Enable/Disable Remote Desktop Access using Intune

Photo of author
Jatin Makhija
1

In this blog post, we will explore the process of Enabling and Disabling Remote Desktop Access on Windows devices managed by Intune. When you disable Remote Desktop Access, you can prevent users from connecting to that device using Remote Desktop Protocol (RDP).

Ideally, Remote Desktop Protocol (RDP) connections should be allowed on devices. However, in some scenarios, you may want to disable them in accordance with your organization’s security policy.

To accomplish this, you can use a Settings Catalog policy, which allows users to connect remotely by using Remote Desktop Services when creating a Device configuration profile from the Intune admin center and assigning this profile to Windows devices.

How to block Registry access using Intune

Block access to Control panel and PC Settings using Intune

How to disable bluetooth on Windows using Intune

Step-by-step guides

Step 1 – Create a Device Configuration Profile

To manage Remote Desktop Access on Intune-managed Windows devices using Intune, you must create a Device configuration profile. Let’s check the steps:

  • Sign in to the Intune admin center.
  • Click on Devices Configuration > Create > New Policy.
  • Platform: Windows 10 and later.
  • Profile type: Settings Catalog.

Basics Tab

Provide a Name and Description of the policy and click Next.

Configuration settings

Click on + Add settings and search for Allow users to connect remotely by using Remote Desktop Services.

Allow users to connect remotely by using Remote Desktop Services
Allow users to connect remotely by using Remote Desktop Services
  • Keep this setting in the Disabled state and click on Next. This will disable remote desktop access for target computers.

This policy setting allows you to configure remote access to computers by using Remote Desktop Services. If you enable this policy setting, users who are members of the Remote Desktop Users group on the target computer can connect remotely to the target computer by using Remote Desktop Services.

If you disable this policy setting, users cannot connect remotely to the target computer by using Remote Desktop Services. The target computer will maintain any current connections, but will not accept any new incoming connections.

If you do not configure this policy setting, Remote Desktop Services uses the Remote Desktop setting on the target computer to determine whether the remote connection is allowed. 

About Allow users to connect remotely by using Remote Desktop Services setting
  • If you want to Enable Remote Desktop Access on the target devices, you can use toggle Switch to Enable this setting.
Allow users to connect remotely by using Remote Desktop Services
Allow users to connect remotely by using Remote Desktop Services

Scope tags

Click on Next.

Assignments

Click Add groups and select an Entra security group containing Windows 10/11 devices.

Assign the profile to Entra security group containing Windows devices

Review + create

Review the device configuration profile details on the Review + Create tab and click Create.

Sync Intune Policies

The device check-in process might not begin immediately. If you’re testing this policy on a test device, you can manually kickstart Intune sync from the device itself or remotely through the Intune admin center.

Alternatively, you can use PowerShell to force the Intune sync on Windows devices. Restarting the device is another way to trigger the Intune device check-in process.

Step 2 – Monitoring Deployment Progress

To monitor the deployment progress of a Device configuration profile, follow below steps:

  • Sign in to the Intune admin center.
  • Click on Devices and then select Configuration.
  • Choose the Device Configuration profile you want to work with, and at the top of the page, you’ll see a quick view of the Success, Failure, Conflict, Not Applicable, and In Progress status.
  • Click on View report to access more detailed information.

End-users Experience

When the policy is applied, a notification may appear on the target device. Subsequently, based on the configuration settings in the profile, remote connections to that device will either be disabled or enabled.

More Information

If you want to read more about enabling Remote Desktop on your PC, please refer to the Microsoft Learn article: Enable Remote Desktop on your PC.

Conclusion

In this blog post, we’ve covered how to enable or disable Remote Desktop (RDP) Access on Windows 10 and Windows 11 devices using the Intune admin center. By toggling the switch next to Allow users to connect remotely by using Remote Desktop Services you can easily manage RDP access. We hope the information in this blog post has assisted you in configuring this setting.

1 thought on “Enable/Disable Remote Desktop Access using Intune”

  1. This configuration did not work for me. RDP still got disabled as soon as I joined my my Entra ID tenant. Any suggestion what to look for?

    Reply

Leave a Comment

Comprehensive Step-by-Step Guides: SetUp/Troubleshooting/Configuring Solutions for Intune, Microsoft 365, Windows 365, PowerShell, Windows, Azure, and other Cloud Technologies.

About the author
Contact Us
Privacy Policies
Comment Policies
Cookie Policies

Enter your email address to subscribe to this blog and receive notifications of new posts by email.