Something I personally am really exited about is the released availablility for deploying Microsoft Intune device configuration from Microsoft Endpoint Manager admin center to Azure Virtual Desktop multi-session virtual machines (VMs) is now generally available. You can now add multi-session VMs to the same management experience and deploy device-wide configurations to them.
The following capabilities are now generally available on Azure Virtual Desktop with Intune:
- Automatically enroll VMs in Intune when provisioning Azure AD-joined host pools so that they’re provisioned, compliant, and ready to use when end-users access them.
- Manage both single and multi-session VMs using the settings catalog in Microsoft Endpoint Manager admin center.
- Increase your multi-session VMs’ security posture by applying configurations available under the Endpoint security blade, including Defender Tamper Protection and granular Antivirus policies.
- Leverage Microsoft 365 security features like Conditional Access on the session hosts.
- Assign applications configured to install in system context to multi-session VMs.
- Manage device configuration for multi-session VMs created in the Azure Public and Azure Government (US GCC High and DoD environments) clouds.
This is going to make it much easier to create endpoint security policies for Azure virtual desktop environments.
Instructions on how to create and implement new device configes can be found here: Azure virtual desktop multi-session with Microsoft intune.
