Using Windows Virtual Desktop with Intune
Windows Virtual Desktop is a desktop and app virtualization service that runs on Microsoft Azure. It lets end users connect securely to a full desktop from any device. With Microsoft Intune, you can secure and manage your Windows Virtual Desktop VMs with policy and apps at scale, after they're enrolled.
Currently, Intune supports Windows Virtual Desktop VMs that are:
- Running Windows 10 Enterprise, version 1809 or later.
- Hybrid Azure AD-joined.
- Set up as personal remote desktops in Azure.
- Enrolled in Intune in one of the following methods:
For more information on Windows Virtual Desktop licensing requirements, see What is Windows Virtual Desktop?.
Intune treats Windows Virtual Desktop personal VMs the same as Windows 10 Enterprise physical desktops. This treatment lets you use some of your existing configurations and secure the VMs with compliance policy and conditional access. Intune management doesn't depend on or interfere with Windows Virtual Desktop management of the same virtual machine.
There are some limitations to keep in mind when managing Windows 10 Enterprise remote desktops:
All VM limitations listed in Using Windows 10 virtual machines also apply to Windows Virtual Desktop VMs.
Also, the following profiles aren't currently supported:
Make sure that the RemoteDesktopServices/AllowUsersToConnectRemotely policy isn't disabled.
The following Windows 10 desktop device remote actions aren't supported/recommended for Windows Virtual Desktop VMs:
- Autopilot reset
- BitLocker key rotation
- Fresh Start
- Remote lock
- Reset password
Deleting VMs from Azure leaves orphaned device records in Intune. They'll be automatically cleaned up according to the cleanup rules configured for the tenant.
Windows 10 Enterprise multi-session
Intune doesn't currently support management of Windows 10 Enterprise multi-session.