Microsoft is implementing significant security enhancements across its Windows 365 and Microsoft 365 platforms, aiming to bolster defenses against data exfiltration and malware threats. Starting in the latter half of 2025, newly provisioned and reprovisioned Windows 365 Cloud PCs will have clipboard, drive, USB, and printer redirections disabled by default. This proactive measure is designed to minimize the risk of unauthorized data transfers and prevent malicious software from migrating between cloud environments and local devices. Notably, USB input devices such as keyboards and mice will remain unaffected, as they utilize high-level redirection protocols.
In parallel, Azure Virtual Desktop (AVD) is adopting similar security protocols. Newly created host pools will default to having clipboard, drive, USB, and printer redirections disabled. This change aligns with Microsoft's Secure Future Initiative (SFI), which emphasizes secure default configurations to reduce potential attack surfaces. Administrators will receive notifications within the Intune Admin Center regarding these updates and retain the flexibility to override default settings through device configuration policies or Group Policy Objects, accommodating specific organizational needs.
These updates build upon existing security measures. Since May 2025, Windows 365 Cloud PCs provisioned with Windows 11 gallery images have had virtualization-based security, Credential Guard, and hypervisor-protected code integrity enabled by default. These features are instrumental in safeguarding sensitive processes and thwarting malicious code execution at the kernel level.
Beyond Cloud PCs, Microsoft 365 tenants will experience enhanced security defaults. Starting in July 2025, Microsoft plans to block legacy browser authentication methods for SharePoint and OneDrive, and disable older protocols such as RPS and FPRPC. Additional updates include the removal of ActiveX support in Office desktop applications and the introduction of screenshot-blocking capabilities in Teams meetings.
These comprehensive security enhancements reflect Microsoft's commitment to providing a secure computing environment, addressing evolving cyber threats, and ensuring that default configurations prioritize security without compromising functionality.
Source: MSSP Alert Microsoft Tightens Security Defaults for Windows 365 and Microsoft 365
