w365: Enabling Screen Capture Protection for Windows 365 in Intune

As the hybrid work environment becomes the new normal, securing virtual desktops is more critical than ever. Windows 365, Microsoft's cloud PC solution, includes a valuable feature: Screen Capture Protection. This feature prevents unauthorized screen captures of sensitive information displayed on a Windows 365 Cloud PC. Managing this through Microsoft Intune ensures a seamless and centralized approach. In this blog, we will provide a straightforward guide on enabling Screen Capture Protection in Intune that disables screen capture using screen capture tools prntscn/SnippingTool. 

Simple Steps to Enable Screen Capture Protection in Intune

1. Log into Microsoft Intune:

   

2. Navigate to Configuration Profiles:

   Go to Devices > Configuration profiles

3. Create a New Profile:

   Click on Create profile, Choose Windows 10 and later as the platform. Select Templates for the profile type, then choose Administrative Templates.

4. Configure Screen Capture Settings:

   - In the settings picker, browse to Administrative templates > Windows Components > RemoteDesktop Services > Remote Desktop Session Host > Azure Virtual Desktop.

   - Find and select Enable screen capture protection.

   - Set this policy to Enabled.

Turn off the another setting as it stops tools and services on the session host from capturing the screen, as well as screen capture from the client of programs running in the remote session.

5. Assign the Profile:

   - Assign this profile to the group of users or devices that will use Windows 365 Cloud PCs.

   

6. Review and Create:

   - Review the settings and click Create. 

   - The profile will be pushed to the assigned devices and users, enabling screen capture protection.

7. Restart the cloud pc for setting to take effect.

Before:

After:

Demo:

Important Considerations When Using Screen Capture Protection

Web Browser Access and Screen Sharing

When screen capture protection is enabled, any connection through the web browser or remote desktop app in Android or iOS will fail, presenting an error message like below.  Additionally, if you join Teams meetings through your Cloud PC, you will no longer be able to share your screen.

Though the second screen shows "you need to enable screen capture protection", it should actually say to disable the screen protection to access cloud pc in the browser session. 

Update (28/08/2024): Microsoft has fixed the error message with screen capture protection enabled and accessed through  browsers.

when accessing through Remote desktop client in iOS, below error is shown.

 

These are the limitations that are explained here - https://learn.microsoft.com/en-us/azure/virtual-desktop/screen-capture-protection?tabs=intune#prerequisites