Microsoft recently announced AI-enabled Windows 365 Cloud PCs as part of the Frontier Preview program. These Cloud PCs bring Copilot+ PC features like Improved Windows Search and Click to Do to virtualized environments, without requiring local NPU hardware.
In this blog post, I will demonstrate how to fully automate the deployment of AI-enabled Cloud PCs using PowerShell and Microsoft Graph REST APIs. This includes:
- Creating a Provisioning Policy
- Creating a Cloud PC Configuration with AI features enabled
- Assigning policies to Entra ID groups
- Configuring Windows Insider Beta Channel enrollment (GUI Based)
What are AI-Enabled Cloud PCs?
AI-enabled Cloud PCs deliver integrated Windows AI experiences to any device in any location. They combine the power of Windows 365 with AI acceleration, offering:
- Improved Windows Search: Semantic search using natural language queries across local files and OneDrive
- Click to Do: Instant actions on highlighted text or images (Windows+Q or Windows+Click)
- Enterprise Security: All AI processing remains within the customer’s trusted cloud boundary
Cloud PC Requirements
| Requirements | Value |
| vCPU | 8 vCPU (minimum) |
| RAM | 32 GB (minimum) |
| Storage | 256 GB (minimum) |
| OS Version | Windows 11 Enterprise 24H2 |
| Windows Insider | Beta Channel enrollment required |
| Supported Region | West US 2, West US 3, East US, East US 2, Central US, Central India, South East Asia, Australia East, UK South, West Europe, North Europe |
| PowerShell | Open PowerShell on the Cloud PC with admin privileges (Run as Administrator) Run the following command: Set-ExecutionPolicy -ExecutionPolicy RemoteSigned -Scope CurrentUser |
The API Discovery
While the Provisioning Policy API is well documented, the Cloud PC Configuration settings (including AI enablement) use an endpoint. By analyzing the Intune admin center network traffic, I discovered the following API:
Endpoint: POST /beta/deviceManagement/virtualEndpoint/settingProfiles
The key setting definition ID for AI enablement is:
W365.CloudPCConfiguration.AI.IsEnabled
Prerequisites
- App Registration in Entra ID with the following API permissions (admin consented):
- CloudPC.ReadWrite.All
- DeviceManagementConfiguration.ReadWrite.All
- Group.Read.All
- Windows 365 Enterprise licenses (8vCPU/32GB/256GB or higher)
- Entra ID Security Group for target users
- Users registered with the Windows Insider Program
PowerShell Script: Full Automation
The following PowerShell script automates the entire AI-enabled Cloud PC deployment. It creates:
- A Cloud PC Configuration profile with AI features enabled
- A Provisioning Policy with the correct image and region
- Assignments to your specified Entra ID group
Configuration Section
Update the following variables with your tenant-specific values:
# ==========================
# CONFIGURATION - UPDATE THESE VALUES
# ==========================
$TenantId = "<Your-Tenant-ID>"
$ClientId = "<Your-App-Client-ID>"
$ClientSecret = "<Your-Client-Secret>"
$GroupId = "<Your-Entra-Group-ID>"
$RegionName = "australiaeast" # Change to your preferred regionNote: The complete script is provided at the end of this post and is also available on GitHub.
Step-by-Step Breakdown
Step 1: Authentication
The script authenticates using OAuth 2.0 client credentials flow to obtain an access token for Microsoft Graph API.
$TokenEndpoint = "https://login.microsoftonline.com/$TenantId/oauth2/v2.0/token"
$tokenForm = @{
client_id = $ClientId
client_secret = $ClientSecret
scope = "https://graph.microsoft.com/.default"
grant_type = "client_credentials"
}Step 2: Create Cloud PC Configuration (AI-Enabled)
This is the key discovery – the Cloud PC Configuration uses the undocumented settingProfiles endpoint:
$configBody = @{
displayName = "AI-Enabled-CloudPC-Config"
description = "AI features enabled for Cloud PCs"
profileType = "template"
templateId = "W365.CloudPCConfiguration"
settings = @(
@{
"@odata.type" = "#microsoft.graph.cloudPcBooleanSetting"
dataType = "boolean"
settingDefinitionId = "W365.CloudPCConfiguration.AI.IsEnabled"
platform = "all"
isEnabled = $true
}
)
assignments = @(@{ groupId = $GroupId; assignType = "group" })
}
Step 3: Create Provisioning Policy
The provisioning policy defines the Cloud PC specifications. For AI features, you need the 8vCPU/32GB configuration:
$policyBody = @{
"@odata.type" = "#microsoft.graph.cloudPcProvisioningPolicy"
displayName = "AI-Enabled-ProvPolicy"
description = "Provisioning policy for AI-enabled Cloud PCs"
provisioningType = "dedicated"
managedBy = "windows365"
imageId = "microsoftwindowsdesktop_windows-ent-cpc_win11-24h2-ent-cpc-m365"
imageType = "gallery"
enableSingleSignOn = $true
domainJoinConfigurations = @(
@{ type = "azureADJoin"; regionName = $RegionName }
)
windowsSettings = @{ language = "en-US" }
}Step 4: Assign Provisioning Policy to Group
After creating the provisioning policy, assign it to your Entra ID security group:
$assignBody = @{
assignments = @(
)
@{
target = @{
"@odata.type" = "#microsoft.graph.cloudPcManagementGroupAssignmentTarget"
groupId = $GroupId
}
}
}
Windows Insider Beta Channel Enrollment
For AI features to activate, Cloud PCs must be enrolled in the Windows Insider Beta Channel. This can be done at scale using Intune Update Rings.
Manual Enrollment (Per Device)
- Open Settings in the Cloud PC
- Navigate to Windows Update > Windows Insider Program
- Click Get started and sign in with Microsoft account or Entra ID
- Select Beta Channel (Recommended)
Bulk Enrollment via Intune Update Ring
For enterprise deployments, use Intune Update Rings to enroll devices at scale:
- Sign in to Microsoft Intune admin center
- Navigate to Devices > Windows > Update rings for Windows 10 and later
- Create or edit an update ring
- Set Enable pre-release builds = Yes
- Set Pre-release channel = Beta Channel
- Assign to your Cloud PC security group
Complete PowerShell Script
Below is the complete, ready-to-use PowerShell script. Copy this into your PowerShell environment, update the configuration variables, and run.
GitHub Repository: avdwin365mem/aienabledcloudpc at main · askaresh/avdwin365mem
What’s next (Part 2)
We shall validate the AI features within the Cloud PC. Note: I need the higher 8 vCPU/16GB RAM version, and I am still awaiting access. Before the part 2 gets released if you cant wait dont forget to checkout the AI Cloud PC features that Dieter has blog post – Windows 365 blog by Dieter Kempeneers
I hope you find this helpful information for enabling the new AI features in Windows 365 Cloud PC using PowerShell. If I have missed any steps or details, I will be happy to update the post.
Thanks,
Aresh Sarkari
Leave a Reply