Virtual desktop infrastructure security best practices


Written by Tom Hickling, Senior Program Manager, Azure Virtual Desktop


It’s no longer a matter of organizations deciding whether to embrace remote and hybrid work but finding the best way to do so. A recent study showed most employees are happier having the option to work from home, and 80 percent say they’re as productive or more productive when they do. One of the most popular options for organizations who want to offer remote work options is virtual desktop infrastructure or VDI.


What is VDI?

Virtual desktop infrastructure (VDI) is an IT infrastructure that virtualizes desktops—to give employees access to enterprise data and applications from anywhere and from most personal and professional devices. Organizations host applications and data on servers, and through VDI, enable their employees to work remotely via remote desktops. VDI is popular for enabling remote work because, with the right configuration, it’s highly secure and relatively inexpensive compared to on-premises options.


What are some of the security benefits of cloud-based VDI migration?

Migrating to a cloud-based VDI solution allows organizations to take advantage of built-in security features that mitigate and eliminate the risks associated with traditional desktop virtualization. Azure Virtual Desktop in combination with the Azure public cloud, for example, offers comprehensive security features, like Azure Sentinel and Microsoft Defender for Endpoint, that are built-in before deployment. This helps enable an organization to follow critical VDI security best practices from the start of their virtualization journey.


What are some VDI security best practices?


  • Conditional access applies access controls based on signals like group membership, type of device, and IP address to enforce policies.
  • Multifactor authentication requires that users consistently verify their identities to access sensitive data.
  • Audit logs are used to gain insight into user and admin activities.
  • Endpoint security like Microsoft Defender for Endpoints offers built-in protection against malware and other advanced threats for all your endpoints.
  • Application restriction mitigates security threats by limiting what applications certain users are allowed to access using software like Windows Defender Application Control.


Read the full article

0 Replies