When you shut down a VM or log off, the VM isn’t actually deallocated and still costs money.
Bernd wrote a nice guide on how to deallocate a VM when a user logs off, using GPO’s, since combined with Start On Connect the user experience is still pretty decent.
For Intune / Microsoft Endpoint Manager, no solution was known yet. So I base64 encoded Bernd’s solution and wrapped it into a SYSTEM wide scheduled task that is triggered by a security eventlog logoff entry.
Deploy this to your VM’s in Intune (either through a user or a machine group) and it’ll ensure users’ VM’s get deallocated when they log off.
This also works on shared VM’s, as it will only deallocate if it is the last user logging off.
You can download/view set-AVDDeallocateOnLogoff.ps1 here.
I am trying to run this script but getting below error on permissions on Windows 11:
Register-ScheduledTask : Access is denied.
(7,235):Subscription:<QueryList><Query Id=”0″ Path=”Security”><Select
Path=”Security”>*[System[Provider[@Name=’Microsoft-Windows-Security-Auditing’] and EventID=4647]]</Select></Query></QueryList>
At C:\scripts\deallocate.ps1:25 char:9
+ $Null = Register-ScheduledTask -TaskName “LC_AUTODEALLOCATE” -Trigger …
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : PermissionDenied: (PS_ScheduledTask:Root/Microsoft/…S_ScheduledTask) [Register-ScheduledTask], CimException
+ FullyQualifiedErrorId : HRESULT 0x80070005,Register-ScheduledTask
[…] https://www.lieben.nu/liebensraum/2022/08/deallocate-azure-ad-joined-azure-virtual-desktop-vms-when-… […]