cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Isolation of Windows365 from host OS

Bill-Wesson
Copper Contributor

‎Aug 06 2021 05:46 AM

‎Aug 06 2021 05:46 AM

Isolation of Windows365 from host OS

I keyed in from Scott Manchester's July introduction of Windows 365 that it could run completely isolated from the OS that is hosting the Windows 365 session. I've been unable to find any documentation showing how to implement that isolation. I've looked through MEM under Device Configuration - Device Restrictions and GPOs related to RDP with no success. I've found that there is no way so far to prohibit cut / copy / paste between the host OS (Windows, Apple, Linux) and the Windows 365 session. Our business requirement for PCI is that the Windows 365 session is completely isolated where you can't copy card holder data for instance or screen shot card holder data from the Windows 365 PCI session to whatever device you're accessing Windows 365 from. Any document or high level direction would be appreciated. We're running P1 / E3 with MEM in Windows 365 Enterprise mode.

954 Views
0 Likes
3 Replies
Reply
3 Replies
Bill-Wesson

‎Aug 06 2021 08:16 AM

‎Aug 06 2021 08:16 AM

Re: Isolation of Windows365 from host OS

How does the administrator take control of this for both the web browser and the remote desktop session? See picture

Preview file
196 KB
0 Likes
Reply
Eric Orman

‎Aug 06 2021 08:51 AM

‎Aug 06 2021 08:51 AM

Re: Isolation of Windows365 from host OS

Good suggestion Bill, we've had other customers asking for similar capabilities, let me try to rephrase this a bit, tell me if this is what you are asking for.

Imagine being able to apply a Conditional Access policy that determines if clipboard, redirection, screen shot, etc should be allowed or not based on various conditions such as connecting from an unmanaged (non-Intune managed) device, a specific location or country, etc.
0 Likes
Reply
Bill-Wesson

‎Aug 06 2021 11:32 AM

‎Aug 06 2021 11:32 AM

Re: Isolation of Windows365 from host OS

I don't know that it would be a conditional access policy, but rather a full time policy that prevents this PCI computer that takes credit cards from an instance where the operator of the computer could copy down a credit card number for instance to their own computer or otherwise transfer files to/from that computer or copy confidential data to/from that computer. Scott Manchester's presentation from Microsoft Mechanics seemed to indicate that this security is a built-in feature that can be enabled.
0 Likes
Reply