Blog Post

Healthcare and Life Sciences Blog
5 MIN READ

Deploy Co-Management Collections for Windows 365 Cloud PC

Juan_Sifuentes's avatar
Apr 12, 2022

Learn to organize your Co-Managed Windows 365 Cloud PC devices with Collections!

 

Remember to loop back to the main deck for Windows 365 Cloud PC Healthcare Series

 

A few weeks back we went over on how to Deploy CM Client to Windows 365 Cloud PC Entra ID Joined (without the presence of a Cloud Management Gateway) directly associated with Windows 365 Management Design OPTION 2 (Cloud PC Entra ID Joined + hosted in Customer Azure Network).

 

However, at that time we missed an important aspect, and that is organizing your Windows 365 Cloud PCs with Microsoft Configuration Manager targeting them with Collections via Co-Management.

 

Since these (Cloud PC Entra ID Joined) devices don’t exist directly in your Active Directory environment, it is not as simple as targeting an OU or a Security group, it is a bit more complex, but not to worry!

 

We will show you how to develop multiple MCM Collections to strategically spread your Co-Management workloads for all your Windows 365 Cloud PC management needs.

 

Let’s begin!

 

 

Deploy Co-Management Collections for Windows 365 Cloud PC

 

First let’s cover each of the Collections we plan to develop. In Microsoft Configuration Manager, you’ll need to create multiple collections to divide your Co-Management needs. We will target each collection to a different workload.

 

  • JSIFUENTES tenant
    • All Intune devices found in your tenant
  • ADJ devices (JSIFUENTES tenant)
    • All Entra ID Joined devices found in your tenant
  • CPC ADJ devices (JSIFUENTES tenant)
    • All Cloud PC Entra ID Joined devices found in your tenant
  • HDJ devices (OU=MECM)
    • All Hybrid Entra ID Joined devices found in an OU in your Active Directory
  • CPC HDJ devices (OU=CLOUDPC)
    • All Cloud PC Hybrid Entra ID Joined devices found in an OU in your Active Directory
  • Co-Management Devices
    • An inclusion of above collections to target Co-Management workloads

 

JSIFUENTES tenant

All Intune devices found in your tenant

 

Assets and Compliance > create collection > JSIFUENTES tenant > collection scope (All Systems)

 

 

 

Name the query "Look up Tenant ID devices" > show query language > query

 

 

 

 

select SMS_R_SYSTEM.ResourceID,SMS_R_SYSTEM.ResourceType,SMS_R_SYSTEM.Name,SMS_R_SYSTEM.SMSUniqueIdentifier,SMS_R_SYSTEM.ResourceDomainORWorkgroup,SMS_R_SYSTEM.Client from SMS_R_System where SMS_R_System.AADTenantID = "4b432a61-eeab-4392-8732-409e43123456"

 

 

 

 

 

<<<"4b432a61-eeab-4392-8732-409e43123456" = this is your tenant ID>>>

It will find all existing devices in the Intune console

 

 

Preview the query > Run

 

ADJ devices (JSIFUENTES tenant)

All Entra ID Joined devices found in your tenant

 

Assets and Compliance > create collection > ADJ devices (JSIFUENTES tenant) > collection scope (JSIFUENTES tenant) > name the query "Look up ADJ devices in Tenant" > query

 

 

 

 

select SMS_R_SYSTEM.ResourceID,SMS_R_SYSTEM.ResourceType,SMS_R_SYSTEM.Name,SMS_R_SYSTEM.SMSUniqueIdentifier,SMS_R_SYSTEM.ResourceDomainORWorkgroup,SMS_R_SYSTEM.Client from SMS_R_System where SMS_R_System.ResourceId not in (select ResourceID  from  SMS_R_System where SMS_R_System.ResourceDomainORWorkgroup = "CONTOSO")

 

 

 

 

 

<<<"CONTOSO" = this is your domain name NETBIOS>>>

It will find devices NOT joined to your domain, only Entra ID Joined devices

 

 

Preview the query > Run

 

CPC ADJ devices (JSIFUENTES tenant)

All Cloud PC Entra ID Joined devices found in your tenant

 

Assets and Compliance > create collection > CPC ADJ devices (JSIFUENTES tenant) > collection scope (ADJ devices (JSIFUENTES tenant)) > name the query "Look up CPC ADJ devices" > query

 

 

 

 

select SMS_R_SYSTEM.ResourceID,SMS_R_SYSTEM.ResourceType,SMS_R_SYSTEM.Name,SMS_R_SYSTEM.SMSUniqueIdentifier,SMS_R_SYSTEM.ResourceDomainORWorkgroup,SMS_R_SYSTEM.Client from SMS_R_System where SMS_R_System.NetbiosName like "cpc%"

 

 

 

 

 

<<<"cpc%" = find devices name matching "cpc%", where "%" represents a wildcard>>>

It will find all Cloud PC ADJ devices in your tenant

 

 

Preview the query > Run

 

HDJ devices (OU=MECM)

All Hybrid Entra ID Joined devices found in an OU in your Active Directory

 

Assets and Compliance > create collection > HDJ devices (OU=MECM) > collection scope (All Systems) > name the query "Look up HDJ devices (OU=MECM)" > query

 

 

 

 

select SMS_R_SYSTEM.ResourceID,SMS_R_SYSTEM.ResourceType,SMS_R_SYSTEM.Name,SMS_R_SYSTEM.SMSUniqueIdentifier,SMS_R_SYSTEM.ResourceDomainORWorkgroup,SMS_R_SYSTEM.Client from SMS_R_System where SMS_R_System.SystemOUName = "CONTOSO.COM/MECM/COMPUTERS"

 

 

 

 

 

<<<"CONTOSO.COM/MECM/COMPUTERS" = find devices under an OU in your AD>>>

This will be the OU location path of your Hybrid Entra ID Joined devices in your AD

 

 

Preview the query > Run

 

CPC HDJ devices (OU=CLOUDPC)

All Cloud PC Hybrid Entra ID Joined devices found in an OU in your Active Directory

 

Assets and Compliance > create collection > CPC HDJ devices (OU=CLOUDPC) > collection scope (All Systems) > name the query "Look up CPC HDJ devices (OU=CLOUDPC)" > query

 

 

 

 

select SMS_R_System.ResourceId, SMS_R_System.ResourceType, SMS_R_System.Name, SMS_R_System.SMSUniqueIdentifier, SMS_R_System.ResourceDomainORWorkgroup, SMS_R_System.Client from  SMS_R_System where SMS_R_System.SystemOUName = "CONTOSO.COM/INTUNE/CLOUDPC" and SMS_R_System.NetbiosName not like "cpc-hth%"

 

 

 

 

 

<<<"CONTOSO.COM/INTUNE/CLOUDPC" = find devices under an OU in your AD>>>

This will be the OU location path of your Cloud PC HDJ devices in your AD

<<<"cpc-hth%" = exclude device name matching "cpc-hth%", where "%" represents a wildcard>>>

 

It will exclude the Cloud PC Health Check computer objects from being scoped

 

 

Preview the query > Run

 

Co-Management Devices

An inclusion of above collections to target Co-Management workloads

 

Assets and Compliance > create collection > Co-Management Devices > collection scope (All Systems) > include collections

 

ADJ devices (JSIFUENTES tenant)

CPC ADJ devices (JSIFUENTES tenant)

HDJ devices (OU=MECM)

CPC HDJ devices (OU=CLOUDPC)

 

 

Update Co-Management for all new Collections

 

Assets and Compliance > Update Membership for All new collections

 

 

 

Administration > Cloud Services > Cloud Attach > Co-Management properties

 

Scope Co-Management to the newly created collection (Co-Management Devices)

 

 

 

Intune > Devices > Windows > select the Co-Managed device

 

You will notice now the Co-Management workloads are enabled for the Co-Managed Windows 365 Cloud PC devices

 

 

Conclusion

We hope this brings visibility and inclusion to target your Windows 365 Cloud PC Co-Management workloads for your PC management needs, if you want to learn more about Collections in Microsoft Configuration Manager "MCM", please visit the documentation below.

Create collections - Configuration Manager | Microsoft Docs

 

 

Bookmark this link for Windows 365 Cloud PC Series: https://aka.ms/HLSWindows365

 

Thank you for stopping by; Juan Sifuentes | CETS | Healthcare.

    

Updated Oct 23, 2024
Version 3.0
No CommentsBe the first to comment