cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

MDE for shared desktops Citrix, RDSH ect

TYD
Brass Contributor

‎Feb 08 2023 10:43 AM - edited ‎Feb 08 2023 11:16 AM

‎Feb 08 2023 10:43 AM - edited ‎Feb 08 2023 11:16 AM

MDE for shared desktops Citrix, RDSH ect

Hello, 

 

Are there any instructions\tips to enroll a windows 2019 server into MDE that acts as a shared desktop for multiple users.  i.e., servers that have more then two people logging  into them via RDP or Citrix at the same time that have their own profile\desktops using Fslogix. (persistent desktops)

 

What licensee should we purchase (server or cloud)  and how do you address the 5-device limitation with the MDE user-based enrolment? For example, one user could log in and bounce around a group of 10 servers in our environment over the course of a couple days.

 

Additionally is it still true that you can't enroll a 2019 server into Intune which means they don't get enrolled into  MDE automatically. (if you have that option set).  If that's the case, you still need to use the enrolment script for servers from the MDE portal?

 

I see plenty of articles for VDI and non-persistent desktops that do not apply but nothing for this example.

 

Any other tips?  


Thanks!

964 Views
0 Likes
1 Reply
Reply
1 Reply
cyberandy

‎Feb 09 2023 12:38 PM

‎Feb 09 2023 12:38 PM

Re: MDE for shared desktops Citrix, RDSH ect

For this type of device, you would normally sign it up with a service account and assign a license like Business Premium or Office E3/E5. You can adjust the limitation to 15 for that service account user. You could also do a kiosk type of install.

*However, you're stating SERVER and this is different. It depends on what you want to accomplish. If you simply want to push similar policies like ASR, Firewall and the like that Intune does for workstation devices then you can just use M365 Defender portal to onboard servers using a tag and create a dynamic group in Azure AD. You'll need at least an E5 license.
If you want more than just GPO in the cloud, and want the goodness of MDM for workstations as for servers, then you would need to get Defender for Servers.
The issue with Defender for Servers is an all or nothing type of onboarding, which I dont like.
If you have an CSP/MSP for licensing you can also request for Defender for Business (for servers) which gives you the capability of onboarding selectively.

*Now all this is just wasted, because perhaps the *REAL* solution is Azure Virtual Desktop, which gives you FAR GREATER bang for you buck even in terms of licensing.

TLDR: Maybe re-think your solution and design it around the requirements that can be supported in the future and is the most cost effective.
0 Likes
Reply