Microsoft has introduced new Home windows 365 safety defaults beginning within the second half of 2025 and affecting newly provisioned and reprovisioned Cloud PCs.
The corporate stated these modifications embrace disabling the clipboard, drive, USB, and printer redirections by default to dam customers from copying recordsdata between Cloud PCs and bodily units by clipboard capabilities to cut back dangers of knowledge theft and block malware assaults.
Nonetheless, whereas USB redirections can be disabled by default, they solely goal low-level system entry, which implies that USB mice, keyboards, and webcams won’t be affected since they’re managed by high-level redirection. These new safety defaults will even be utilized to newly created host swimming pools for Azure Digital Desktop.
Beginning final month, Microsoft has additionally enabled virtualization-based safety, Credential Guard, and hypervisor-protected code integrity (HVCI) by default on Home windows 365 Cloud PCs working Home windows 11 gallery pictures to create safe reminiscence enclaves and forestall malicious code execution on the kernel stage.
“Home windows 365 is enhancing Cloud PC safety by having clipboard, drive, USB, and printer redirections disabled by default for all newly provisioned and reprovisioned Cloud PCs,” Microsoft stated.
“Since Might 2025, all newly provisioned and reprovisioned Home windows 365 Cloud PCs working a Home windows 11 gallery picture have VBS, Credential Guard, and HVCI enabled by default.”
Microsoft will even show notification banners within the Intune Admin Middle to alert IT directors concerning the modifications and permit them to override the brand new defaults utilizing Intune system configuration insurance policies or Group Coverage Objects if their end-users require particular redirection capabilities.
”When new Cloud PCs are provisioned, the brand new defaults for disabling redirections can be utilized,” the corporate defined. “Subsequently, Intune will sync and implement the IT admin’s desired settings from the present insurance policies, overriding the default configurations. This course of assumes that the brand new Cloud PC is being added to an current group that has been assigned to the related coverage.”
On Tuesday, Microsoft introduced it will start updating safety defaults for all Microsoft 365 tenants in July to dam entry to SharePoint, OneDrive, and Workplace recordsdata by way of legacy authentication protocols.
Beginning subsequent month, Microsoft 365 will mechanically block legacy browser authentication to OneDrive and SharePoint utilizing RPS (Relying Occasion Suite), along with FPRPC (FrontPage Distant Process Name) protocol for Workplace file opens.
Since January, the corporate has additionally began disabling all ActiveX controls in Home windows variations of Microsoft 365 and Workplace 2024 apps and stated it is going to start rolling out a brand new Groups function designed to block screenshots throughout conferencesin July.
Microsoft additionally introduced final week that it’ll add .library-ms and .search-ms file sorts to the checklist of blocked Outlook attachments beginning in July.
Patching used to imply advanced scripts, lengthy hours, and limitless hearth drills. Not anymore.
On this new information, Tines breaks down how trendy IT orgs are leveling up with automation. Patch quicker, scale back overhead, and concentrate on strategic work — no advanced scripts required.
