Block authentication attempts unless the connecting endpoint is marked as compliant in Intune or is Hybrid Entra ID joined.
Windows 365 is a software-as-a-service (SaaS) solution. Microsoft manages the underlying compute, storage, networking infrastructure, and virtualization control plane. Enterprise administrators are primarily responsible for: Identity and access management Endpoint security policies (via Microsoft Intune) Data access within the user session Azure Virtual Desktop (AVD)
Scaling policies, sizing, and multi-session user distribution 2. Identity and Access Management (IAM) Securing the actual virtual machine (VM) running in Azure
Session hosts do not require public inbound ports (like TCP 3389) open to the internet.
Vanneuville advises moving from reactive alerts to proactive hunting. and virtualization control plane.
Securing the actual virtual machine (VM) running in Azure.
Connect the Log Analytics workspace to Microsoft Sentinel. Build analytic rules to flag indicators of compromise (IoCs), such as a single user account establishing multiple concurrent RDP sessions from disparate geographic locations (impossible travel). Summary Checklist for IT Administrators Security Layer Core Objective Action Item Identity Stop credential theft Enforce Phishing-Resistant MFA via Conditional Access Network Prevent lateral movement Implement NSGs to block inter-host communication Endpoint OS Hardening Apply Intune Windows 365 / Windows 11 Security Baselines Data Protection Prevent data leaks Disable RDP clipboard and local drive redirection Monitoring Threat visibility Stream diagnostic logs to Microsoft Sentinel Securing the actual virtual machine (VM) running in Azure
This summary is for informational purposes. Always test security policies in a non-production environment first.