Enable/Disable Remote Desktop Access using Intune

In this blog post, we will explore the process of Enabling and Disabling Remote Desktop Access on Windows devices managed by Intune. When you disable Remote Desktop Access, you can effectively prevent users from connecting to that device using Remote Desktop Protocol (RDP).

Ideally, Remote Desktop Protocol (RDP) connections should be allowed on devices for remote connections. However, there are scenarios where you may want to disable it in adherence to your organization’s security policy.

To accomplish this, You can use a Settings Catalog policy “Allow users to connect remotely by using Remote Desktop Services” when creating a Device configuration profile from the Intune admin center and simply assign this profile to Windows devices.

How to block Registry access using Intune

Block access to Control panel and PC Settings using Intune

How to disable bluetooth on Windows using Intune

Step-by-step guides

Step 1 – Create a Device Configuration Profile

To be able to manage Remote Desktop Access on Intune-managed Windows devices using Intune, you will need to create a Device configuration profile. Let’s check the steps:

  • Login on Microsoft Intune admin center
  • Click on Devices Configuration profiles
  • Click on Create > New Policy
  • Platform: Windows 10 and later
  • Profile type: Settings Catalog

Basics Tab

Provide a Name and Description of the policy and click Next.

Configuration settings

Click on + Add settings and search for “Allow users to connect remotely by using Remote Desktop Services“.

Allow users to connect remotely by using Remote Desktop Services
Allow users to connect remotely by using Remote Desktop Services
  • Keep this setting in the Disabled state and click on Next. This will disable Remote Desktop Access to target computers.

This policy setting allows you to configure remote access to computers by using Remote Desktop Services. If you enable this policy setting, users who are members of the Remote Desktop Users group on the target computer can connect remotely to the target computer by using Remote Desktop Services.

If you disable this policy setting, users cannot connect remotely to the target computer by using Remote Desktop Services. The target computer will maintain any current connections, but will not accept any new incoming connections.

If you do not configure this policy setting, Remote Desktop Services uses the Remote Desktop setting on the target computer to determine whether the remote connection is allowed. 

About “Allow users to connect remotely by using Remote Desktop Services” setting
  • If you want to Enable Remote Desktop Access on the target devices, then you can use use to toggle Switch to Enable this setting.
Allow users to connect remotely by using Remote Desktop Services
Allow users to connect remotely by using Remote Desktop Services

Scope tags

Click on Next.

Assignments

Click on Add groups and select an Entra security group containing Windows 10/11 devices.

Assign the profile to Entra security group containing Windows devices

Review + create

On the Review + Create tab, review the device configuration profile details and click on Create.

Sync Intune Policies

The device check-in process might not begin immediately. If you’re testing this policy on a test device, you can manually kickstart Intune sync either from the device itself or remotely through the Intune admin center.

Alternatively, you can use PowerShell to force the Intune sync on Windows devices. Another way to trigger the Intune device check-in process is by restarting the device.

Step 2 – Monitoring Deployment Progress

To monitor the deployment progress of a Device configuration profile, follow below steps:

  • Sign in to the Microsoft Intune admin center.
  • Click on “Devices” and then select “Configuration profiles
  • Choose the Device Configuration profile you want to work with, and at the top of the page, you’ll see a quick view of the Success, Failure, Conflict, Not Applicable, and In Progress status.
  • Click on “View report” to access more detailed information.

End-users Experience

A notification may appear on the target device when the policy is applied. Subsequently, remote connections to that device will either be disabled or enabled based on the configuration settings in the profile.

More Information

If you want to read more about enabling Remote Desktop on your PC. Please refer to the Microsoft Learn article: Enable Remote Desktop on your PC.

Conclusion

In this blog post, we’ve covered how to enable or disable Remote Desktop (RDP) Access on Windows 10 and Windows 11 devices using the Intune admin center. By toggling the switch next to ‘Allow users to connect remotely by using Remote Desktop Services‘ you can easily manage RDP access. We hope the information provided in this blog post has assisted you in configuring this setting.

Leave a Comment