Microsoft has introduced new Home windows 365 safety defaults beginning within the second half of 2025 and affecting newly provisioned and reprovisioned Cloud PCs.
The corporate mentioned these adjustments embody disabling the clipboard, drive, USB, and printer redirections by default to dam customers from copying information between Cloud PCs and bodily units via clipboard features to scale back dangers of information theft and block malware assaults.
Nevertheless, whereas USB redirections will likely be disabled by default, they solely goal low-level system entry, which implies that USB mice, keyboards, and webcams is not going to be affected since they’re managed via high-level redirection. These new safety defaults can even be utilized to newly created host swimming pools for Azure Digital Desktop.
Beginning final month, Microsoft has additionally enabled virtualization-based safety, Credential Guard, and hypervisor-protected code integrity (HVCI) by default on Home windows 365 Cloud PCs operating Home windows 11 gallery photos to create safe reminiscence enclaves and stop malicious code execution on the kernel stage.
“Home windows 365 is enhancing Cloud PC safety by having clipboard, drive, USB, and printer redirections disabled by default for all newly provisioned and reprovisioned Cloud PCs,” Microsoft mentioned.
“Since Might 2025, all newly provisioned and reprovisioned Home windows 365 Cloud PCs operating a Home windows 11 gallery picture have VBS, Credential Guard, and HVCI enabled by default.”
Microsoft can even show notification banners within the Intune Admin Middle to alert IT directors concerning the adjustments and permit them to override the brand new defaults utilizing Intune system configuration insurance policies or Group Coverage Objects if their end-users require particular redirection capabilities.
Intune admin middle banner about new redirection defaults (Microsoft)
”When new Cloud PCs are provisioned, the brand new defaults for disabling redirections will likely be utilized,” the corporate defined. “Subsequently, Intune will sync and implement the IT admin’s desired settings from the present insurance policies, overriding the default configurations. This course of assumes that the brand new Cloud PC is being added to an present group that has been assigned to the related coverage.”
On Tuesday, Microsoft introduced it might start updating safety defaults for all Microsoft 365 tenants in July to dam entry to SharePoint, OneDrive, and Workplace information by way of legacy authentication protocols.
Beginning subsequent month, Microsoft 365 will mechanically block legacy browser authentication to OneDrive and SharePoint utilizing RPS (Relying Celebration Suite), along with FPRPC (FrontPage Distant Process Name) protocol for Workplace file opens.
Since January, the corporate has additionally began disabling all ActiveX controls in Home windows variations of Microsoft 365 and Workplace 2024 apps and mentioned it should start rolling out a brand new Groups function designed to dam screenshots throughout meetingsin July.
Microsoft additionally introduced final week that it’ll add .library-ms and .search-ms file sorts to the checklist of blocked Outlook attachments beginning in July.
Patching used to imply complicated scripts, lengthy hours, and infinite hearth drills. Not anymore.
On this new information, Tines breaks down how fashionable IT orgs are leveling up with automation. Patch sooner, scale back overhead, and deal with strategic work — no complicated scripts required.
