In this blog, let us learn about configuring screen capture protection in Cloud PC or W365. Screen capture protection prevents users from taking screenshots/screen clips of the W365 session from the endpoint client and also it can be used to prevent screen capture inside the W365 session.
To enable screen capture protection in W365, download the AVD GPO templates from https://aka.ms/avdgpo
Either configure the AVD admx GPO using group policy management console or via intune policy. For this blog, I am configuring the admx file using local group policy. The first step is to copy the terminalserver-avd.admx file into c:\windows\policydefinitions folder.
Once copied, open GPEDIT.msc and navigate to Computer Configuration > Administrative Templates > Windows Components > Remote Desktop Services > Remote Desktop Session Host > Azure Virtual Desktop.
Open the “Enable screen capture protection” policy. You will get two options to configure.
- Block Screen capture on client:- This option prevents the screen capture of W365 from the endpoint client.
- Block Screen capture on client and server:- This option prevents the local screen capturing inside the W365 session + the screen capture of W365 session from end client.
Update the GPO and restart the W365 desktop to enforce the screen capture protection policy.
I tried to take a print screen as well as used the snipping tool but I have just got a black screen. So the screen capture protection is working as expected.
You should use redirection policies along with the screen capture protection to ensure that you are configuring a secure environment for your client.
Note:- This solution will not be able to help you to prevent the capturing of screen via a camera or mobile phone.
VDI Tech Blogs 