Local Drive redirection and peripheral devices such as cameras, USB drives, and printers are enabled for Windows 365 Cloud PCs. This feature allows users to seamlessly share data between their Cloud PC and local machine, enhancing flexibility and productivity.
While local drive redirection and peripheral device access enhance user convenience and productivity in Windows 365 Cloud PCs, they pose potential security risks for enterprises. The data transfer between the Cloud PC and local devices could compromise sensitive company information.
Consequently, organizations must prioritize data protection by implementing measures to block local drive redirection. We will use the Intune admin center to disable local drive redirection to the Cloud PC. Let’s check the steps.
Create a Device Configuration Profile
Follow the steps below to create a Device configuration profile to disable local drive redirection:
- Sign in to the Intune admin center.
- Go to Devices > Configuration > Create > New Policy.
- Select Platform as Windows 10 and later
- Profile type as Settings Catalog
- Click on the Create button.
Basics Tab
Enter the Name and Description of the profile. Click on Next to proceed. For Example:
Configuration Settings
- Click on + Add settings.
- In the Settings picker, search for drive redirection.
- Click on the Category Administrative Templates\Windows Components\Remote Desktop Services \Remote Desktop Session Host\Device and Resource Redirection.
- Check the box for Do not allow drive redirection.
This policy setting specifies whether to prevent the mapping of client drives in a Remote Desktop Services session (drive redirection). By default, an RD Session Host server maps client drives automatically upon connection. Mapped drives appear in the session folder tree in File Explorer or Computer in the format <driveletter> on <computername>. You can use this policy setting to override this behavior. If you enable this policy setting, client drive redirection is not allowed in Remote Desktop Services sessions, and Clipboard file copy redirection is not allowed on computers running Windows Server 2003, Windows 8, and Windows XP. If you disable this policy setting, client drive redirection is always allowed. In addition, Clipboard file copy redirection is always allowed if Clipboard redirection is allowed. If you do not configure this policy setting, client drive redirection and Clipboard file copy redirection are not specified at the Group Policy level.
About Do not allow drive redirection setting.
- Use the toggle switch to Enable Do not allow drive redirection.
Scope tags
Click on Next.
Assignments tab
Select Add groups and select an Entra security group containing Windows 10/11 devices or users of Entra ID. It is recommended that devices be added to the group and targeted accordingly for a controlled deployment. Once testing proves successful, you can expand the deployment by including additional devices in the group.
Review + create
Review the device configuration profile details on the Review + Create tab and click Create.
Sync Intune Policies
The device check-in process might not begin immediately. If you’re testing this policy on a test device, you can manually kickstart Intune sync from the device itself or remotely through the Intune admin center.
Alternatively, you can use PowerShell to force the Intune sync on Windows devices. Restarting the device is another way to trigger the Intune device check-in process.
Monitoring “Disable Local Drive Redirection ” Policy
To monitor the deployment progress of a Device configuration profile, follow the below steps:
- Sign in to the Intune admin center.
- Click on Devices and then click on Configuration.
- Choose the Device Configuration profile you want to work with, and at the top of the page, you’ll see a quick view of the Success, Failure, Conflict, Not Applicable, and In Progress status.
- Click on View report to access more detailed information.
