How to enroll deployed Parallels Desktop Virtual Machines in Intune

0 users found this article helpful

Introduction

Microsoft Intune is a popular tool used by many IT administrators. By leveraging the capabilities of Intune, organizations can enforce security policies, apply software updates, manage applications, and monitor the overall health and performance of their virtual machines (VMs) running on Parallels Desktop. This article describes two possible ways to achieve that goal:

Please also be careful while creating the Sysprep image, as it must only be created from a Windows Enterprise ISO image.

Prerequisites

  1. A Windows host machine to prepare a provisioning profile. 

  1. An active Microsoft Azure subscription with appropriate permissions to enroll new hosts in Azure. 

  1. A Windows Enterprise ISO image. If you're looking for an x86-compatible image, you can download it from https://www.microsoft.com/software-download/windows11. For an Arm-compatible image, please refer to our guide at KB 129607.

Prepare a provisioning profile and deliver it to your end users manually

  1. Install Windows Configuration Designer from Microsoft Store or download it directly from the Microsoft website. 
  2. Once it is installed, launch it and create a new project following the Provision desktop devices template.
  3. Once the project is created, you’ll see the following page:

In this step, you need to choose a name convention. Once done, click Next and switch to the Set up network tab. Then you need to switch off the setup network toggle and click Next, proceeding to the Account Management page. 

The following step is important: Select Enroll in Azure AD and obtain a bulk token.

Here, you need to sign in with your Microsoft Azure credentials. Once you’ve successfully signed in, you’ll see the message confirming the successful receipt of the token.

Click Next. Feel free to skip the remaining steps by clicking Next on each one of them. 

In the final step, double-check your configuration summary and ensure everything is correct.

Click Create and memorize the path to the package file. 

Now, you can begin providing the package to your end users, who will need to launch the package to enroll their virtual machines in Azure.

Embed the provisioning package file in the Sysprep image and deploy it to your end users

First, create a provisioning package as described above and embed it into a Sysprep image as outlined in KB 129529 (steps 1-5). Once done, you can choose how to deploy the Sysprep image to your end users.

Deploy via Configuration Profile

Note: deploying the Sysprep image for enrolling a virtual machine in Intune via configuration profile is supported in Parallels Desktop 19 and newer versions of Parallels Desktop.

This is the recommended and the most straightforward solution. Create a configuration profile in Parallels My Account as outlined here, apply the profile to your license key, and enable provisioning.

When a Parallels Desktop user initiates the process of creating a new virtual machine, Parallels Desktop checks if a configuration profile with the VM image link exists and is applicable to the Parallels Desktop license key used by this Mac computer. If the profile exists, a dialog is shown to the user, inviting them to download and install the corporate virtual machine image. If the user accepts, the virtual machine is downloaded to the user's computer and is registered in Parallels Desktop. As a result, the virtual machine will be installed and enrolled in Intune.

Deploy via Parallels Autodeploy Package

1. Once the Sysprep image is created (steps 1-5 in KB 129529), shut down the virtual machine.

2. Right-click Parallels Desktop icon > Control Center. Right-click the virtual machine name > Clone. The machine will be cloned and registered in the Parallels Desktop Control Center, its name will look like "Copy of <VM name>".

3. Complete the last virtual machine configuration adjustments in the new VM by right-clicking the virtual machine in Control Center > Configure (select a VM profilenetwork mode, set CPU/RAM to Auto, change the VM name, etc).

4. Unregister the virtual machine to clear the VM Source UUID for the virtual machine by executing the command below. It'll be regenerated automatically once the virtual machine is registered on the end user's Mac that will regenerate the SMBIOS ID.

prlctl unregister <vm_UUID> --clean-src-uuid

For example:

5. As a result, your virtual machine will be unregistered from the Control Center. Locate your virtual machine and start preparing the Parallels Autodeploy Package. Learn more about how to prepare the Parallels Autodeploy Package in the Administrators Guide.

Note: Parallels Autodeploy Package tool provides an option to change the vm_reset_hwid parameter affecting the way Microsoft Azure detects and accounts for machines. This article also describes how to change this parameter. Please note that changing the vm_reset_hwid parameter will trigger Windows reactivation. Take extra care and change the parameter only when you need to get Virtual machines enrolled in InTune. 

6. Prior to mass deployment, you will need to make certain changes to the deploy.cfg file:

You need to comment the following string: 

vm_reset_hwid="no" 

And uncomment the following string: 

#vm_reset_hwid="yes" 

The resulting code should look like this:

Please be aware that changing this parameter may cause issues with preinstalled software licenses on deployed VMs. However, unless you change the parameter as described above, you cannot enroll more than one VM in InTune, as Azure infrastructure detects all machines with the same hardware ID as one and the same machine.

7. Deploy the virtual machine. Learn more in the Administrators Guide.

Was this article helpful?

Tell us how we can improve it.