Windows 10 | Azure AD Join | WVD | WIP | Intune

Oscar 142 Reputation points
2020-08-24T09:40:33.567+00:00

Hello,

We have Windows 10, joined to the Azure AD, managed by Intune, and WIP policy applies to Windows 10.

This Windows 10 PC connects to on-prem using WVD where we would like to use WVD local disk drive redirection, so from WVD full desktop can access local Windows 10 drives, but then we see that files saved from WVD to the local disk of Windows 10 not encrypted with corporate identity.

Does anyone know if adding DNS "rdweb.wvd.microsoft.com" to the WIP policy for "cloud resources" will do the trick? Or it will block access to WVD...

Azure Virtual Desktop
Azure Virtual Desktop
A Microsoft desktop and app virtualization service that runs on Azure. Previously known as Windows Virtual Desktop.
1,362 questions
Windows 10 Setup
Windows 10 Setup
Windows 10: A Microsoft operating system that runs on personal computers and tablets.Setup: The procedures involved in preparing a software program or application to operate within a computer or mobile device.
1,903 questions
0 comments

4 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. AndyLiu-MSFT 576 Reputation points
    2020-08-25T02:30:11.967+00:00

    I'm not familiar with MVD。However, to protect apps with WIP, you need to add the client app in the protected apps and the web URLs in the WIP policy.

    For how to create WIP policy in Intune, please click the following link for more details.

    create-wip-policy-using-intune-azure

    Plus, the following thread discussed the same question about MVD and WIP, you can refer to it by clicking the following link.

    https://techcommunity.microsoft.com/t5/windows-virtual-desktop/remote-desktop-client-on-windows-10-doesn-t-appear-to-support/m-p/1372916

    0 comments
  2. Oscar 142 Reputation points
    2020-08-25T07:44:20.237+00:00

    anonymous userLiu-MSFT

    Hello Andy,

    Maybe adding DNS record to "cloud resources" would be good enough... but it could be good to have official Microsoft answer on it before playing with prod env. :) else need to build a test environment and it looks like will have to go this way...

    About thread "1372916", not really sure if they try to protect Windows 10 of WVD host or the Windows 10 client that connects to WVD or something else.
    At this moment all our PC's protected by WIP policy and I can connect to WVD.

  3. Oscar 142 Reputation points
    2020-09-08T11:48:42.33+00:00

    @vipullag-MSFT anonymous userLiu-MSFT

    Test setup created and tested:

    1. Added in Cloud resources type: .wvd.microsoft.com
    2. Added in WIP protected app the Publisher information of msrdc.exe (used 2nd level, so it covers also msrdcw.exe)

    Still, if do the copy from WVD to PC directly or if do a copy to the mapped network drive, a protection not applies.

    msrdc.exe shows as Enlightened:
    23311-image.png

    0 comments
  4. David Beckett 1 Reputation point
    2021-02-09T15:56:24.38+00:00

    im testing version 1.2.1672.0 Remote Desktop and having the WIP conflict. Anyone seen the same thing?

    I have tried to exempt the MSRDCW.EXE and MSRDC.EXE completely but they are still recognized at ‘personal’ apps on the endpoint client.

    Any ideas?

    0 comments