In 2025, two new licensing SKUs from Microsoft and IGEL emerged to enable new meaningful options for how enterprises can design and modernize Business Continuity (BC) and Disaster Recovery (DR) strategies for EUC.
Historically, DR planning has focused almost entirely on centralized components, such as data centers, cloud platforms, applications, and data; however, endpoint devices such as laptops and desktops were implicitly treated as disposable assets. For example, if an endpoint device became unavailable due to ransomware, corruption, hardware failure, or regional disruption, recovery was assumed to involve reimaging, replacement, or shipping new hardware. Productivity loss at the endpoint layer was often accepted as unavoidable.
Thanks to new innovations, that assumption is no longer the case.
New Options
In 2025, Microsoft and IGEL introduced purpose-built recovery licensing SKUs that significantly reduce endpoint recovery time by enabling fast, secure, and temporary restoration of user productivity during disruption events.
- Windows 365 Reserve provides time-bound Cloud PC access specifically designed for business continuity scenarios when physical endpoints are unavailable.
- IGEL Business Continuity & Disaster Recovery enables compromised or unusable Windows endpoints to dual-boot into the secure IGEL OS12, restoring user access to an enterprise-managed endpoint in minutes without the need to re-image or replace the endpoint.
These new SKUs are significant because they offer new licensing options that enable organizations to modernize DR plans and assign enhanced recovery time objectives (RTOs) and recovery priorities to their endpoints.
Traditional Scenario
For decades, enterprise DR and BC strategies have focused almost exclusively on centralized systems, such as applications, databases, infrastructure platforms, and cloud services; however, endpoints were implicitly excluded from formal recovery planning. For example, if a laptop or desktop became unavailable, recovery was assumed to be manual and slow. Companies would rebuild the endpoint, ship replacement hardware, and/or wait for reimaging to complete. Endpoint downtime was often treated as an acceptable consequence of a larger incident.
This created a persistent blind spot. In modern enterprises, user productivity is inseparable from endpoint availability. Distributed workforces, hybrid operations, and security-driven isolation of compromised devices mean that endpoint outages now have immediate business impact. Yet until recently, there were no practical mechanisms that allowed organizations to recover endpoints in a controlled, time-bound, and prioritized manner comparable to how applications and services are recovered.
That began to change in 2025 with the introduction of endpoint recovery-focused licensing SKUs, explicitly designed for disruption scenarios. Rather than requiring permanent overprovisioning or standby hardware, these licenses enable organizations to restore user productivity temporarily during disruptive events.
Endpoint Focused Recovery
One such recovery SKU is Windows 365 Reserve from Microsoft, which provides time-bound Cloud PC access, up to 10 days/user/year, specifically intended for business continuity scenarios when physical endpoints are unavailable. This model enables organizations to predefine which users can be rapidly recovered into secure, cloud-hosted desktops during outages, cyber incidents, or device failures, without permanently assigning Cloud PCs to the entire workforce.
Complementing this recovery model is IGEL Business Continuity & Disaster Recovery, which enables existing Windows endpoints to pivot into a secure alternate operating mode using IGEL OS, either via dual-boot configurations or USB-based boot mechanisms. This allows compromised or unusable endpoints to be repurposed as secure access terminals within minutes, restoring access to virtual desktops, cloud desktops, and SaaS applications without reimaging or hardware replacement.
Individually, these offerings address different recovery challenges, and when paired together, they enable the fundamentally new ability to formally tier endpoint recovery within DR plans, using licensing constructs rather than infrastructure duplication.
With these models, organizations can define recovery tiers for endpoints in the same way they already do for applications and services; for example:
- High-priority users (e.g., executives, security teams, or revenue-critical roles) can be assigned immediate access to Cloud PCs using Windows 365 Reserve.
- Broader user populations can regain secure access at scale using IGEL BC & DR, leveraging existing hardware during the recovery window.
- Lower-priority users can be deferred until normal remediation processes resume. This approach aligns endpoint recovery directly with business impact analysis (BIA), recovery time objectives (RTOs), and operational priorities.
Sample Recovery Scenario
To illustrate how these recovery-focused licensing models change endpoint BC and DR planning, consider a ransomware or widespread endpoint outage affecting a distributed workforce.
Prior to any incident, the organization has established baseline operational readiness. IGEL Business Continuity & Disaster Recovery is deployed with a production IGEL Universal Management Suite (UMS), including an externally accessible reverse proxy. Device profiles have been premade and maintained to enforce a locked-down recovery posture, and endpoints have either been prepared with IGEL Dual Boot or have validated USB boot media available. Identity integration and access to virtual desktops, cloud desktops, and SaaS platforms have already been tested with IGEL OS.
In parallel, the organization operates Windows 365 as a mature service. Production Cloud PC images are maintained, Intune provisioning policies are in place, and W365 Reserve licenses are prepurchased. Critical user groups (such as sales teams, frontline operational staff, and airport check-in personnel) have been clearly identified and mapped to recovery tiers based upon business impact.
When the disruption occurs, recovery actions can be executed immediately. High-priority users are granted rapid access to Cloud PCs using W365 Reserve, restoring full desktop functionality within hours or faster without waiting for endpoint remediation. At the same time, broader user populations can pivot compromised Windows devices into IGEL OS, regaining secure access to VDI and SaaS applications within minutes using existing hardware.
The result is a tiered endpoint recovery model: first, priority users are restored using cloud-hosted desktops, while scaled recovery is achieved via alternate OS access on existing devices. Endpoint rebuilds and forensic remediation can proceed in parallel without disrupting critical business functions.
This scenario highlights the real shift introduced by recovery-focused licensing in 2025. Endpoint recovery is no longer binary or improvised. With the right operational foundations in place, organizations can execute controlled, prioritized, and time-bound recovery strategies that align endpoint availability with business criticality.
IGEL BC & DR Prerequisites and Decision Points
| Prerequisite Items | Decision Point | Comments |
|---|---|---|
| IGEL Universal Management Suite (UMS) | Is UMS deployed in production as a highly available service? | UMS becomes a Tier 0 dependency during recovery; availability and resilience must be considered. |
| UMS Reverse Proxy | Is secure external access to UMS enabled and tested? | Required for remote device management and policy delivery during widespread endpoint outages. |
| IGEL OS Deployment Method | Will recovery rely upon Dual Boot, USB Boot, or both? | Dual Boot required preinstallation; USB Boot required media creation, storage, and testing. |
| Device Profiles | Are BC & DR-specific profiles pre-created and maintained? | Profiles should enforce a locked-down recovery posture and pre-defined access paths. |
| Identity Integration | Is authentication (Entra ID/AD) validated from IGEL OS? | Identity must function independently of the compromised Windows OS. |
| Access Platform Availability | Which services must be reachable from IGEL OS (VDI, DaaS, SaaS)? | Citrix, SVD, W365, and SaaS access should be tested pre-incident. |
| Endpoint Hardware Readiness | Which endpoint models are approved for IGEL BC & DR use? | Hardware compatibility and BIOS/UEFI configuration must be validated in advance. |
| Operational Ownership | Who owns IGEL BC & DR execution during an incident? | Use a RACI matrix to define clear roles and responsibilities to reduce delays during real-world recovery events. |
Windows 365 Reserve Prerequisites and Decision Points
| Prerequisite Items | Decision Point | Comments |
|---|---|---|
| Windows 365 Maturity | Is W365 already operated as a production service? | W365 Reserve is most effective when Cloud PCs, policies, and support processes already exist. |
| Cloud PC Images | Is a hardened, production-ready Cloud PC image available? | Images should include required apps, security baselines, and monitoring prior to a disruption. |
| Intune Provisioning Policies | Are W365 Reserve licenses prepurchased and availbale? | Delays in provisioning reduce the value of time-bound recovery entitlements. |
| License Availability | Are W365 Reserve licenses prepurchased and available? | W365 Reserve licences must exist before the disruption to enable rapid assignment. |
| Use Group Definition | Which users are eligible for W365 Reserve-based recovery? | Typically, Tier 0 or Tier 1 users with high business dependency or endpoint availability. |
| Identity and Access Controls | Are Conditional Access adn MFA validateed for Cloud PC access? | Recovery should not bypass security controls during a crisis. |
| Network Reachability | Can users reliably access W365 during regional or endpoint outages? | W365 Reserve assumes internet connectivity remains available during a disruption. |
| Operations and Governance | Who assigns W365 Reserve licenses and triggers provisioning? | Clear governance is essential given the time-bound (10-day) entitlement of W365 Reserve. |
Conclusion
This is an evolution in DR planning, as endpoint recovery no longer needs to be binary. Instead, it can be temporary, prioritized, and proportional to business need, reducing downtime without forcing organizations to permanently overinvest in unused capacity.
From a planning perspective, these licensing models allow DR strategies to be updated without wholesale redesign of endpoint platforms. Existing Windows 11, M365, Entra, and Intune investments can be augmented with recovery-specific entitlements that are invoked only if/when a disruption event occurs. This improves resilience while maintaining cost discipline.
In conclusion, the emergence of Windows 365 Reserve and IGEL BC & DR is a major milestone for EUC resilience. For the first time, endpoint recovery can be intentionally designed, tiered, and governed as part of enterprise BC and DR plans. Organizations that incorporate these models into their DR plans will be better positioned to preserve productivity, contain risk, and respond effectively to the increasingly endpoint-focused nature of modern disruption events.
