Learn to organize your Co-Managed Windows 365 Cloud PC devices with Collections!
Remember to loop back to the main deck for Windows 365 Cloud PC Healthcare Series
A few weeks back we went over on how to Deploy CM Client to Windows 365 Cloud PC Entra ID Joined (without the presence of a Cloud Management Gateway) directly associated with Windows 365 Management Design OPTION 2 (Cloud PC Entra ID Joined + hosted in Customer Azure Network).
However, at that time we missed an important aspect, and that is organizing your Windows 365 Cloud PCs with Microsoft Configuration Manager targeting them with Collections via Co-Management.
Since these (Cloud PC Entra ID Joined) devices don’t exist directly in your Active Directory environment, it is not as simple as targeting an OU or a Security group, it is a bit more complex, but not to worry!
We will show you how to develop multiple MCM Collections to strategically spread your Co-Management workloads for all your Windows 365 Cloud PC management needs.
Let’s begin!
Deploy Co-Management Collections for Windows 365 Cloud PC
First let’s cover each of the Collections we plan to develop. In Microsoft Configuration Manager, you’ll need to create multiple collections to divide your Co-Management needs. We will target each collection to a different workload.
- JSIFUENTES tenant
- All Intune devices found in your tenant
- ADJ devices (JSIFUENTES tenant)
- All Entra ID Joined devices found in your tenant
- CPC ADJ devices (JSIFUENTES tenant)
- All Cloud PC Entra ID Joined devices found in your tenant
- HDJ devices (OU=MECM)
- All Hybrid Entra ID Joined devices found in an OU in your Active Directory
- CPC HDJ devices (OU=CLOUDPC)
- All Cloud PC Hybrid Entra ID Joined devices found in an OU in your Active Directory
- Co-Management Devices
- An inclusion of above collections to target Co-Management workloads
JSIFUENTES tenant
All Intune devices found in your tenant
Assets and Compliance > create collection > JSIFUENTES tenant > collection scope (All Systems)
Name the query "Look up Tenant ID devices" > show query language > query
select SMS_R_SYSTEM.ResourceID,SMS_R_SYSTEM.ResourceType,SMS_R_SYSTEM.Name,SMS_R_SYSTEM.SMSUniqueIdentifier,SMS_R_SYSTEM.ResourceDomainORWorkgroup,SMS_R_SYSTEM.Client from SMS_R_System where SMS_R_System.AADTenantID = "4b432a61-eeab-4392-8732-409e43123456"
<<<"4b432a61-eeab-4392-8732-409e43123456" = this is your tenant ID>>>
It will find all existing devices in the Intune console
Preview the query > Run
ADJ devices (JSIFUENTES tenant)
All Entra ID Joined devices found in your tenant
Assets and Compliance > create collection > ADJ devices (JSIFUENTES tenant) > collection scope (JSIFUENTES tenant) > name the query "Look up ADJ devices in Tenant" > query
select SMS_R_SYSTEM.ResourceID,SMS_R_SYSTEM.ResourceType,SMS_R_SYSTEM.Name,SMS_R_SYSTEM.SMSUniqueIdentifier,SMS_R_SYSTEM.ResourceDomainORWorkgroup,SMS_R_SYSTEM.Client from SMS_R_System where SMS_R_System.ResourceId not in (select ResourceID from SMS_R_System where SMS_R_System.ResourceDomainORWorkgroup = "CONTOSO")
<<<"CONTOSO" = this is your domain name NETBIOS>>>
It will find devices NOT joined to your domain, only Entra ID Joined devices
Preview the query > Run
CPC ADJ devices (JSIFUENTES tenant)
All Cloud PC Entra ID Joined devices found in your tenant
Assets and Compliance > create collection > CPC ADJ devices (JSIFUENTES tenant) > collection scope (ADJ devices (JSIFUENTES tenant)) > name the query "Look up CPC ADJ devices" > query
select SMS_R_SYSTEM.ResourceID,SMS_R_SYSTEM.ResourceType,SMS_R_SYSTEM.Name,SMS_R_SYSTEM.SMSUniqueIdentifier,SMS_R_SYSTEM.ResourceDomainORWorkgroup,SMS_R_SYSTEM.Client from SMS_R_System where SMS_R_System.NetbiosName like "cpc%"
<<<"cpc%" = find devices name matching "cpc%", where "%" represents a wildcard>>>
It will find all Cloud PC ADJ devices in your tenant
Preview the query > Run
HDJ devices (OU=MECM)
All Hybrid Entra ID Joined devices found in an OU in your Active Directory
Assets and Compliance > create collection > HDJ devices (OU=MECM) > collection scope (All Systems) > name the query "Look up HDJ devices (OU=MECM)" > query
select SMS_R_SYSTEM.ResourceID,SMS_R_SYSTEM.ResourceType,SMS_R_SYSTEM.Name,SMS_R_SYSTEM.SMSUniqueIdentifier,SMS_R_SYSTEM.ResourceDomainORWorkgroup,SMS_R_SYSTEM.Client from SMS_R_System where SMS_R_System.SystemOUName = "CONTOSO.COM/MECM/COMPUTERS"
<<<"CONTOSO.COM/MECM/COMPUTERS" = find devices under an OU in your AD>>>
This will be the OU location path of your Hybrid Entra ID Joined devices in your AD
Preview the query > Run
CPC HDJ devices (OU=CLOUDPC)
All Cloud PC Hybrid Entra ID Joined devices found in an OU in your Active Directory
Assets and Compliance > create collection > CPC HDJ devices (OU=CLOUDPC) > collection scope (All Systems) > name the query "Look up CPC HDJ devices (OU=CLOUDPC)" > query
select SMS_R_System.ResourceId, SMS_R_System.ResourceType, SMS_R_System.Name, SMS_R_System.SMSUniqueIdentifier, SMS_R_System.ResourceDomainORWorkgroup, SMS_R_System.Client from SMS_R_System where SMS_R_System.SystemOUName = "CONTOSO.COM/INTUNE/CLOUDPC" and SMS_R_System.NetbiosName not like "cpc-hth%"
<<<"CONTOSO.COM/INTUNE/CLOUDPC" = find devices under an OU in your AD>>>
This will be the OU location path of your Cloud PC HDJ devices in your AD
<<<"cpc-hth%" = exclude device name matching "cpc-hth%", where "%" represents a wildcard>>>
It will exclude the Cloud PC Health Check computer objects from being scoped
Preview the query > Run
Co-Management Devices
An inclusion of above collections to target Co-Management workloads
Assets and Compliance > create collection > Co-Management Devices > collection scope (All Systems) > include collections
ADJ devices (JSIFUENTES tenant)
CPC ADJ devices (JSIFUENTES tenant)
HDJ devices (OU=MECM)
CPC HDJ devices (OU=CLOUDPC)
Update Co-Management for all new Collections
Assets and Compliance > Update Membership for All new collections
Administration > Cloud Services > Cloud Attach > Co-Management properties
Scope Co-Management to the newly created collection (Co-Management Devices)
Intune > Devices > Windows > select the Co-Managed device
You will notice now the Co-Management workloads are enabled for the Co-Managed Windows 365 Cloud PC devices
Conclusion
We hope this brings visibility and inclusion to target your Windows 365 Cloud PC Co-Management workloads for your PC management needs, if you want to learn more about Collections in Microsoft Configuration Manager "MCM", please visit the documentation below.
Create collections - Configuration Manager | Microsoft Docs
Bookmark this link for Windows 365 Cloud PC Series: https://aka.ms/HLSWindows365
Thank you for stopping by; Juan Sifuentes | CETS | Healthcare.