MS Ai Insider

Microsoft Strengthens Windows 365 Cloud PC Security with Enhanced Default Protections and Virtualization-Based Features

Posted by

ailona

Microsoft is enhancing Windows 365 Cloud PC security by disabling clipboard, drive, USB, and printer redirections by default on new and reprovisioned Cloud PCs. Additionally, virtualization-based security features like VBS, Credential Guard, and HVCI are now enabled by default on Windows 11 gallery images, strengthening protection against threats. Unique :

Windows 365 Cloud PCs Get a Security Boost in 2025

Microsoft just rolled out fresh security defaults for Windows 365 Cloud PCs. This update focuses on locking down data flow and boosting system protections by default. If you manage Cloud PCs, these changes will impact how users interact with their virtual desktops.

What’s New: Default Redirection Disabled

Starting in the second half of 2025, clipboard, drive, USB, and printer redirections are disabled by default on newly provisioned and reprovisioned Windows 365 Cloud PCs. This means users can’t copy files between their Cloud PC and physical device using clipboard or drives unless IT admins enable it.

Microsoft explains,

“These changes minimize the risk of data exfiltration and malware injections, providing a more secure experience.”
Notably, USB mice, keyboards, and webcams remain unaffected since they use high-level redirection, which stays enabled.

This new default aligns with Microsoft’s Secure Future Initiative, ensuring security protections are enabled and enforced right out of the box.

Major Update: Virtualization-Based Security Enabled by Default

Since May 2025, all new Windows 365 Cloud PCs running Windows 11 gallery images come with virtualization-based security (VBS), Credential Guard, and hypervisor-protected code integrity (HVCI) enabled by default. These features use hardware virtualization to shield critical system components.

Credential Guard safeguards authentication credentials, reducing theft risks. Meanwhile, HVCI ensures only verified code runs at the kernel level, blocking malicious exploits.

“These changes strengthen protection against credential theft and kernel-level exploits without manual setup,” Microsoft notes.

What IT Admins Need to Know

IT admins will see banners in the Microsoft Intune Admin Center alerting them about these new defaults. If your organization requires clipboard or printer redirections, admins must manually revert these settings through Intune policies or Group Policy Objects (GPOs).

Additionally, reprovisioning existing Windows 365 Frontline Cloud PCs requires special attention. Reprovisioning from the device overview page won’t apply new defaults, but doing so from the provisioning policy page will.

Communication is key. Since these changes might disrupt workflows, teams should be informed and given instructions on how to request redirection enablement.

Why This Matters for Cloud PC Security

By disabling risky redirections and enabling advanced virtualization security by default, Microsoft is raising the bar for Cloud PC safety. This proactive approach helps prevent data leaks and sophisticated attacks without burdening IT teams with complex manual configurations.

For tech pros managing Windows 365 environments, these updates mean stronger defenses and a more secure cloud desktop experience for users.

Want to dive deeper? Check out Microsoft’s detailed Windows 365 security documentation and stay connected with the Windows Tech Community.

  • New security defaults reduce risks of data exfiltration and malware via disabled device redirections.
  • USB mice, keyboards, and webcams remain functional despite USB redirection being disabled.
  • IT admins can override default settings using Intune or Group Policy Objects for customized workflows.
  • Reprovisioning from the provisioning policy page applies new security defaults to existing Cloud PCs.
  • Virtualization-based security features protect critical system processes and prevent credential theft automatically.

    • From the Windows IT Pro Blog articles


    Related Posts
    Unlock New Possibilities with Windows Server Devices in Intune!

      Windows Server Devices Now Recognized as a New OS in Intune Microsoft has announced that Windows Server devices are Read more

    Unlock the Power of the Platform: Your Guide to Power Platform at Microsoft Ignite 2022

    Microsoft Power Platform is leading the way in AI-generated low-code app development. With the help of AI, users can quickly Read more

    Unlock the Power of Microsoft Intune with the 2210 October Edition!

    Microsoft Intune is an enterprise mobility management platform that helps organizations manage mobile devices, applications, and data. The October edition Read more

    Unlock the Power of Intune 2.211: What’s New for November!

    Microsoft Intune has released its November edition, featuring new updates to help IT admins better manage their organization’s mobile devices. Read more

    , , , , , , , , , , , , , ,

    ailona

    Follow Us

    [adinserter name=”Block 4″]

    Recent Posts

    Categories

    Tags

    365 and articles Azure blog build community copilot developer enhanced exploring features for how hub: insider latest microsoft microsoft’s new power preview Security stories: Teams the unlock Windows with your