Site icon AskAresh

PowerShell – Create and Assign Windows 365 Cloud PC – User Settings

There are numerous posts that talk about creating the Windows 365 Cloud PC – User Settings. In this blog post, I will demonstrate how to create user settings using PowerShell and MS Graph API with beta modules on Windows 365 Cloud PC.

Connect to MS Graph API

Step 1 – Install the MS Graph Powershell Module

#Install Microsoft Graph Module
PS C:WINDOWSsystem32> Install-Module Microsoft.Graph

Step 2 – Connect to scopes and specify which API you want to authenticate. If you are only doing read-only operations, I suggest you connect to “CloudPC.Read.All” in our case, we are creating the policy, so we need to change the scope to “CloudPC.ReadWrite.All”

PS C:WINDOWSsystem32> Connect-MgGraph -Scopes "CloudPC.Read.All"
Welcome To Microsoft Graph!


PS C:WINDOWSsystem32> Connect-MgGraph -Scopes "CloudPC.ReadWrite.All"
Welcome To Microsoft Graph!
Permissions for MS Graph API

Step 3 –  Choose between v1.0 (Generally Available) and Beta API versions. Note for Windows 365 Cloud PC, the API calls are BETA.

#Beta APIs
PS C:WINDOWSsystem32> Select-MgProfile -Name "beta"


#Production APIs (Not Applicable)
PS C:WINDOWSsystem32> Select-MgProfile -Name "v1.0"

Create User Settings

We are creating a provisioning policy that involves the following: (avdwin365mem/win365CreateUsrSetting at main · askaresh/avdwin365mem (

$params = @{
	"@odata.type" = "#microsoft.graph.cloudPcUserSetting"
	DisplayName = "CPC-UserSettings02"
	SelfServiceEnabled = $false
	LocalAdminEnabled = $false
	RestorePointSetting = @{
		FrequencyInHours = 6
		UserRestoreEnabled = $true

New-MgDeviceManagementVirtualEndpointUserSetting -BodyParameter $params

Powershell Output

Settings will show up in the MEM/Intune Portal

Assign User Settings

Now that we have the User Settings created, it’s time to assign it to an AAD group. We need to follow the following procedure

AAD Group (Copy – Object ID)

I have an existing AAD (Azure Active Directory) group called “Win365-Users” and I plan to use this group for assignment to this User Settings. The important step here is to make a note of the “Object ID” of the AAD group you are planning to assign. Please make sure you copy this ID.

User Settings (Copy ID)

Copy the ID of the previously created User Settings. We need to copy this ID for the assignment. Use the command – Get-MgDeviceManagementVirtualEndpointUserSetting | FT. Note if multiple CPC user settings, select the relevant ID.

Assign the AAD Group to the User Settings

We are assigning the provisioning policy that involves the following: (avdwin365mem/win365AssignUsrSetting at main · askaresh/avdwin365mem (

$cloudPcUserSettingId = "ed7271e3-8844-XXXX-XXXX-9bc8bd70da4c"

$params = @{
	Assignments = @(
			Id = "ed7271e3-8844-XXXX-XXXX-9bc8bd70da4c"
			Target = @{
				"@odata.type" = "microsoft.graph.cloudPcManagementGroupAssignmentTarget"
				GroupId = "01eecc64-c3bb-XXXX-XXXX-bafb18feef12"

Set-MgDeviceManagementVirtualEndpointUserSetting -CloudPcUserSettingId $cloudPcUserSettingId -BodyParameter $params

AAD group assigned within MEM Portal

I hope you will find this helpful information for creating/assigning the user settings using PowerShell. Please let me know if I have missed any steps or details, and I will be happy to update the post.

Aresh Sarkari

Exit mobile version