Niklas Blog

Exploring Device Management.

How to manage Windows 365 Cloud PCs from Microsoft Graph?

31 December 2023

Managing Windows 365 from Graph API

As the digital landscape continues to evolve, organizations are increasingly embracing cloud-based solutions to enhance productivity, security, and scalability. Microsoft has been at the forefront of this transformation, offering a wide range of powerful tools and services. Among them is Windows 365, a groundbreaking solution that provides Cloud PCs to users, enabling seamless remote access to a personalized Windows experience. To simplify the management of these Cloud PCs, Microsoft Graph comes into play. In this blog post, we will explore what Microsoft Graph is, its capabilities, and delve into how you can efficiently manage Windows 365 Cloud PCs using Microsoft Graph.

What is Microsoft Graph?

Microsoft Graph serves as the gateway to accessing a vast array of data and services from Microsoft 365, Azure, Windows, and other Microsoft cloud offerings. It is an intelligent API (Application Programming Interface) that enables developers to interact with various Microsoft services through a unified endpoint. By utilizing Microsoft Graph, developers can integrate their applications with Microsoft’s ecosystem, accessing users‘ data, organizational data, and leveraging powerful functionalities.

Capabilities of Microsoft Graph:

  • Data Integration: Microsoft Graph provides a unified and consistent way to access data across Microsoft 365 services, such as Office 365, SharePoint, OneDrive, Teams, and more. This unified access simplifies development efforts by eliminating the need for multiple API calls to retrieve data from different services.
  • User and Device Management: Microsoft Graph enables developers to manage users, groups, and devices within an organization. It offers features like user creation, deletion, and modification, as well as device registration, management, and policy enforcement.
  • Intelligent Insights: Microsoft Graph leverages AI capabilities to provide insights based on user activities, relationships, and preferences. Developers can utilize these insights to create intelligent applications that offer personalized experiences and recommendations.
  • Collaboration and Communication: With Microsoft Graph, developers can build applications that integrate seamlessly with communication services like Microsoft Teams, Outlook, and Yammer. This integration allows users to interact and collaborate within their preferred applications while accessing relevant data and insights.

Why Use Microsoft Graph for Windows 365 Cloud PC Management?

To highlight the benefits of using Microsoft Graph, let’s consider an example scenario where efficient deprovisioning of a Windows 365 Cloud PC is crucial.

Imagine you are an IT administrator responsible for managing a large number of Windows 365 Cloud PCs in your organization. An employee has resigned, and you need to swiftly revoke their access to their Cloud PC and ensure that no sensitive data remains accessible. This is where Microsoft Graph proves invaluable.

Using Microsoft Graph, you can programmatically retrieve the user’s Cloud PC details, such as its unique identifier, provisioning status, and associated metadata. With this information, you can initiate a deprovisioning process by sending a request to Microsoft Graph, which will revoke the user’s access to the Cloud PC and initiate cleanup procedures, ensuring data security and compliance.

By leveraging Microsoft Graph, you can automate the deprovisioning process, eliminating manual intervention and significantly reducing the time and effort required to revoke user access to Windows 365 Cloud PCs.

How to Use Microsoft Graph for Windows 365 Cloud PC Management?

To utilize Microsoft Graph for managing Windows 365 Cloud PCs, follow these steps:

  • Authentication: Establish authentication using Azure Active Directory to obtain an access token required for interacting with Microsoft Graph.
  • Query User Details: Use Microsoft Graph’s User API to retrieve information about the user whose access needs to be revoked, including their Cloud PC details.
  • Deprovisioning: Utilize the Cloud PC API within Microsoft Graph to initiate the deprovisioning process, ensuring the user’s access is revoked and the Cloud PC is securely cleaned up.
  • Monitoring and Reporting: Leverage Microsoft Graph’s logging and reporting capabilities to track the status and progress of deprovisioning operations, ensuring accountability and compliance.

By integrating these steps into your IT management processes, you can efficiently manage Windows 365 Cloud PCs, streamline user onboarding/offboarding, and maintain a secure and scalable environment.

UseCase: Deprovisioning

When you quickly need to deprovisioning a Cloud PC you can switch to https://developer.microsoft.com/en-us/graph/graph-explorer and Sign-In with you corporate credentials to access your own tenant.

Now run https://graph.microsoft.com/beta/deviceManagement/virtualEndpoint/cloudPCs as a GET query to receive all Cloud PCs from this environment:

In the result you should see the details, search for the Cloud PC that you want to deprovision. Copy the id:

Now switch to POST as the REST method:

add /your-id/microsoft.graph.endGracePeriod to the URL:

Click on Run query and wait a few minutes. Your Cloud PC should switch to the state Deprovisioning and then should be deprovisioned a few minutes later so that you can re-use the license.

Conclusion

Microsoft Graph empowers developers and IT administrators to seamlessly manage and integrate Windows 365 Cloud PCs into their organizational ecosystem. By leveraging the capabilities of Microsoft Graph, organizations can automate processes, ensure data security, and enhance productivity. Whether it’s quickly deprovisioning Cloud PCs or accessing user insights, Microsoft Graph opens up a world of possibilities for managing Windows 365 Cloud PCs efficiently. Embrace this powerful tool and unlock the full potential of your cloud-based infrastructure.