In this blog post, we will explore the process of Enabling or Disabling Remote Desktop Access on Windows devices managed by Intune. When you disable Remote Desktop Access, you can prevent users from connecting to that device using Remote Desktop Protocol (RDP).
Ideally, Remote Desktop Protocol (RDP) connections should be allowed on devices. However, in some scenarios, you may want to disable them in accordance with your organization’s security policy.
We will use a setting called Allow users to connect remotely by using Remote Desktop Services available in the Intune Settings catalog. Policy CSP. Let’s check the steps:
Contents
Enable/Disable Remote Desktop Access Intune Policy
- Sign in to the Intune admin center > Devices > Configuration > Create > New Policy.
- Platform: Windows 10 and later.
- Profile type: Settings Catalog.
- Basics Tab: Provide a Name and Description of the policy and click Next.
- Configuration settings: Click on + Add settings and search for Allow users to connect remotely by using Remote Desktop Services.
- Keep this setting in the Disabled state and click on Next. This will disable remote desktop access for target computers.
This policy setting allows you to configure remote access to computers by using Remote Desktop Services. If you enable this policy setting, users who are members of the Remote Desktop Users group on the target computer can connect remotely to the target computer by using Remote Desktop Services.
If you disable this policy setting, users cannot connect remotely to the target computer by using Remote Desktop Services. The target computer will maintain any current connections, but will not accept any new incoming connections.
If you do not configure this policy setting, Remote Desktop Services uses the Remote Desktop setting on the target computer to determine whether the remote connection is allowed.
About Allow users to connect remotely by using Remote Desktop Services setting
- If you want to Enable Remote Desktop Access on the target devices, you can use toggle Switch to Enable this setting.
- Scope tags: Click on Next.
- Assignments: Click Add groups and select an Entra security group containing Windows 10/11 devices.
- Review + create: Review the deployment summary and click Create.
Sync Intune Policies
The device check-in process might not begin immediately. If you’re testing this policy on a test device, you can manually kickstart Intune sync from the device itself or remotely through the Intune admin center.
Alternatively, you can use PowerShell to force the Intune sync on Windows devices. Restarting the device is another way to trigger the Intune device check-in process.
Monitoring Deployment Progress
- Sign in to the Intune admin center > Devices > Configuration.
- Choose the Device Configuration profile you want to work with, and at the top of the page, you’ll see a quick view of the Success, Failure, Conflict, Not Applicable, and In Progress status.
- Click on View report to access more detailed information.
End Users Experience
Once the deployment is completed successfully, Remote desktop connection to the remote computer will be either disabled or enabled based on the deployed configuration setting.
More Information
If you want to read more about enabling Remote Desktop on your PC, please refer to the Microsoft Learn article: Enable Remote Desktop on your PC.
This configuration did not work for me. RDP still got disabled as soon as I joined my my Entra ID tenant. Any suggestion what to look for?