Rediger

Del via


Supported Windows security configurations for Remote Desktop Services VDI

Windows and Windows Server have new layers of protection built into the operating system to:

  • Safeguard against security breaches
  • Help block malicious attacks
  • Enhance the security of virtual machines, applications, and data.

Note

The following table outlines which of these new features are supported in a VDI deployment using RDS.

VDI collection type Managed pooled Managed personal Unmanaged pooled Unmanaged personal
Credential Guard Yes Yes Yes Yes
Device Guard Yes Yes Yes Yes
Remote Credential Guard No No No No
Shielded & Encryption Supported VMs No No Encryption supported VMs with extra configuration Encryption supported VMs with extra configuration

Remote Credential Guard

Remote Credential Guard is only supported for direct connections to the target machines and not for the ones via Remote Desktop Connection Broker and Remote Desktop Gateway.

Note

If you have a Connection Broker in a single-instance environment, and the DNS name matches the computer name, you may be able to use Remote Credential Guard, although this isn't supported.

Shielded VMs and Encryption Supported VMs

Shielded VMs aren't supported in Remote Desktop Services VDI.

For leveraging Encryption Supported VMs:

  • Use an unmanaged collection and a provisioning technology outside of the Remote Desktop Services collection creation process to provision the virtual machines.
  • User Profile Disks aren't supported as they rely on differential disks