Share via

Use Cloud PC pool for computer use runs (preview)

[This article is prerelease documentation and is subject to change.]

Cloud PC pools, powered by Windows 365 for Agents, provide scalable, secure compute resources for computer-using agents without needing to bring your own machines. This article explains what Cloud PC pools are, how to set them up, licensing requirements, and answers to common questions.

Important

This article contains Microsoft Copilot Studio preview documentation and is subject to change.

Preview features aren't meant for production use and may have restricted functionality. These features are available before an official release so that you can get early access and provide feedback.

If you're building a production-ready agent, see Microsoft Copilot Studio Overview.

Cloud PC pools

A Cloud PC pool is a scalable group of virtual machines (VMs) hosted in Microsoft’s cloud that are Microsoft Entra joined and Intune enrolled. This setup enables your organization to fully manage the Cloud PC pool to ensure it meets your requirements and compliance policy.

Here are some of the key features of Cloud PC pool:

  • Run the computer use tool as part of your agent in Copilot Studio without needing to bring your own machine.

  • Auto scale the number of Cloud PCs in your Cloud PC pool based on current workloads.

  • Work or school account integration enables access to resources that are linked to your organization, such as Microsoft 365, SharePoint, and Azure.

  • Microsoft Entra joined and Intune enrolled enables full governance of the Cloud PC pool, ensuring that it's always in compliance with your organization's policy.

Licensing requirements

Cloud PC pool is charged based on a consumptive pay-as-you-go meter that bills your Azure subscription by using Azure meters. Refer to Set up a pay-as-you-go plan to configure billing for your Power Platform environment.

Trials for evaluation

To evaluate the Cloud PC pool, you can create up to two Cloud PC pools in a tenant without requiring a Windows 365 for Agents billing plan in your Power Platform environment.

Cloud PC pool usage isn't billable when triggered from embedded test chat, and each tenant is provided with 50 hours of free Cloud PC pool usage for published agent running autonomously.

Prerequisites

This section presents all the prerequisites to create and use Cloud PC pools.

Microsoft Entra and Intune requirements

  • A valid and working Intune and Microsoft Entra tenant.

  • Ensure that Intune device type enrollment restrictions are set to Allow Windows (MDM) platform for corporate enrollment.

For more information about the Microsoft Entra and Intune requirements, see Windows 365 requirements.

Cloud PC pools run by creating a local remote desktop (RDP) session on the Cloud PC using a Microsoft Entra ID account. An admin must configure your tenant to allow Windows sign-in for Copilot Studio by following the steps in the following section.

Note

If enabling Microsoft Entra authentication for RDP isn't feasible, you can choose to disable Network Level Authentication (NLA) for Cloud PCs by using Intune policies. This approach is supported but isn't the preferred configuration. In this architecture, the security risk remains low since all RDP traffic is blocked on the Microsoft Hosted Network (MHN).

  1. Enable Microsoft Entra authentication for RDP

    Execute the steps from Enable Microsoft Entra authentication for RDP only for the Microsoft Remote Desktop Application AppID: a4a365df-50f1-4397-bc59-1a1564b8bb9c.

  2. Hide the consent prompt dialog for a target device group

    Execute the steps from Hide the consent prompt dialog only for the Microsoft Remote Desktop Application AppID: a4a365df-50f1-4397-bc59-1a1564b8bb9c.

    The computer use run fails with an MSEntraRemoteDesktopAppConsentRequired error if consent isn't granted.

Windows 365 Cloud PC and Azure Virtual Desktop service principal

Note

The Windows 365 and Azure Virtual Desktop service principals are automatically created in your tenant. You can skip this step, unless you face an error with service principals not created in your tenant when you provision the hosted machine.

  1. Check if the Windows 365 service principal exists:

    1. Sign in to the Azure portal.

    2. Go to Microsoft Entra > Enterprise applications > All applications.

    3. Remove the filter Application type == Enterprise Applications.

    4. Enter the Windows 365 application ID 0af06dc6-e4b5-4f28-818e-e78e62d137a5 in the filter Application ID starts with.

      If the service principal exists in your Microsoft Entra, you don't need to perform any extra steps. If the application isn't listed, create the service principal.

  2. Create the Windows 365 service principal.

    You can create an Azure service principal with the az ad sp create command from the Azure Command-Line Interface (CLI).

    az ad sp create --id 0af06dc6-e4b5-4f28-818e-e78e62d137a5

  3. Create other service principals related to Azure Virtual Desktop.

    To create a hosted machine, you must create the following Azure Virtual Desktop services in your tenant.

    Application name Application ID
    Azure Virtual Desktop 9cdead84-a844-4324-93f2-b2e6bb768d07
    Azure Virtual Desktop Client a85cf173-4192-42f8-81fa-777a763e6e2c
    Azure Virtual Desktop ARM Provider 50e95039-b200-4007-bc97-8d5790743a63

    Follow the same instruction as for creating the Windows 365 application to check and create the service principals.

Create a Cloud PC pool

If you're new to Copilot Studio, review the following guidance to get started:

  1. Get access to Copilot Studio

  2. Create and deploy an agent

  3. Add computer use to your agent

To create a Cloud PC pool for computer use in Copilot Studio:

  1. Go to the Machines section in your computer use tool.

  2. Select the machine drop-down. Under the Cloud PC pool section, select Add new.

  3. Enter the Name and Description of your Cloud PC pool.

  4. Configure if you want to enable run-only access for all users in this environment.

  5. Select Create.

Provisioning of Cloud PC pool can take up to 30 minutes to complete. You can select the Refresh button in the Machines section to check on the status of your Cloud PC pool provisioning.

Note

As single sign-on (SSO) is enabled based on Windows sign-in, review the best practices for securing machines and configure access control when you add computer use to your agent.

Manage Cloud PC pools

You can view and manage your Cloud PC pools in the Power Automate portal by using one of the following methods:

  1. Select See machine details when you select a Cloud PC pool in the Machines section of a computer use tool.

  2. Sign in to the Power Automate portal. Then go to Monitor > Machines > Machine groups.

After you create your Cloud PC pool in an environment, you can view its details in the Power Automate portal.

Share a Cloud PC pool

You can share a Cloud PC pool with other users in your organization and give those users specific permissions to access it. When you're on the Cloud PC pool details page in the Power Automate portal, follow these steps:

  1. Select Manage access.

  2. Select Add people and enter the name of the person in your organization with whom you want to share the machine.

  3. Select the name of the person to choose which permissions they can access the machine with.

  4. Select Save.

When managing access to your machine, you can assign two levels of permissions:

  • Co-owner: This access level gives full permissions to that machine. Co-owners can run computer use on the machine, share it with others, edit its details, and delete it.

  • User: This access level only gives permission to run computer use on the machine. No edit, share, or delete permissions are possible with this access.

Delete a machine

You can delete a Cloud PC by selecting Delete machine on the Cloud PC pool details page in the Power Automate portal.

Monitor run queue

You can view the run queue and queue events by selecting the Run queue and Queue events tabs on the Cloud PC pool details page in the Power Automate portal. This feature enables you to view all computer use sessions that are queued on the target Cloud PC pool.

Administrative controls

Administrators can control the availability of the Cloud PC pool feature. To enable or disable the Cloud PC pool in an environment:

  1. Go to the Power Platform admin center.

  2. In the navigation pane, select Copilot, then select Settings.

  3. Select Computer Use. A list of environment groups and environments appears.

  4. Select the environments to update, then select Add.

  5. Check or uncheck Cloud PC, then select Save.

Limitations and known issues

The following limitations and known issues affect Cloud PC pools:

  • Only a Microsoft Entra user account can execute computer use. Additionally, the signed-in Microsoft Entra user must be the same account that owns the computer use connection.

  • When you attempt to create a Cloud PC pool, you might encounter the following error: "The creation of RPA Box on (us) is disabled outside the tenant location." To resolve this issue, enable cross-geo support for hosted machines in the Power Platform admin center:

    1. Open the Power Platform admin center.

    2. Select Manage > Environments, and select the environment.

    3. Select Settings > Features.

    4. Under Hosted RPA, select the toggle for Enable cross-geo support for hosted machines to enable this feature.

Frequently asked questions (FAQ)

What OS and network connectivity does the Cloud PC pool use?
Cloud PC pools run on Windows 11 Enterprise 24H2 with Microsoft Edge operating system and use the Microsoft Hosted Network.

Where is the Cloud PC pool located?
Cloud PC pools are hosted in the same geography as your Power Platform environment.

What is the maximum number of VMs in a Cloud PC pool?
You can create up to five Cloud PC pools in an environment, and each Cloud PC pool can automatically scale up to 10 Cloud PCs. We plan to periodically review and update these limits based on usage trends.

Can I use Cloud PC pool for non-computer use runs?
No. Cloud PC pool is only for the computer use tool in a Copilot Studio agent.

How do I know if my trial is finished and how do I view consumptive reports for Cloud PC pool?
You can download the usage consumption report in the Power Platform admin center by following the instructions for view usage and billing for pay-as-you-go plan.

Is a Windows license required?
No. Cloud PC pool doesn't require a separate Windows license.

Is a Microsoft 365 Unattended license required?
No. Cloud PC pool usage for the computer use tool in a Copilot doesn't require a Microsoft 365 Unattended license.

Do I need Power Automate licenses? No. Cloud PC pool usage for the computer use tool in a Copilot doesn't require a Power Automate license.

  • Last updated on