This guide explains how to register the NinjaOne Agent in Microsoft Entra ID and deploy it to Windows 365 Cloud PCs using Microsoft Graph API workflows and the NinjaOne Partner Connector integration.
Environment
- NinjaOne Endpoint Management
- Microsoft Entra ID
- Microsoft Windows 365 Cloud PCs
- Microsoft Graph API
Description
Windows 365 delivers persistent Cloud PCs hosted in the Microsoft 365 ecosystem, providing a full Windows experience—Windows 10 or Windows 11—accessible from virtually any device. Management and provisioning are primarily executed through the Microsoft Graph API.
Integrating NinjaOne with Windows 365 enables unified visibility, consistent policy application, and standardized remote management across physical and virtual endpoints.
Relevant Microsoft documentation:
- Windows 365 architecture and provisioning
- Cloud PC Graph API reference
- App registration and permissions in Microsoft Entra ID
- Windows 365 Business RMM Integration
Prerequisites
User Account Requirements
The account used to configure and deploy the agent must hold the Global Administrator role in the target Microsoft Entra tenant.
Required App Registration
Create an application in Microsoft Entra ID and assign the following permissions (ensure admin consent):
| API | Permission Name | Type |
| Azure Active Directory Graph | Directory.AccessAsUser.All | Delegated |
| Azure Active Directory Graph | User.Read | Delegated |
| Microsoft Graph | CloudPC.ReadWrite.All | Delegated |
| Microsoft Partner Center | user_impersonation | Delegated |
| Azure Active Directory Graph | Directory.Read.All | Application |
| Microsoft Graph | Directory.Read.All | Application |
| Microsoft Graph | SecurityEvents.Read.All | Application |
Required Environment Variables
Set these variables in your shell session (requires internet access only):
| Variable | Definition |
| NINJAONE_INSTALLER_URL | Tokenized NinjaOne Agent installer URL |
| NINJAONE_INSTALLER_TOKEN | Installer token for the selected package |
| CLOUDPC_TENANT_ID | Microsoft Entra tenant GUID |
| CLOUDPC_CLIENT_ID | App (client) ID from app registration |
| CLOUDPC_CLIENT_SECRET | Client secret from app registration |
Retrieve the Integration Script
In NinjaOne, navigate to:
Administration → Library → Automation → Template Library
Locate and download the script titled:
Ninja – Windows 365 Cloud PC – Partner Connector Tool
This script contains all the logic needed to authenticate with Microsoft Entra ID, register the NinjaOne connector, and prepare for automated deployment.
Configure the Agent and Auto Deployment
Before deploying the NinjaOne Agent to Cloud PCs, you need to create a local agent profile and register the NinjaOne connector in your Microsoft tenant. Here’s what to do:
- Run the downloaded script on your machine. It will:
- Generate the NinjaOne agent profile
- Authenticate using Microsoft identity platform
- Register the connector under your tenant’s virtual endpoint configuration
Once registered, the connector appears in Microsoft Graph under:
https://graph.microsoft.com/beta/deviceManagement/virtualEndpoint/externalPartners
Deploying the NinjaOne Agent to Target Cloud PCs
After configuring the connector, use your shell session and the integration script to deploy the NinjaOne Agent. Follow this workflow:
- List all Cloud PCs
Query the virtualEndpoint/cloudPCs resource to retrieve device IDs for the endpoints you want to target. - Deploy the agent
Send the deployment request for up to 50 Cloud PCs per call. The response will include an activityID for tracking.
This process ensures a scalable, automated deployment across your Windows 365 environment.