Allow/prohibit data transfer in certain direction
As a bank, we have a concern of data leak when we allow user to use WVD to connect to on-prem server/services. We need to have the ability to:
- Allow copying data from user's endpoint (laptop, PC) to WVD
- Block copying data from user's endpoint (laptop, PC) to WVD
- Allow copying data from WVD to user's endpoint (laptop, PC)
- Block copying data from WVD to user's endpoint (laptop, PC)
Today if we allow or block, it will be bi-direction, which is not sufficient to address security risk: it could be either too loosely, or too strictly.
A string limit on the clipboard copy paste would be a great way to limit the moving of data while still allowing most safe use cases.
@Isaias.Martinez@intechxsp.com thanks for sharing. unfortunately just disabling clipboard is not sufficient. There are many use cases such as using remote apps, where we would want users to be able to copy and paste data. This is where having some granular controls (CA) to only allow this on trusted sources is needed. This would even go beyond Clipboard and apply to Printer mapping, drive access etc..
One step further on Tu Nguyen's request, would be the ability to control this based of conditional access. For example:
- If a user is accessing WVD from a trusted/managed device, they are allowed to use the copy/paste functionality.
- If the are connecting from an untrusted/unmanaged resource, then copy paste is prohibited.
Hi, you can allow or disabled the clipboard, refer to https://docs.microsoft.com/en-us/windows-server/remote/remote-desktop-services/clients/rdp-files?context=/azure/virtual-desktop/context/context