I recently came across an exciting thing in Windows 365: the watermarking, which has now become generally available. I believe this feature has the potential to significantly enhance data security. We should also enable the screen capture protection feature to protect even more.
Before we proceed, it’s essential to ensure you have the necessary prerequisites in place:
- A remote desktop client that supports watermarking (either the latest Remote Desktop client or the Windows 365 App).
- Azure Virtual Desktop Insights should be configured for your environment if you want to track the QR codes.
An Introduction to Watermarking and Screen Capture Protection:
Let’s begin with a brief overview of these two critical features:
Screen Capture Protection: This feature is designed to thwart unauthorized attempts to take screenshots. Whether you’re using Azure Virtual Desktop (AVD) or Windows 365 (W365), it ensures that if a user tries to capture a screenshot, all they’ll see is a black screen, effectively protecting sensitive content.
Watermarking: Watermarking involves the addition of QR codes to the user’s desktop. These QR codes contain connection IDs, which can be traced back to specific users. In the event of unauthorized data capture, you can easily identify the responsible user.
The ups and downs:
While both features are easy to set up, it’s crucial to consider the following pros and cons:
- Enhanced data security.
- Configurable options to choose from.
- Effective protection against screenshot attempts.
- Watermarking can be intrusive and might impact the user experience.
- The QR code is always visible on the screen.
- Requires a supported client.
Configuring the Features:
To set up both watermarking and screen capture protection, you can use the administrative template for Azure Virtual Desktop. It is possible to use GPO or local policies but, who wants to use that? 🙂
- Sign in to the Microsoft Intune admin center.
- Go to Devices, Policy, Configuration Profiles.
- Create a new profile with the following settings:
- Platform: Windows 10 and later
- Profile: Templates
- Template name: Administrative templates
It’s essential to strike a balance between security and user experience when customizing these settings. Since QR codes can be intrusive, consider how prominently they should be displayed on the screen.
Resolving QR Codes to a User:
In case of data capture, here’s how to resolve QR codes to identify the responsible user:
- Use any compatible QR code scanning app to scan the QR code.
- Note the session ID from the QR code.
- In Azure Virtual Desktop Insights, search for the connection ID to identify the user.
Watermarking and screen capture protection are valuable tools for bolstering data security in Windows 365. These features are a significant step toward enhancing data security in modern computing environments. But…. I think its really annoying to work in. It would be good if the watermarking showed up only when you opened a screen capturing tool or shared the desktop.
But I do like the screen capture feature, that would come in handy for PAW setups.