Last time I was asked if there is possiblity to make a full copy of disk for Windows 365 device.
On physical device – you have physical access to the device, on the device on the cloud? Not, so how to make 1:1 copy and investigate it when there are some situation which are require digital forensics ?
And here we have feature named “Place a CloudPC under review”. When we will use that feature, there will be a possiblity to download a .vhdx file which is contain 1:1 copy of disk for Windows 365 machine.
This disk can be after attachted to our device which are is of course, not connected to our corporate network.
So, to use that feature are couple of requirements which should be filled first.
Storage account
First, you need to create a storage account with required settings:
- Performance: Premium
- Premium account type: Page blobs
- Security: Minimum TLS version: Version 1.2
- Networking: Network access: Enable public access from all networks
Like on below screen:
On the next steps, I will be not selecting versioning – because it’s temporary storage for doing dumps of vhdx of my machines.
Permission for Windows 365 principal for Storage account
On this step you need to add role named Storage Account Contributor to our storage acount. Go to newly created storage account > IAM > select proper role and click next
This role should be assigned to the “Windows 365” service principal.
Save changes.
Intune feature
To use that feature, go to any of CloudPC and select more options > Place Cloud PC under review:
Next, you should select Subscription and Storage account and… option to decide if user should have access to the machine during review.
If you select allow – end-user will be able to use machine, if block access – end user will got a information that machine is now not accessible and should contact with administrator, like on below screen:
Review of file
File will be visible on your storage account, like on this screen:
This file can be downloaded and analyzed.
Review completed?
Now you can remove from review from end-user machine.
If is needed – re-provision machine or allow user to work on snaphshot from time when review was initialized.
And.. It’s everything. Now you know how to do a copy of disk for CloudPC machine.
Anyway, Microsoft it is now focused to improve usage of Windows 365 machines – you can also check one of the previous feature named Boot To Cloud which I described on that post – Windows 365 Boot To Cloud! – Piesik.me
If you have any question, drop me an email or use the comment system below.
