Deploy Co-Management Collections for Windows 365 Cloud PC
Published Apr 12 2022 12:27 AM 2,570 Views
Microsoft

Learn to organize your Co-Managed Windows 365 Cloud PC devices with Collections!

 

Remember to loop back to the main deck for Windows 365 Cloud PC Healthcare Series

 

A few weeks back we went over on how to Deploy CM Client to Windows 365 Cloud PC Azure AD Joined (without the presence of a Cloud Management Gateway) directly associated with Windows 365 Management Design OPTION 2 (Windows 365 Azure AD Joined + hosted in Customer Network).

 

However, at that time we missed an important aspect, and that is organizing your Windows 365 Cloud PCs with Microsoft Endpoint Configuration Manager targeting them with Collections via Co-Management.

 

Since these (Cloud PC Azure AD Joined) devices don’t exist directly in your Active Directory environment, it is not as simple as targeting an OU or a Security group, it is a bit more complex, but not to worry!

 

We will show you how to develop multiple MECM Collections to strategically spread your Co-Management workloads for all your Windows 365 Cloud PC management needs.

 

jsifuentes_1-1649746691761.png

Let’s begin!

 

 

Deploy Co-Management Collections for Windows 365 Cloud PC

 

First let’s cover each of the Collections we plan to develop. In Microsoft Endpoint Configuration Manager, you’ll need to create multiple collections to divide your Co-Management needs. We will target each collection to a different workload.

 

  • JSIFUENTES tenant
    • All Intune devices found in your tenant
  • ADJ devices (JSIFUENTES tenant)
    • All Azure AD Joined devices found in your tenant
  • CPC ADJ devices (JSIFUENTES tenant)
    • All Cloud PC Azure AD Joined devices found in your tenant
  • HDJ devices (OU=MECM)
    • All Hybrid Azure AD Joined devices found in an OU in your Active Directory
  • CPC HDJ devices (OU=CLOUDPC)
    • All Cloud PC Hybrid Azure AD Joined devices found in an OU in your Active Directory
  • Co-Management Devices
    • An inclusion of above collections to target Co-Management workloads

 

JSIFUENTES tenant

All Intune devices found in your tenant

 

Assets and Compliance > create collection > JSIFUENTES tenant > collection scope (All Systems)

 

jsifuentes_2-1649746691768.png

 

jsifuentes_3-1649746691776.png

 

Name the query "Look up Tenant ID devices" > show query language > query

 

 

select SMS_R_SYSTEM.ResourceID,SMS_R_SYSTEM.ResourceType,SMS_R_SYSTEM.Name,SMS_R_SYSTEM.SMSUniqueIdentifier,SMS_R_SYSTEM.ResourceDomainORWorkgroup,SMS_R_SYSTEM.Client from SMS_R_System where SMS_R_System.AADTenantID = "4b432a61-eeab-4392-8732-409e43123456"

 

 

 

<<<"4b432a61-eeab-4392-8732-409e43123456" = this is your tenant ID>>>

It will find all existing devices in the Intune console

 

jsifuentes_4-1649746691784.png

 

Preview the query > Run

jsifuentes_5-1649746691797.png

 

ADJ devices (JSIFUENTES tenant)

All Azure AD Joined devices found in your tenant

 

Assets and Compliance > create collection > ADJ devices (JSIFUENTES tenant) > collection scope (JSIFUENTES tenant) > name the query "Look up ADJ devices in Tenant" > query

 

 

select SMS_R_SYSTEM.ResourceID,SMS_R_SYSTEM.ResourceType,SMS_R_SYSTEM.Name,SMS_R_SYSTEM.SMSUniqueIdentifier,SMS_R_SYSTEM.ResourceDomainORWorkgroup,SMS_R_SYSTEM.Client from SMS_R_System where SMS_R_System.ResourceId not in (select ResourceID  from  SMS_R_System where SMS_R_System.ResourceDomainORWorkgroup = "CONTOSO")

 

 

 

<<<"CONTOSO" = this is your domain name NETBIOS>>>

It will find devices NOT joined to your domain, only Azure AD Joined devices

 

jsifuentes_6-1649746691809.png

 

Preview the query > Run

jsifuentes_7-1649746691816.png

 

CPC ADJ devices (JSIFUENTES tenant)

All Cloud PC Azure AD Joined devices found in your tenant

 

Assets and Compliance > create collection > CPC ADJ devices (JSIFUENTES tenant) > collection scope (ADJ devices (JSIFUENTES tenant)) > name the query "Look up CPC ADJ devices" > query

 

 

select SMS_R_SYSTEM.ResourceID,SMS_R_SYSTEM.ResourceType,SMS_R_SYSTEM.Name,SMS_R_SYSTEM.SMSUniqueIdentifier,SMS_R_SYSTEM.ResourceDomainORWorkgroup,SMS_R_SYSTEM.Client from SMS_R_System where SMS_R_System.NetbiosName like "cpc%"

 

 

 

<<<"cpc%" = find devices name matching "cpc%", where "%" represents a wildcard>>>

It will find all Cloud PC ADJ devices in your tenant

 

jsifuentes_8-1649746691822.png

 

Preview the query > Run

jsifuentes_9-1649746691829.png

 

HDJ devices (OU=MECM)

All Hybrid Azure AD Joined devices found in an OU in your Active Directory

 

Assets and Compliance > create collection > HDJ devices (OU=MECM) > collection scope (All Systems) > name the query "Look up HDJ devices (OU=MECM)" > query

 

 

select SMS_R_SYSTEM.ResourceID,SMS_R_SYSTEM.ResourceType,SMS_R_SYSTEM.Name,SMS_R_SYSTEM.SMSUniqueIdentifier,SMS_R_SYSTEM.ResourceDomainORWorkgroup,SMS_R_SYSTEM.Client from SMS_R_System where SMS_R_System.SystemOUName = "CONTOSO.COM/MECM/COMPUTERS"

 

 

 

<<<"CONTOSO.COM/MECM/COMPUTERS" = find devices under an OU in your AD>>>

This will be the OU location path of your Hybrid AD Joined devices in your AD

 

jsifuentes_10-1649746691843.png

 

Preview the query > Run

jsifuentes_11-1649746691849.png

 

CPC HDJ devices (OU=CLOUDPC)

All Cloud PC Hybrid Azure AD Joined devices found in an OU in your Active Directory

 

Assets and Compliance > create collection > CPC HDJ devices (OU=CLOUDPC) > collection scope (All Systems) > name the query "Look up CPC HDJ devices (OU=CLOUDPC)" > query

 

 

select SMS_R_System.ResourceId, SMS_R_System.ResourceType, SMS_R_System.Name, SMS_R_System.SMSUniqueIdentifier, SMS_R_System.ResourceDomainORWorkgroup, SMS_R_System.Client from  SMS_R_System where SMS_R_System.SystemOUName = "CONTOSO.COM/INTUNE/CLOUDPC" and SMS_R_System.NetbiosName not like "cpc-hth%"

 

 

 

<<<"CONTOSO.COM/INTUNE/CLOUDPC" = find devices under an OU in your AD>>>

This will be the OU location path of your Cloud PC HDJ devices in your AD

<<<"cpc-hth%" = exclude device name matching "cpc-hth%", where "%" represents a wildcard>>>

 

It will exclude the Cloud PC Health Check computer objects from being scoped

 

jsifuentes_12-1649746691861.png

 

Preview the query > Run

jsifuentes_13-1649746691869.png

 

Co-Management Devices

An inclusion of above collections to target Co-Management workloads

 

Assets and Compliance > create collection > Co-Management Devices > collection scope (All Systems) > include collections

 

ADJ devices (JSIFUENTES tenant)

CPC ADJ devices (JSIFUENTES tenant)

HDJ devices (OU=MECM)

CPC HDJ devices (OU=CLOUDPC)

 

jsifuentes_14-1649746691873.png

 

Update Co-Management for all new Collections

 

Assets and Compliance > Update Membership for All new collections

 

 

jsifuentes_15-1649746691892.png

 

Administration > Cloud Services > Cloud Attach > Co-Management properties

 

Scope Co-Management to the newly created collection (Co-Management Devices)

 

jsifuentes_16-1649746691896.png

 

jsifuentes_17-1649746691900.png

 

Intune > Devices > Windows > select the Co-Managed device

 

You will notice now the Co-Management workloads are enabled for the Co-Managed Windows 365 Cloud PC devices

 

jsifuentes_18-1649746691917.png

 

Conclusion

We hope this brings visibility and inclusion to target your Windows 365 Cloud PC Co-Management workloads for your PC management needs, if you want to learn more about Collections in MECM, please visit the documentation below.

Create collections - Configuration Manager | Microsoft Docs

 

 

Bookmark this link for Windows 365 Cloud PC Series: https://aka.ms/HLSWindows365

 

Thanks for visiting – Juan Sifuentes LinkedIn

 

Co-Authors
Version history
Last update:
‎Apr 12 2022 12:27 AM
Updated by: