Introduction 

Enrolling Parallels virtual machines in Microsoft Intune enables managing and securing your virtual machine (VM) environment. This article describes two possible ways to achieve that goal:

• Prepare a provisioning package file and deliver it to end users, or 

• Embed the provisioning package file in the Sysprep image, then provide the Sysprep image to end users. To learn how to prepare a Sysprep image, please follow this link. 

Please also be careful while creating the Sysprep image, as it must only be created from a Windows Enterprise ISO image.

Prerequisites 

1. A Windows host machine to prepare a provisioning profile. 

2. An active Microsoft Azure subscription with appropriate permissions to enroll new hosts in Azure. 

3. A Windows ISO Enterprise image. You can download it from https://www.microsoft.com/software-download/windows11 

Important note 

At the moment, you can only perform mass deployment of VMs with subsequent InTune enrollment using Parallels Autodeploy Package. This is because Parallels Autodeploy Package tool provides an option to change the vm_reset_hwid parameter affecting the way Microsoft Azure detects and accounts for machines. This article also describes how to change this parameter. Please note that changing the vm_reset_hwid parameter will trigger Windows reactivation. Take extra care and change the parameter only when you need to get Virtual machines enrolled in InTune. 

Prior to mass deployment, you will need to make certain changes to the deploy.cfg file:

• Open the Autodeploy Package by right-clicking on it and selecting “Show Package Contents”.

• Navigate to the License Key and Configuration folder and open the deploy.cfg configuration file using any text editor. 

• Once the file is opened, locate the following variable:

You need to uncomment the following string: 

#vm_reset_hwid="yes" 

and comment the following string: 

vm_reset_hwid="no" 

The resulting code should look like this:

Please be aware that changing this parameter may cause issues with preinstalled software licenses on deployed VMs. However, unless you change the parameter as described above, you cannot enroll more than one VM in InTune, as Azure infrastructure detects all machines with the same hardware ID as one and the same machine.

Step-by-step instruction 

1. Install Windows Configuration Designer from Microsoft Store or download it directly from the Microsoft website. 
2. Once it is installed, launch it and create a new project following the “Provision desktop devices” template.
3. Once the project is created, you’ll see the following page:

In this step, you need to choose a name convention. Once done, click “Next” and switch to the “Set up network” tab. There, you need to switch off the setup network toggle and click “Next”, proceeding to the “Account Management” page. 

The following step is important: You need to select “Enroll in Azure AD” and obtain a bulk token.

Here, you need to sign in with your Microsoft Azure credentials. Once you’ve successfully signed in, you’ll see the message confirming the successful receipt of the token.

Click “Next”. Feel free to skip the remaining steps by clicking “Next” on each one of them. 

In the final step, you need to double-check your configuration summary and ensure everything is correct.

Click “Create” and memorize the path to the package file. 

Now you can begin providing the package to your end users, who will need to launch the package to enroll their virtual machines in Azure.