This, unfortunately, was the error that keep greeting me whenever I tried to set up a Windows 365 Business Cloud PC:
Setup failed, please reset your cloud PC
I repeated the reset process over and over but still no luck. I then came across the following article from Microsoft:
which helped me greatly and I recommend you follow through that article and suggestions it makes. I therefore thought I’d share my process in troubleshooting this issue, because there are some things the article doesn’t specifically call out that I’ll mention to help you.
The first learning was that the Windows Business Cloud PC creating process creates a new account called
the user principal name for this appears like:
so, you need to ensure this exists in your active Directory.
The next learning from that article was:
Make sure there are no MFA conditional access policies for that first user. MFA must remain turned off during any setup attempts. After all Cloud PCs are successfully set up across your organization, you may turn on MFA for this user.
In essence, during the very first set up of your Windows Business Cloud PC environment you’ll need to do this using an account that doesn’t have MFA enabled. After that, accounts can have MFA enable, but it’s important that the very first account you use with Windows Business Cloud PC doesn’t have MFA enabled.
Remember, there are various ways to enforce MFA inside a tenant, directly, via Security Defaults and also using Conditional Access. Check that your initial user has all these options disabled. I’d suggest it is also a good idea to ensure the account CloudPCBPRT does not have any MFA enforcement either.
Now, the thing that I found the Microsoft article didn’t cover off was:
1. Checking that any Conditional Access policies are not blocking the join process. In my case, I have policies that prevent users adding devices via Conditional Access unless they are joining compliant devices. Ensure that these policies are not being applied to that initial user during set up. Again, double check that CloudPCBPRT is also excluded from such policies.
2. It turns out that even though I have an Australian Microsoft 365 subscription, the virtual machines where provisions for Windows Business Cloud PC from the Microsoft datacenters in Singapore. Thus, I needed to further adjust my Conditional Access policies to allow logins from this region as I generally restrict all logins to tenant to be from Australia only. As before, ensure CloudPCBPRT, can login to your tenant from the region where the VMs are provisioned.
Once I had made all those changes I could create the initial Windows Business Cloud PC and then go on and create another Windows Cloud PC for my ‘normal’ production account. And as you can see, I’m now one of the cool kids:
In summary then, your troubleshooting for Windows Business Cloud PC should start with the Microsoft article and if you are still having issues, check and adjust your Conditional Access policies to allow that first account to get set up. I’d also make sure that the account CloudPCBPRT is generally excluded from things like MFA and strict Conditional Access policies. Once I’d done all that I could do everything I needed.