![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(140.8, 28.999999999999996%, 23%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMS%3C/text%3E%3C/svg%3E)
Remote Desktop
A Microsoft app that connects remotely to computers and to virtual apps and desktops.
4,565 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(166.4, 27%, 26%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERP%3C/text%3E%3C/svg%3E)
Hello @Mayank Suhane,
Thank you for posting your query on Microsoft Q&A.
Based on your description, it sounds like you're looking to disable Remote Desktop Connection or prevent users from initiating a remote session when they are logged into the system with Entra ID.
Here are the steps you can follow to disable Remote Desktop or prohibit remote sessions:
Method 1: Disable Remote Desktop through Group Policy
- Open the Group Policy Editor (gpedit.msc) on a domain controller or a system with the Group Policy Management Console installed.
- Navigate to Computer Configuration > Administrative Templates > Windows Components > Remote Desktop Services > Remote Desktop Session Host > Connections.
- Enable the policy "Allow users to connect remotely using Remote Desktop" and set it to "Disabled".
- Apply the policy to the desired OU or domain.
Method 2: Disable Remote Desktop through Registry
- Open the Registry Editor (regedit.exe) on the system you want to disable Remote Desktop on.
- Navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server.
- Create a new DWORD (32-bit) value named "fDenyTSConnections" and set its value to 1.
- Restart the system for the changes to take effect.
Method 3: Disable Remote Desktop through Intune
Go to Microsoft Intune admin center. Create a custom profile and deploy this profile to the device group you want.
Select Devices > Manage devices > Configuration > Create > New policy.
Platform: Choose the platform of your devices. Your options:
Profile type: Select Custom. Or, select Templates > Custom.
Name: Set a name for this profile.
- OMA-URI setting: ./Device/Vendor/MSFT/Policy/Config/RemoteDesktopServices/AllowUsersToConnectRemotely
Data Type: String
Value: <disabled />
Alternatively, you can create an administrative template with the setting "Require user authentication for remote connections by using Network Level Authentication" to disable remote access.
I hope this information is helpful. Please feel free to reach out if you have any further questions.
If this answers your query, do click Accept Answer and Yes for was this answer helpful. And, if you have any further query do let us know.
Thanks,
Raja Pothuraju.