Microsoft is enhancing Windows 365 Cloud PC security by disabling clipboard, drive, USB, and printer redirections by default on new and reprovisioned Cloud PCs. Additionally, virtualization-based security features like VBS, Credential Guard, and HVCI are now enabled by default on Windows 11 gallery images, strengthening protection against threats. Unique :
Windows 365 Cloud PCs Get a Security Boost in 2025
Microsoft just rolled out fresh security defaults for Windows 365 Cloud PCs. This update focuses on locking down data flow and boosting system protections by default. If you manage Cloud PCs, these changes will impact how users interact with their virtual desktops.
What’s New: Default Redirection Disabled
Starting in the second half of 2025, clipboard, drive, USB, and printer redirections are disabled by default on newly provisioned and reprovisioned Windows 365 Cloud PCs. This means users can’t copy files between their Cloud PC and physical device using clipboard or drives unless IT admins enable it.
Microsoft explains,
“These changes minimize the risk of data exfiltration and malware injections, providing a more secure experience.”Notably, USB mice, keyboards, and webcams remain unaffected since they use high-level redirection, which stays enabled.
This new default aligns with Microsoft’s Secure Future Initiative, ensuring security protections are enabled and enforced right out of the box.
Major Update: Virtualization-Based Security Enabled by Default
Since May 2025, all new Windows 365 Cloud PCs running Windows 11 gallery images come with virtualization-based security (VBS), Credential Guard, and hypervisor-protected code integrity (HVCI) enabled by default. These features use hardware virtualization to shield critical system components.
Credential Guard safeguards authentication credentials, reducing theft risks. Meanwhile, HVCI ensures only verified code runs at the kernel level, blocking malicious exploits.
“These changes strengthen protection against credential theft and kernel-level exploits without manual setup,” Microsoft notes.
What IT Admins Need to Know
IT admins will see banners in the Microsoft Intune Admin Center alerting them about these new defaults. If your organization requires clipboard or printer redirections, admins must manually revert these settings through Intune policies or Group Policy Objects (GPOs).
Additionally, reprovisioning existing Windows 365 Frontline Cloud PCs requires special attention. Reprovisioning from the device overview page won’t apply new defaults, but doing so from the provisioning policy page will.
Communication is key. Since these changes might disrupt workflows, teams should be informed and given instructions on how to request redirection enablement.
Why This Matters for Cloud PC Security
By disabling risky redirections and enabling advanced virtualization security by default, Microsoft is raising the bar for Cloud PC safety. This proactive approach helps prevent data leaks and sophisticated attacks without burdening IT teams with complex manual configurations.
For tech pros managing Windows 365 environments, these updates mean stronger defenses and a more secure cloud desktop experience for users.
Want to dive deeper? Check out Microsoft’s detailed Windows 365 security documentation and stay connected with the Windows Tech Community.
From the Windows IT Pro Blog articles
Windows Server Devices Now Recognized as a New OS in Intune Microsoft has announced that Windows Server devices are Read more
Microsoft Power Platform is leading the way in AI-generated low-code app development. With the help of AI, users can quickly Read more
Microsoft Intune is an enterprise mobility management platform that helps organizations manage mobile devices, applications, and data. The October edition Read more
Microsoft Intune has released its November edition, featuring new updates to help IT admins better manage their organization’s mobile devices. Read more
