Require Secure RPC Communication for Remote Connections using Intune

Key Takeaways:

• Enforce secure RPC communication for remote connections
• Ensuring that remote connections adhere to organizational security standards
• Protect against unauthorized access and potential exploitation
• Protect unsecured remote communication channels

Let’s discuss about Require Secure RPC communication for Remote Connections using Intune. The “Require secure RPC communication” policy is a foundational security setting in Windows Remote Desktop Services (RDS). It dictates how the Remote Desktop Session Host (RDSH) handles Remote Procedure Calls the “behind-the-scenes” messages that allow different software processes to talk to each other.

Require Secure RPC Communication for Remote Connections using Intune

By default, some RPC communications can occur over “unauthenticated” or “unencrypted” channels. When this policy is Enabled, the system mandates that all RPC requests must use authenticated and encrypted communication.

• New way to Take RDP of Windows PC from Windows PC using Windows App
• How New TURN Relay IP Range Enhances RDP Shortpath for AVD and Windows 365
• RDP Port 3389 is Disabled by Default for All Newly Provisioned Windows 365 Cloud PCs

Start Policy Creation

As an Admin, you can quickly configure this policy on your organisation. To start the Policy Creation, open the Microsoft Intune Admin center. Then go to Devices > Configuration >+ Create > +New Policy.

Creation of Profile

Profile creation is the necessary step that helps you to assign the policy to appropriate platform and Profile. Here I would like to configure the policy to  Windows 10 and later platform and settings catalog profile. Then click on the Create button.

Sign up to get the best of How To Manage Devices straight to your inbox!

Basic Tab

Naming the policy is the primary step that help admins to identify the policy later. This is important and necessary step that allows you to know the purpose of the policy. Here is Name is mandatory and description is optional. After adding this click on the Next button.

Select Settings from Settings Picker

With Settings Picker, you can use the Configuration Settings Tab. On this tab, you can click on the +Add Settings hyperlink to get the Settings Picker. The settings picker shows huge number of settings. Here, I would like to select the settings by browsing by Category. I choose System. Then, I choose Administrative Templates > Windows Components > Administrative Templates > Windows Components > Remote Desktop Services > Remote Desktop Session Host > Security – Require secure RPC communication policy.

Disable Secure RPC Communication

If the status is set to Disabled, Remote Desktop Services always requests security for all RPC traffic. However, unsecured communication is allowed for RPC clients that don’t respond to the request.

Enable Secure RPC Communication

If the status is set to Enabled, Remote Desktop Services accepts requests from RPC clients that support secure requests, and doesn’t allow unsecured communication with untrusted clients.

Scope Tags

With scope tags, you create a restriction to the visibility of the Secure RPC Communication. It helps to organise resources as well. Here, I would like to skip this section, because it is not mandatory. Click on the Next button.

Assignments Tab for Selecting Group

To assign the policy to specific groups, you can use the Assignment Tab. Here I click, +Add groups option under Included groups. I choose a group from the list of groups and click on the Select button. Again, I click on the Select button to continue.

Complete Policy Creation

Before completing the policy creation, you can review each tab to avoid misconfiguration or policy failure. After verifying all the details, click on the Create Button. After creating the policy, you will get a success message.

Monitoring Status

The Monitoring Status page shows whether the policy has succeeded or not. To quickly configure the policy and take advantage of the policy sync the assigned device on Company Portal. Open the Intune Portal. Go to Devices > Configuration > Search for the Policy. Here, the policy shows as successful.

Removing the Assigned Group from Secure RPC Communication Settings

If you want to remove the Assigned group from the policy, it is possible from the Intune Portal. To do this, open the Policy on Intune Portal and edit the Assignments tab and the Remove Policy.

To get more detailed information, you can refer to our previous post – Learn How to Delete or Remove App Assignment from Intune using by Step-by-Step Guide.

How to Secure RPC Communication

You can easily delete the Policy from the Intune Portal. From the Configuration section, you can delete the policy. It will completely remove it from the client devices.

For detailed information, you can refer to our previous post – How to Delete Allow Clipboard History Policy in Intune Step by Step Guide.

Windows CSP Details

Specifies whether a Remote Desktop Session Host server requires secure RPC communication with all clients or allows unsecured communication.

You can use this setting to strengthen the security of RPC communication with clients by allowing only authenticated and encrypted requests.

Need Further Assistance or Have Technical Questions?

Join the LinkedIn Page and Telegram group to get the step-by-step guides and news updates. Join our Meetup Page to participate in User group meetings. Also, Join the WhatsApp Community  and WhatsApp Channel to get the latest news on Microsoft Technologies. We are there on Reddit as well.

Author

Anoop C Nair has been Microsoft MVP for 10 consecutive years from 2015 onwards. He is a Workplace Solution Architect with more than 22+ years of experience in Workplace technologies. He is a Blogger, Speaker, and Local User Group Community leader. His primary focus is on Device Management technologies like SCCM and Intune. He writes about technologies like Intune, SCCM,  Windows,  Cloud PC,  Windows, Entra, Microsoft Security, Career, etc.