There are a significant amount of posts that talk about creating the Windows 365 Cloud PC Provisioning Policy. In this blog post, I will demonstrate how to create the provisioning policy using PowerShell and MS Graph API with beta modules on Windows 365 Cloud PC.
Connect to MS Graph API
Step 1 – Install the MS Graph Powershell Module
#Install Microsoft Graph Module
PS C:\WINDOWS\system32> Install-Module Microsoft.GraphStep 2 – Connect to scopes and specify which API you wish to authenticate to. If you are only doing read-only operations, I suggest you connect to “CloudPC.Read.All” in our case, we are creating the policy, so we need to change the scope to “CloudPC.ReadWrite.All”
#Read-only
PS C:\WINDOWS\system32> Connect-MgGraph -Scopes "CloudPC.Read.All"
Welcome To Microsoft Graph!
OR
#Read-Write
PS C:\WINDOWS\system32> Connect-MgGraph -Scopes "CloudPC.ReadWrite.All"
Welcome To Microsoft Graph!
Step 3 – Choose between v1.0 (Generally Available) and Beta API versions. Note for Windows 365 Cloud PC the API calls are BETA.
#Beta APIs
PS C:\WINDOWS\system32> Select-MgProfile -Name "beta"
OR
#Production APIs (Not Applicable)
PS C:\WINDOWS\system32> Select-MgProfile -Name "v1.0"Create Provisioning Policy
We are creating a provisioning policy that involves the following: (avdwin365mem/win365CreateProvPolicy at main · askaresh/avdwin365mem (github.com))
- Azure AD Joined Cloud PC desktops
- The region for deployment – Australia East
- Image Name – Windows 11 Ent + Optimization (from the Gallery)
- Language & Region – English (United States)
- Note – Post provisioning, you need to add the assignment AAD group to this policy
$params = @{
"@odata.type" = "#microsoft.graph.cloudPcProvisioningPolicy"
Description = "Hi Test Powershell Prov Deployment"
DisplayName = "CloudPC-ProvPshell01"
DomainJoinConfiguration = @{
DomainJoinType = "azureADJoin"
regionName = "australiaeast"
}
ImageDisplayName = "Windows 11 Enterprise + OS Optimizations 22H2"
ImageId = "MicrosoftWindowsDesktop_windows-ent-cpc_win11-22h2-ent-cpc-os"
ImageType = "gallery"
enableSingleSignOn = "true"
WindowsSettings = @{
Language = "en-US"
}
}
New-MgDeviceManagementVirtualEndpointProvisioningPolicy -BodyParameter $paramsUpdate the code to include the latest SSO feature in Windows 365 Cloud PC. A big thanks to Andrew Taylor to update my script in Github to include SSO.
Powershell Output
Policy will show up in the MEM Portal
Optional Properties
If you are doing on-premise network integration (Azure Network Connection) , then the following additional property and value is required. In my lab, I am leveraging the Microsoft Managed Network, so this is not required.
OnPremisesConnectionId = "4e47d0f6-6f77-44f0-8893-c0fe1701ffff"I hope you will find this helpful information for creating a provisioning policy using PowerShell. Please let me know if I have missed any steps or details, and I will be happy to update the post.
Thanks,
Aresh Sarkari