Supported Windows 10 security configurations for Remote Desktop Services VDI
Applies to: Windows Server 2022, Windows Server 2019, Windows Server 2016
Windows 10 and Windows Server 2016 have new layers of protection built into the operating system to further safeguard against security breaches, help block malicious attacks and enhance the security of virtual machines, applications, and data.
Note
Make sure to review the Remote Desktop Services supported configuration information.
The following table outlines which of these new features are supported in a VDI deployment using RDS.
| VDI collection type | Managed pooled | Managed personal | Unmanaged pooled | Unmanaged personal |
|---|---|---|---|---|
| Credential Guard | Yes | Yes | Yes | Yes |
| Device Guard | Yes | Yes | Yes | Yes |
| Remote Credential Guard | No | No | No | No |
| Shielded & Encryption Supported VMs | No | No | Encryption supported VMs with additional configuration | Encryption supported VMs with additional configuration |
Remote Credential Guard:
Remote Credential Guard is only supported for direct connections to the target machines and not for the ones via Remote Desktop Connection Broker and Remote Desktop Gateway.
Note
If you have a Connection Broker in a single-instance environment, and the DNS name matches the computer name, you may be able to use Remote Credential Guard, although this is not supported.
Shielded VMs and Encryption Supported VMs:
- Shielded VMs are not supported in Remote Desktop Services VDI
For leveraging Encryption Supported VMs:
- Use an unmanaged collection and a provisioning technology outside of the Remote Desktop Services collection creation process to provision the virtual machines.
- User Profile Disks are not supported as they rely on differential disks
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for