Forum Discussion

Deleted's avatar
Deleted
Dec 09, 2022

Enable RDP to take remote of Intune managed devices, Firewall blocking the connection

Hello Experts, I need to enable RDP to take remote of Intune managed devices, could you please suggest the best solution through Intune, looks like the firewall blocking the connection.
Intune
mobile device management (mdm)
Subsystem3964's avatar
Subsystem3964
Copper Contributor
Jan 02, 2023

Deleted 

 

I would suggest the following:

 

- Check the Firewall Rules in Intune. Particularly if you have any Security / Defender Baseline policies set. There is a setting called Policy rules from group policy not merged which I set to 'Not Configured' for the Private Firewall Profile

 

- Use the Scripts policy tool (or just do it manually) in Intune to deploy the following settings (PowerShell)

Set-NetFirewallRule -DisplayName "Remote Desktop - User Mode (TCP-In)" -Profile "Private"
Enable-NetFirewallRule -DisplayName "Remote Desktop - User Mode (TCP-In)"

 

- Check your network adaptor is using the Private Network Profile Type. (Settings > Network & Internet - Properties)

 

- Within Intune, create a Configuration Profile and enable the following settings: 

- Allow users to connect remotely by using Remote Desktop Services

- Require user authentication for remote connections by using Network Level Authentication

In the Windows 11 settings (System > Remote Desktop) it will show RDC as being OFF, but within The RDC options found in Control Panel, it will be turned on. Who knows what's going on here?

 

I believe that setting the Policy rules from group policy not merged to 'Not Configured' does open some doors in terms of security but I've had no luck using Intune FW rules.

 

I'd be interested if anyone has been able to do this recently with all the security baselines enabled.

philiphgray's avatar
philiphgray
Copper Contributor
Oct 19, 2023

Subsystem3964

I've been having issues with Intune and RDP for months so your comment about the differences between the "settings" app and sysdm.cpl interested me.  Couldn't quite believe it when I saw it...

 

 

Schrödinger's RDP setting!

 

  • csmith00's avatar
    csmith00
    Copper Contributor
    Oct 26, 2023

    philiphgray 

     

    I have the same issue; Settings - System shows it disabled, but it's enabled in sysdm.cpl anyone figure this out?

     

    • philiphgray's avatar
      philiphgray
      Copper Contributor
      Oct 27, 2023

      csmith00 

      I've been successfully using an AD GPO that enables remote desktop for years, but using Intune to configure the same setting ("Allow users to connect remotely by using Remote Desktop Services") doesn't work.

       

      I used process viewer to do a deep-dive on the registry settings that were being modified when throwing these switches but I didn't conclude it yet.

       

      My next step is to do a registry examination on an AD/GPO PC and compare it to the registry on an Intune PC.   I'll post back if I find anything.

Resources