Site icon AskAresh

PowerShell – Create Windows 365 Cloud PC Provisioning Policy

There are a significant amount of posts that talk about creating the Windows 365 Cloud PC Provisioning Policy. In this blog post, I will demonstrate how to create the provisioning policy using PowerShell and MS Graph API with beta modules on Windows 365 Cloud PC.

Connect to MS Graph API

Step 1 – Install the MS Graph Powershell Module

#Install Microsoft Graph Module
PS C:\WINDOWS\system32> Install-Module Microsoft.Graph

Step 2 – Connect to scopes and specify which API you wish to authenticate to. If you are only doing read-only operations, I suggest you connect to “CloudPC.Read.All” in our case, we are creating the policy, so we need to change the scope to “CloudPC.ReadWrite.All”

PS C:\WINDOWS\system32> Connect-MgGraph -Scopes "CloudPC.Read.All"
Welcome To Microsoft Graph!


PS C:\WINDOWS\system32> Connect-MgGraph -Scopes "CloudPC.ReadWrite.All"
Welcome To Microsoft Graph!
Permissions for MS Graph API

Step 3 –  Choose between v1.0 (Generally Available) and Beta API versions. Note for Windows 365 Cloud PC the API calls are BETA.

#Beta APIs
PS C:\WINDOWS\system32> Select-MgProfile -Name "beta"


#Production APIs (Not Applicable)
PS C:\WINDOWS\system32> Select-MgProfile -Name "v1.0"

Create Provisioning Policy

We are creating a provisioning policy that involves the following: (avdwin365mem/win365CreateProvPolicy at main · askaresh/avdwin365mem (

$params = @{
	"@odata.type" = "#microsoft.graph.cloudPcProvisioningPolicy"
	Description = "Hi Test Powershell Prov Deployment"
	DisplayName = "CloudPC-ProvPshell01"
	DomainJoinConfiguration = @{
		DomainJoinType = "azureADJoin"
        regionName = "australiaeast"
	ImageDisplayName = "Windows 11 Enterprise + OS Optimizations 22H2"
	ImageId = "MicrosoftWindowsDesktop_windows-ent-cpc_win11-22h2-ent-cpc-os"
	ImageType = "gallery"
        enableSingleSignOn = "true"
	WindowsSettings = @{
		Language = "en-US"

New-MgDeviceManagementVirtualEndpointProvisioningPolicy -BodyParameter $params

Update the code to include the latest SSO feature in Windows 365 Cloud PC. A big thanks to Andrew Taylor to update my script in Github to include SSO.

Powershell Output

Policy will show up in the MEM Portal

Optional Properties

If you are doing on-premise network integration (Azure Network Connection) , then the following additional property and value is required. In my lab, I am leveraging the Microsoft Managed Network, so this is not required.

OnPremisesConnectionId = "4e47d0f6-6f77-44f0-8893-c0fe1701ffff"

I hope you will find this helpful information for creating a provisioning policy using PowerShell. Please let me know if I have missed any steps or details, and I will be happy to update the post.

Aresh Sarkari

Exit mobile version