Enable Screen Capture Protect on Azure Virtual Desktop (Windows365)

#public #office365 #windows365

about

To enable the Screen Capture Protection feature we need a very simple PowerShell Script (it can also be done using admx GPO templates, but this is the easiest way for Intune managed systems.)

Microsoft article: Screen capture protection in Azure Virtual Desktop - Azure | Microsoft Learn

script

#Enable ScreenCaptureProtection

Set-ItemProperty "HKLM:SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services" -Name fEnableScreenCaptureProtection -Value 1 -Type DWORD

Implementation

  1. Sign in to Microsoft Endpoint Manager portal (https://endpoint.microsoft.com/)
  2. Select Devices and then select Scripts or Windows devices -> Windows Policies and select PowerShell Scripts.
  3. To add a new PowerShell script, click Add button and deploy it to Windows 10 devices.
  4. Specify the name of the PowerShell script and you may add a description as well. Click Next.
  5. On the Script Settings window, you specify the script location. Click the folder icon and specify the PowerShell that you intend to deploy using Intune to devices.

attachments/Pasted image 20230413145326.png
6. Lastly we configure Assignments. This determines to who you deploy the PowerShell script. Click Add Group and select your AVD Session Host group.
7. To trigger the changes immediately reboot your AVD Session host and check the registry if the Key is applied.

No alt text provided for this image

Running into errors? Review IntuneManagementExtension Log File

Win32app and PowerShell Scripts deployed are installed using the Intune Management Extension and there are log files to troubleshoot application deployment. The log files for the Intune Management Extension are located in C:\ProgramData\Microsoft\IntuneManagementExtension\Logs. Review the IntuneManagementExtension.log.

No alt text provided for this image

Sources: Enable Screen Capture Protect on Azure Virtual Desktop AVD with Microsoft Endpoint Manager MEM