Using Azure Virtual Desktop with Intune

Azure Virtual Desktop is a desktop and app virtualization service that runs on Microsoft Azure. It lets end users connect securely to a full desktop from any device. With Microsoft Intune, you can secure and manage your Azure Virtual Desktop VMs with policy and apps at scale, after they're enrolled.


Currently, for single-session, Intune supports Azure Virtual Desktop VMs that are:

For more information on Azure Virtual Desktop licensing requirements, see What is Azure Virtual Desktop?.

For information about working with multi-session remote desktops, see Windows 10 or Windows 11 Enterprise multi-session remote desktops.

Intune treats Azure Virtual Desktop personal VMs the same as Windows 10 or Windows 11 Enterprise physical desktops. This treatment lets you use some of your existing configurations and secure the VMs with compliance policy and conditional access. Intune management doesn't depend on or interfere with Azure Virtual Desktop management of the same virtual machine.


There are some limitations to keep in mind when managing Windows 10 Enterprise remote desktops:


All VM limitations listed in Using Windows 10 virtual machines also apply to Azure Virtual Desktop VMs.

Also, the following profiles aren't currently supported:

Make sure that the RemoteDesktopServices/AllowUsersToConnectRemotely policy isn't disabled.


Configuration and compliance policies for Secure Boot and features leveraging vTPM (Virtual Trusted Platform Module) are not supported at this time for Azure Virtual Desktop VMs.

Cloning physical and virtual devices

Intune does not support using a cloned image of a computer that is already enrolled. This includes both physical and virtual devices such as Azure Virtual Desktop (AVD). When device enrollment or identity tokens are replicated between devices, Intune device enrollment or synchronization failures will occur.

Remote actions

The following Windows 10 desktop device remote actions aren't supported/recommended for Azure Virtual Desktop VMs:

  • Autopilot reset
  • BitLocker key rotation
  • Fresh Start
  • Remote lock
  • Reset password
  • Wipe


Deleting VMs from Azure leaves orphaned device records in Intune. They'll be automatically cleaned up according to the cleanup rules configured for the tenant.

Known issues

The following table provides a set of known issues along with more information about each issue.

Issue More information
Can't auto-enroll if tenant has more than one MDM provider This issue will be fixed in the future.
Modern apps, such as Universal Windows Platform (UWP) apps, aren't working correctly if FSLogix is configured Using FSLogix and Modern apps could cause compatibility issues. We recommend that you don’t configure Modern apps when FSLogix is configured.

Next steps