Microsoft is rolling out new security defaults for Windows 365 Cloud PCs starting in the second half of 2025, according to BleepingComputer. These changes will impact all newly provisioned and reprovisioned Cloud PCs by disabling clipboard, drive, USB, and printer redirections by default. The goal is to reduce data exfiltration risks and prevent malware from moving between cloud environments and local devices. USB input devices like keyboards and mice won’t be affected, as they rely on high-level redirection.In addition to these changes, newly created host pools in Azure Virtual Desktop will also adopt the same redirection restrictions. Microsoft will display notifications in the Intune Admin Center to inform IT administrators, who will still have the option to override the defaults using device configuration policies or Group Policy Objects. These settings provide flexibility for teams that need to retain specific redirection features.Microsoft is also building on existing protections. Since May, Windows 365 Cloud PCs provisioned with Windows 11 gallery images have virtualization-based security, Credential Guard, and hypervisor-protected code integrity turned on by default. These capabilities are designed to protect sensitive processes and block malicious code execution at the kernel level.Beyond Cloud PCs, Microsoft 365 tenants will also see stronger default security settings. Starting in July, Microsoft will begin blocking legacy browser authentication for SharePoint and OneDrive, along with disabling older protocols like RPS and FPRPC. Other updates include removing ActiveX support in Office desktop apps and introducing screenshot-blocking capabilities in Teams meetings.
Malware, Data Security
Microsoft Tightens Security Defaults for Windows 365 and Microsoft 365
Today’s columnist, Sherrod DeGrippo of Microsoft, says the industry has to do a better job upskilling the employees we do have for future success. (Adobe Stock)
You can skip this ad in 5 seconds