End users can be empowered with a self-service option to recover their Cloud PCs from the latest backup snapshot that was taken prior to the faulty Crowdstrike sensor update. This is possible thanks to the automatic backups included in Windows 365 as a standard feature of this SaaS service.
To determine which Cloud PCs are still impacted and need to be restored, administrators who are managing Cloud PCs with Intune can see a list of impacted devices from the Intune admin center. To view this report, go to the Intune Portal -> Devices -> Overview -> Cloud PC Performance -> Devices with connection issues. Devices listed as “ErrorResourceUnavailable” or “ErrorResourceUnavailable_CustomerInitiatedActions” could be affected by this issue.
Now there is a script to automate the restoration process in bulk for devices that are still impacted. The script leverages Graph API and includes the following steps:
- Downloads the “Devices with connection issues” report via from Graph API and filters on devices with the status “ErrorResourceUnavailable” or “ErrorResourceUnavailable_CustomerInitiatedActions”
- Retrieves the latest snapshot for each device that was created before 19th July 2024 at 04:00 UTC. The faulty Crowdstrike sensor update was released on 19th July at 04:09 UTC according to Crowdstrike.
- Restores the impacted Cloud PCs to the specified restore point.
- Outputs a CSV report.
The script is available on GitHub here.
The script has successfully been used to restore over 600 Cloud PCs in an Enterprise environment.
This solution can also be kept for future events including cyber attacks where a bulk restoration of Cloud PCs is required.
Please refer to the pre-requisites and disclaimer in the script notes.