Windows 365 in Azure Activity logs?

How does the activity log look like for the resource group hosting the Virtual Network you have connected Windows 365 to? Anything out of the ordinary?

As written about here, I have a Windows 365 policy connecting Cloud-PCs to an Azure Virtual Network, and Windows 365 keeps making changes caught by the audit logs in my resource group:

Activity logs in Azure

And one time I refreshed the resource group, and stumbled upon an additional network interface in my resource group. It was named very much the same, and had an IP address from the same subnet, but when I went back and refreshed again, it was gone.

And the customer also noticed these activity logs initiated by Windows 365, so why does Windows 365 keep creating and deleting a network interface in my resource group?

The Windows 365 Cloud-PC is working, and have had no issue using the network connectivity to my virtual network in Azure. I only have my one provisioning policy with virtual network connectivity in Windows 365 (Endpoint Manager) and only one (my) Cloud-PC uses this provisioning policy, so there should be no reason for Windows 365 to deploy and delete additional network interfaces.

This happens several times every day, so I created a support ticket to understand what is going on. Microsoft responded quickly, it is the service called ANC (Azure Network Connection) that performs a list of checks in order to make sure deploying new Cloud-PC is working and the user-experience are optimal. It will show its check-up status on your site for Azure network connections under Intune\Devices\Windows365:

Green light

It kind of makes unnecessary activity logs in your Resource Group, but it is nice to see what is going and be able to question Microsoft in order to understand better. There is enough cloud services doing wonders without customers knowing or need to know how its working.

The health check is documented here: Azure network connection health checks in Windows 365 | Microsoft Learn


Leave a Reply

Ehlo!

I am Roy Apalnes, a Microsoft Cloud Evangelist working av Sopra Steria. Main focus in Microsoft Security and Endpoint Management, with a bigger picture in mind.

Featured Posts