Deallocate Azure AD Joined Azure Virtual Desktop VMs when a user logs off

When you shut down a VM or log off, the VM isn’t actually deallocated and still costs money.

Bernd wrote a nice guide on how to deallocate a VM when a user logs off, using GPO’s, since combined with Start On Connect the user experience is still pretty decent.

For Intune / Microsoft Endpoint Manager, no solution was known yet. So I base64 encoded Bernd’s solution and wrapped it into a SYSTEM wide scheduled task that is triggered by a security eventlog logoff entry.

Deploy this to your VM’s in Intune (either through a user or a machine group) and it’ll ensure users’ VM’s get deallocated when they log off.

This also works on shared VM’s, as it will only deallocate if it is the last user logging off.

You can download/view set-AVDDeallocateOnLogoff.ps1 here.

Notify of

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Most Voted
Newest Oldest
Inline Feedbacks
View all comments
1 year ago

I am trying to run this script but getting below error on permissions on Windows 11:
Register-ScheduledTask : Access is denied.
(7,235):Subscription:<QueryList><Query Id=”0″ Path=”Security”><Select 
Path=”Security”>*[System[Provider[@Name=’Microsoft-Windows-Security-Auditing’] and EventID=4647]]</Select></Query></QueryList>
At C:\scripts\deallocate.ps1:25 char:9
+ $Null = Register-ScheduledTask -TaskName “LC_AUTODEALLOCATE” -Trigger …
+     ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  + CategoryInfo     : PermissionDenied: (PS_ScheduledTask:Root/Microsoft/…S_ScheduledTask) [Register-ScheduledTask], CimException
  + FullyQualifiedErrorId : HRESULT 0x80070005,Register-ScheduledTask