AzureFeeds

As part of the Microsoft Secure Future Initiative (SFI), Azure Virtual Desktop is enhancing its default security by disabling clipboard, drive, USB, and printer redirections for all newly created host pools. This change minimizes the risk of data exfiltration and malware injections, making it easier to have a more secure experience by default. IT admins can enable these redirections as needed using the host pool Remote Desktop Protocol (RDP) properties in the Microsoft Azure portal or by using other methods such as Microsoft Intune or Group Policy.

Timeline for redirection default changes

This change to redirection defaults is coming soon. To help IT admins prepare, a dismissible banner will be displayed in the “Create a host pool”; landing page in the Azure portal. This banner will notify admins of the new default settings for new host pools and provide links to documentation on how to override them by changing the host pool RDP properties once a host pool is created.

Note: For existing host pools, no changes to redirection configuration will be made on your behalf. However, we do recommend you consider hardening settings by disabling redirections that are not needed. To make these changes, please visit the device redirection section in the documentation for RDP properties.

How to override default redirection configuration

IT admins can enable these redirections as needed using the host pool RDP properties in the device redirection dropdown list as shown below.

For more information on how to configure RDP properties, including using other methods such as Microsoft Intune or Group Policy, consult the documentation for each of these redirection settings:

• Clipboard redirection


• Printer redirection


• USB redirection


• Drive redirection

 Note: Azure portal RDP properties supersede Microsoft Intune and Group Policy configurations.

Stay up to date! Bookmark the Azure Virtual Desktop Tech Community.