Turn On Screen Capture Protection in AVD using Intune

Let’s learn how to Turn On Screen Capture Protection in AVD using Intune. This Screen Capture Protection configuration prevents users from capturing sensitive information on client endpoints through specific operating system (OS) features.

Turning on Screen Capture Protection in Azure Virtual Desktop (AVD) also helps prevent sensitive information from being captured on client endpoints through Application Programming Interfaces (APIs). With this feature, Microsoft protects sensitive information for Intune users.

There are many cyber threats in the Cyber World every day. Microsoft develops many security applications for users. Now, you can use Screen Capture Protection in AVD in Intune to protect organizations.

After enabling screen capture protection, remote content is automatically blocked in screenshots and screen sharing. Follow the steps below to configure screen capture protection using Microsoft Intune or Group Policy on your session hosts.

Patch My PC
Turn On Screen Capture Protection in AVD using Intune - Fig.1
Turn On Screen Capture Protection in AVD using Intune – Fig.1
Index
Turn On Screen Capture Protection in AVD using Intune
Steps for Turn On Screen Capture Protection in AVD
End Users Experience – Screen Protection Policy Enabled
Turn On Screen Capture Protection in AVD in Intune – Table.1

Turn On Screen Capture Protection in AVD using Intune

Screen Capture Protection in AVD can be easily enabled in Microsoft Intune. Intune policy allows admins to enable Screen Capture Protection from the settings catalog. There are two supported scenarios for screen capture protection, depending on the Windows version.

  • Block screen capture on client: If you enable this policy setting, the session host instructs a supported Remote Desktop client to enable screen capture protection for a remote session. This prevents screen capture from the client of applications running in the remote session.
  • Block screen capture on client and server: By enabling this policy setting, the session host instructs a supported Remote Desktop client to enable screen capture protection for a remote session. This stops tools and services on the session host from capturing the screen, as well as screen capture from the client of programs running in the remote session.

Users must follow certain prerequisites to enable Screen Capture Protection in AVD. Your session hosts must be running one of the following versions of Windows to use screen capture protection. The table below shows the prerequisites.

Adaptiva
Prerequisite
Block screen capture on client is available with a supported version of Windows 10 or Windows 11
Block screen capture on client and server is available starting with Windows 11, version 22H2
Turn On Screen Capture Protection in AVD using Intune – Table.2

Steps for Turn On Screen Capture Protection in AVD

Users can easily turn on Screen Capture Protection in AVD using Microsoft Intune. The screen Capture Protection feature is available at the Microsoft Intune admin center.

Turn On Screen Capture Protection in AVD using Intune - Fig.2
Turn On Screen Capture Protection in AVD using Intune – Fig.2

In this window, you can select platform and Profile Type. Here the selected Platform is Windows 10 and later, and Profile type is Settings Catalog. Click on the Create button to continue.

Turn On Screen Capture Protection in AVD using Intune - Fig.3
Turn On Screen Capture Protection in AVD using Intune – Fig.3

After that, you can create a Profile for screen capture Protection. You can provide the policy’s name and description in the basic section. Here, I give Enabling Screen Capture Protection for AVD as the Name. After that, you can click on the Next button.

Turn On Screen Capture Protection in AVD using Intune - Fig.4
Turn On Screen Capture Protection in AVD using Intune – Fig.4

The next section after the basic section is the Configuration Settings. Here, you can click on +Add Settings to choose settings to configure.

Turn On Screen Capture Protection in AVD using Intune - Fig.5
Turn On Screen Capture Protection in AVD using Intune – Fig.5

After clicking on +Add Settings, you will see the Settings Picker window. Here, you can search for settings and browse by category. Here i search Administrative Template as the Key word to search.

  • Choose Administrative Templates Windows Components Remote Desktop Services Remote Desktop Session Host Azure Virtual Desktop
  • Select the Enable Screen Capture Protection setting from the list.
Turn On Screen Capture Protection in AVD using Intune - Fig.6
Turn On Screen Capture Protection in AVD using Intune – Fig.6

After selecting the settings from the above window, click the Next button, as shown in the below screenshot.

Turn On Screen Capture Protection in AVD in Intune - Fig.7
Turn On Screen Capture Protection in AVD in Intune – Fig.7

The next window is for selecting Scope Tags. This section is not mandatory. You can easily skip or add this setting if you prefer. Click on the Next button.

Turn On Screen Capture Protection in AVD in Intune - Fig.8
Turn On Screen Capture Protection in AVD in Intune – Fig.8

The next window will show the Assignment section. Here, you can select included groups or Excluded groups. The Assignment section determines which group needs Screen Capture Protection. Click on the Add groups option on the Included groups and select your preferred group. Then click on the Next button.

Turn On Screen Capture Protection in AVD in Intune - Fig.9
Turn On Screen Capture Protection in AVD in Intune – Fig.9

The last section is the Review + Create section. Here, you can verify each of the sections and make changes to any section. After that, you can click on the Create button.

Turn On Screen Capture Protection in AVD using Intune - Fig.10
Turn On Screen Capture Protection in AVD in Intune – Fig.10

After the policy creation is complete, you will receive a Notification on the Intune portal stating that the Policy has been created successfully.

Turn On Screen Capture Protection in AVD using Intune - Fig.11
Turn On Screen Capture Protection in AVD using Intune – Fig.11

End Users Experience – Screen Protection Policy Enabled

To verify that screen capture protection is working, Connect to a remote session with a supported client. To use screen capture protection, users must connect to Azure Virtual Desktop with the Windows App or the Remote Desktop app. The following table shows supported scenarios.

AppVersionDesktop sessionRemoteApp session
Windows App on WindowsAnyYesYes. Client device OS must be Windows 11, version 22H2 or later.
Remote Desktop client on Windows1.2.1672 or laterYesYes. Client device OS must be Windows 11, version 22H2 or later.
Azure Virtual Desktop Store appAnyYesYes. Client device OS must be Windows 11, version 22H2 or later.
Windows App on macOSAnyYesYes
Remote Desktop client on macOS10.7.0 or laterYesYes
Turn On Screen Capture Protection in AVD using Intune – Table 3

Take a screenshot or share your screen in a Teams call or meeting. The content should be blocked or hidden. Here you can see the black screen appeared, Any existing sessions must be signed out and checked again for the change to take effect. If a user tries to connect with a different app or version, the connection is denied and shows an error message.

Turn On Screen Capture Protection in AVD using Intune - Fig.12
Turn On Screen Capture Protection in AVD using Intune – Fig.12

We are on WhatsApp. To get the latest step-by-step guides and news updates, Join our Channel. Click here for HTMD WhatsApp.

Author

Anoop C Nair is Microsoft MVP! He is a Device Management Admin with more than 20 years of experience (calculation done in 2021) in IT. He is a Blogger, Speaker, and Local User Group HTMD Community leader. His main focus is on Device Management technologies like SCCM 2012, Current Branch, and Intune. He writes about ConfigMgr, Windows 11, Windows 10, Azure AD, Microsoft Intune, Windows 365, AVD, etc.

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.