Configure Media Transfer Protocol and Picture Transfer Protocol redirection on Windows over the Remote Desktop Protocol

Tip

This article is shared for services and products that use the Remote Desktop Protocol (RDP) to provide remote access to Windows desktops and apps.

Select a product using the buttons at the top of this article to show the relevant content.

You can configure the redirection behavior of peripherals that use the Media Transfer Protocol (MTP) or Picture Transfer Protocol (PTP), such as a digital camera, from a local device to a remote session over the Remote Desktop Protocol (RDP).

For Azure Virtual Desktop, we recommend you enable MTP and PTP redirection on your session hosts using Microsoft Intune or Group Policy, then control redirection using the host pool RDP properties.

For Windows 365, you can configure your Cloud PCs using Microsoft Intune or Group Policy. Once enabled, Windows 365 redirects all supported MTP and PTP peripherals.

For Microsoft Dev Box, you can configure your dev boxes using Microsoft Intune or Group Policy. Once enabled, Microsoft Dev Box redirects all supported MTP and PTP peripherals.

This article provides information about the supported redirection methods and how to configure the redirection behavior for MTP and PTP peripherals. To learn more about how redirection works, see Redirection over the Remote Desktop Protocol.

MTP and PTP redirection vs USB redirection

Most MTP and PTP peripherals connect to a computer over USB. RDP supports redirecting MTP and PTP peripherals using native MTP and PTP redirection or opaque low-levelUSB device redirection, independent of each other. Behavior depends on the peripheral and its supported features.

Both redirection methods redirect the device to the remote session listed under Portable Devices in Device Manager. This device class is WPD and the device class GUID is {eec5ad98-8080-425f-922a-dabf3de3f69a}. You can find a list of the device classes at System-Defined Device Setup Classes Available to Vendors

Devices are redirected differently depending on the redirection method used. MTP and PTP redirection uses high-level redirection; the peripheral is available locally and in the remote session concurrently, and requires the relevant driver installed locally. Opaque low-level USB redirection transports the raw communication of a peripheral, so requires the relevant driver installed in the remote session. You should use high-level redirection methods where possible. For more information, see Redirection methods.

The following example shows the difference when redirecting an Apple iPhone using the two methods. Both methods achieve the same result where pictures can be imported from the iPhone to the remote session.

  • Using MTP and PTP redirection, the iPhone is listed as Digital Still Camera to applications and under Portable Devices in Device Manager:

    A screenshot showing portable devices in Device Manager using MTP and PTP redirection.

  • Using USB redirection, the iPhone is listed as Apple iPhone to applications and under Portable Devices in Device Manager:

    A screenshot showing portable devices in Device Manager using USB redirection.

The rest of this article covers MTP and PTP redirection. To learn how to configure USB redirection, see Configure USB redirection on Windows over the Remote Desktop Protocol.

Prerequisites

Before you can configure MTP and PTP redirection, you need:

  • An existing Cloud PC.
  • An existing dev box.
  • A device that supports MTP or PTP you can use to test the redirection configuration connected to a local device.

  • To configure Microsoft Intune, you need:

    • Microsoft Entra ID account that is assigned the Policy and Profile manager built-in RBAC role.
    • A group containing the devices you want to configure.
  • To configure Group Policy, you need:

    • A domain account that has permission to create or edit Group Policy objects.
    • A security group or organizational unit (OU) containing the devices you want to configure.
  • You need to connect to a remote session from a supported app and platform. To view redirection support in Windows App and the Remote Desktop app, see Compare Windows App features across platforms and devices and Compare Remote Desktop app features across platforms and devices.

MTP and PTP redirection

Configuration of a session host using Microsoft Intune or Group Policy, or setting an RDP property on a host pool governs the ability to redirect MTP and PTP peripherals between the remote session and the local device, which is subject to a priority order.

The default configuration is:

  • Windows operating system: MTP and PTP redirection isn't allowed.
  • Azure Virtual Desktop host pool RDP properties: MTP and PTP devices are redirected from the local device to the remote session.
  • Resultant default behavior: MTP and PTP peripherals aren't redirected.

Important

Take care when configuring redirection settings as the most restrictive setting is the resultant behavior. For example, if you disable MTP and PTP redirection on a session host with Microsoft Intune or Group Policy, but enable it with the host pool RDP property, redirection is disabled. You can also specify individual MTP and PTP peripherals to redirect only.

Configuration of a Cloud PC governs the ability to redirect MTP and PTP peripherals between the remote session and the local device, and is set using Microsoft Intune or Group Policy.

The default configuration is:

  • Windows operating system: MTP and PTP redirection isn't allowed.
  • Windows 365: MTP and PTP redirection is enabled.
  • Resultant default behavior: MTP and PTP peripherals are redirected.

Configuration of a dev box governs the ability to redirect the MTP and PTP peripherals between the remote session and the local device, and is set using Microsoft Intune or Group Policy.

The default configuration is:

  • Windows operating system: MTP and PTP redirection isn't allowed.
  • Microsoft Dev Box: MTP and PTP redirection is enabled.
  • Resultant default behavior: MTP and PTP peripherals are redirected.

Configure MTP and PTP redirection using host pool RDP properties

The Azure Virtual Desktop host pool setting MTP and PTP device redirection controls whether to redirect MTP and PTP peripherals between the remote session and the local device. The corresponding RDP property is devicestoredirect:s:<value>. For more information, see Supported RDP properties.

To configure MTP and PTP redirection using host pool RDP properties:

  1. Sign in to the Azure portal.

  2. In the search bar, type Azure Virtual Desktop and select the matching service entry.

  3. Select Host pools, then select the host pool you want to configure.

  4. Select RDP Properties, then select Device redirection.

    A screenshot showing the host pool device redirection tab in the Azure portal.

  5. For MTP and PTP device redirection, select the drop-down list, then select one of the following options:

    • Don't redirect any devices
    • Redirect portable media players based on the Media Transfer Protocol (MTP) and digital cameras based on the Picture Transfer Protocol (PTP) (default)
    • Not configured
  6. Select Save.

Tip

If you enable redirection using host pool RDP properties, you need the check that redirection isn't blocked by a Microsoft Intune or Group Policy setting.

Optional: Retrieve specific MTP and PTP device instance IDs and add them to the RDP property

By default, the host pool RDP property will redirect all supported MTP and PTP peripherals, but you can also enter specific device instance IDs in the host pool properties so that only the peripherals you approve are redirected. To retrieve the device instance IDs available of the USB devices on a local device you want to redirect:

  1. On the local device, connect any devices you want to redirect.

  2. Open a PowerShell prompt and run the following command:

    Get-PnPdevice | Where-Object {$_.Class -eq "WPD" -and $_.Status -eq "OK"} | FT -AutoSize
    

    The output is similar to the following output. Make a note of the InstanceId value for each device you want to redirect.

    Status Class FriendlyName InstanceId
    ------ ----- ------------ ----------
    OK     WPD   Apple iPhone USB\VID_05AC&PID_12A8&MI_00\B&1A733E8B&0&0000
    
  3. In the Azure portal, return to the host pool RDP properties configuration, and select Advanced.

  4. In the text box, find the relevant RDP property, which by default is devicestoredirect:s:*, then add the instance IDs you want to redirect, as shown in the following example. Separate each device instance ID with a semi-colon (;).

    devicestoredirect:s:USB\VID_05AC&PID_12A8&MI_00\B&1A733E8B&0&0000
    
  5. Select Save.

Tip

The following behavior is expected when you specify an instance ID:

  • If you refresh the Azure portal, the value you entered changes to lowercase and each backslash character in the instance ID is escaped by another backslash character.

  • When you navigate to the Device redirection tab, the value for MTP and PTP device redirection is blank.

Configure MTP and PTP redirection using Microsoft Intune or Group Policy

Configure MTP and PTP redirection using Microsoft Intune or Group Policy

Select the relevant tab for your scenario.

To allow or disable MTP and PTP redirection using Microsoft Intune:

  1. Sign in to the Microsoft Intune admin center.

  2. Create or edit a configuration profile for Windows 10 and later devices, with the Settings catalog profile type.

  3. In the settings picker, browse to Administrative templates > Windows Components > Remote Desktop Services > Remote Desktop Session Host > Device and Resource Redirection.

    A screenshot showing the device and resource redirection options in the Microsoft Intune portal.

  4. Check the box for Do not allow supported Plug and Play device redirection, then close the settings picker.

  5. Expand the Administrative templates category, then set toggle the switch for Do not allow supported Plug and Play device redirection, depending on your requirements:

    • To allow MTP and PTP redirection, toggle the switch to Disabled.

    • To disable MTP and PTP redirection, toggle the switch to Enabled.

  6. Select Next.

  7. Optional: On the Scope tags tab, select a scope tag to filter the profile. For more information about scope tags, see Use role-based access control (RBAC) and scope tags for distributed IT.

  8. On the Assignments tab, select the group containing the computers providing a remote session you want to configure, then select Next.

  9. On the Review + create tab, review the settings, then select Create.

  10. Once the policy applies to the computers providing a remote session, restart them for the settings to take effect.

Note

When you configure the Intune policy setting Do not allow supported Plug and Play device redirection, it also affects USB redirection.

Test MTP and PTP redirection

To test MTP and PTP redirection:

  1. Make sure a device that supports MTP or PTP is connected to the local device.

  2. Connect to a remote session using Window App or the Remote Desktop app on a platform that supports MTP and PTP redirection. For more information, see Compare Windows App features across platforms and devices and Compare Remote Desktop app features across platforms and devices.

  3. Check the MTP or PTP device is available in the remote session. Here are some ways to check:

    1. Open the Photos app (from Microsoft) in the remote session from the start menu. Select Import and check the redirected device appears in the list of connected devices.

      A screenshot showing the available printers and scanners in the remote session.

    2. Open a PowerShell prompt in the remote session and run the following command:

      Get-PnPdevice | ? Class -eq "WPD" | FT -AutoSize
      

      The output is similar to the following output:

      Status Class FriendlyName         InstanceId
      ------ ----- ------------         ----------
      OK     WPD   Digital Still Camera TSBUS\UMB\2&FD4482C&0&TSDEVICE#0002.0003
      

      You can verify whether the device is redirected using MTP and PTP redirection or USB redirection by the InstanceId value:

      • For MTP and PTP redirection, the InstanceId value begins with TSBUS.

      • For USB redirection, the InstanceId value begins USB.

  4. Open an application and print a test page to verify the printer is functioning correctly.