Today, we’re excited to highlight a few newly added and upcoming features that strengthen the Windows 365 security foundation. We are constantly innovating to ensure that Windows 365 continues to provide a safe environment to securely stream your personalized Windows desktop, apps, settings, and content from the Microsoft Cloud to any device. Windows 365 provides security in various layers—identity, access, and data—when employees use their Cloud PCs. Existing capabilities like Conditional Access policies help protect user identities and ensure that Cloud PCs are accessed securely from any device. Customer managed keys help encrypt and protect data.

As businesses and individuals increasingly rely on cloud platforms to store, process, and access their information, the risk of data breaches, unauthorized access, and cyberattacks becomes more significant. Below are a few newly added features that support Windows 365 in providing the integrity, robustness, and reliable remote access to your Cloud PCs:

Single sign-on (SSO) not only provides a better user experience by reducing the number of credential prompts but it also adds support for passwordless (phish resistant) authentication when accessing Microsoft Entra–joined and Microsoft Entra hybrid–joined session hosts and Cloud PCs. SSO also enables support for non-Microsoft identity providers. For more information, see Configure single sign-on for Windows 365 using Microsoft Entra authentication.

How to provision a policy and SSO for Windows 365 via the Microsoft Intune admin center
In-session passwordless authentication takes advantage of the new WebAuthn redirection functionality to support phish-resistant credentials like passkeys when authenticating inside the session. WebAuthn requests are sent to the local device to be completed using locally attached security devices and Windows Hello for Business. For more information, see In-session passwordless authentication.
Faster re-authentication enables IT admins to require that users re-authenticate when launching a new connection if it’s been more than 5-10 minutes since they last authenticated to Microsoft Entra. This functionality leverages the sign-in frequency option in Conditional Access policies. For more information, see Configure sign-in frequency.

How to configure faster re-authentication for Windows 365 Cloud PCs using Conditional Access policies via the Intune admin center
Mobile application management (MAM) for iOS and Android devices currently in public preview allows users to customize device redirections and strengthen the security of the physical device used to access Windows 365 Cloud PCs or Azure Virtual Desktop virtual machines (VMs) across environments that are unmanaged, managed by external tenants, or managed by organizations. For more information, see Configure client device redirection settings using Microsoft Intune.

How to configure redirections using MAM app configuration policy via the Intune admin center

Using Device conditions in Intune to define that devices meet minimum security requirements before accessing Windows 365
Traceable watermarking and screen capture protection help block and/or hide remote content in screenshots while discouraging sensitive information from being captured on client endpoints. For more information on watermarking, see Watermarking in Windows 365 and for more information on screen capture protection, see Screen capture protection.

A Windows 11 desktop showing that personal data is blocked with traceable watermarking in Windows 365

How to use Intune to configure watermarking and screen capture protection for Windows 365 Cloud PCs
Microsoft Purview Customer Key allows you to control your organization’s encryption keys and then configure Windows 365 to use keys to encrypt your data at rest in Microsoft datacenters. Customer Key allows you to add a layer of encryption that belongs to you, with your keys. For more information, see Microsoft Purview Customer Key for Windows 365 Cloud PCs.

Insight into the existing Cloud PC encryption status is available in the Tenant admin area of the Intune admin center
Microsoft Purview forensic evidence for insider risk management helps organizations gain visual insight into potentially risky user actions on a Cloud PC so they can quickly respond and mitigate. The visual capturing capabilities with customizable event triggers and built-in user privacy protection controls help security teams better investigate, understand, and respond to potential insider data risks like unauthorized data exfiltration of sensitive data. Forensic evidence provides more context to organization admins supporting security investigations. This can drive accurate and timely resolution of the incident and help determine other vectors that contribute to security related risks. For more information, see Set up Microsoft Purview forensic evidence for Windows 365.

Forensic evidence for Cloud PCs is available from the Insider risk management area of the Microsoft Purview portal
Unidirectional clipboard redirection restricts the flow of data to a single direction—either from the Cloud PC to the client or vice versa. This capability allows organizations to limit the direction and configure the type of data that can be copied at a user or device level. With this, organizations can prevent accidental or intentional data leaks. For more information, see Configure the clipboard transfer direction.

These newly added and upcoming features help strengthen the Windows 365 security foundation and support our customers in meeting today’s challenges. We are committed to continually adding value to the service and learning from you and your feedback. Have a suggestion for a new feature or functionality? Post your ideas in the Windows 365 feature requests board.

To learn more about Windows 365 and Microsoft Security:

Learn more about Windows 365 and sign up for a trial today
Learn about Microsoft Security

To learn more about three years of enabling flexible work with Windows 365, read Windows 365 at three years: Customer-centric solutions for security, management, and productivity.

Continue the conversation. Find best practices. Bookmark the Windows 365 Community, then follow us @MSWindowsITPro on X and on LinkedIn.

​Microsoft Tech Community – Latest Blogs –Read More