Components for Cloud PC deployment
Windows 365 license
To enable the Windows 365 GUI in Intune admin center, you have to own at least one Windows 365 license. Afterwards the GUI will be visible under Devices.
Azure network connection
Azure Virtual Network with corresponding subnet is needed if you want to connect the Cloud PCs to your existing infrastructure. You have the option to connect the Cloud PC directly to the internet without having to configure an azure environment.
Attention: You have to size the vnet and subnet before deploying the first network cards or Cloud PCs to this network. Resizing in Azure Virtual Networks or Subnets is not possible with deployed workload! In addition, at least the owner role must be present at the subscription level during creation. Cloud PC unfortunately checks the name of the assigned role of the user and not the effective permissions (custom roles do not work!).
On the azure network connection, you can specify which method of join you want to perform to these specific Cloud PCs. You can choose between Windows Server Active Directory or Microsoft Entra ID only. Either way you need an Object in your Microsoft Entra ID, so the least cloud deployment is Windows Server AD with Hybrid Microsoft Entra ID Join.
Configuration on azure vnet
You have to configure the routing, dns and dhcp on your vnet properly so that the deployment of new Cloud PCs will be successful. If you use AD Joins for your Cloud PCs, the AD Domain Controller must all be accessible.
URLs to directly connect to internet
Windows 365 Cloud PC needs a few URLs wich cannot be routed through a proxy. These URLs have to go directly to the internet and needed to be allowed from the whole Cloud PC network to the internet:
- graph.microsoft.com:443
- *.core.windows.net:443
- *.wvd.microsoft.com:443
- global.azure-devices-provisioning.net:5671
Provisioning policy
Provisioning policies contain the whole configuration summary for Cloud PCs. In this policy, the windows image used, and the azure network connection is contracted and assigned to an Microsoft Entra ID group. A Cloud PC is then provided for the users in this group, if the user has a corresponding Windows 365 licence.
Windows images
You can choose between two options for the Windows images. One is the so-called "Gallery Images". These are provided by Microsoft and do not contain any pre-installed software. The latest patches are also installed directly by Microsoft.
The second option is the use of custom images. These custom images must be managed by the user and kept up to date. However, software can be pre-installed, and configurations can also be included in the image. Cloud PC images can be created from Azure VM images.
Attention: The image must be in the same subscription as the Azure Network Connection.
User settings
In user settings you can specify if the end user has local admin rights on their Cloud PCs. Furthermore, the settings for point-in-time restore service can be adjusted here.
No Comments