I am based out of the UK as a Senior Program Manager / Modern Work Architect Specialist (MWAS) within the Endpoint Management space. Today I am going to cover the hot topic which is Windows 365 and more specifically the deprovisioning process piece of the lifecycle.
Bringing Cloud PCs into the world is different from a typical VM or physical device, taking them out of the world is different too. Typically, you would “Wipe” a physical windows device from the MEM console to reset the device. With Windows 365 Cloud PCs, you must take a different route to achieve this.
How to Deprovision a Cloud PC
There are a couple of ways that you can deprovision a Cloud PC. One of which is to remove the Windows 365 license from the user which you want to deprovision the Cloud PC for. This will then place the Cloud PC into a state of “Grace Period” for 7 days. A Grace Period exists to prevent accidental deletion. For example, if an admin accidentally removes a load of licenses from users you wouldn’t want all those Cloud PCs to start immediately deleting. If you re-assign the license within the Grace Period, the device will not be deprovisioned.
Note: If you move the license to another user this will not take the Cloud PC out of the grace period. You cannot move a Cloud PC from one user to another without provisioning a fresh Cloud PC.
Another method to Deprovision a Cloud PC is to remove the user from the Group which is targeted by the Provisioning Policy which was used to provision the Cloud PC or Remove the Group from the Provisioning Policy Assignment. Again, this will place the Cloud PC into the Grace Period state. As before, if you add the user back to the group or re-assign the group to the provisioning policy before the Grace Period ends, the Cloud PC will remain provisioned.
In this demo environment my group “CPC” only contains one user so I can remove the group from the provisioning policy assignment.
How to End the Grace Period
At this stage you are probably wondering “what if I don’t want to wait 7 days for the grace period? I know this was not a mistake and I want to delete the Cloud PC now.”
In this case you can go ahead and end the grace period for a particular Cloud PC by clicking on the “In Grace Period” state and choosing End Grace Period. This will then change the Cloud PC to the state of “Deprovisioning” whilst the Cloud PC is being deleted.
Ending the grace period is not one of the available bulk actions in the MEM console today and therefore in the UI you can only end the grace period one by one. You may encounter a scenario where you want to bulk deprovision many Cloud PCs at the same time and this would be time consuming. I have uploaded a PowerShell script into GitHub which will deprovision all Cloud PCs which are in a Grace Period. Special thanks to Donna Ryan from the Windows 365 CAT team for providing a fantastic base script to build upon.
Post Deprovisioning Clean-up
After the cloud PC is deleted after the grace period has ended, the Windows 365 service also takes care of cleaning up the following objects:
Azure AD Object
Note: If the device was provisioned as Hybrid Azure AD Joined, the on-premises active directory object will be disabled but it will not be deleted. Deleting the object is the responsibility of the administrator of Active directory to remove as part of ongoing maintenance.
Thanks for reading this post. Add your experiences with Windows 365 in the comments section.
Disclaimer The sample scripts are not supported under any Microsoft standard support program or service. The sample scripts are provided AS IS without warranty of any kind. Microsoft further disclaims all implied warranties including, without limitation, any implied warranties of merchantability or of fitness for a particular purpose. The entire risk arising out of the use or performance of the sample scripts and documentation remains with you. In no event shall Microsoft, its authors, or anyone else involved in the creation, production, or delivery of the scripts be liable for any damages whatsoever (including, without limitation, damages for loss of business profits, business interruption, loss of business information, or other pecuniary loss) arising out of the use of or inability to use the sample scripts or documentation, even if Microsoft has been advised of the possibility of such damages.