From time to time, your employees may need to relocate from a location to another. Or more often, a new Microsoft Datacenter might pop on a location that is nearer to your employees. Those are some of the examples when you need to move your Windows 365 Cloud PC from one Microsoft Datacenter to another. In this blog post, we will take a look at the steps required to move your Cloud PC workload in a Microsoft Hosted Network configuration.
When the time comes to move your Cloud PC to another location, most important thing to consider is; this is not an actual “move” or “migration”. Meaning your Cloud PC is not moving from one location to another, instead you are able to provision a new CPC in the target location. Activities needed to perform a CPC move is dependent on mostly the network choice you have made in your architecture.
This post is focusing on the case you utilize MS Hosted network connectivity for your Cloud PCs. As a refresher of the networking environment, in this case Microsoft is providing the network connectivity required for the cloud pc to connect to the internet.
Let us walk through the scenario of a user that is working in the US West Coast, moves to an EU location. Since the user moves to EU location, it is a smarter decision to utilize a Microsoft Datacenter closer to the user to avoid network latencies etc.
As you see, there is a Cloud PC provisioned for the user firstname.lastname@example.org. This device is using a provisioning policy called MS Hosted – West US and a Windows 11 Enterprise image with Microsoft 365 Apps.
In the available Provisioning Policies, we are able to see the policy in place.
On the details of provisioning policy, we are able to see the Azure Region that this policy is utilizing. In this case, policy is utilizing (US) West US 3 Azure Region. We can also see other details such as the image that is being used in the policy, language and regional settings applied onto Cloud Pc as well as additional services that are utilized by the cloud PC.
In the User settings we are able to see the settings that are applied on the cloud pc. Such as having users as local admins and the frequency of Restore Point Service etc.
We also see that this User configuration is assigned to the user group named “West US CPC Users”.
Preparing for the move
Since we are utilizing MS Hosted networking option; there is not much task or configuration we need to set. We need to create a new provisioning policy that is utilizing EU datacenter region, create a new user group to have provisioning policy assigned; and edit / create a new User Configuration in case we would like to change the existing settings for the EU users.
Let’s start with creating user group.
Using “Groups” node in the Intune portal; selecting “New Group” task from the ribbon, we are naming our group as “EU CPC Users”.
After creating the user group, we will need to assign licenses to the group; so that users that are assigned to those groups are going to be licensed with a cloud pc, allowing a new cloud pc to be provisioned.
We can see the active license assignments from group details and change if needed.
Next thing required is the user settings. Since a user is moving from one location to another; we can keep the settings “As Is” and just assign newly created group to the existing CPC User Settings.
We can see assignments in the details of User Config that is in use, simply click on “Edit” task and add the new user group that will be used in the new datacenter region.
You can obviously create another user setting and apply this to the newly created user group. Idea is simple; user group should have a targeted user setting.
Finally, we will create a new Provisioning Policy utilizing target Azure DC Region; and assign it to the newly created user group. There should be at least one provisioning policy that is in use.
We will utilize “Create Policy” task under Provisioning Policies tab in Windows 365 node as usual.
Name our provisioning policy according to our naming standards; i preferred using “MS Hosted – EU North” as an example. Since we are using MS Hosted Network, it is not possible to Hybrid Azure AD Join our cloud pc as it requires bringing our own network. – We will focus on that scenario as well. So we’ll Azure AD Join our Cloud PC; select “Microsoft Hosted Network” from the available network connections drop down menu and finally select the location of Azure Region we would like to utilize. In this example I have selected North Europe.
As a next step in the provisioning policy wizard; we will need to select the image that will be used in the new cloud pc’s that will provision using this policy. I have selected the latest build while this post is being written.
Final configuration is the language and region information for our cloud pcs. Also, we can opt-in to Windows Autopatch and let Windows Autopatch service manage Cloud PC’s software updates for us.
Last step in the wizard is assignment step. This is the place where we will define which user groups will utilize this provisioning policy to provision cloud pcs. As you can imagine, target user group is “EU CPC Users” for my scenario.
After configuring the provisioning policy and assigning it to the user group, we are able to review the configuration that will happen and make changes as needed. Once we click on “Create” button; new provisioning policy will be created in the matter of seconds.
So far, we have:
- Created a user group that will include employees who will work from new location
- Assigned Cloud PC licenses to the target user group
- Assigned existing Cloud PC Settings to the target user group
- Created a provisioning policy and assigned it to the target user group
Meaning we are ready for the move from one location to another.
As mentioned in the introduction section; this is not an actual move of a Cloud PC from one location to another; or a migration. It is rather de-provisioning of the existing pc and provisioning of a new Cloud PC in the new location.
However there are certain things to consider in this scenario:
- Cloud PC Size
- Data stored on the existing CPC
- De-provisioning existing CPC
- Provisioning new CPC
Cloud PC Size
First let’s assign the user with the new provisioning policy. Since user will not be a member of existing West US CPC Users group after the move, it is a better idea to make user a member of new group:
Adding user to EU CPC Users group, will help user to keep their license for Windows 365, have a provisioning policy applied as well as the cloud pc user settings for the user. However a Cloud PC in the new region will not be provisioned as it is the same size with the existing CPC. If the sizes were different, then user could have the second CPC provisioned in the new region. However since the sizes are same; first CPC needs to be de-provisioned before the second being provisioned. Which brings the second item to consider: Data stored on the existing CPC.
Data Stored on the Existing CPC
Since De-provisioning of the cloud pc will delete all of its files, including user profile; it is a good practice to leverage OneDrive for Business for the user data. Let’s check the configuration from the cloud pc.
As we can confirm from the OneDrive for Business; Known folders like Desktop, Documents and Pictures are synced with the cloud; which helps to check an important checkbox regarding data availability after de-provisioning of the device.
However, it is always a good practice to send an e-mail notification to the end users to make sure they do not store company data outside of the onedrive protected folders. Once these are done, the next item to consider is about de-provisioning the existing devices:
De-provisioning Existing CPC
As you are already familiar with the concept of a Cloud PC, a user must have three items in place for a CPC:
- License assigned
- Provisioning policy applied
- User settings applied
Since our user already has a cloud pc running in West US region, and the policy is applied to the user via group membership; it would be a simple step to remove the user from the existing West US CPC Users group.
This action will start a grace period of 7 days for the existing cloud pc. Meaning user will be able to use their cloud PC in this region for another week. Which also means that user will not be able to get a new device provisioned and will have to wait until the end of grace period.
It is obviously possible to end grace period by an admin from Intune console, which can be useful for a couple of devices; but if you are looking to make de-provisioning of the cloud pc’s in batches; you may take a look at the PowerShell script that is written by Jake Stoker to bulk de-provision Cloud PCs that are in Grace Period.
Let’s hit End grace period option and confirm the destructive action warning to have de-provisioning started.
Provisioning New CPC
As we end the grace period of an existing Cloud PC for the user moving from one region to another, since they belong to a user group that is targeted by the provisioning policy that is utilizing new region; (in our case, EU – North) provisioning of a Cloud PC in that region should start and complete in a matter of minutes.
User now can see the CPC that is provisioned in the new region.
And can log in to their cloud PC and use it as usual.
Since user data is stored in OneDrive for Business, user will be able to be productive in a matter of minutes after creating cloud pc in the new location.
Moving Windows 365 cloud pc’s from one datacenter region to another is not possible – at least while this post is written. We walked through the process of de-provisioning existing cloud pc and re-provisioning it in the new dc region in a Microsoft Hosted Network scenario. Bring Your Own Network scenario is also similar, with a slight difference of requirement to create a new vNet in the new datacenter.