or legacy infrastructure.

This level of integration simply was not possible with older domain-joined, on-premises VDI models.

Planning the Strategy and Proving the Value

When time allows, we help customers define a short to long-term EUC strategy (12 months to 5 years). This includes detailed planning, business case modeling, and total cost of ownership analysis. These exercises often reveal opportunities to consolidate vendors, reduce licensing costs, and simplify management.

We also make full use of Microsoft’s funding and support options, including:

• Windows 11 Readiness Assessments
• Cloud Endpoints Envisioning & POC
• Windows in the Cloud Workshops
• Windows 365 Proof of Value or Pilot Programs
• Funding routes such as FastTrack, ECIF, MDF, and MCI

For organizations still managing devices traditionally, Microsoft Intune continues to be a strong choice for upgrading to Windows 11. It provides in depth insights into hardware and software compatibility, helping teams plan and deliver seamless upgrade waves with minimal disruption.

Our recent Windows 11 readiness assessments show that around 30 percent of customer devices are not compatible. In some cases, budgeting for ESU has made more financial sense in the short term than investing in new hardware. However, that approach only works when paired with a clear plan for what comes next.

Final Thoughts

Gartner’s prediction about the rise of DaaS aligns with what we’re seeing every day across healthcare, local government, and commercial sectors. More and more customers are moving from “what if” to “what now,” taking a step back to assess their infrastructure, endpoint strategy, licensing commitments, and long-term plans.

Whether customers take a hybrid approach or go all in on cloud native with Intune, Windows 365, Entra Join, and Windows 365 Link, our role is to guide them toward a secure, future-ready endpoint strategy. We help customers make informed, financially sound decisions that align with their goals.

If you're still shaping your EUC or Windows 11 strategy for 2025 and beyond, now is the time to act. October 14 is getting closer every day.