Work From Home (WFH) was never so popular (or inevitable) as today. At the peak of COVID-19 lockdowns, more than 85% of connections to Azure Virtual Desktop were coming from users working from home. More than half of those users are sitting in front of devices not managed by corporate IT. Most of those unmanaged client devices are desktops often shared across family members. For sure, the lockdowns will eventually be lifted. Still, as many industry analytics agree, at least 50% of the users will continue to work from home.
While bring-your-own-device (BYOD) initiatives are trendy, customers struggle with securing access to corporate data. In a shared home computer scenario, the client device may contain spyware or other types of malware that periodically make screenshots and send them to the attacker. Home users may also use some legit applications to track what kids are doing online. In most cases, such apps also constantly record the screen and store the output either locally or in a third-party cloud service. Even with no malware, there’s always room for human error and accidental sharing of confidential information using screen sharing either in virtual meeting or because of social engineering attacks. Because the risk of a data breach is still high, extra security controls are the top requested features for Azure Virtual Desktop.
Today we are excited to discuss the general availability of Screen Capture Protection. This new Azure Virtual Desktop feature prevents sensitive information from being captured by the software running on the client endpoints. When you enable this feature, remote content will be automatically blocked or hidden in screenshots and screen shares. This protection works for built-in functionalities such as pressing the PrtScn button on the keyboard or Snipping Tool and third-party applications installed on the client.
Protection is enforced by verifying the Azure Virtual Desktop client’s capabilities, and if the user tries to connect with the unsupported client, Azure Virtual Desktop will deny the connection. You can enable the feature to secure a single session host or use Active Directory Group Policy to manage protection for different host pools centrally. We recommend using this feature in combination with disabling the device and clipboard redirection.
The feature is available for all Azure Virtual Desktop customers at no extra cost.