Moving a Windows 365 Cloud PC From One DC Region to Another – MS Hosted Network

This post has been republished via RSS; it originally appeared at: Microsoft Tech Community - Latest Blogs - .

From time to time, your employees may need to relocate from a location to another. Or more often, a new Microsoft Datacenter might pop on a location that is nearer to your employees. Those are some of the examples when you need to move your Windows 365 Cloud PC from one Microsoft Datacenter to another. In this blog post, we will take a look at the steps required to move your Cloud PC workload in a Microsoft Hosted Network configuration.

 

When the time comes to move your Cloud PC to another location, most important thing to consider is; this is not an actual “move” or “migration”. Meaning your Cloud PC is not moving from one location to another, instead you are able to provision a new CPC in the target location. Activities needed to perform a CPC move is dependent on mostly the network choice you have made in your architecture.

 

This post is focusing on the case you utilize MS Hosted network connectivity for your Cloud PCs. As a refresher of the networking environment, in this case Microsoft is providing the network connectivity required for the cloud pc to connect to the internet.

 

Network architecture of Azure AD Join - Microsoft Hosted Network optionNetwork architecture of Azure AD Join - Microsoft Hosted Network option

 

Current Status

Let us walk through the scenario of a user that is working in the US West Coast, moves to an EU location. Since the user moves to EU location, it is a smarter decision to utilize a Microsoft Datacenter closer to the user to avoid network latencies etc.

 

Screenshot from Intune Console - Windows 365 Devices Node, All Cloud PCs ViewScreenshot from Intune Console - Windows 365 Devices Node, All Cloud PCs View

As you see, there is a Cloud PC provisioned for the user yaz@mwpdemo.site. This device is using a provisioning policy called MS Hosted – West US and a Windows 11 Enterprise image with Microsoft 365 Apps.

 

Screenshot from Intune Console - Windows 365 Node, Provisioning Policies ViewScreenshot from Intune Console - Windows 365 Node, Provisioning Policies View

In the available Provisioning Policies, we are able to see the policy in place.

 

Screenshot from Intune Console - Windows 365 Node, Provisioning Policy Detail ViewScreenshot from Intune Console - Windows 365 Node, Provisioning Policy Detail View

On the details of provisioning policy, we are able to see the Azure Region that this policy is utilizing. In this case, policy is utilizing (US) West US 3 Azure Region. We can also see other details such as the image that is being used in the policy, language and regional settings applied onto Cloud Pc as well as additional services that are utilized by the cloud PC.

 

Screenshot from Intune Console - Windows 365 Node, User Settings ViewScreenshot from Intune Console - Windows 365 Node, User Settings View

In the User settings we are able to see the settings that are applied on the cloud pc. Such as having users as local admins and the frequency of Restore Point Service etc.

 

Screenshot from Intune Console - Windows 365 Node, User Settings Detail ViewScreenshot from Intune Console - Windows 365 Node, User Settings Detail View

We also see that this User configuration is assigned to the user group named “West US CPC Users”.

Preparing for the move

Since we are utilizing MS Hosted networking option; there is not much task or configuration we need to set. We need to create a new provisioning policy that is utilizing EU datacenter region, create a new user group to have provisioning policy assigned; and edit / create a new User Configuration in case we would like to change the existing settings for the EU users.

 

Let’s start with creating user group.

 

Using “Groups” node in the Intune portal; selecting “New Group” task from the ribbon, we are naming our group as “EU CPC Users”.

 

Screenshot from Intune Console - Groups Node, Group Creation ViewScreenshot from Intune Console - Groups Node, Group Creation View

After creating the user group, we will need to assign licenses to the group; so that users that are assigned to those groups are going to be licensed with a cloud pc, allowing a new cloud pc to be provisioned.

 

Screenshot from Intune Console - Groups Node, Group License Assignment ViewScreenshot from Intune Console - Groups Node, Group License Assignment View

We can see the active license assignments from group details and change if needed.

 

Screenshot from Intune Console - Windows 365 Node, User Settings ViewScreenshot from Intune Console - Windows 365 Node, User Settings View

Next thing required is the user settings. Since a user is moving from one location to another; we can keep the settings “As Is” and just assign newly created group to the existing CPC User Settings.

 

Screenshot from Intune Console - Windows 365 Node, User Settings Detail ViewScreenshot from Intune Console - Windows 365 Node, User Settings Detail View

We can see assignments in the details of User Config that is in use, simply click on “Edit” task and add the new user group that will be used in the new datacenter region.

 

Screenshot from Intune Console - Windows 365 Node, User Settings Assignment ViewScreenshot from Intune Console - Windows 365 Node, User Settings Assignment View

You can obviously create another user setting and apply this to the newly created user group. Idea is simple; user group should have a targeted user setting.

 

Finally, we will create a new Provisioning Policy utilizing target Azure DC Region; and assign it to the newly created user group. There should be at least one provisioning policy that is in use.

Screenshot from Intune Console - Windows 365 Node, Provisioning Policies ViewScreenshot from Intune Console - Windows 365 Node, Provisioning Policies View

We will utilize “Create Policy” task under Provisioning Policies tab in Windows 365 node as usual.

 

Screenshot from Intune Console - Windows 365 Node, New Provisioning Policy Creation ViewScreenshot from Intune Console - Windows 365 Node, New Provisioning Policy Creation View

Name our provisioning policy according to our naming standards; i preferred using “MS Hosted – EU North” as an example. Since we are using MS Hosted Network, it is not possible to Hybrid Azure AD Join our cloud pc as it requires bringing our own network. – We will focus on that scenario as well. So we’ll Azure AD Join our Cloud PC; select “Microsoft Hosted Network” from the available network connections drop down menu and finally select the location of Azure Region we would like to utilize. In this example I have selected North Europe.

 

Screenshot from Intune Console - Windows 365 Node, Provisioning Policy Creation ViewScreenshot from Intune Console - Windows 365 Node, Provisioning Policy Creation View

As a next step in the provisioning policy wizard; we will need to select the image that will be used in the new cloud pc’s that will provision using this policy. I have selected the latest build while this post is being written.

 

Screenshot from Intune Console - Windows 365 Node, Provisioning Policy Creation ViewScreenshot from Intune Console - Windows 365 Node, Provisioning Policy Creation View

Final configuration is the language and region information for our cloud pcs. Also, we can opt-in to Windows Autopatch and let Windows Autopatch service manage Cloud PC’s software updates for us.

 

Screenshot from Intune Console - Windows 365 Node, Provisioning Policy Creation ViewScreenshot from Intune Console - Windows 365 Node, Provisioning Policy Creation View

Last step in the wizard is assignment step. This is the place where we will define which user groups will utilize this provisioning policy to provision cloud pcs. As you can imagine, target user group is “EU CPC Users” for my scenario.

 

Screenshot from Intune Console - Windows 365 Node, Provisioning Policy Creation ViewScreenshot from Intune Console - Windows 365 Node, Provisioning Policy Creation View

After configuring the provisioning policy and assigning it to the user group, we are able to review the configuration that will happen and make changes as needed. Once we click on “Create” button; new provisioning policy will be created in the matter of seconds.

 

Screenshot from Intune Console - Windows 365 Node, Provisioning Policies ViewScreenshot from Intune Console - Windows 365 Node, Provisioning Policies View

 

So far, we have:

  • Created a user group that will include employees who will work from new location
  • Assigned Cloud PC licenses to the target user group
  • Assigned existing Cloud PC Settings to the target user group
  • Created a provisioning policy and assigned it to the target user group

Meaning we are ready for the move from one location to another.

 

The Move

As mentioned in the introduction section; this is not an actual move of a Cloud PC from one location to another; or a migration. It is rather de-provisioning of the existing pc and provisioning of a new Cloud PC in the new location.

However there are certain things to consider in this scenario:

  1. Cloud PC Size
  2. Data stored on the existing CPC
  3. De-provisioning existing CPC
  4. Provisioning new CPC

 

Cloud PC Size

First let’s assign the user with the new provisioning policy. Since user will not be a member of existing West US CPC Users group after the move, it is a better idea to make user a member of new group:

 

Screenshot from Intune Console - Groups Node, Group Membership ViewScreenshot from Intune Console - Groups Node, Group Membership View

Adding user to EU CPC Users group, will help user to keep their license for Windows 365, have a provisioning policy applied as well as the cloud pc user settings for the user. However a Cloud PC in the new region will not be provisioned as it is the same size with the existing CPC. If the sizes were different, then user could have the second CPC provisioned in the new region. However since the sizes are same; first CPC needs to be de-provisioned before the second being provisioned. Which brings the second item to consider: Data stored on the existing CPC.

 

Data Stored on the Existing CPC

Since De-provisioning of the cloud pc will delete all of its files, including user profile; it is a good practice to leverage OneDrive for Business for the user data. Let’s check the configuration from the cloud pc.

 

Screenshot from Web Access to Cloud PC, OneDrive for Business Folder is Open on DesktopScreenshot from Web Access to Cloud PC, OneDrive for Business Folder is Open on Desktop

As we can confirm from the OneDrive for Business; Known folders like Desktop, Documents and Pictures are synced with the cloud; which helps to check an important checkbox regarding data availability after de-provisioning of the device.

 

Screenshot from Web Access to Cloud PC, Documents Folder is Open on DesktopScreenshot from Web Access to Cloud PC, Documents Folder is Open on Desktop

However, it is always a good practice to send an e-mail notification to the end users to make sure they do not store company data outside of the onedrive protected folders. Once these are done, the next item to consider is about de-provisioning the existing devices:

 

De-provisioning Existing CPC

As you are already familiar with the concept of a Cloud PC, a user must have three items in place for a CPC:

  • License assigned
  • Provisioning policy applied
  • User settings applied

Since our user already has a cloud pc running in West US region, and the policy is applied to the user via group membership; it would be a simple step to remove the user from the existing West US CPC Users group.

 

Screenshot from Intune Console - Groups Node, Group Membership ViewScreenshot from Intune Console - Groups Node, Group Membership View

This action will start a grace period of 7 days for the existing cloud pc. Meaning user will be able to use their cloud PC in this region for another week. Which also means that user will not be able to get a new device provisioned and will have to wait until the end of grace period.

 

Screenshot from Intune Console - Windows 365 Node, All Cloud PCs ViewScreenshot from Intune Console - Windows 365 Node, All Cloud PCs View

It is obviously possible to end grace period by an admin from Intune console, which can be useful for a couple of devices; but if you are looking to make de-provisioning of the cloud pc’s in batches; you may take a look at the PowerShell script that is written by Jake Stoker to bulk de-provision Cloud PCs that are in Grace Period.

 

Screenshot from Intune Console - Windows 365 Node, All Cloud PCs ViewScreenshot from Intune Console - Windows 365 Node, All Cloud PCs View

Let’s hit End grace period option and confirm the destructive action warning to have de-provisioning started.

 

Provisioning New CPC

As we end the grace period of an existing Cloud PC for the user moving from one region to another, since they belong to a user group that is targeted by the provisioning policy that is utilizing new region; (in our case, EU – North) provisioning of a Cloud PC in that region should start and complete in a matter of minutes.

Screenshot from Intune Console - Windows 365 Node, All Cloud PCs ViewScreenshot from Intune Console - Windows 365 Node, All Cloud PCs View

User now can see the CPC that is provisioned in the new region.

 

Screenshot from Web Access to Cloud PC, Homepage ViewScreenshot from Web Access to Cloud PC, Homepage View

And can log in to their cloud PC and use it as usual.

 

Screenshot from Web Access to Cloud PC, Documents Folder is Open on DesktopScreenshot from Web Access to Cloud PC, Documents Folder is Open on Desktop

Since user data is stored in OneDrive for Business, user will be able to be productive in a matter of minutes after creating cloud pc in the new location.

 

Wrap up

Moving Windows 365 cloud pc's from one datacenter region to another is not possible - at least while this post is written. We walked through the process of de-provisioning existing cloud pc and re-provisioning it in the new dc region in a Microsoft Hosted Network scenario. Bring Your Own Network scenario is also similar, with a slight difference of requirement to create a new vNet in the new datacenter.

Leave a Reply

Your email address will not be published. Required fields are marked *

*

This site uses Akismet to reduce spam. Learn how your comment data is processed.