Learn Cloud PC In-Place Upgrade to Windows 11. You will need to go through all the processes similar to physical PCs for Cloud PCs as well. Windows 11 doesn’t have any special consideration for Cloud PCs. All the Cloud Pcs must meet the minimum system requirements to get upgraded to Windows 11.
I have explained Cloud PC monthly patching options using MEM Intune in the previous post. In that post, we were using Feature update federal policy. The feature update deferral days option is only applicable to version upgrades of the same products. It’s not suitable for Windows 11 upgrades.
The feature update deferral policy is part of the update ring policy, used MAINLY for monthly patching using Intune. You will need to use the Intune feature update policy to upgrade from one product to another, which means upgrading Windows 10 to Windows 11.
- Create Cloud PC Azure AD Dynamic Device Group
- Fix Cloud PC Provisioning Policy Delete Button is Grayed Out Issue
- Learn How to Resize Cloud PC Windows 365
Prerequisites for Cloud PC In-Place Upgrade to Windows 11
Prerequisites for Cloud PC Windows 11 In-Place Upgrade are not different from AVD or physical PC requirements. There are specific hardware requirements to upgrade Windows 10 Cloud PCs to Windows 11. I have a detailed post where all the Windows 11 minimum System Requirements are explained.
- Cloud PCs must be provisioned after 29th Sept 2021.
- After 29th Sept 2021, all the Cloud PCs are provisioned with Windows 11 system requirements.
There are other prerequisites related to Windows 11 feature update and WUfB feature update offerings. For example, PCs should be sending the Telemetry data and Microsoft Account Sign-in Assistant (wlidsvc) should be configured correctly. More details available – Upgrade To Windows 11 Using Intune Feature Update Deployment Policy.
For the Cloud PCs deployed before 29th Sept 2021, there are two options. The following options are not very straightforward because the user’s Cloud PC device will get reprovisioned (in both scenarios). That means all that apps, policies, etc., will get installed on a newly provisioned Cloud PC.
You can Reprovision the cloud PCs that you want to test the Windows 11 upgrade. You need to reprovision the Cloud PC and deploy the Windows 11 upgrade policy (explained below) to the newly provisioned Cloud PC.
The second option is to Edit the Cloud PC Provisioning Policy and Change Windows Image settings from Windows 10 to Windows 11. This will trigger reprovisioning for all Cloud PCs provisioned through that policy. Once the reprovisioning is completed, all the Cloud PCs will be running with Windows 11 operating system.
Create Cloud PC In-Place Upgrade to Windows 11 Policy Using Intune MEM
Let’s go through the step-by-step details of the Cloud PC Windows 11 upgrade policy using Intune. The Windows 11 upgrade process is handled by Windows Update for Business (WUfB), the policy analysis and content download, etc., are handled by Microsoft Update service.
Microsoft Endpoint Manager (MEM) Intune is just a policy facilitator or the server-side engine that helps admins to configure WUfB policies on the client-side. Once the policy is delivered and configured by Intune server-side and client-side, it’s all managed by the Microsoft Update service.
- Login to MEM Admin Center endpoint.microsoft.com
- Navigate to Devices – Feature updates for Windows 10 and later (Preview)
- Click on +Create Profile button to create Windows 11 upgrade policy for eligible Cloud PCs
You can now enter the Name of the Policy and Description for the policy. And from the Feature deployment settings – Feature Update to deploy select Windows 11 from the drop-down list. Now, it’s time to select the Cloud PC device groups to deploy Windows 11 product upgrade policy.
It’s time to assign a Windows 11 upgrade policy to a group of Windows 10 devices. To perform an in-place upgrade of Cloud PCs to Windows 11, you will need to use the Cloud PCs Azure AD, dynamic device group you already created for other Cloud PC applications, and policy deployments.
After selecting the Azure AD device group, you can click on the Next and Save button to complete the Windows 11 upgrade policy.
Disable Enrollment Status Page for Cloud PCs?
I have seen some of the organizations prefer to have an Enrollment Status Page for Cloud PCs. This is to provide enhance security until all the user-based security policies are applied on Cloud PCs. However, the Azure AD PTR token refresh bug with Windows 10 is not easy to complete the ESP.
Event ID 455 -> MDM ConfigurationManager: Caller did not specify user to impersonate to. Targetted user sid: (S-1-5-21-2901188661-148-348095268-1124) Result: (An attempt was made to reference a token that does not exist.).
I recommend disabling the Enrollment Status Page for Cloud PCs until the Azure AD PTR refresh bug is fixed. You can refer to the following blog post to get more details about disabling ESP – Disable Intune ESP FirstSync Registry Entries Event Logs.
Unfortunately, I got the following screen during ESP when I tried to log in to a reprovisioned Cloud PC. I have not seen the following message on Intune Enrollment Status Page before.
- Reboot Needed to Continue.
About Author -> Anoop is Microsoft’s Most Valuable Professional Award winner from 2015 on the technologies! He is a Solution Architect on enterprise device management solutions with more than 20 years of experience (calculation done in 2021) in IT. He is Blogger, Speaker, and Local User Group Community leader. His main focus is on Device Management technologies like Configuration Manager, Windows 365 Cloud PC, Intune, Azure Virtual Desktop, Windows 10, and Windows 11.