Intune device configuration for Azure Virtual Desktop multi-session VMs is now generally available

Published Apr 26 2022 11:20 AM 9,613 Views
Microsoft

We're happy to announce that deploying Microsoft Intune device configuration from Microsoft Endpoint Manager admin center to Azure Virtual Desktop multi-session virtual machines (VMs) is now generally available. Intune already supports managing single session Azure AD-joined and Hybrid Azure AD-joined Azure Virtual Desktop VMs. You can now add multi-session VMs to the same management experience and deploy device-wide configurations to them. Intune is also the best solution for managing policy configuration on Azure AD-joined Azure Virtual Desktop multi-session VMs.

 

The following capabilities are now generally available on Azure Virtual Desktop with Intune:

  • Automatically enroll VMs in Intune when provisioning Azure AD-joined host pools so that they're provisioned, compliant, and ready to use when end-users access them.
  • Manage both single and multi-session VMs using the settings catalog in Microsoft Endpoint Manager admin center.
  • Increase your multi-session VMs’ security posture by applying configurations available under the Endpoint security blade, including Defender Tamper Protection and granular Antivirus policies.
  • Leverage Microsoft 365 security features like Conditional Access on the session hosts.
  • Assign applications configured to install in system context to multi-session VMs.
  • Manage device configuration for multi-session VMs created in the Azure Public and Azure Government (US GCC High and DoD environments) clouds.

Easily create new endpoint security policies, like you do for physical devices, by choosing the Windows 10, Windows 11, and Windows Server platform when creating the profile.Easily create new endpoint security policies, like you do for physical devices, by choosing the Windows 10, Windows 11, and Windows Server platform when creating the profile.

Getting started

This new functionality is available in the Intune 2204 release.

Learn more about the recommended ways to manage your Azure Virtual Desktop session hosts on our management page.

To get started, follow the instructions to use Azure Virtual Desktop multi-session with Intune which will guide you in creating new device configurations.

 

Stay tuned for news about the upcoming support for user scope policies.

12 Comments
%3CLINGO-SUB%20id%3D%22lingo-sub-3294444%22%20slang%3D%22en-US%22%3EIntune%20device%20configuration%20for%20Azure%20Virtual%20Desktop%20multi-session%20VMs%20is%20now%20generally%20available%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3294444%22%20slang%3D%22en-US%22%3E%3CP%3EWe're%20happy%20to%20announce%20that%20deploying%20Microsoft%20Intune%20device%20configuration%20from%20Microsoft%20Endpoint%20Manager%20admin%20center%20to%20Azure%20Virtual%20Desktop%20multi-session%20virtual%20machines%20(VMs)%20is%20now%20generally%20available.%20Intune%20already%20supports%20managing%20single%20session%20Azure%20AD-joined%20and%20Hybrid%20Azure%20AD-joined%20Azure%20Virtual%20Desktop%20VMs.%20You%20can%20now%20add%20multi-session%20VMs%20to%20the%20same%20management%20experience%20and%20deploy%20device-wide%20configurations%20to%20them.%20Intune%20is%20also%20the%20best%20solution%20for%20managing%20policy%20configuration%20on%20Azure%20AD-joined%20Azure%20Virtual%20Desktop%20multi-session%20VMs.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EThe%20following%20capabilities%20are%20now%20generally%20available%20on%20Azure%20Virtual%20Desktop%20with%20Intune%3A%3C%2FP%3E%0A%3CUL%3E%0A%3CLI%3EAutomatically%20enroll%20VMs%20in%20Intune%20when%20provisioning%20Azure%20AD-joined%20host%20pools%20so%20that%20they're%20provisioned%2C%20compliant%2C%20and%20ready%20to%20use%20when%20end-users%20access%20them.%3C%2FLI%3E%0A%3CLI%3EManage%20both%20single%20and%20multi-session%20VMs%20using%20the%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fmem%2Fintune%2Fconfiguration%2Fsettings-catalog%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Esettings%20catalog%3C%2FA%3E%20in%20Microsoft%20Endpoint%20Manager%20admin%20center.%3C%2FLI%3E%0A%3CLI%3EIncrease%20your%20multi-session%20VMs%E2%80%99%20security%20posture%20by%20applying%20configurations%20available%20under%20the%20Endpoint%20security%20blade%2C%20including%20Defender%20Tamper%20Protection%20and%20granular%20Antivirus%20policies.%3C%2FLI%3E%0A%3CLI%3ELeverage%20Microsoft%20365%20security%20features%20like%20Conditional%20Access%20on%20the%20session%20hosts.%3C%2FLI%3E%0A%3CLI%3EAssign%20applications%20configured%20to%20install%20in%20system%20context%20to%20multi-session%20VMs.%3C%2FLI%3E%0A%3CLI%3EManage%20device%20configuration%20for%20multi-session%20VMs%20created%20in%20the%20Azure%20Public%20and%20Azure%20Government%20(%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fenterprise-mobility-security%2Fsolutions%2Fems-intune-govt-service-description%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EUS%20GCC%20High%20and%20DoD%20environments%3C%2FA%3E)%20clouds.%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22Easily%20create%20new%20endpoint%20security%20policies%2C%20like%20you%20do%20for%20physical%20devices%2C%20by%20choosing%20the%20Windows%2010%2C%20Windows%2011%2C%20and%20Windows%20Server%20platform%20when%20creating%20the%20profile.%22%20style%3D%22width%3A%20999px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F366697iDADCE0EF2571FEC5%2Fimage-size%2Flarge%3Fv%3Dv2%26amp%3Bpx%3D999%22%20role%3D%22button%22%20title%3D%22Picture1.png%22%20alt%3D%22Easily%20create%20new%20endpoint%20security%20policies%2C%20like%20you%20do%20for%20physical%20devices%2C%20by%20choosing%20the%20Windows%2010%2C%20Windows%2011%2C%20and%20Windows%20Server%20platform%20when%20creating%20the%20profile.%22%20%2F%3E%3CSPAN%20class%3D%22lia-inline-image-caption%22%20onclick%3D%22event.preventDefault()%3B%22%3EEasily%20create%20new%20endpoint%20security%20policies%2C%20like%20you%20do%20for%20physical%20devices%2C%20by%20choosing%20the%20Windows%2010%2C%20Windows%2011%2C%20and%20Windows%20Server%20platform%20when%20creating%20the%20profile.%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%3CSTRONG%3EGetting%20started%3C%2FSTRONG%3E%3C%2FP%3E%0A%3CP%3EThis%20new%20functionality%20is%20available%20in%20the%20Intune%202204%20release.%3C%2FP%3E%0A%3CP%3ELearn%20more%20about%20the%20recommended%20ways%20to%20manage%20your%20Azure%20Virtual%20Desktop%20session%20hosts%20on%20our%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fazure%2Fvirtual-desktop%2Fmanagement%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Emanagement%20page%3C%2FA%3E.%3C%2FP%3E%0A%3CP%3ETo%20get%20started%2C%20follow%20the%20instructions%20to%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fmem%2Fintune%2Ffundamentals%2Fazure-virtual-desktop-multi-session%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Euse%20Azure%20Virtual%20Desktop%20multi-session%20with%20Intune%3C%2FA%3E%20which%20will%20guide%20you%20in%20creating%20new%20device%20configurations.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EStay%20tuned%20for%20news%20about%20the%20upcoming%20support%20for%20user%20scope%20policies.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-TEASER%20id%3D%22lingo-teaser-3294444%22%20slang%3D%22en-US%22%3E%3CP%3ELearn%20about%20how%20you%20can%20now%20apply%20Intune%20device%20configurations%20to%20Windows%20Enterprise%20multi-session%20VMs%20for%20Azure%20Virtual%20Desktop.%3C%2FP%3E%3C%2FLINGO-TEASER%3E%3CLINGO-LABS%20id%3D%22lingo-labs-3294444%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EUpdates%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3296735%22%20slang%3D%22en-US%22%3ERe%3A%20Intune%20device%20configuration%20for%20Azure%20Virtual%20Desktop%20multi-session%20VMs%20is%20now%20generally%20availab%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3296735%22%20slang%3D%22en-US%22%3E%3CP%3EGreat%2C%20now%20just%20get%20MSIX%20AppAttach%20working%20with%20AAD%20joined%20AVDs.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3296609%22%20slang%3D%22en-US%22%3ERe%3A%20Intune%20device%20configuration%20for%20Azure%20Virtual%20Desktop%20multi-session%20VMs%20is%20now%20generally%20availab%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3296609%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F475539%22%20target%3D%22_blank%22%3E%40Ashkb%3C%2FA%3E%26nbsp%3Bwe're%20actively%20working%20on%20enabling%20support%20for%20policies%20requiring%20vTPM%20and%20Secure%20Boot.%20At%20this%20time%2C%20you'd%20need%20to%20exclude%20multi-session%20VMs%20from%20existing%20compliance%20policies%20and%20create%20a%20new%20policy%20without%20those%20settings%20so%20your%20devices%20don't%20become%20non-compliant.%20To%20exclude%2C%20you%20could%20either%20put%20multi-session%20VMs%20in%20an%20AAD%20group%20or%20create%20a%20Filter%20for%20the%20multi-session%20SKU%20and%20exclude%20from%20the%20assignment.%20We%20also%20recommend%20using%20Azure%20Disk%20Encryption%20until%20we've%20optimized%20BitLocker%20for%20AVD%20VMs.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3296496%22%20slang%3D%22en-US%22%3ERe%3A%20Intune%20device%20configuration%20for%20Azure%20Virtual%20Desktop%20multi-session%20VMs%20is%20now%20generally%20availab%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3296496%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F245332%22%20target%3D%22_blank%22%3E%40MaximSokoloff%3C%2FA%3E%26nbsp%3Bconfiguring%20FSLogix%20using%20Intune%20isn't%20available%20just%20yet%20but%20is%20something%20we%20are%20working%20on%20as%20we've%20received%20many%20requests%20for%20it.%20Similarly%2C%20we%20are%20working%20on%20enabling%20security%20baselines%20and%20plan%20to%20have%20it%20available%20later%20this%20year.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3295723%22%20slang%3D%22en-US%22%3ERe%3A%20Intune%20device%20configuration%20for%20Azure%20Virtual%20Desktop%20multi-session%20VMs%20is%20now%20generally%20availab%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3295723%22%20slang%3D%22en-US%22%3E%3CP%3EHaving%20an%20issue%20with%20the%20AVD.%20They%20become%20non%20compliant%20after%20some%20time.%20However%2C%20the%20other%20machine%20is%20working%20fine.%20When%20we%20check%20the%20non%20compliant%20machine%20it%20throws%20an%20error%20for%20bitlocker.%20Is%20there%20anything%20to%20with%20TPM%20here%20%3F%20we%20have%20it%20enabled%20already.%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3326665%22%20slang%3D%22en-US%22%3ERe%3A%20Intune%20device%20configuration%20for%20Azure%20Virtual%20Desktop%20multi-session%20VMs%20is%20now%20generally%20availab%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3326665%22%20slang%3D%22en-US%22%3E%3CP%3EThanks%20for%20this%20!%3C%2FP%3E%3CP%3EHow%20can%20we%20enroll%20existing%20Azure%20AD%20join%20VM%20into%20Intune%20%3F%20(%20we%20do%20not%20have%20check%20the%20box%20when%20deploying%20it).%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3326873%22%20slang%3D%22en-US%22%3ERe%3A%20Intune%20device%20configuration%20for%20Azure%20Virtual%20Desktop%20multi-session%20VMs%20is%20now%20generally%20availab%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3326873%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F92746%22%20target%3D%22_blank%22%3E%40Vinch_BE%3C%2FA%3E%26nbsp%3BFor%20multi-session%2C%20you'll%20have%20to%20redeploy%20-%20delete%20and%20recreate%20the%20VMs%20and%20check%20the%20Enroll%20in%20Intune%20box.%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3355439%22%20slang%3D%22en-US%22%3ERe%3A%20Intune%20device%20configuration%20for%20Azure%20Virtual%20Desktop%20multi-session%20VMs%20is%20now%20generally%20availab%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3355439%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F217952%22%20target%3D%22_blank%22%3E%40David%20Belanger%3C%2FA%3E%26nbsp%3Bgreat!%20the%20entire%20AVD%20world%2Fcommunity%20looking%20at%20you%20guys%20atm%20%2C%20do%20not%20let%20us%20down%20(hoping%20it%20will%20happen%20shortly)%3B))%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3295837%22%20slang%3D%22en-US%22%3ERe%3A%20Intune%20device%20configuration%20for%20Azure%20Virtual%20Desktop%20multi-session%20VMs%20is%20now%20generally%20availab%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3295837%22%20slang%3D%22en-US%22%3E%3CP%3EHi%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F217952%22%20target%3D%22_blank%22%3E%40David%20Belanger%3C%2FA%3E%26nbsp%3B%2C%20can%20you%20guys%20provide%20some%20info%20or%20update%20whether%20configuring%20FSLOGIX%20settings%20is%20supported%20via%20Intune%20or%20not%20%3F%26nbsp%3B%20not%20clear%20..%3C%2FP%3E%3CP%3EAlso%2C%20same%20question%20regarding%20applying%20security%20baselines%20to%20AVD%20multisession%20via%20Intune%2C%3C%2FP%3E%3CP%3ETIA%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3375606%22%20slang%3D%22en-US%22%3ERe%3A%20Intune%20device%20configuration%20for%20Azure%20Virtual%20Desktop%20multi-session%20VMs%20is%20now%20generally%20availab%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3375606%22%20slang%3D%22en-US%22%3E%3CP%3EDoes%20this%20apply%20to%20_all_%20of%20the%20entries%20under%20%22Endpoint%20security%22%20for%20Win10%20Enterprise%20Multi-Session%20AVD%20devices%3F%26nbsp%3B%20Managing%20AVD%20Multi-Session%20Win10%20Enterprise%2021H2%20devices%20is%20a%20huge%20pain%20with%20Intune.%26nbsp%3B%20Settings%20Catalog%20don't%20have%20all%20of%20the%20settings%2C%20and%20Intune%20already%20has%20multiple%20spots%20to%20do%20the%20same%20thing%20so%20guess%20and%20check%20is%20time%20consuming.%26nbsp%3B%20Just%20because%20Intune%20says%20%22Success%22%20for%20a%20policy%20does%20not%20always%20translate%20into%20it%20%3CEM%3Eapplying%3C%2FEM%3E%20on%20the%20device.%26nbsp%3B%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EFeedback%20below%20based%20on%20testing%20so%20far%20for%20each%20of%20the%20categories.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSTRONG%3EAntivirus%3A%3C%2FSTRONG%3E%26nbsp%3B%3C%2FP%3E%3CP%3E-%20Only%20the%20%22%3CSPAN%3EWindows%20Security%20Experience%22%20policies%20seem%20to%20work%20correctly%20(haven't%20tested%20the%20Exclusions).%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%3CSPAN%3E-%20%22Microsoft%20Defender%20Antivirus%22%20policies%20created%20for%20%22Windows%2010%2C%20Windows%2011%2C%20and%20Windows%20Server%22%20(that%20show%20up%20as%20a%20%22Target%22%20of%20%22mdm%2CmicrosoftSense%22)%20will%20say%20they%20apply%20successfully%20in%20Intune%2C%20but%20on%20the%20device%20the%20settings%20never%20change%20(per%20Get-MpPreference%20and%20in%20the%20Defender%20GUI).%26nbsp%3B%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%3CSPAN%3E-%20A%20Tamper%20Protection%20policy%20just%20ends%20up%20saying%20%22Not%20applicable%22%20(and%20we%20have%20M365%20E5%20licensing%2C%20and%20this%20feature%20works%20on%20non-AVD%20devices%20just%20fine%20-%20globally%20we%20have%20Tamper%20OFF%20but%20should%20be%20able%20to%20set%20it%20per%20device%20with%20this%20policy).%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSTRONG%3EDisk%20encryption%3A%3C%2FSTRONG%3E%3C%2FP%3E%3CP%3E-%20Have%20not%20tried%2C%20we%20don't%20handle%20disk%20encryption%20via%20Intune%20for%20AVD%2C%20but%20would%20be%20nice%20if%20it%20was%20supported.%26nbsp%3B%20If%20there%20is%20a%20guarantee%20this%20works%20for%20AVD%20Multi-Session%20and%20properly%20sets%20the%20keys%20in%20Intune%2C%20then%20I'll%20give%20it%20a%20try.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSTRONG%3EFirewall%3A%3C%2FSTRONG%3E%3C%2FP%3E%3CP%3E-%20Looks%20to%20work%20correctly%2C%20although%20we%20only%20set%20basic%20policy%20of%20each%20profile%20(private%2C%20domain%2C%20public)%20needing%20to%20be%20On.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSTRONG%3EEndpoint%20detection%20and%20response%3A%3C%2FSTRONG%3E%3C%2FP%3E%3CP%3E-%20Works%20correctly%20to%20onboard%20to%20Defender%20for%20Endpoint.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSTRONG%3EAttack%20surface%20reduction%3A%3C%2FSTRONG%3E%3C%2FP%3E%3CP%3E-%20These%20don't%20have%20the%20option%20of%26nbsp%3B%3CSPAN%3E%22Windows%2010%2C%20Windows%2011%2C%20and%20Windows%20Server%22%20but%20do%20show%20up%20as%20a%20Target%20of%20%22mdm%2CmicrosoftSense%22.%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%3CSPAN%3E-%26nbsp%3BAttack%20Surface%20Reduction%20and%20Controlled%20Folder%20Access%20(both%20in%20Audit%20mode)%20will%20say%20%22Success%22%20in%20Intune%2C%20but%20never%20actually%20apply%20these%20settings%20on%20the%20device%20(as%20confirmed%20by%20the%20command%20Get-MpPreference).%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%3CSPAN%3E-%20Seems%20like%20ASR%20rules%20are%20always%20a%20pain%2C%20even%20the%20ones%20set%20via%20the%20Settings%20Catalog%20don't%20apply%20correctly.%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%3CBR%20%2F%3E%3CSTRONG%3EAccount%20protection%3A%3C%2FSTRONG%3E%3C%2FP%3E%3CP%3E-%20These%20don't%20have%20the%20option%20of%26nbsp%3B%3CSPAN%3E%22Windows%2010%2C%20Windows%2011%2C%20and%20Windows%20Server%22%20so%20I%20suspect%20they%20don't%20work.%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E-%26nbsp%3B%3CSPAN%3EAccount%20protection%20(Preview)%20seems%20to%20always%20just%20say%20%22Pending%22%20and%20never%20applies.%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%3EAll%20testing%20done%20on%20fresh%20Azure%20AD%20%2B%20Intune%20joined%20Windows%2010%20Enterprise%2021H2%20Multi-Session%20fully%20patched%20devices%20with%20org-wide%20M365%20E5%20licensing%2C%20no%20other%20management%26nbsp%3Btools%20interfering%2C%20images%20direct%20from%20Microsoft%20for%20AVD.%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3375940%22%20slang%3D%22en-US%22%3ERe%3A%20Intune%20device%20configuration%20for%20Azure%20Virtual%20Desktop%20multi-session%20VMs%20is%20now%20generally%20availab%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3375940%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1390333%22%20target%3D%22_blank%22%3E%40JoeAnonymous%3C%2FA%3E%26nbsp%3Bthanks%20for%20sharing%20your%20experience%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3375941%22%20slang%3D%22en-US%22%3ERe%3A%20Intune%20device%20configuration%20for%20Azure%20Virtual%20Desktop%20multi-session%20VMs%20is%20now%20generally%20availab%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3375941%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1338154%22%20target%3D%22_blank%22%3E%40SimonPayneAU%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3376840%22%20slang%3D%22en-US%22%3ERe%3A%20Intune%20device%20configuration%20for%20Azure%20Virtual%20Desktop%20multi-session%20VMs%20is%20now%20generally%20availab%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3376840%22%20slang%3D%22en-US%22%3E%3CP%3EAs%20an%20update%20to%20the%26nbsp%3B%3CSPAN%3E%22Microsoft%20Defender%20Antivirus%22%20policies%20that%20never%20apply%20from%20Endpoint%20security%2C%20I%20created%20all%20the%20same%20settings%20via%20the%20Settings%20Catalog.%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%3EOf%20all%20the%20Defender%20settings%20in%20the%20Settings%20Catalog%20(filter%20of%20OS%20Edition%20%3D%20%3D%20Enterprise%20multi-session)%20%2C%20the%20only%20ones%20that%20%3CEM%3Eactually%3C%2FEM%3E%20apply%20are%26nbsp%3B%3C%2FSPAN%3E%3CSPAN%3ECloudBlockLevel%20and%26nbsp%3B%3C%2FSPAN%3E%3CSPAN%3ECloudExtendedTimeout%20(as%20seen%20from%26nbsp%3BG%3CEM%3Eet-MpPreference%3C%2FEM%3E).%26nbsp%3B%20They%20all%20say%20%22Success%22%20in%20Intune%2C%20but%20the%20%3CEM%3Eactual%3C%2FEM%3E%20device%20settings%20tell%20a%20different%20story.%26nbsp%3B%20Back%20to%20settings%20these%20via%20PowerShell%20scripts%20instead%2C%20but%20I%20hope%20someone%20from%20Microsoft%20can%20weight%20in.%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSTRONG%3ESteps%20to%20test%3A%3C%2FSTRONG%3E%3C%2FP%3E%3CP%3E%3CSPAN%3E1)%26nbsp%3B%20Create%20a%20Device%20configuration%20profile%20with%20Settings%20Catalog%20for%20Defender%20settings.%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%3CSPAN%3E2)%26nbsp%3B%20Deploy%20new%20AVD%20instance%20that%20is%20Azure%20AD%20Joined%20%2B%20Intune%20with%20Windows%2010%20Enterprise%20Multi-Session%2021H2%20(no%20Office%20365%20apps).%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%3CSPAN%3E3)%26nbsp%3B%20Add%20device%20to%20a%20group%20that%20is%20in%20scope%20of%20the%20policy%20created%20in%20Step%201%20(device%20is%20in%20scope%20of%20no%20other%20policies)%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%3CSPAN%3E4)%26nbsp%3B%20Push%20a%20sync%20via%20Intune%20%2F%20reboot%20the%20device%20%2F%20wait%20a%20day.%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%3CSPAN%3E5)%26nbsp%3B%20Compare%20before%20and%20after%20settings%20via%26nbsp%3BGet-MpPreference%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3407182%22%20slang%3D%22en-US%22%3ERe%3A%20Intune%20device%20configuration%20for%20Azure%20Virtual%20Desktop%20multi-session%20VMs%20is%20now%20generally%20availab%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3407182%22%20slang%3D%22en-US%22%3E%3CTABLE%20width%3D%22420%22%3E%3CTBODY%3E%3CTR%3E%3CTD%20width%3D%22420%22%20height%3D%2220%22%3EI%20love%20Azure%20and%20all%20its%20uses%20but%20I%20am%20not%20always%20familiar%20with%20it%20and%20that%20is%20why%20I%20trust%20Katpro%20technologies%20for%20all%20my%20Azure%20solutions.%20Their%20website%20has%20a%20lot%20of%20useful%20information%20referring%20to%20solutions%20like%20this%2C%20check%20it%20out%20at%20%3CA%20href%3D%22https%3A%2F%2Fkatprotech.com%2Fmigrate-to-microsoft-azure%2F%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noreferrer%22%3Ehttps%3A%2F%2Fkatprotech.com%2Fmigrate-to-microsoft-azure%2F%3C%2FA%3E%3C%2FTD%3E%3C%2FTR%3E%3C%2FTBODY%3E%3C%2FTABLE%3E%3C%2FLINGO-BODY%3E
Co-Authors
Version history
Last update:
‎Apr 25 2022 04:29 PM
Updated by: