w365: Clipboard redirection now available in the settings catalog

Due to security measures, organisations will want to restrict clipboard restrictions (copy-paste) from the cloud pc to base laptop but allow copy-paste to work from base laptop to cloud pc. In this case, how can we achieve this??

The Intune July update (service release 2407) now supports the Clipboard redirection in the settings catalog.

What is Clipboard redirection?

Clipboard redirection in windows 365 cloud pc's permits users to copy and paste various types of content, such as text, images, and files, between their local device and the remote session in both directions. To enhance security and prevent potential data leaks or the transfer of harmful files, you might consider restricting the clipboard functionality for users/Device.

Administrators have the flexibility to control clipboard usage by determining whether data can be transferred from the session host(windows 365) to the client or from the client to the session host, and also specifying the types of content to be allowed. 

Pre-Reqs: Configure the clipboard transfer direction in Azure Virtual Desktop | Microsoft Learn

To do this, open Intune portal and navigate to Devices > Manage devices > Configuration > Create > New policy > Windows 10 and later for platform > Settings catalog.

In the settings catalog, open Administrative Templates > Windows Components > Remote Desktop Services > Remote Desktop Session Host > Device and Resource Redirection

The below settings options are available for both Device and User.

1. Restrict clipboard transfer from server to client - (w365 to base device)
2. Restrict clipboard transfer from server to client (User)
3. Restrict clipboard transfer from client to server - (Base device to w365)
4. Restrict clipboard transfer from client to server (User)

If you do not enable or configure these settings, then users can copy contents from device to cloud pc and vice-versa.

1. Restrict clipboard transfer from server to client/(User)- (w365 to base device) - Not configured or enabled, users can copy paste from w365 cloud pc to the base device.
2. Restrict clipboard transfer from client to server/(User) - (Base device to w365) - Not configured or enabled, users can copy paste from the base device to the w365 cloud pc.

If you select the User settings, then it will be applied to the user scope alone. If you select the device settings, then it will be applied to the device scope.

Note: If you have selected both the User and device settings, then the most strict restrictions will be applied to the endpoint.

In this example, we have selected the device settings alone.

1. Restrict clipboard transfer from server to client
2. Restrict clipboard transfer from client to server

Once you toggle the Enabled button, you can see the below options in the drop-down for both.

1. Disable clipboard transfers from session host to client, client to session host, or both.
2. Allow plain text only.
3. Allow plain text and images only.
4. Allow plain text, images, and Rich Text Format only.
5. Allow plain text, images, Rich Text Format, and HTML only.

Now, you can select the desired options  from above and assign it to the user/device/groups in the Assignments section.

Once assigned, in the windows 365 cloud pc (Session Host), sync the device and reboot for the settings to take effect.

Powershell scripts:

https://github.com/app2pack/Windows365-Scripts

Reference: Configure the clipboard transfer direction in Azure Virtual Desktop | Microsoft Learn

If you are interested in understanding how redirection works between client 💻  and ☁  cloud pc's 💻 then check this detailed article.

https://learn.microsoft.com/azure/virtual-desktop/redirection-remote-desktop-protocol