Microsoft has introduced new Home windows 365 safety defaults beginning within the second half of 2025 and affecting newly provisioned and reprovisioned Cloud PCs.
The corporate mentioned these adjustments embrace disabling the clipboard, drive, USB, and printer redirections by default to dam customers from copying information between Cloud PCs and bodily units by way of clipboard features to scale back dangers of information theft and block malware assaults.
Nevertheless, whereas USB redirections will probably be disabled by default, they solely goal low-level system entry, which implies that USB mice, keyboards, and webcams won’t be affected since they’re managed by way of high-level redirection. These new safety defaults may also be utilized to newly created host swimming pools for Azure Digital Desktop.
Beginning final month, Microsoft has additionally enabled virtualization-based safety, Credential Guard, and hypervisor-protected code integrity (HVCI) by default on Home windows 365 Cloud PCs working Home windows 11 gallery photos to create safe reminiscence enclaves and forestall malicious code execution on the kernel stage.
“Home windows 365 is enhancing Cloud PC safety by having clipboard, drive, USB, and printer redirections disabled by default for all newly provisioned and reprovisioned Cloud PCs,” Microsoft mentioned.
“Since Could 2025, all newly provisioned and reprovisioned Home windows 365 Cloud PCs working a Home windows 11 gallery picture have VBS, Credential Guard, and HVCI enabled by default.”
Microsoft may also show notification banners within the Intune Admin Heart to alert IT directors in regards to the adjustments and permit them to override the brand new defaults utilizing Intune system configuration insurance policies or Group Coverage Objects if their end-users require particular redirection capabilities.
”When new Cloud PCs are provisioned, the brand new defaults for disabling redirections will probably be utilized,” the corporate defined. “Subsequently, Intune will sync and implement the IT admin’s desired settings from the present insurance policies, overriding the default configurations. This course of assumes that the brand new Cloud PC is being added to an present group that has been assigned to the related coverage.”
On Tuesday, Microsoft introduced it could start updating safety defaults for all Microsoft 365 tenants in July to dam entry to SharePoint, OneDrive, and Workplace information through legacy authentication protocols.
Beginning subsequent month, Microsoft 365 will mechanically block legacy browser authentication to OneDrive and SharePoint utilizing RPS (Relying Social gathering Suite), along with FPRPC (FrontPage Distant Process Name) protocol for Workplace file opens.
Since January, the corporate has additionally began disabling all ActiveX controls in Home windows variations of Microsoft 365 and Workplace 2024 apps and mentioned it can start rolling out a brand new Groups characteristic designed to block screenshots throughout conferencesin July.
Microsoft additionally introduced final week that it’s going to add .library-ms and .search-ms file varieties to the record of blocked Outlook attachments beginning in July.
Patching used to imply complicated scripts, lengthy hours, and infinite fireplace drills. Not anymore.
On this new information, Tines breaks down how fashionable IT orgs are leveling up with automation. Patch sooner, scale back overhead, and give attention to strategic work — no complicated scripts required.
