Windows 365 is a very interesting service from Microsoft offering virtualized operating systems hosted on the cloud to its customers. The idea behind it was conceived to tackle hybrid work challenges during the COVID-19 pandemic, and it became immensely popular. Since then, the service has been receiving a steady stream of improvements, with a recent one being Windows 365 Link, a mini PC-like device that allows you to directly access Windows 365. Now, Microsoft is making changes to Windows 365 in order to make it more secure.
In a blog post, Microsoft has highlighted that redirections which facilitate data exfiltration will be disabled by default. These include clipboard, drive, USB, and printer, which makes its configurations more aligned with its Secure Future Initiative (SFI). However, this applies only to newly provisioned and reprovisioned PCs, along with new host pools for Azure Virtual Desktop (AVD).
This change in behavior will begin gradually rolling out in the second half of this year, and Microsoft has assured customers that it does not affect high-level redirections such as a USB-connected webcam, mouse, or a keyboard. IT admins will need to reprovision existing Cloud PCs to activate these defaults after the changes go live. However, if they want to enable redirections for any of the four techniques detailed previously, they will need to do so through the Intune Settings Catalog or Group Policy Object (GPO).
Finally, Microsoft has highlighted that since last month, it has already started enabling virtualization-based security (VBS), Credential Guard, and hypervisor-protected code integrity (HVCI) in newly provisioned and reprovisioned Cloud PCs using a Windows 11 gallery image.
For those unaware, VBS creates a secure memory partition, Credential Guard does what it says on the tin by leveraging VBS, while HVCI only enables verified code to run on the kernel. Microsoft hopes that this will make your Cloud PC experience more secure without too much manual effort.
0 Comments - Add comment