Today I will cover how to deploy the eG VM Agent via Microsoft Endpoint Manager’s Intune so that you can monitor your Windows 365 Cloud PC desktops.
What is Microsoft Endpoint Manager (MEM)?
MEM is an integrated suite of tools for managing devices, applications, and security across an organization. It serves as an umbrella brand that includes multiple management solutions.
Components: It combines several management solutions under one platform:
- Microsoft Intune: A cloud-based service focused on Mobile Device Management (MDM) and Mobile Application Management (MAM).
- Configuration Manager (SCCM): An on-premises management solution for managing desktops, servers, and devices.
- Co-management: A hybrid approach allowing organizations to manage devices with both Configuration Manager and Intune simultaneously.
- Other Tools: Includes Endpoint Analytics, Autopilot, and Desktop Analytics for monitoring, deploying, and managing devices.
MEM aims to unify both cloud and on-premises management tools under one console, offering flexibility and efficiency in managing the entire lifecycle of devices across an organization.
More details are covered in: What is Microsoft Endpoint Manager (MEM)? (techtarget.com)
If you use the Microsoft Intune admin center to manage your Windows 365 Cloud PCs, you can get some basic insights such as:
- see how your Windows 365 Cloud PCs are doing
- see the provisioning status of Cloud PCs
- get a summary of the Azure network connection health in your organization
- track license usage of Windows 365 Cloud PCs
Many of our customers opt for enhanced enterprise-grade monitoring and diagnostics. To get maximum insights into your Cloud PC environments we recommend using the eG VM Agent for Windows 365 Cloud PCs. The eG VM Agent for Windows 365 Cloud PCs:
- is a light-weight agent to monitor PC performance and user experience.
- should be run on all Cloud PCs to get a holistic picture of the cloud workspace.
- can be deployed manually, but this is time consuming and could lead to errors.
- can be deployed automatically by integrating eG VM agent deployment with. Microsoft Intune – this saves time, enhances efficiency and ensures compliance with monitoring needs.
Now I will walk you through setting up eG Enterprise to monitor Windows 365 Cloud PCs. First, navigate to the “Admin” tab in the eG Enterprise console.
Step 1: Add a new component to monitor your Windows 365 Cloud PCs within the eG Manager
Make sure you are on the Discover/Monitor tab (the top icon of a magnifying glass on a square on the left-hand vertical tab menu.
Select “Cloud Desktops”.
Now select, “Windows 365 Cloud PCs” from the VDI/DaaS options available.
You will be taken to a screen where you will enter a “Nick Name” for the Cloud PC group. You will also be asked to select a “Monitoring approach”. A remote agent is necessary for monitoring Windows 365 Cloud PCs. The remote agent must listen on a port for VM agents to communicate with it. This TCP port is configurable.
Click the “Update button”.
Step 2: Download the eG VM Agent command line installer
You will now be able to download the eG VM Agent. Note that the VM agent you will download this way is specific to the Windows 365 Cloud PC group that you just created.
To download the agent – use the download icon on the right-hand side of the screen associated with the “Nick Name” that you chose.
You will now be presented with the screen shown below.
There are three fields you need to set:
- “VM Agent Communication Target”: The VM agent can bootstrap from a remote agent or the eG manager. If the VM agent cannot reach the eG manager, you must choose the Remote Agent here.
- “Installation Method”: Choose “Command Line (One-liner) which will give you a one-liner command line in the pale blue box that is compatible with Microsoft Intune.
- “Environment”: Choose the OS of the Windows 365 PCs you intend to monitor.
Having set these three fields, the pale blue box will be populated with the one-line command you will need to supply to Microsoft Intune. Use the “Copy” button and paste this into Notepad or a similar editor for later use.
Step 3: Create a command line PowerShell installation script (.ps1 format)
To convert the one-line installer to a PowerShell script use the Windows PowerShell ISE application.
Step 4: Create a device group in the Entra ID (was Azure Active Directory) tenant as a security group type and add your Cloud PCs
This will allow you to manage and push the eG VM agent out to all the Windows 365 Cloud PCs that you choose to add to that group
You will need to utilize Microsoft Entra ID for device group creation. Login in to your administrator account for Groups in the Microsoft Entra admin center, via: https://entra.microsoft.com/#view/Microsoft_AAD_IAM/GroupsManagementMenuBlade/~/AllGroups/menuId/AllGroups.
Now create a “New group” by selecting the button shown below.
Create a security group, with an appropriate group name, here we used “W365_devicegroup”:
Now use the “Add members” blade to add the subset of Cloud PCs you wish to monitor as a group.
Here – we added a single desktop, but you might want to take note of how many you have selected for when you verify deployment later.
Step 5: Assign the eG VM Agent PowerShell Script to the Device Group
This involves deploying the command line PowerShell installation script to the created device group using the Microsoft Endpoint Manager (MEM) console via the Microsoft Intune Admin Center.
Login into the Intune Admin Center and navigate to “Home” -> “Devices” -> ”Scripts and remediations”, you can navigate directly via: https://intune.microsoft.com/#view/Microsoft_Intune_DeviceSettings/DevicesMenu/~/scripts.
Select the “Platform scripts” tab as shown below. Then choose “Windows 10 and later” from the dropdown on the “Add” button as shown.
Then select the .ps1 file you created in Step 3 (above). In this example, we named it “eGVMagentInstaller”
Once you have uploaded the script, you will need to set some controls on how the script is run. Set the settings as follows:
- Select “No” to the question “Run this script using the logged on credentials” – this will ensure that the script is run/executed using the privileged access of the SYSTEM account.
- Choose “No” to “Enforce script signature check”. Unless you have taken additional steps to sign the script and create a certificate.
- Ensure “Yes” is selected to “Run script in 64 bit PowerShell Host”.
Verify your choices and move on to the ”Assignments” step. Choose the target Windows 365 cloud PC Security group (created above) for script assignment.
Now click “Next” where you can review the group. You will probably want to check that the group has been assigned and that it contains the correct number of devices.
After this, you can wait for the configured sync interval to occur and the eG VM Agent will be rolled out. If however, you want to deploy the agent immediately you can manually push the process via a “SYNC action” as detailed in the next step.
Step 6: Initiate installation of the eG VM Agent using a push notification (SYNC action) from the MEM Intune console
The Sync device action forces the selected device to immediately check in with Intune. When a device checks in, it immediately receives any pending actions or policies assigned to it. This feature can help you immediately validate and troubleshoot policies you’re assigned to, without waiting for the next scheduled check-in.
Navigate to the Windows devices “Bulk action”, a direct link to the blade is here: https://intune.microsoft.com/#view/Microsoft_Intune_Devices/BulkActionWizardBlade.
Now choose the “Device action” type as “Sync”. Then click “Next. (Note: this screenshot shows me using a signed script as I followed our internal processes for using signed scripts – this will vary within organizations, so I have omitted those steps).
Now set:
- The “OS” field to “Windows”
- The “Device type” field to “Cloud PCs”
- The “Device action” to “Sync”
As shown below:
Click “Next”. Now verify your choices and that the correct devices have been selected and click “Create”
Step 7: Verify the eG VM Agent has been installed
When you login to a Windows 365 Cloud PC, you can verify that the eG VM Agent has been installed via the Control Panel.
You can also verify that the process associated with the eG VM agent service is running.
Step 8: Verify that the eG VM Agent is communicating with the eG Enterprise console
Now when you visit the “Monitor” tab of the eG Enterprise console and examine your Cloud PCs you will have access to real-time metrics.
Benefits of using the eG VM Agent/Microsoft Intune integration
We think this is a great way to deploy the eG VM Agent to Windows 365 Cloud PCs, offering benefits such as:
- Efficiency: Deploying the eG VM agent automatically through Microsoft Intune saves time and resources.
- Cloud Integration: Deploy the VM Agent to Windows 365 Cloud PCs for streamlined management.
- Execution Tracking: Verify VM agent deployment status through Intune Admin Center for insights.
- Compliance Assurance: Ensure all Windows 365 Cloud PCs run the monitoring agent.
To learn more about how you can now use eG Enterprise to monitor your Cloud PCs, see: Monitoring Windows 365 Cloud | eG Innovations.
eG Enterprise is an Observability solution for Modern IT. Monitor digital workspaces,
web applications, SaaS services, cloud and containers from a single pane of glass.
RajKumar started his career as a System Administrator on IT computers & networks spanning multiple technologies, with a particular focus on business specific IT design principles & solutions. Now at eG Innovations, he works as Solution Architect specialising in Microsoft technologies with a focus on Microsoft 365 Services, Identity & Access Management, Azure Service Data Engineering and Threat Analytics Monitoring. 
