If your organization uses custom images for Windows 365 Cloud PC provisioning, this week’s update is worth paying attention to. Microsoft has promoted the ability to import custom images from an Azure Compute Gallery (ACG) to General Availability — moving it out of the Public Preview it entered in February 2026.

The technical change is a single line in the What’s New page. The operational implications are considerably larger.

What Changed

Azure Compute Gallery custom image imports for Windows 365 are now generally available.

Previously, admins who wanted to deploy custom OS images to Windows 365 Cloud PCs had to upload images directly to the Windows 365 image management section of Microsoft Intune. That workflow remains supported — nothing is being removed. What’s new is that Windows 365 provisioning policies can now reference images stored in Azure Compute Gallery directly, with full Microsoft SLA and production support backing the capability.

The feature was introduced as Public Preview in the week of February 9, 2026. It has now completed its preview cycle and is ready for production deployments.

If you haven’t worked with Azure Compute Gallery before, the key concept is that it acts as a centralized, versioned, replicated repository for VM and Cloud PC images — think of it as a registry for operating system images, similar to how a container registry works for Docker images.

Before this GA, Windows 365 custom image management had some real operational friction:

No native versioning. When you updated a custom image in Windows 365, you were essentially replacing it. Maintaining multiple versions required manual naming conventions and careful coordination to avoid accidentally pointing a provisioning policy at the wrong image.

No regional replication. Images uploaded directly to Windows 365 didn’t replicate across Azure regions the same way ACG images do. Organizations with multi-region Cloud PC deployments had to manage image availability per region manually.

Limited automation options. The direct-upload workflow didn’t integrate cleanly with DevOps pipelines. Building an image, testing it, and promoting it to production required multiple manual steps.

No centralized RBAC. Controlling who could create, modify, or delete custom images in Windows 365 used Intune RBAC, which is less granular than Azure Resource Manager’s native role model.

Azure Compute Gallery addresses all of these. And with this GA announcement, Windows 365 provisioning policies can now tap into those capabilities directly.

What This Enables for Enterprise Organizations

True Image Versioning

Azure Compute Gallery supports explicit semantic versioning for images. An organization can maintain windows11-enterprise-base/1.0.0, 1.1.0, 1.2.0 simultaneously — each with its own metadata, deprecation status, and deployment history. Provisioning policies reference a specific version or a “latest” alias. Rolling back to a known-good image version is a provisioning policy update, not a re-upload.

This is a meaningful improvement for organizations that manage monthly patching cycles on custom images. Instead of a single “current” image with an implicit version, you get an audit trail.

Image Lifecycle Pipelines

With ACG as the target, it’s now practical to build an automated image management pipeline:

  1. Build — automated image creation (Azure Image Builder, Packer, or similar)
  2. Test — provision a test Cloud PC from the candidate image, run validation
  3. Promote — replicate the validated image to all required regions in ACG
  4. Deploy — update the provisioning policy to reference the new version
  5. Deprecate — mark old versions for removal after a grace period

That end-to-end lifecycle was difficult to operationalize with the direct-upload model. With ACG as the hub, each step has a standard interface.

Centralized Governance with Azure RBAC

Organizations can now separate the roles involved in image management:

  • Image Builders — engineers who create and update images (Azure Compute Gallery Contributor on the gallery resource)
  • Image Approvers — security or compliance reviewers who validate images before they’re available for provisioning (custom role with read + publish permissions)
  • Image Deployers — Intune admins who update provisioning policies to reference new image versions (Intune RBAC, no ACG write access required)

This separation of duties is hard to achieve cleanly with direct uploads. With ACG, it’s a standard Azure RBAC configuration.

Multi-Region Support

ACG natively replicates images across Azure regions. For organizations using Windows 365 in multiple geographies, this means provisioning policies in each region can reference a locally replicated copy of the image — reducing provisioning latency and eliminating cross-region transfer dependencies.

What Organizations Should Do Now

If you use gallery images (Microsoft-provided images) only: No action needed. This feature doesn’t affect standard gallery image deployments.

If you have custom images managed through direct upload: Your existing workflow continues to work. There’s no forced migration. Evaluate whether moving to ACG makes sense for your organization based on scale, multi-region requirements, and automation maturity.

If you’re planning to start using custom images: Start with ACG. The direct upload path is now the legacy path — ACG is where image management is headed.

Practical starting steps:

  1. Create an Azure Compute Gallery in your Azure subscription (or use an existing gallery if you already manage ACG images for Azure VMs)
  2. Establish your image definition naming convention
  3. Register your first custom image as an image version in the gallery
  4. Update a provisioning policy in Intune to reference the ACG image
  5. Test provisioning in a non-production environment before rolling to production

For organizations with mature DevOps practices, this is also the right moment to build out an image pipeline if you don’t have one. The ACG integration makes that investment worthwhile in a way it wasn’t before.

What Has NOT Changed

  • Direct image uploads still work. The existing upload-to-Windows-365 workflow is not deprecated or removed.
  • Existing provisioning policies are unaffected. If your policies reference directly-uploaded images, they continue to function.
  • Licensing and sizing are unchanged. ACG images for Windows 365 require the same Cloud PC licenses as always — no new licensing model is introduced.
  • No reprovisioning required. Existing Cloud PCs don’t need to be reprovisioned when you start using ACG images for new policies.

The Bigger Picture: Azure and Windows 365 Converging

This GA is part of a pattern that’s been building throughout 2026. Microsoft has been systematically aligning Windows 365 management with Azure-native services rather than keeping it a separate, standalone platform.

The Intune navigation reorganization earlier this year brought Cloud PC management into a dedicated area of Intune. Cloud PC Monitoring brought Azure-style observability to Cloud PC environments. The Power Platform connector is enabling automation workflows that tie Cloud PC lifecycle events to broader IT processes.

ACG integration fits the same theme: Windows 365 image management is now grounded in Azure-native infrastructure rather than a siloed upload mechanism. For organizations that already use ACG for Azure Virtual Desktop or Azure VM management, this means one image registry for multiple workloads — a genuine operational simplification.

The convergence of Windows 365 and Azure Virtual Desktop has been a stated Microsoft direction. Shared image management infrastructure is a concrete step in that direction. IT leaders planning their desktop virtualization strategy should treat this as confirmation that Azure Compute Gallery is the right long-term investment — not just for AVD, but for Cloud PCs as well.

Ready to Optimize Your Windows 365 Environment?

Big Hat Group helps organizations design, deploy, and manage Windows 365 environments — from architecture through day-to-day operations. Whether you’re building out an image management pipeline, evaluating Azure Compute Gallery for multi-region Cloud PC deployments, or looking for help with provisioning at scale, we bring hands-on expertise to every engagement.

Contact Big Hat Group to discuss your Windows 365 strategy.

Looking for more Windows 365 coverage? Read about the Frontline to Flex rebrand and Admin Insights, the Intune navigation reorganization, and the recent Autopilot and RDP Multipath updates.

Big Hat Group is a Microsoft partner specializing in modern endpoint management, Windows 365, and Microsoft 365 deployments. This post is part of our ongoing Windows 365 coverage.