Computer Configuration Administrative Templates Windows Components Remote Desktop Services Remote Desktop Session Host Connections In the Settings pane double click Allow users to connect remotely by using Remote Desktop Services. Select the Enable Radial button select OK. Intune management doesn't depend on or interfere with Windows Virtual Desktop management of the same virtual machine. Limitations There are some limitations to keep in mind when managing Windows 10 Enterprise remote desktops. Nov 19, 2020 Create a new group and select the Rotate Bitlocker Key action under Remote Tasks to your newly created group; Create the Bitlocker Policy in Intune. It’s now time to create our first Bitlocker policy. In the Endpoint Manager Console, go to Endpoint security / Disk encryption / Create Policy; Under Platform, select Windows 10; Under Profile.
Windows Virtual Desktop is a desktop and app virtualization service that runs on Microsoft Azure. It lets end users connect securely to a full desktop from any device. With Microsoft Intune, you can secure and manage your Windows Virtual Desktop VMs with policy and apps at scale, after they're enrolled.
Prerequisites
Currently, Intune supports Windows Virtual Desktop VMs that are:
- Running Windows 10 Enterprise, version 1809 or later.
- Hybrid Azure AD-joined.
- Set up as personal remote desktops in Azure.
- Enrolled in Intune in one of the following methods:
- Configure Active Directory group policy to automatically enroll devices that are hybrid Azure AD joined.
- Configuration Manager co-management.
- User self-enrollment via Azure AD Join.
For more information on Windows Virtual Desktop licensing requirements, see What is Windows Virtual Desktop?.
Intune treats Windows Virtual Desktop personal VMs the same as Windows 10 Enterprise physical desktops. This treatment lets you use some of your existing configurations and secure the VMs with compliance policy and conditional access. Intune management doesn't depend on or interfere with Windows Virtual Desktop management of the same virtual machine.
Limitations
There are some limitations to keep in mind when managing Windows 10 Enterprise remote desktops:
Configuration
All VM limitations listed in Using Windows 10 virtual machines also apply to Windows Virtual Desktop VMs.
Also, the following profiles aren't currently supported:
Make sure that the RemoteDesktopServices/AllowUsersToConnectRemotely policy isn't disabled.
Remote actions
The following Windows 10 desktop device remote actions aren't supported/recommended for Windows Virtual Desktop VMs:
- Autopilot reset
- BitLocker key rotation
- Fresh Start
- Remote lock
- Reset password
- Wipe
Retirement
Deleting VMs from Azure leaves orphaned device records in Intune. They'll be automatically cleaned up according to the cleanup rules configured for the tenant.
Windows 10 Enterprise multi-session
Intune doesn't currently support management of Windows 10 Enterprise multi-session.
Next steps
Learn more about Windows Virtual Desktops.
By default on a Windows Server Product Windows Remote Management (WinRM) is enabled, but Remote Desktop (RDP) is Disabled. On workstation operating systems neither is enabled by default, so if you want to be able to accomplish the following you will need to enable WinRM on the workstations.
Enabling RDP remotely.
Method 1: Command Line
To enable RDP with the Command Prompt, use the following steps.
- Launch the Command Prompt as Administrator.
- Type the following command:
Note: Computername is the name of the computer you wish to enable RDP on.
NOTE: Enabling RDP through the Command Prompt will not configure the Windows Firewall with the appropriate ports to allow RDP connections.
NOTE: By default the local Administrators group will be allowed to connect with RDP. Also the user that is currently logged in will also be allowed to connect.
To disable RDP with the Command Prompt, use the following steps.
- Launch the Command Prompt as Administrator.
- Type the following command:
Method 2: Using PowerShell
To enable RDP with the PowerShell, use the following steps.
Option 1
To enable RDP:
- Launch PowerShell as Administrator.
- Type the following command and create a script block and use the Invoke-Command cmdlet:
Invoke-Command–Computername“server1”,“Server2”–ScriptBlock{Set-ItemProperty-Path'HKLM:SystemCurrentControlSetControlTerminal Server'-Name'fDenyTSConnections'–Value0} |
NOTE: Enabling RDP through PowerShell will not configure the Windows Firewall with the appropriate ports to allow RDP connections.
Type the following:
Invoke-Command–Computername“server1”,“Server2”–ScriptBlock{Enable-NetFirewallRule-DisplayGroup'Remote Desktop'} |
NOTE: By default the local Administrators group will be allowed to connect with RDP. Also the user that is currently logged in will also be allowed to connect.
To disable RDP with the PowerShell, use the following steps.
- Launch PowerShell as Administrator.
- Type the following command:
Invoke-Command–Computername“server1”,“Server2”–ScriptBlock{Set-ItemProperty-Path'HKLM:SystemCurrentControlSetControlTerminal Server'-Name'fDenyTSConnections'–Value1} |
Option 2
To enable RDP RDP with the PowerShell, use the following steps.
- Launch PowerShell as Administrator.
- Create a PS Session with the desired target computer.
- Type the following command once possession is established:
Set-ItemProperty-Path'HKLM:SystemCurrentControlSetControlTerminal Server'-Name'fDenyTSConnections'–Value0 |
Intune Remote Desktop Shortcut
NOTE: Enabling RDP through PowerShell will not configure the Windows Firewall with the appropriate ports to allow RDP connections.
Type the following:
Enable-NetFirewallRule-DisplayGroup'Remote Desktop' |
NOTE: By default the local Administrators group will be allowed to connect with RDP. Also the user that is currently logged in will also be allowed to connect.
To disable RDP RDP with the PowerShell, use the following steps.
- Launch PowerShell as Administrator.
- Create a PS Session with the desired target computer.
- Type the following command once possession is established:
Set-ItemProperty-Path'HKLM:SystemCurrentControlSetControlTerminal Server'-Name'fDenyTSConnections'–Value1 |
Method 3: Use Group Policy
If you have numerous Servers and/or Workstations that you need to enable RDP on and they are in the same Organization Unit structure in Active Directory you should enable RDP through Group Policy.
To enable RDP Using Group Policy.
- Launch the Group Policy Management Console (GPMC)
- Either edit an existing Group Policy Object (GPO) or create a new GPO.
- Navigate to the following GPO node:
Computer ConfigurationAdministrative TemplatesWindows ComponentsRemote Desktop ServicesRemote Desktop Session HostConnections
- In the Settings pane double click Allow users to connect remotely by using Remote Desktop Services.
- Select the Enable Radial button select OK.
- Close the GPO editor and link the GPO to the appropriate Organizational Unit.
NOTE: Enabling RDP through GPO will configure the Windows Firewall with the appropriate ports to allow RDP connections.
Note: In all the methods demonstrated in this blog any member of the local Remote Desktop Users group will be able to connect to the target computers.
Intune Remote Desktop App
Until next time – Ride Safe!
Intune Remote Desktop Users Group
Rick Trader
Windows Server Instructor – Interface Technical Training
Phoenix, AZ
You May Also Like
Remote Desktop Windows 10
CategoryEnable Rdp Intune
PowerShell, Windows Server 2012Intune Remote Desktop Software
TagsGPMC, GPO, Group Policy Management Console, Group Policy Object, Invoke-Command, Powershell, RDP, RDP connections, remote desktop, Windows Remote Management, WinRM