Custom images for Windows 365 Cloud PC
I want to share my experience building and assigning a custom image for Windows 365 Cloud PC. I already wrote a blog about the Azure Image Builder process and the prerequisites. We are using Microsoft Intune, Azure Image Builder (AIB), PowerShell and ARM templates for this in combination with GitHub Actions. By adding custom configuration on the marketplace image we will give the user the possibility to restart a Windows 365 Cloud PC from the startmenu.
In my demo scenario I divided all the steps into separate actions to make it more easy to read, but you can combine it easily in GitHub Actions or Azure DevOps. Also, you can use the variables from Azure DevOps variable groups or retrieve info from Azure key vault to fill the variables.
All scripts can be found on my GitHub and can be used in other environments when changing variables. The variables can be found in the vars folder. Always check first before running scripts! |
Scenario:
- You want to use custom configuration on a marketplace image that you want to use with Windows 365 Cloud PC.
- The image will be created by using Azure Image Builder.
- The image will be distributed as a managed image so you can import it directly in Windows 365 custom images.
- The whole process will be automated with GitHub Actions.
- From here add the custom image in Windows 365 manually.
- Assign the custom image to a provisioning policy in Windows 365.
Prerequisites:
- An admin account with global administrator rights and full permissions on the subscription.
- Have a Windows 365 enterprise license.
- Integrate your Azure tenant with GitHub (Actions) or Azure DevOps (Pipelines) to run the code using yml files.
Create the image
There are multiple prerequistes before we can start deploying images. Use the deploy-cpc-aib-identity action for deploying the User-Assigned Managed Identity for Windows 365 Cloud PC.
There are multiple things to consider when you start creating custom image for Windows 365 Cloud PC:
- Use only Windows 10/11 Enterprise Gen 2 supported images.
- Check if the VM size you select for building supports gen 2 and that the OS disk size is equal or less than the disk size mentioned in the Windows 365 Cloud PC license. Otherwise you will see the message below when you try to add the custom image to the provisioning policy.
If the requirements are met we can check the configuration you want to apply during the Azure Image Builder process. Check the baseline-cpc-aib-image in the resources folder, it contains the configuration I want to apply on the image.
Build the image by running the action build-cpc-aib-image. The action will do the following:
- Generates a unique version number for the Windows 365 custom managed image. It must have the major.minor.revision construction. I used in DevOps $(Product).$(Major).$(Minor).$(Date:yyyMMdd)$(Rev:.r) with $($env:BUILD_BUILDNUMBER) and in GitHub ${{GITHUB.RUN_NUMBER}} with $vars.major + “.“ + $vars.minor + “.“ + $date + $buildNumber.
- Upload the baseline configuration file to Azure storage blob container and generate a SAS URI that will replace the in the deployment JSON.
- Use the version number generated earlier to submit the Azure Image Builder template with a unique name to the Azure Image Builder service.
After the process is done you will find all the resources in the resource group you used for the Azure Image Builder process.
Add the custom image in Windows 365
After the process is completed successfully, you have the possibility to add the image to Windows 365 custom images. Add the custom image to Windows 365 custom images. Go to endpoint.microsoft.com, Devices, Windows 365, Custom images and select the subscription where the resources are deployed in. You should be able to select the image like in the example below.
Add the custom image to the provisioning policy
After the custom image is added it’s possible to assign the custom image to a provisioning policy. You can update the provisioning policy with the new image version, without impacting Cloud PC’s that are already provisioned.
It’s necessary to reprovision Cloud PC’s that are already enrolled to apply the new custom image version. |
Wait till the provisioning process is done and check your Windows 365 Cloud PC that’s running your custom image! You can find the AIB logging and DeprovisioningScript.ps1 on the C drive. |
Remove resources and check for errors
There will be a resource group called something like IT_\DestinationResourceGroup_\TemplateName_\(GUID) that was used for the AIB process. Within this resource group you will find a storage account with the packer logs. Check the customization.log for errors.
The resource group will be deleted automatically when you remove the Image template.
[avs_posts_tag]