Screen Capture Protection for Windows Virtual Desktop

I had a meet with a customer in online healthcare industry. Today they have a cloud only environment with a modern workplace. Currently they need to purchase, install, configure and send out a laptop to each doctor. They have now seen a great potential in Windows Virtual Desktop. If they implement a WVD with all the tools the doctor needs and allow them to connect using their own device. Lots of time, effort and money can be saved.

But the healthcare industry has high demands on privacy. Thats when I remembered the screen capture protection feature in WVD. This feature prevents sensitive information from being captured on the client endpoints. When you enable this feature, remote content will be automatically blocked or hidden in screenshots and screen shares. It will also be hidden from malicious software that may be continuously capturing your screen’s content.

Warning, do not demonstrate this in a teams meeting. the screen will be protected and the customer cannot see your demo. But thats exactly what it is supposed to do:

Enable screen capture protection feature in WVD

Prerequisites

  • Make sure your host pools are provisioned in the validation environment.
  • Make sure you’ve downloaded and installed the Windows Desktop client, version 1.2.1526 or later.

registry key

Key = HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services
Type = REG_DWORD
Name = fEnableScreenCaptureProtection
Value = 1

PowerShell

reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services" /v fEnableScreenCaptureProtection /t REG_DWORD /d 1

ARM Template

For the ARM template lovers Sander Rozemuller has created a simple extension. It is possible to deploy the extension to the virtual machine with the New-AzResourceGroupDeployment command. The ARM templates are stored in his Github repository. Read more on his blog

New-AzResourceGroupDeployment -ResourceGroupName ResourceGroupName -TemplateUri https://raw.githubusercontent.com/srozemuller/Windows-Virtual-Desktop/master/Security/Extensions/deploy-WvdScpExtension.json -vmName cust-wvd-1

Mr T-bone

Torbjörn Tbone Granheden is a Solution Architect for Modern Workplace at Coligo AB. Certified in most microsoft technologies and over 20 years as Microsoft Certified Trainer (MCT)

You may also like...

%d bloggers like this: