Share via

Is there specific logs that can be checked to see if drive redirection is actually being used for data transfer?

SLorraine 0 Reputation points
2024-09-01T07:42:06.2466667+00:00

To evaluate whether turning drive redirection off would have an impact, I'm looking to see if there's a log of anytime a user has accessed drives within AVD or have used them for the transfer of data. Is there a specific log that can be looked at to see this?

Azure Virtual Desktop
Azure Virtual Desktop
A Microsoft desktop and app virtualization service that runs on Azure. Previously known as Windows Virtual Desktop.
1,572 questions
0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Vinodh247 23,266 Reputation points MVP
    2024-09-01T14:33:35.9366667+00:00

    Hi SLorraine,

    Thanks for reaching out to Microsoft Q&A.

    In AVD, monitoring drive redirection activities, especially to see if users are accessing or transferring data through redirected drives, involves checking the logs.

    Event Viewer/Local Logs on AVD Session Hosts:

    • If auditing is configured, you can check for file access events (ex: eventID 4663, which tracks access to files & folders), could give you insights into when and where files are accessed.
    • Application and Services Logs > Microsoft > Windows > TerminalServices-LocalSessionManager: Here you might find events related to session activities, including redirection.
    • Application and Services Logs > Microsoft > Windows > RemoteDesktopServices-RdpCoreTS: This log could contain events related to drive redirection when users connect to AVD.

    Azure monitor & loganalytics:

    • If enabled, diagnostics settings can capture user session events, including drive redirection. The logs can be sent to log analytics, where you can create queries to filter out specific drive redirection activities.
    • If native logs are insufficient, custom scripts or policies can be deployed on session hosts to monitor and log drive redirection activities.

    Security and auditlogs (If incase yo have this configured):

    • Check if there are any specific audit policies set to track drive redirection or file access activities. These logs can then be analyzed using tools like log analytics.

    Please 'Upvote'(Thumbs-up) and 'Accept' as an answer if the reply was helpful. This will benefit other community members who face the same issue.

    0 comments
  2. Prrudram-MSFT 25,166 Reputation points
    2024-09-04T11:15:33.7766667+00:00

    Hi @SLorraine

    This would be logged on the session host event logs. It might not be currently captured to be queried though 

    Supported Plug and Play Device Redirection | Microsoft Learn

    Please don’t forget to Accept Answer and hit Yes for "was this answer helpful" wherever the information provided helps you, this can be beneficial to other community members for remediation for similar issues.

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.