Windows 10 | Azure AD Join | WVD | WIP | Intune

lightupdifire 201 Reputation points


We have Windows 10, joined to the Azure AD, managed by Intune, and WIP policy applies to Windows 10.

This Windows 10 PC connects to on-prem using WVD where we would like to use WVD local disk drive redirection, so from WVD full desktop can access local Windows 10 drives, but then we see that files saved from WVD to the local disk of Windows 10 not encrypted with corporate identity.

Does anyone know if adding DNS "" to the WIP policy for "cloud resources" will do the trick? Or it will block access to WVD...

Azure Virtual Desktop
Azure Virtual Desktop
A Microsoft desktop and app virtualization service that runs on Azure. Previously known as Windows Virtual Desktop.
925 questions
Windows 10 Setup
Windows 10 Setup
Windows 10: A Microsoft operating system that runs on personal computers and tablets.Setup: The procedures involved in preparing a software program or application to operate within a computer or mobile device.
1,731 questions
No comments
{count} votes

4 answers

Sort by: Most helpful
  1. AndyLiu-MSFT 571 Reputation points

    I'm not familiar with MVD。However, to protect apps with WIP, you need to add the client app in the protected apps and the web URLs in the WIP policy.

    For how to create WIP policy in Intune, please click the following link for more details.


    Plus, the following thread discussed the same question about MVD and WIP, you can refer to it by clicking the following link.

    No comments

  2. lightupdifire 201 Reputation points

    anonymous userLiu-MSFT

    Hello Andy,

    Maybe adding DNS record to "cloud resources" would be good enough... but it could be good to have official Microsoft answer on it before playing with prod env. :) else need to build a test environment and it looks like will have to go this way...

    About thread "1372916", not really sure if they try to protect Windows 10 of WVD host or the Windows 10 client that connects to WVD or something else.
    At this moment all our PC's protected by WIP policy and I can connect to WVD.

  3. lightupdifire 201 Reputation points

    @vipullag-MSFT anonymous userLiu-MSFT

    Test setup created and tested:

    1. Added in Cloud resources type:
    2. Added in WIP protected app the Publisher information of msrdc.exe (used 2nd level, so it covers also msrdcw.exe)

    Still, if do the copy from WVD to PC directly or if do a copy to the mapped network drive, a protection not applies.

    msrdc.exe shows as Enlightened:

    No comments

  4. David Beckett 1 Reputation point

    im testing version 1.2.1672.0 Remote Desktop and having the WIP conflict. Anyone seen the same thing?

    I have tried to exempt the MSRDCW.EXE and MSRDC.EXE completely but they are still recognized at ‘personal’ apps on the endpoint client.

    Any ideas?

    No comments