Prevent Supported Plug And Play Device Redirects In Remote Desktop Services Sessions Using Intune HTML Blog

Let’s discuss Prevent Switching of Supported Plug and Play Devices in Remote Desktop Services Sessions using Intune. Plug and Play Device Redirection is an important security and performance control for Remote Desktop Services (RDS).

Basically, it determines whether the user can “plug” device to their local computer (such as a digital cameradedicated media player, or a POST terminal) and make the device appear and function within the remote session.

This policy can be enabled for several reasons. If the user can redirect a Plug and Play (PnP) storage device or a smart phone, they can easily copy sensitive company data from remote server to their personal hardware.

If the user installs a niche PnP deviceremote servers require compatible drivers to handle it. If the server doesn’t have it, the device will fail. Admins use this policy to block redirects so they don’t have to spend hours searching and installing consumer level drivers on enterprise level servers.

Prevent Switching of Supported Plug and Play Devices in Remote Desktop Services Sessions using Intune

Malware protection is ensured by blocking PnP redirection prevent potentially infected local devices from interacting with the corporate environment via RDP channel. This policy prevents employees from sensitive drag-and-drop financial spreadsheets to their phone’s internal storage.

Sign in with the Intune Portal

As an Admin, you can easily configure this policy on your tenant. For this Sign in to the Microsoft Intune Portal with Credentials. Navigate to Device > Configuration > + Create > New Policy

Profile Selection Steps

After that you can choose the appropriate one platform and profile type. This is an important step for policy creation and you cannot change the profile and platform after creating the profile. Here I want to configure the policy to be Windows 10 and newer platform catalog profiles and settings. Then click on Make knob.

Basic Tab

Basically tab is the first step in creating a policy. On this tab, you have to provide a Name for the policy you want to create. The name field is must. Without giving it a name, you cannot create a policy on the basic tab. You can also explain the policy, which it is information not mandatory. Click on Next knob.

Configuration Settings

That configuration tab lets you select specific policy settings to manage your organization’s devices. On this page, we click + Add Settings hyperlink. Then you will get a setting optionsr which will display various types of categories to select certain settings. Here, I selected Windows Components > Remote Desktop Services > Remote Desktop Session Host > Device and Resource Redirection >Do not allow supported Plug and Play device redirection.

Disable Plug and Play Device Redirection

If you disable this policy setting, users can do so redirect Plug and Play devices it supports to the remote computer. Users can use the More option on the Local Resources tab Remote Desktop Connection to select a supported Plug and Play device to redirect to the remote computer.

Enable Plug and Play Device Switching

If you enable this policy setting, users cannot redirect Plug and Play devices it supports to the remote computer. If you do not configure this policy setting, users can switch to supported devices Plug and Play device to a remote computer only if the computer is running Windows Server 2012 R2 and previous versions.

The next part is Coverage label and which one not a necessity step. Assigning this policy to a specific group of users or devices will help. Here, I skipped that part and clicked Next knob.

Task

The next step is Task. In this section, you can specify which groups will apply the policy. Our goal is to apply this policy to certain groups; this step is important. Look for the Add Group option below Include Groups section and click on it.

• After selecting a group, click Next to continue to the next step.
• Available list group will appear and select the group you want target.

Review + Create in Policy Creation

After the Assignment step, you will reach the final tab called Review + Create. In this section, you can see a summary of everything you entered in the previous steps such as detailed configuration task details, etc. If you don’t need to change anything, just click Review + Create.

Device and User Check-in Status

After creating a policy, we must monitor whether the policy has been created succeed or not. To check it, you can wait until 8 hours for the policy to take effect automatically, or you can reduce waiting time has passed manually sync policies via Company Portal.

• This will show this error succeed deployed or not.
• After synchronizationYou can check the policy status via Intun Portal.
• To do this, open it Device > Configuration Profile.
• In Configuration policy section, search Name of your policy made.
• Then you can get the details below of that Policy

Delete an Assigned Group from Plug and Play Device Switching Policy Settings

If you want to delete Assigned group from policy, can be from the Intune Portal. To do this, go to Policies in the Intune Portal and edit Tasks tab and Delete Policy.

To get more detailed information, you can refer to our previous post – Learn How to Delete or Unassign Apps from Intune using Step by Step Guide.

How to Remove Plug and Play Device Switching Policy

You can easily delete Policies from Intun Portal. From Configuration section, you can delete the policy. This will remove it completely from the client device.

For more information, you can refer to our previous post – How to Remove Allow Clipboard History Policy in Intune Step by Step Guide.

Need More Help or Have a Technical Question?

Join LinkedIn Page And Telegram Group to get step by step guides and latest news updates. Join us Meet Page to participate in User group meetings. Also, Join WhatsApp Community to get the latest news about Microsoft Technologies. We were there RepeatDhe as well.

Author

Anoop C Nair has been a Microsoft MVP from 2015 onwards for 10 years in a row! He is a Workplace Solutions Architect with over 22+ years of experience in the Workplace technology space. He is also a Blogger, Speaker, and Local User Group Community leader. The main focus is on Device Management technologies such as SCCM and Intune. He writes about technologies like Intune, SCCM, Windows, Cloud PC, Windows, Entra, Microsoft Security, Career, etc.