Create a dynamic device group containing all Cloud PCs
You can create a dynamic device group that contains all Cloud PCs in your environment. Policies targeting this device group will apply to Cloud PCs.
In these steps, you’ll use the Device Model device property to create a dynamic device group.
- Sign in to the Microsoft Endpoint Manager admin center > Groups > New Group.
- Select the New Group page, choose Security for Group type.
- Enter the following:
- Group name = "All Cloud PCs" (or some other name indicating it will contain all Cloud PCs).
- Group description = "A dynamic device group containing all Cloud PC devices"
- For Membership type, choose Dynamic Device.
- Select Add dynamic query.
- On the Dynamic membership rules page, enter the following:
- Property = "deviceModel"
- Operator = "Contains"
- Value = "Cloud PC"
- To validate that it works, select Validate Rules (Preview) > +Add devices > select some Cloud PCs and non-Cloud PC devices.
- After the validation completes, select Save > Create.
Create a dynamic device group containing all Cloud PCs of a specific configuration
You might want to apply the same set of policies to all your Cloud PCs with the same computing power (vCPU and RAM). You can do this by creating a dynamic device group containing all Cloud PCs with the same Cloud PC configuration.
For the example below, we use 2 vCPU and 4GB RAM as the configuration. Anywhere you see "2vCPU/4GB" replace it with the desired configuration. You can also target a specific Cloud PC size by adding the OS storage as part of the configuration.
You can follow the below steps and create a dynamic group for any of the configurations that make up Cloud PC sizes. In these steps, you will use the Device Model device property to create the dynamic device group.
- Sign in to the Microsoft Endpoint Manager admin center > Groups > New Group.
- Select the New Group page, choose Security for Group type.
- Enter the following:
- Group name = “All 2vCPU/4GB RAM Cloud PCs".
- Group description = “A dynamic device group containing all Cloud PCs with the 2vCPU/4GB RAM configuration.
- For Membership type, choose Dynamic Device.
- Select Add dynamic query.
- On the Dynamic membership rules page, enter the following:
- Property = “deviceModel”.
- Operator = “Contains”.
- Value = “Cloud PC”.
- Select Add expression and enter the following:
- Property = “deviceModel”
- Operator = “Contains”
- Value = “2vCPU/4GB”
- To validate that it works, select Validate Rules (Preview) > Add devices > select some Cloud PCs that have the 2vCPU/4GB RAM configuration, some Cloud PCs that have a different configuration, and some non-Cloud PC devices.
- After the validation completes, select Save > Create.
Create a dynamic device group containing all Cloud PCs from a specific provisioning policy
You can also apply the same set of policies to all Cloud PCs based on the same image and located in the same region. You can do this by creating a dynamic device group that contains all Cloud PCs provisioned from a specific provisioning policy.
For the example below, we use "UX Engineering" as the name of the provisioning policy. Anywhere you see "UX Engineering" replace it with the name of your provisioning policy.
In these steps, you’ll use the Enrollment Profile Name and Device Model device property to create the dynamic device group.
- Sign in to the Microsoft Endpoint Manager admin center > Groups > New Group.
- Select the New Group page, choose Security for Group type.
- Enter the following:
- Group name = "All UX Engineering Cloud PC devices"
- Group description = "A dynamic device group containing all UX Engineering Cloud PC devices."
- For Membership type, choose Dynamic Device.
- Select Add dynamic query.
- On the Dynamic membership rules page, enter the following:
- Property = "enrollmentProfileName"
- Operator = "Equals"
- Value = "UX Engineering"
- If you used the same enrollment profile name for Windows Autopilot, Apple Device Enrollment, or Android Enterprise enrollment, then you may want to filter on Cloud PCs as well. To do so, select + Add expression to create a second query. Enter the following:
- And/Or = "And"
- Property = "deviceModel"
- Operator = "Contains"
- Value = "Cloud PC"
- To validate that it works, select Validate Rules (Preview) > Add devices > select some Cloud PCs that were provisioned from the "UX Engineering" provisioning policy, some Cloud PCs that were provisioned from a different provisioning policy, and some non-Cloud PCs.
- After the validation completes, select Save > Create.
Create device configuration profile
In this example, we’ll apply a Device restrictions device configuration profile and apply it to All Cloud PCs.
Note
If you haven’t created a dynamic device group for all Cloud PCs, follow the steps in Create a dynamic device group containing all Cloud PCs, then return here to create the device configuration profile.
Now that you’ve created a dynamic device group for all Cloud PCs, you can target policies to apply to all Cloud PCs in the tenant. To do so, follow these steps:
- Sign in to the Microsoft Endpoint Manager admin center > Devices > Configuration profiles > Create profile.
- On the Create profile page, select Windows 10 and later for the Platform and Device restrictions for Profile.
- Select Create.
- Enter a Name for the policy, like "All Cloud PCs – Device restrictions" and a useful Description.
- Select Next.
- On the Configuration settings page, select that settings and restrictions that you want applied with this profile.
- Select Next.
- On the Assignments page, choose Add groups > search for and select All Cloud PCs > Select.
- Choose Select > Next.
- On the Applicability Rules page, select Next.
- On the Review + create page, review the settings. You’ll see all the settings you selected along with the assignment to “All Cloud PCs”.
- Select Create to deploy the profile.
Microsoft Documentation: https://docs.microsoft.com/en-us/windows-365/enterprise/create-device-configuration-profile
Comments
0 comments
Article is closed for comments.