How To Deploy AAD Joined Windows 365 Cloud PC

This article explains how to deploy Windows 365 Enterprise Cloud PC which is joined to Azure AD.

There is no doubt that Windows 365 is gaining popularity and companies are trying their hands on how the user experience is, what works and what doesn’t. The platform has come a long way and now allows to have Windows 365 PCs which are purely cloud only (Azure AD joined) and ones that can be joined to the on-premise Active Directory domain (Hybrid Azure AD joined scenario).

What is required?

There are two steps that needs to be completeled to deploy an Azure AD joined Windows 365 Cloud PC. We will be using the Microsoft hosted network for this article.

  1. Windows 365 Enterprise license
  2. Configuring a provisioning policy.

Windows 365 Enterprise License

You will need atleast one Windows 365 Enterprise license in your tenant for the provisioning policy option to be enabled.

You can get a one month trial of Windows 365 if you want to play with it first before purchasing.

Once the license is in place, you need to assign it to the user of your choice who will be testing / using the platform.

You will notice that the Windows 365 options including provisioing policy has been enabled in the tenant after the license went live (it was blank before).

RELATED - How to provision Windows 365 Frontline Cloud PCs

Create a Windows 365 Provisioning Policy

Provisioning policy defines the configurations for creating a cloud PC and we need one to deploy our Windows 365 AAD joined machine.

Launch the Intune portal & navigate to Devices -> Windows 365.

Click on the Provisioning Policies tab and click Create Policy.

Give a name for the policy, select Azure AD Join as the join type & Microsoft hosted network as the network. Pick the geography and region details. Make sure to enable Use Single Sign-On which is in preview. This will remove the prompt on the VM level once the Azure AD authentication is completed.

Pick the gallery or custom image depending on your needs.

I will stick to the defaults in the configuration page. You can get Microsoft AutoPatch to update your machine, but it needs to be setup first. You can also setup a naming convention for the cloud PCs. I am using the pattern CLOUDPC-%RAND:5%, which will give the computer name CLOUDPC-<random five numbers or alphabets>.

I have already created a security group named ‘Windows 365 Enterprise Users’ with my test user in it and I am assigning this provisioning policy to that group. You cannot add user accounts at the time of writing.

Double check the selections and hit the create button to kick off the cloud pc provisioning.

Click on All Cloud PCs tab and you will notice that the PC is getting provisioned.

How to login to Windows 365 Cloud PC

The user with the license can login to the Windows 365 PC from anywhere using the browser.

Head over to the Windows 365 portal and login using the Azure AD credentials.

You will be greeted with the Your organization hasn’t assigned you a Cloud PC message. This is because our PC is still getting provisioned.

Once the provisioning is over, the user will see the Windows 365 Cloud PC and be able to login to the machine.

Please let me know if you have any questions in the comments section.

Leave a Reply

Your email address will not be published. Required fields are marked *