Troubleshoot provisioning errors
The following errors can occur during Cloud PC provisioning.
Microsoft Entra ID service connection point (SCP) misconfigured
The service connection point (SCP) is used by your Cloud PCs to discover your Microsoft Entra tenant information. You must configure your SCPs by using Microsoft Entra Connect for each forest you plan to join Cloud PCs to.
If the SCP configuration doesn't exist, or can't be discovered by using the vNet declared, provisioning will fail.
To understand more about the SCP and learn how to configure it, see the Microsoft Entra documentation.
Suggested test: Confirm with your identity team that the SCP exists for all target forests.
Azure network connection isn’t healthy
Cloud PC provisioning will be blocked if the associated ANC isn’t healthy.
The ANC will refresh every 6 hours. Provisioning will fail if the ANC refresh fails while provisioning is under way.
Suggested test: Make sure that the ANC is healthy and retry the provisioning.
Disk allocation error
Windows 365 provisioned the Cloud PC but didn’t allocate the full OS storage according to what the user should have received based on their assigned Windows 365 license. As a result, the user won’t see or be able to use the full storage that they were assigned.
Suggested test: Retry provisioning.
Domain join failed
Windows 365 failed to join the Cloud PC to your on-premises Active Directory (AD) domain. This failure can be caused by many factors that are in control of your organization.
- Makes sure that the AD domain, organizational unit (OU), and credentials in the associated Azure network connection (ANC) are correct.
- Make sure that the domain join user has sufficient permissions to perform the domain join.
- Make sure that the vNet and subnet can reach a domain controller correctly.
JsonADDomainExtension is the Azure function used to perform this domain join. Make sure that everything required for this domain join to be successful is in place.
Suggested test: Attach an Azure VM to the configured vNet and perform a domain join using the credentials provided.
Microsoft Entra hybrid join failed
Windows 365 doesn’t perform any Microsoft Entra hybrid join function for the customer. Microsoft Entra hybrid join must be configured and healthy as a pre-requisite for Cloud PC.
If provisioning fails because of Microsoft Entra hybrid join, it’s likely because of an insufficient sync period configured in your AD Sync service. Make sure that Microsoft Entra Connect is configured to sync the AD computer objects every 30 minutes, and no more than 60 minutes. This step will time out if the Microsoft Entra object doesn’t appear within 90 minutes.
Another factor to consider is your on-premises AD replication time. Make sure that the domain controller being used for Windows 365 will be replicated fast enough to make it into Microsoft Entra ID within this five hour timeout window.
If your organization uses Active Directory Federation Services (ADFS), this registration process is optimized and may result in Cloud PC provisioning completing faster than a Microsoft Entra Connect sync might.
Suggested test: Check to see that the AD object:
- Appears in the correct OU.
- Is successfully synced to Microsoft Entra ID before provisioning times out.
Intune enrollment failed
Windows 365 performs a device-based MDM enrollment into Intune.
If Intune enrollment is failing, make sure that:
- All of the required Intune endpoints are available on the vNet of your Cloud PCs.
- There are no MDM enrollment restrictions on the tenant. Windows corporate device enrollment is allowed in custom and default policies.
- The Intune tenant is active and healthy.
- If co-managing Cloud PCs with Intune and Configuration Manager, ensure that the Cloud PC OU isn't targeted for client push installation. Instead deploy the Configuration Manager agent from Intune. For more information, see Configuration Manager client installation methods.
Suggested test: Attempt an Intune enrollment using a test device or VM.
License not found
While a provisioning is in progress, someone has removed the user’s Windows 365 license
Suggested test: Make sure that the user has a valid license associated.
Local administrator permissions error
Windows 365 provisioned the Cloud PC but didn’t grant the user local administrator permissions as defined by a User Settings policy. As a result, the user won’t be an administrator on their Cloud PC. So, they can’t make system-level changes or install apps on the system-level context.
Suggested test: Retry provisioning or create a new User Settings policy.
Microsoft Teams optimization error
Windows 365 provisioned the Cloud PC. However, it didn’t configure the Cloud PC to use Microsoft Teams in the mode optimized for running on a remote VM. This optimization doesn't install Microsoft Teams and all components. It only sets the configuration that takes effect if you do install Microsoft Teams on the Cloud PC. If this optimization isn't set and Microsoft Teams is installed on this device, Microsoft Teams won’t run in the optimized mode for remote connections.
Suggested test: Retry provisioning.
Not enough IP addresses available
When providing a subnet to the ANC, make sure that there are more than sufficient IP addresses.
Every Cloud PC provisioning process uses one of the IP addresses provided in the range.
If a provisioning fails, it will be retried a total of three times. Each time, a new vNic and IP address will be allocated. These IP addresses will be released in a matter of hours, but this allocation can cause issues if the address space is too narrow.
Suggested test: Check the vNet for available IP addresses, and make sure that there are more than enough IPs available for the retry process to succeed.
Provisioning policy not found
While a provisioning is in progress, someone has deleted the provisioning policy.
Suggested test: Make sure that the provisioning policy is available and assigned to the correct user group.
Request disallowed by policy
Windows 365 uses the customer provided vNet to perform a vNic ingestion from the Cloud PC into the customer’s vNet. Sometimes an enterprise will implement an Azure Policy to restrict certain Azure objects being created. Make sure that there are no Azure policies that may restrict Windows 365 from creating Azure objects on your behalf.
Suggested test: View Policy in the Azure portal and look for any policy events that would stop the Windows 365 service from provisioning the Cloud PC.
Start Menu power icons error
Windows 365 provisioned the Cloud PC but didn’t hide the shutdown and restart icons in the Start Menu. As a result, the user will see the shutdown and restart icons in the Start Menu. If the user ends their Cloud PC connection by selecting the shutdown icon, they may need to restart the Cloud PC from the Cloud PC portal before connecting again.
Suggested test: Retry provisioning or create a device configuration policy to hide the shut down button and to hide the restart button.
Supported Azure regions for Cloud PCs not listed in provisioning user interface
If a specific region isn't listed in the Cloud PC provisioning user interface (UI), but is listed in the Windows 365 requirements documentation, Windows 365 may have expanded in a new region. If your networking infrastructure is in such a region, select New support request to open a support ticket for evaluation.
Time zone redirection error
Windows 365 provisioned the Cloud PC but didn’t configure time zone redirection. As a result, the user won’t see their local time reflected when connected to their Cloud PC. Instead, they'll see the standard UTC time.
Suggested test: Retry provisioning or create a Group Policy Object with the Allow time zone redirection group policy configured. To learn more about the policy, download the Group Policy Settings Reference Spreadsheet.
User not found
While a provisioning is in progress, someone has deleted the associated user.
Suggested test: Make sure that the assigned user account is valid.
Windows reset error
Windows 365 provisioned the Cloud PC but didn’t disable the built-in Windows reset option. As a result, the user can manually trigger the built-in Windows reset option under Settings. The Cloud PC will never successfully complete the reset, which makes the Cloud PC unusable.
Suggested test: Retry provisioning.
Next steps
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for