Windows 365: How to Create a Provisioning Policy

This blog post will demonstrate creating provisioning policies for Windows 365 Cloud PCs. These policies contain key rules and settings that the Windows 365 service uses to set up and configure users Cloud PCs.

A provisioning policy provides below Information to Windows 365 service for setting up a Cloud PC:

  1. Join Cloud PC as Microsoft Entra Join or Hybrid Microsoft Entra Join.
  2. Join Cloud PC to Microsoft Hosted Network or Azure network connection.
  3. Which geography and region should be used to place your cloud PC?
  4. Windows 10 or Windows 11 Gallery Image or use a Custom Image.
  5. Set Windows Language & Region settings.
  6. Select Automatic patching or Manual Patching.

What Happens After Assigning a Provisioning Policy to Entra Security Group?

After creating and assigning a provisioning policy to the Microsoft Entra security group containing users, the Windows 365 service conducts the following checks:

  1. Checks for appropriate licensing for each user – Windows 365 service will check if a valid license has been assigned to the user for provisioning a Cloud PC. If not, Cloud PC will not be provisioned.
  1. Configures the Cloud PCs accordingly – The configuration of the Cloud PC aligns with the assigned provisioning policy for the user. For example, this includes whether to perform a Microsoft Entra Join or Microsoft Entra Hybrid Join. It’s important to note that if multiple provisioning policies are assigned to a user, only the first one assigned will be used for the provisioning process.

After provisioning a Cloud PC, any changes to the provisioning policy will not impact existing Cloud PCs. Only newly provisioned Cloud PCs will receive the updated provisioning policy settings. To apply provisioning policy changes to an existing Cloud PC, you can reprovision/reset it.

Impact of Provisioning Policy Changes

Steps to Create a Windows 365 Provisioning Policy

To create a provisioning policy for Windows 365 Cloud PCs, follow the below steps:

  • Sign in to the Intune admin center.
  • Navigate to Devices > Windows 365 > Provisioning policies.
  • Click on Create Policy.
Steps to Create a Windows 365 Provisioning Policy
Steps to Create a Windows 365 Provisioning Policy

General Tab

In the General tab of the new policy, you will find below options to configure:

  • Name: Specify the name of the provisioning policy.
  • Description: Describe the policy.
  • License type: Choose Enterprise or Frontline based on the Windows 365 license assigned to end users. If a user is assigned a Windows 365 Enterprise license, select the License Type as Enterprise.
  • Join type: Select either Microsoft Entra Join or Hybrid Microsoft Entra Join. If you are a full cloud organization with no connection to Active Directory Infrastructure, go with Microsoft Entra Join.
  • Network: Select the network your Cloud PC will be plugged into:
    • Microsoft hosted network – Microsoft managed network with outbound Internet connectivity only. As a security measure, there will not be any inbound connectivity to the cloud PC.
    • Azure network connection – You can plug your Cloud PC into an existing Vnet/Subnet in your Azure subscription. If you have created an Azure network connection in Windows 365, you can select this option and select the connection created from the drop-down.
  • Geography: Choose the geography for PC provisioning, then select the region. You can explicitly choose a region (e.g., UK South) or opt for Automatic (Recommended), allowing the Windows 365 service to select the region for the Cloud PC automatically.
  • Use Microsoft Entra single sign-on: Windows 365 offers single sign-on, which provides a Single authentication prompt that can satisfy Windows 365 service and Cloud PC authentication.
Steps to Create a Windows 365 Provisioning Policy
Steps to Create a Windows 365 Provisioning Policy


Choose the Windows Image to create your assigned Cloud PC. You can use one of the Gallery images, or if you are on Windows 365 Enterprise, you can also go with a Custom Windows Image.

One advantage of using an Image from the Gallery is that Microsoft automatically updates the image with the latest patches. So, when Provisioning your Cloud PCs, users will get the OS with the latest Quality and feature updates.

Select the Windows Image for Cloud PCs
Select the Windows Image for Cloud PCs

Configuration Tab

On the configuration tab, we will configure the following:

  • Windows settings
    • Language & Region – Select the language. I will go with English (United Kingdom).
  • Cloud PC naming
    • Apply device name template – If you want to assign the name of the Cloud PC based on the device name template, then you can select the check box and provide the value here. For example, I am using a device name template as Xyz-W365-%RAND:5%.
  • Additional Services
    • Select a service – These services are available at no extra cost, including Windows Autopatch. You can also select None to manage the quality and feature updates yourself.
Configuration tab of the Windows 365 Provisioning policy
Configuration tab of the Windows 365 Provisioning policy


Click Add groups and choose the Entra security group name containing the users to whom you wish to assign Cloud PCs.

Review + create

Review the Provisioning policy summary and click on Create to create the policy. You can find the policies you created under the Provisioning policies tab.

Windows 365 provisioning policy has been created successfully
Windows 365 provisioning policy has been created successfully

Leave a Comment