Disable Remote Desktop Connections Using Intune

In this post, you will learn to disable Remote Desktop Connections Using Intune. You can use Remote Desktop to connect to and control your PC from a remote device.

You can use another device to connect to your PC and access all of your apps, files, and other resources without going in front of your PC. This is a security risk for most organizations.

To connect to a remote PC, the target computer must be turned on and network. As part of your organization’s security policies, you may not allow users to log on using Remote Desktop Services. Intune configuration policies help you lock down Windows devices as per your organization’s security requirements.

Any account with the Allow log on through Remote Desktop Services user right can log on to the remote console of the computer. Suppose you do not restrict access to legitimate users who need to log on to the computer’s console.

Patch My PC

In that case, unauthorized users could download and execute malicious code to elevate their privileges. You can get more details about Intune Endpoint Security Policies Microsoft Endpoint Manager Updates.

Disable Remote Desktop Connections Using Intune

Let’s follow the below steps to Disable Remote Desktop Connections using Intune –

  • Sign in to the https://endpoint.microsoft.com/
  • To create a new Configuration profile, Select Devices > Windows > Configuration profiles > Create profile
Disable Remote Desktop Connections Using Intune 1
Intune Configuration Profiles – Create Profile

In Create a profile, Select Platform, Windows 10, and later and Profile, Select Profile Type as Settings catalog. Click on Create button.

Intune Configuration Profiles – Select Platform, Profile type
Intune Configuration Profiles – Select Platform, Profile type

On the Basics tab, enter a descriptive name, such as Disable Remote Desktop Connections. Optionally, enter a Description for the policy, then select Next.

Adaptiva
Create profile – Disable Remote Desktop Connections
Create a profile – Disable Remote Desktop Connections

In Configuration settings, under Settings catalog, click Add settings.

Settings catalog – Click + Add settings
Settings catalog – Click + Add settings.

On the Settings Picker windows, Select Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Connections to see all the settings in this category.

Select Allow users to connect remotely by using Remote Desktop Services below. After adding your settings, click the cross mark at the right-hand corner to close the settings picker. 

Note – In policy, use the search box to find specific settings. You can search by category or a keyword, such as Allow users to connect remotely. It will display the related settings available.

Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Connection
Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Connections

The setting is shown and configured with a default value Disabled. Set Allow users to connect remotely by using Remote Desktop Services to Disabled. Click Next.

Allow users to connect remotely by using Remote Desktop Services – If you disable this policy setting, users cannot connect remotely to the target computer by using Remote Desktop Services.

The target computer will maintain any current connections but not accept any new incoming connections.

 Allow users to connect remotely by using Remote Desktop Services - Disabled
Allow users to connect remotely by using Remote Desktop Services – Disabled.

Under Assignments, In Included groups, click Add groups and then choose Select groups to include one or more groups. Click Next to continue.

Assignments – Select groups to include
Assignments – Select groups to include | Disable Remote Desktop Connections Using Intune

You can assign a tag to filter the profile to specific IT groups in-Scope tags. Add scope tags (if required) and click Next.

In Review + create, review your settings. When you select Create, your changes are saved, and the profile is assigned.

Review + Create – Device Configuration Profile
Review + Create – Device Configuration Profile | Disable Remote Desktop Connections Using Intune

A notification will appear automatically in the top right-hand corner with a message. Here, Policy “Disable Remote Desktop Connections” was created here successfully. The policy is also shown in the Configuration profiles list.

Policy "Disable Remote Desktop Connections" created successfully
Policy “Disable Remote Desktop Connections” created successfully

Your groups will receive your profile settings when the devices check-in with the Intune service. Once the policy applies to the devices, Users will not access computers by using Remote Desktop Services. You can validate the settings on the Remote tab in the System Properties in devices.

You can also explore the detailed post about steps to enable or disable Remote Desktop Access using the Settings app and Registry on Windows 10.

Author

About Author -> Jitesh has over 5 years of working experience in the IT Industry. He writes and shares his experiences related to Microsoft device management technologies and IT Infrastructure management. His primary focus area is Windows 10 Deployment solution with Configuration Manager, Microsoft Deployment Toolkit (MDT), and Microsoft Intune.

1 thought on “Disable Remote Desktop Connections Using Intune”

  1. Hi Anoop, Thanks for this post!

    Just a suggestion, you should show how a policy change made the difference on end user device and where one can check for this change.

    Reply

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.