RDP Not Enabled on Windows 11 INTUNE JOINED PC

Question

RDP Not Enabled on Windows 11 INTUNE JOINED PC

Lance Lingerfelt 0 Microsoft External Staff

I am having issues getting my Intune Policy for Remote Desktop to work on my test Windows 11 VMs. Needless to say I am unable to RDP into any of the boxes once they are Intune controlled.

Here is the policy settings:

User's image

Firewall port open on the devices.

The Policy shows that it was successful push:

User's image

Still the button on the computer is NOT enabled and I cannot change it:

If I spin up a new VM, RDP can be done until it is Intune Joined. All my other policies are working great! Does anyone have a recommendation for this?

Thanks,
Lance

Fabian Geurts | Olileo 56 Reputation points

2023-12-07T14:45:27.3233333+00:00

Did you every figured it out ? It's been a month now with MS Support and I have exactly the same issue. It seems Intune is pushing a policy but we can't find what's causing it.
Lance Lingerfelt 0 Reputation points Microsoft External Staff

2023-12-07T14:48:16.1433333+00:00

There have been no solutions on my end to find the policy that is causing this. I have not been able to get it to turn on. Please update if you find something before me!
Fabian Geurts | Olileo 56 Reputation points

2023-12-07T14:53:45.9+00:00

Removing it from Entra ID, excluding from intune and adding again makes it work. But as soon as Intune is provisioned on the machine, the RDP switch is useless and cannot RDP.
Note that I have the exact same issue with Teamviewer if it has been installed prior to join. After Intune kicks in, no connection.

I am sure it is Intune policy related but somwhere in Defender or Firewall (although I also disabled the FW policy too to try it out).

And note that I can reproduce this with several environments from different customers.

I'll keep you informed here when/if we find the root cause.
Pavel yannara Mirochnitchenko 13,336 Reputation points MVP

2023-12-08T11:12:20.66+00:00

Together with policies, also Firewall rules are required to be created in Intune to make it work.
Fabian Geurts | Olileo 56 Reputation points

2023-12-08T14:30:03.3566667+00:00

@Pavel yannara Mirochnitchenko can you elaborate ? Did you make it work ?
Pavel yannara Mirochnitchenko 13,336 Reputation points MVP

2023-12-08T14:45:49.18+00:00

Yes, it is no brainer. I suggest you open your own thread and I can help you with that if you tag me there. If your see the topic starter old reply to me, he is not so friendly :D
Lance Lingerfelt 0 Reputation points Microsoft External Staff

2023-12-08T15:07:53.0433333+00:00

I did a firewall policy to open the ports and they were opened. I even tried to disable the firewall so that it would be taken out of the equation. I guess I have no brain since my thread is not good enough for a valid answer.

Let's Review

Policy created in Intune to allow RDP
Policy created to open port 3389 so that RDP is allowed through
Create special group for these policies to apply to and exclude all other policies

New clean install windows 11 machine added to Intune
Computer added to the special group
Policies push to machine
RDP is not enabled
I am told I have no brain since it is no brainer and I'm not friendly.

Again, another reason why I do not like to use these Q/A boards. I have a better chance finding the answer on Reddit.
Deleted

This comment has been deleted due to a violation of our Code of Conduct. The comment was manually reported or identified through automated detection before action was taken. Please refer to our Code of Conduct for more information.
Fabian Geurts | Olileo 56 Reputation points

2023-12-08T15:36:27.05+00:00

Guys, stay cool :) we are all here to help or get helped.

May be it is a GUI bug but when working with MS and removing it completely from InTune, just AAD joined, the switch is actually working and the RDP works too.

So there is one of the standard configuration MS is applying that "create" this bug and prevent from connecting to RDP.
I'll go ahead and create another thread then ... but is it really useful to duplicate while I ended up here because it is my exact problem ?

The answers I see below are not fixing Lance or my issue which appear to be exactly the same.
Lance Lingerfelt 0 Reputation points Microsoft External Staff

2023-12-08T15:47:58.4866667+00:00

Again. You have managed not to help ANYBODY. You just say that yours works and we're dumb. You can say what you want about me now since NOBODY CAN READ your OLD POST.

Why doesn't anybody see MSFT by your name? They should hire you if you are that good!
Lance Lingerfelt 0 Reputation points Microsoft External Staff

2023-12-08T15:56:32.66+00:00

@Fabian Geurts | Olileo Apologies to you for this other person being hateful to me and you by not providing a solution. There is no need to duplicate threads. We'll get an answer and I will share it with everyone if I find it. It's not even about the button. I changed the registry key to allow RDP and it still is blocked. I've been working with Microsoft too and this is not a no brainer like was said.

I'll provide a workaround. We ended up setting up Azure VMs for the client to use through RDPWeb portal. It's actually easier to manage that way and you can track your OpEX better. If you client has that capability to implement it, I would have them do that.
Fabian Geurts | Olileo 56 Reputation points

2023-12-08T16:18:23.3066667+00:00

Thanks. I created it anyway but happy to continue here to. First to the flag will link the answer ;)

Thing is, the VMs I create are in Tenant A. And I am joining them to tenant B or C.

I don't want to starting playing with RDWeb or AVD solution, just want a simple RDP access so I can test Intune packages and profiles before deploying to customers.

Nevertheless if you have a detailed solution on the RDPWeb portal thing, it is a start.
Lance Lingerfelt 0 Reputation points Microsoft External Staff

2023-12-08T16:27:44.6866667+00:00

@Fabian Geurts | Olileo This will get you started here. At least you'll be able to RDP using the RDP client to an Azure VM:

https://learn.microsoft.com/en-us/azure/virtual-desktop/users/remote-desktop-clients-overview
https://learn.microsoft.com/en-us/azure/virtual-desktop/users/connect-web
https://learn.microsoft.com/en-us/windows-server/remote/remote-desktop-services/clients/remote-desktop-web-client-admin

4 answers

Your answer

Fabian Geurts | Olileo 56 Reputation points

2023-12-07T14:45:27.3233333+00:00

Did you every figured it out ? It's been a month now with MS Support and I have exactly the same issue. It seems Intune is pushing a policy but we can't find what's causing it.
Lance Lingerfelt 0 Reputation points Microsoft External Staff

2023-12-07T14:48:16.1433333+00:00

There have been no solutions on my end to find the policy that is causing this. I have not been able to get it to turn on. Please update if you find something before me!
Fabian Geurts | Olileo 56 Reputation points

2023-12-07T14:53:45.9+00:00

Removing it from Entra ID, excluding from intune and adding again makes it work. But as soon as Intune is provisioned on the machine, the RDP switch is useless and cannot RDP.
Note that I have the exact same issue with Teamviewer if it has been installed prior to join. After Intune kicks in, no connection.

I am sure it is Intune policy related but somwhere in Defender or Firewall (although I also disabled the FW policy too to try it out).

And note that I can reproduce this with several environments from different customers.

I'll keep you informed here when/if we find the root cause.
Pavel yannara Mirochnitchenko 13,336 Reputation points MVP

2023-12-08T11:12:20.66+00:00

Together with policies, also Firewall rules are required to be created in Intune to make it work.
Fabian Geurts | Olileo 56 Reputation points

2023-12-08T14:30:03.3566667+00:00

@Pavel yannara Mirochnitchenko can you elaborate ? Did you make it work ?
Pavel yannara Mirochnitchenko 13,336 Reputation points MVP

2023-12-08T14:45:49.18+00:00

Yes, it is no brainer. I suggest you open your own thread and I can help you with that if you tag me there. If your see the topic starter old reply to me, he is not so friendly :D
Lance Lingerfelt 0 Reputation points Microsoft External Staff

2023-12-08T15:07:53.0433333+00:00

I did a firewall policy to open the ports and they were opened. I even tried to disable the firewall so that it would be taken out of the equation. I guess I have no brain since my thread is not good enough for a valid answer.

Let's Review

Policy created in Intune to allow RDP
Policy created to open port 3389 so that RDP is allowed through
Create special group for these policies to apply to and exclude all other policies

New clean install windows 11 machine added to Intune
Computer added to the special group
Policies push to machine
RDP is not enabled
I am told I have no brain since it is no brainer and I'm not friendly.

Again, another reason why I do not like to use these Q/A boards. I have a better chance finding the answer on Reddit.
Deleted

This comment has been deleted due to a violation of our Code of Conduct. The comment was manually reported or identified through automated detection before action was taken. Please refer to our Code of Conduct for more information.
Fabian Geurts | Olileo 56 Reputation points

2023-12-08T15:36:27.05+00:00

Guys, stay cool :) we are all here to help or get helped.

May be it is a GUI bug but when working with MS and removing it completely from InTune, just AAD joined, the switch is actually working and the RDP works too.

So there is one of the standard configuration MS is applying that "create" this bug and prevent from connecting to RDP.
I'll go ahead and create another thread then ... but is it really useful to duplicate while I ended up here because it is my exact problem ?

The answers I see below are not fixing Lance or my issue which appear to be exactly the same.
Lance Lingerfelt 0 Reputation points Microsoft External Staff

2023-12-08T15:47:58.4866667+00:00

Again. You have managed not to help ANYBODY. You just say that yours works and we're dumb. You can say what you want about me now since NOBODY CAN READ your OLD POST.

Why doesn't anybody see MSFT by your name? They should hire you if you are that good!
Lance Lingerfelt 0 Reputation points Microsoft External Staff

2023-12-08T15:56:32.66+00:00

@Fabian Geurts | Olileo Apologies to you for this other person being hateful to me and you by not providing a solution. There is no need to duplicate threads. We'll get an answer and I will share it with everyone if I find it. It's not even about the button. I changed the registry key to allow RDP and it still is blocked. I've been working with Microsoft too and this is not a no brainer like was said.

I'll provide a workaround. We ended up setting up Azure VMs for the client to use through RDPWeb portal. It's actually easier to manage that way and you can track your OpEX better. If you client has that capability to implement it, I would have them do that.
Fabian Geurts | Olileo 56 Reputation points

2023-12-08T16:18:23.3066667+00:00

Thanks. I created it anyway but happy to continue here to. First to the flag will link the answer ;)

Thing is, the VMs I create are in Tenant A. And I am joining them to tenant B or C.

I don't want to starting playing with RDWeb or AVD solution, just want a simple RDP access so I can test Intune packages and profiles before deploying to customers.

Nevertheless if you have a detailed solution on the RDPWeb portal thing, it is a start.
Lance Lingerfelt 0 Reputation points Microsoft External Staff

2023-12-08T16:27:44.6866667+00:00

@Fabian Geurts | Olileo This will get you started here. At least you'll be able to RDP using the RDP client to an Azure VM:

https://learn.microsoft.com/en-us/azure/virtual-desktop/users/remote-desktop-clients-overview
https://learn.microsoft.com/en-us/azure/virtual-desktop/users/connect-web
https://learn.microsoft.com/en-us/windows-server/remote/remote-desktop-services/clients/remote-desktop-web-client-admin

Answer 1

Crystal-MSFT 53,991 Microsoft External Staff

@Lance Lingerfelt, Thanks for posting in Q&A. Based on my testing, I have enrolled one windows 11 device into Intune. And find the remote desktop is on.

User's image

For your issue, it can be that some policies applied to this device block the remote desktop feature. to check this, you can find one affected device, check the device configuration policy applied it and see if any has setting related with remote desktop:

User's image

Please check the above information and if there's any update, feel free to let us know.

If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

Lance Lingerfelt 0 Reputation points Microsoft External Staff

2023-07-10T12:18:31.23+00:00

@Crystal-MSFT Thanks for your testing on your end. It must be another policy somewhere that is countering this although I have done this from scratch. These are VMs that I amusing for testing and I don't plan on enabling RDP for production, but it concerns me when I can't seem to get a policy to push correctly to the box.

I will try and see if I can get a report like RSOP was in On Premises AD. I think I saw a way to do that. Maybe that will tell me what is going on. If the sync is the same as Group Policy used to be and you're updating registry or local security policy settings, then I should be able to find what is overriding the setting.

Thanks again.
Crystal-MSFT 53,991 Reputation points Microsoft External Staff

2023-07-11T02:32:16.7733333+00:00

@Lance Lingerfelt, Thanks for the reply. After thinking again, I remember another possible cause. If you also have the group policy setting on the device to set the same setting as Intune. The Intune policy will show successful. But as the GPO take precedence, the GPO will win over the Intune policy. You can also check if any related GPOs applied on this device as well.
Crystal-MSFT 53,991 Reputation points Microsoft External Staff

2023-07-13T05:11:57.0233333+00:00

@Lance Lingerfelt, Hope things are going well. If there's any update, feel free to let us know.

Answer 2

Deleted

This answer has been deleted due to a violation of our Code of Conduct. The answer was manually reported or identified through automated detection before action was taken. Please refer to our Code of Conduct for more information.

5 deleted comments

Comments have been turned off. Learn more

Answer 3

Lance Lingerfelt 0 Microsoft External Staff

I'll provide a workaround. We ended up setting up Azure VMs for the client to use through RDPWeb portal. It's actually easier to manage that way and you can track your OpEX better. If you client has that capability to implement it, I would have them do that.

Lance Lingerfelt 0 Reputation points Microsoft External Staff

2023-12-08T16:28:44.7033333+00:00

This will get you started here. At least you'll be able to RDP using the RDP client to an Azure VM:

https://learn.microsoft.com/en-us/azure/virtual-desktop/users/remote-desktop-clients-overview
https://learn.microsoft.com/en-us/azure/virtual-desktop/users/connect-web
https://learn.microsoft.com/en-us/windows-server/remote/remote-desktop-services/clients/remote-desktop-web-client-admin

Answer 4

Fabian Geurts | Olileo 56

See this post for the solution to my problem :

https://learn.microsoft.com/en-us/answers/questions/1459244/cannot-rdp-to-windows-11-pc-or-vm-after-intune-enr?page=1&orderby=helpful#answers

Share via

RDP Not Enabled on Windows 11 INTUNE JOINED PC

4 answers

Your answer