Known issues: Windows 365 Enterprise

The following items are known issues for Windows 365 Enterprise.

Missing start menu and taskbar when using iPad and the Remote Desktop app to access a Cloud PC

When non-local admin users sign in to a Cloud PC by uinsg an iPad and the Microsoft Remote Desktop app, the start menu and task bar might be missing from the Windows 11 user interface.

Troubleshooting steps: Make sure that you have the latest version of Remote Desktop Client as found here. In addition, you can also sign in to the Cloud PC by using

Restore and automatic rolling credentials

Many devices registered with Active Directory might have a machine account password that is automatically updated. By default, these passwords are updated every 30 days. This automation applies to hybrid joined PCs but not Azure Active Directory Native PCs.

The machine account password is maintained on the Cloud PC. If the Cloud PC is restored to a point that has a previous password stored, the Cloud PC won't be able to sign onto the domain.

For more information, see Machine Account Password Process.

Cursor visible location offset from actual position

In a remote desktop session, when you click one position in a text file, the cursor in the Cloud PC has some offset with the real position.

Possible cause: In high DPI mode, both the server and Cloud PC browser scale the cursor. This conflict results in an offset between the visible cursor position and the actual cursor focus.

Troubleshooting steps: Turn off high DPI mode.

Using resize with restore

A resize of a Cloud PC eliminates all existing restore points for that Cloud PC. New restore points will be captured at the intervals defined in the user setting.

Windows doesn’t scan for software updates until the first time a user signs in

While a Windows PC (physical or Cloud PC) sits idle before the first user signs in, Windows Update doesn’t scan for or install monthly quality patches. This means that the PC might miss important security updates. Without the latest security updates, the device is exposed to security vulnerabilities.

Troubleshooting steps: Make sure that a user signs in to new Cloud PCs as soon as possible.

Windows 365 provisioning fails

Windows 365 provisioning failures may occur because both:

  • the Desired State Configuration (DSC) extension isn't signed and
  • the PowerShell Execution policy is set to Allsigned in the Group Policy Object (GPO)

Troubleshooting steps:

  1. Did the Azure network connection (ANC) fail with the following error: "An internal error occurred. The virtual machine deployment timed out."?
  2. If yes, review the related GPO. Is PowerShell Execution set to AllSigned?
  3. If it is, either remove the GPO or reset the PowerShell Execution to RemoteSigned/ByPass.
  4. Retry the ANC health check. If this succeeds, retry provisioning.

Default and custom Enrollment Status Page profiles for Windows 365 Cloud PCs

Only the default Enrollment Status Page (ESP) profile is supported for Windows 365 Cloud PCs. Custom ESP profiles aren’t supported for Cloud PCs.

For default ESP profiles, when using hybrid Azure Active Directory (Azure AD) Join, you must set the Only show page to devices provisioned by out-of-box experience (OOBE) setting to No.

Cloud PC reports as not compliant for compliance policy

The following device compliance settings report as Not applicable when being evaluated for a Cloud PC:

  • Trusted Platform Module (TPM)
  • Require encryption of data storage on device.

The following device compliance settings may report as Not Compliant when being evaluated for a Cloud PC:

  • Require BitLocker
  • Require Secure Boot to be enabled on the device. Cloud PC support for Secure boot functionality is now rolling out in Asia Pacific (APAC) regions. This feature will roll out to all customers over the next few months.

Troubleshooting steps:

  1. Create a filter for all Cloud PCs.
  2. For any existing device compliance policies that both evaluate to a Cloud PC and contain either of the Not Compliant settings, use this new filter to exclude Cloud PCs from the policy assignment.
  3. Create a new device compliance policy without either of the Not Compliant settings and use this new filter to include Cloud PCs for the policy assignment.

Next steps

Troubleshoot Windows 365 Enterprise Cloud PC