In this blog, we are going to learn about how to enforce device redirection policies on W365 devices via Intune. Device redirection policies include clipboard redirection, COM port, printer, USB etc.
In the AVD world, device redirections can be achieved via the RDP properties under the Host Pool Settings. However as W365 control pane is fully managed by Microsoft, we need to apply the policies either via GPO or via Intune. So Let’s begin.
Create an AD Group
The first step is to create an AD group for Windows365 devices where we can assign the Intune policy.
In the Azure AD page, I navigate to Groups and Click on “New Group”.
In the New Group creation wizard, select the Group type as “Security”, provide a name and description for your group and select the Membership type as “Dynamic Device”.
Click on “add dynamic query” under Dynamic device members.
In the dynamic membership rules page, configure the rule as below.
Click Save and Create to create the dynamic group.
Create Configuration Profile in Intune
Navigate to Intune portal via https://endpoint.microsoft.com. Click on Windows.
Under the windows policies, select configuration profiles. Click on “Create Profile”
Select the platform as “windows10 or later” and Profile Type as “settings catalog” and Click Create.
In the Create Profile wizard, Under Basics tab, Provide the name and description of the profile and Click Next.
In the configuration settings tab, click on “+add settings” .
In the settings picker, select the redirection settings located under “Administrative templates\Windows components\Remote desktop services\Remote desktop session host\Device and Resource redirection”.
From the sub category, select the required settings as per your compliance requirement. For example, if you need to only prevent copy paste from your W365 device, then select “do not allow clipboard redirection”. Close the settings picker by clicking on the “X” mark.
Toggle the settings to “Enabled” to enable the required policy. Click Next.
Define the scope tags if required, else click next
In the assignments tab, under included groups select “Add group” and add the W365_devices” group we created in the earlier section.
Click on Create to create the profile.
Once created, search for the W365 redirection profile we created and verify if the policy is successfully applied to the W365 devices.
Verify the Clipboard redirection functionality
Login to the W365 desktop and open a notepad. Type some text and copy the text . Navigate to the local desktop and verify whether you are able to copy paste between Cloud PC and local workstation.
Image from W365 PC
The below image from local workstation where the paste option is disabled as the clipboard content is not copied from the Cloud PC.
Hope this blog is informative for you. Please do let me know your comments and feedback.