There are numerous posts that talk about creating the Windows 365 Cloud PC – User Settings. In this blog post, I will demonstrate how to create user settings using PowerShell and MS Graph API with beta modules on Windows 365 Cloud PC.
Connect to MS Graph API
Step 1 – Install the MS Graph Powershell Module
#Install Microsoft Graph Module
PS C:WINDOWSsystem32> Install-Module Microsoft.GraphStep 2 – Connect to scopes and specify which API you want to authenticate. If you are only doing read-only operations, I suggest you connect to “CloudPC.Read.All” in our case, we are creating the policy, so we need to change the scope to “CloudPC.ReadWrite.All”
#Read-only
PS C:WINDOWSsystem32> Connect-MgGraph -Scopes "CloudPC.Read.All"
Welcome To Microsoft Graph!
OR
#Read-Write
PS C:WINDOWSsystem32> Connect-MgGraph -Scopes "CloudPC.ReadWrite.All"
Welcome To Microsoft Graph!
Step 3 – Choose between v1.0 (Generally Available) and Beta API versions. Note for Windows 365 Cloud PC, the API calls are BETA.
#Beta APIs
PS C:WINDOWSsystem32> Select-MgProfile -Name "beta"
OR
#Production APIs (Not Applicable)
PS C:WINDOWSsystem32> Select-MgProfile -Name "v1.0"Create User Settings
We are creating a provisioning policy that involves the following: (avdwin365mem/win365CreateUsrSetting at main · askaresh/avdwin365mem (github.com))
- Display Name of the setting – CPC-UserSettings01
- Local Admin – No (#Highly recommend not to enable local admin on Cloud PCs)
- Allow user to initiate restore service – Yes (#This will allow them to restore from Winodws365 App/Browser)
- Frequency of backup – 6 hours (#Set whatever your requirements call out)
- Note – Post creation of user settings, you need to add the assignment AAD group
$params = @{
"@odata.type" = "#microsoft.graph.cloudPcUserSetting"
DisplayName = "CPC-UserSettings02"
SelfServiceEnabled = $false
LocalAdminEnabled = $false
RestorePointSetting = @{
FrequencyInHours = 6
UserRestoreEnabled = $true
}
}
New-MgDeviceManagementVirtualEndpointUserSetting -BodyParameter $paramsPowershell Output
Settings will show up in the MEM/Intune Portal
Assign User Settings
Now that we have the User Settings created, it’s time to assign it to an AAD group. We need to follow the following procedure
AAD Group (Copy – Object ID)
I have an existing AAD (Azure Active Directory) group called “Win365-Users” and I plan to use this group for assignment to this User Settings. The important step here is to make a note of the “Object ID” of the AAD group you are planning to assign. Please make sure you copy this ID.
User Settings (Copy ID)
Copy the ID of the previously created User Settings. We need to copy this ID for the assignment. Use the command – Get-MgDeviceManagementVirtualEndpointUserSetting | FT. Note if multiple CPC user settings, select the relevant ID.
Assign the AAD Group to the User Settings
We are assigning the provisioning policy that involves the following: (avdwin365mem/win365AssignUsrSetting at main · askaresh/avdwin365mem (github.com))
- ID – The existing Cloud PC User Settings ID
- GroupID – The Azure AD group which has the end-users/license to be assigned to the policy
- Within the variable, enter the value of User Settings ID $cloudPcUserSettingId
$cloudPcUserSettingId = "ed7271e3-8844-XXXX-XXXX-9bc8bd70da4c"
$params = @{
Assignments = @(
@{
Id = "ed7271e3-8844-XXXX-XXXX-9bc8bd70da4c"
Target = @{
"@odata.type" = "microsoft.graph.cloudPcManagementGroupAssignmentTarget"
GroupId = "01eecc64-c3bb-XXXX-XXXX-bafb18feef12"
}
}
)
}
Set-MgDeviceManagementVirtualEndpointUserSetting -CloudPcUserSettingId $cloudPcUserSettingId -BodyParameter $paramsAAD group assigned within MEM Portal
I hope you will find this helpful information for creating/assigning the user settings using PowerShell. Please let me know if I have missed any steps or details, and I will be happy to update the post.
Thanks,
Aresh Sarkari