Microsoft will disable four types of redirection by default for Windows 365 Cloud PCs and enable additional security features.
Microsoft is adjusting the default settings for Windows 365 Cloud P “c” s. From the second half of 2025, when creating or recreating Cloud Pcs, four types of redirection will be automatically disabled: clipboard, disk, USB, and printer.
This specifically means that users will not be able to copy data from the Cloud PC to the local system on which they are using the virtual machine.
At the same time, three additional security layers will be enabled for Cloud PCs based on an image from the Windows 11 gallery: Virtualization-Based Security (VBS), Credential Guard, and Hypervisor-Protected Code Integrity (HVCI).
Protection against Data Leaks
The adjustment aims to reduce the risk of data leaks and malware spread through redirection. Only devices using high-level redirection – such as mice, keyboards, and webcams – will continue to work as usual. USB redirection for less common devices will be disabled by default.
This change does not automatically apply to existing Windows 365 Frontline Cloud PCs in shared mode. Only when these are re-provisioned via the provisioning policy page will the new default settings apply. IT administrators must consciously choose to do this.
Manual Adjustments
Organizations that still wish to use the disabled redirection can manually configure this through Microsoft Intune or through Group Policy Objects (GPO). Intune also offers shortcuts via built-in device groups and filters.
After provisioning, the default settings are automatically overwritten if the device is part of a group with different policy rules.