New AVD Enable RDP Shortpath for Managed Networks Settings, and other policies are now available in Intune Settings Catalog. Integrating Azure Virtual Desktop settings into the Intune Settings Catalog is an essential development for Azure Virtual Desktop users.
With this integration, you gain greater control over your virtual desktop environments. It allows for more efficient and customised deployments. This update represents a significant step in optimizing the Azure Virtual Desktop experience.
If you are using Azure Virtual Desktop (AVD, previously known as Windows Virtual Desktop – WVD), you might know some settings accessible through group policy (GPO). These include features like adding watermarks or protecting against screen captures.
The new Azure Virtual Desktop app is now available in the Microsoft Store and accessible through Winget and Intune. The integration with Winget and Intune provides administrators with powerful deployment and management capabilities, making configuring and maintaining virtual desktop environments more accessible than ever.
These new settings (aka policies) give you more control and security for your virtual desktop environment. It’s a helpful enhancement to make your virtual desktop experience better and safer.
- How to Connect AVD Remote Desktop Resources Client or Browser?
- How to Deploy Remote Desktop Client using ConfigMgr | SCCM | WVD
- How to Add Azure Virtual Desktop Session Host to Azure AD Join Guide AVD
What is the Significance of Azure Virtual Desktop Settings being available in the Intune Settings Catalog?
This integration allows for managing and configuring Azure Virtual Desktop environments through Microsoft Intune. It offers administrators a centralized platform to set and optimize virtual desktop deployments.
How many Results are available in the Azure Virtual Desktop Subcategory within the Intune Settings Catalog?
There are 13 results available in the Azure Virtual Desktop subcategory within the Intune settings catalog.
AVD Enable RDP Shortpath for Managed Networks Settings now available
Let’s discuss the Azure Virtual Desktop Settings now available in the Intune Settings Catalog. Integrating Azure Virtual Desktop Settings into the Intune Settings Catalog enhances administrators’ management capabilities, simplifying the configuration process for virtual desktop environments.
- Sign in to the Microsoft Endpoint Manager admin center.
- Select Devices > Configuration profiles > Create profile.
To initiate the process, navigate to the ‘Create a Profile‘ section and choose ‘Windows 10 and later‘ platform. Next, select the profile type as ‘Settings catalog‘. Finally, proceed by clicking on the ‘Create‘ button.
In Basics, Specify a descriptive name for the profile, a description (optional), then select Next. We entered the Name Azure Virtual Desktop Settings and the Description “Azure Virtual Desktop Settings now available in Intune Settings Catalog.” Select the Platform as Windows 10 and later.
In Configuration settings, select Add settings. With the settings catalog, you can choose which settings to configure. Click on Add Settings to browse or search the record for the settings you want to configure.
When you utilize the settings picker and search for “Azure Virtual Desktop,” you will find a result categorized under “Administrative Templates > Windows Components > Remote Desktop Services > Remote Desktop Session Host > Azure Virtual Desktop. This subcategory encompasses 13 distinct results for configuring and managing Azure Virtual Desktop environments through Intune settings.
Note – The Settings Picker will allow you to search or browse to select any settings available in the settings catalog for configuration in your policy.
Azure Virtual Desktop Subcategory
The Azure Virtual Desktop settings in the settings catalog include 13 subcategory results. The below screenshot and table show the 13 subcategory results.
|Azure Virtual Desktop Subcategory Results|
|Enable Graphics related data logging for every connection interval|
|Enable RDP Shortpath for managed networks|
|UDP port base (Device)|
|Enable screen capture protection|
|Screen Capture Protection Options (Device)|
|Height of grid box in per cent relative to QR code bitmap height (Device)|
|QR code bitmap opacity (Device)|
|QR code bitmap scale factor (Device)|
|Width of grid box in per cent relative to QR code bitmap width (Device)|
|Use port range for RDP Shortpath for unmanaged networks|
|Port pool size (Device)|
|UDP port base (Device)|
Enable RDP Shortpath for Managed Networks
This policy setting lets you enable RDP Shortpath for managed networks. If you enable this policy setting, Azure Virtual Desktop clients connected over managed networks will use UDP to connect to the session host. If you disable or don’t configure this policy setting, the clients won’t use RDP Shortpath for managed networks to connect to the session host.
- If you enable this policy setting, you should also help with the required firewall exceptions that will allow RDP Shortpath for managed networks to work correctly.
|Azure Virtual Desktop Subcategory Results||Description|
|Use port range for RDP Shortpath for unmanaged networks||This policy setting allows you to specify the UDP port range the Azure Virtual Desktop client will use to communicate with the session host when RDP Shortpath for public networks is used.|
If you enable this policy setting, the Azure Virtual Desktop client will randomly select the port from the range for every connection. If the specified port range is exhausted, the client’s operating system will choose a port.
If you disable or do not configure this policy setting, the operating system on the client will select a port used for the session (recommended). If you enable this policy setting, we recommend configuring firewall rules on the client to allow inbound UDP connection in this port range for Azure Virtual Desktop clients.
If you do not configure firewall rules, Windows Defender Firewall may prompt the user to allow communication. Enable this policy setting to customize a UDP port range for the Azure Virtual Desktop client.
When choosing the base and pool size, consider the number of ports setting to ensure the upper bound does not exceed 49151. For example, if you select 38300 as a port base and 1000 as pool size, the upper bound will be 39299.
UDP port base: This setting allows you to customize the base for the UDP port range. The default base port is 38300 (recommended). You can select any value in the 1024-49151 range for the base.
Port pool size: This setting allows you to select the number of ports in the UDP port range. The default (recommended) is 1000
This policy setting allows you to specify whether watermarking is enabled for a remote session. If you enable this policy setting, then the RD Session Host server will instruct the client to project the watermarking QR code in a remote session.
- The connection will be denied if the client is not compatible with watermarking. If you disable or do not configure this policy setting, then the watermarking will be disabled.
|Azure Virtual Desktop Subcategory Results||Description|
|Enable screen capture protection||This policy setting allows you to specify whether protection against screen capture is enabled for a remote session across client and server.|
If you enable this policy setting to block screen capture on the client, the RD Session Host Server will instruct the client to allow screen capture protection for a remote session. If a compatible client is used, it will prevent screen capture of the applications running in the remote session.
Suppose you enable this policy setting to block screen capture on the client and server. In that case, it will stop the client as described above, in addition to instructing the session host to prevent tools and services within the session host from capturing the screen.
This option requires the session host to be OS version Windows 11, version 22H2 or later. If the client is not compatible with screen capture protection, the connection will be denied.
If you disable or do not configure this policy setting, the screen capture protection will be disabled.
|Enable Graphics related data logging for every connection interval||This policy setting lets you enable graphics-related data logging for every connection interval.|
If you enable this policy setting, the RD Session Host server logs graphics-related data for every connection interval.
If you disable or don’t configure this policy setting, the RD Session Host server logs graphics-related data for only connection intervals with graphics issues.
- Reference – MikeDano on X
We are on WhatsApp. To get the latest step-by-step guides and news updates, Join our Channel. Click here – HTMD WhatsApp.
About the Author – Vidya is a computer enthusiast. She is here to share quick tips and tricks with Windows 11 or Windows 10 users. She loves writing on Windows 11 and related technologies. She is also keen to find solutions and write about day-to-day tech problems.