In this blog post, we will explore the process of Enabling and Disabling Remote Desktop Access on Windows devices managed by Intune. When you disable Remote Desktop Access, you can prevent users from connecting to that device using Remote Desktop Protocol (RDP).
Ideally, Remote Desktop Protocol (RDP) connections should be allowed on devices. However, in some scenarios, you may want to disable them in accordance with your organization’s security policy.
To accomplish this, you can use a Settings Catalog policy, which allows users to connect remotely by using Remote Desktop Services when creating a Device configuration profile from the Intune admin center and assigning this profile to Windows devices.
How to block Registry access using Intune
Step-by-step guides
Table of Contents
Step 1 – Create a Device Configuration Profile
To manage Remote Desktop Access on Intune-managed Windows devices using Intune, you must create a Device configuration profile. Let’s check the steps:
- Sign in to the Intune admin center.
- Click on Devices > Configuration > Create > New Policy.
- Platform: Windows 10 and later.
- Profile type: Settings Catalog.
Basics Tab
Provide a Name and Description of the policy and click Next.
Configuration settings
Click on + Add settings and search for Allow users to connect remotely by using Remote Desktop Services.
- Keep this setting in the Disabled state and click on Next. This will disable remote desktop access for target computers.
This policy setting allows you to configure remote access to computers by using Remote Desktop Services. If you enable this policy setting, users who are members of the Remote Desktop Users group on the target computer can connect remotely to the target computer by using Remote Desktop Services.
If you disable this policy setting, users cannot connect remotely to the target computer by using Remote Desktop Services. The target computer will maintain any current connections, but will not accept any new incoming connections.
If you do not configure this policy setting, Remote Desktop Services uses the Remote Desktop setting on the target computer to determine whether the remote connection is allowed.
About Allow users to connect remotely by using Remote Desktop Services setting
- If you want to Enable Remote Desktop Access on the target devices, you can use toggle Switch to Enable this setting.
Scope tags
Click on Next.
Assignments
Click Add groups and select an Entra security group containing Windows 10/11 devices.
Review + create
Review the device configuration profile details on the Review + Create tab and click Create.
Sync Intune Policies
The device check-in process might not begin immediately. If you’re testing this policy on a test device, you can manually kickstart Intune sync from the device itself or remotely through the Intune admin center.
Alternatively, you can use PowerShell to force the Intune sync on Windows devices. Restarting the device is another way to trigger the Intune device check-in process.
Step 2 – Monitoring Deployment Progress
To monitor the deployment progress of a Device configuration profile, follow below steps:
- Sign in to the Intune admin center.
- Click on Devices and then select Configuration.
- Choose the Device Configuration profile you want to work with, and at the top of the page, you’ll see a quick view of the Success, Failure, Conflict, Not Applicable, and In Progress status.
- Click on View report to access more detailed information.
End-users Experience
When the policy is applied, a notification may appear on the target device. Subsequently, based on the configuration settings in the profile, remote connections to that device will either be disabled or enabled.
More Information
If you want to read more about enabling Remote Desktop on your PC, please refer to the Microsoft Learn article: Enable Remote Desktop on your PC.
Conclusion
In this blog post, we’ve covered how to enable or disable Remote Desktop (RDP) Access on Windows 10 and Windows 11 devices using the Intune admin center. By toggling the switch next to Allow users to connect remotely by using Remote Desktop Services you can easily manage RDP access. We hope the information in this blog post has assisted you in configuring this setting.
This configuration did not work for me. RDP still got disabled as soon as I joined my my Entra ID tenant. Any suggestion what to look for?