We use a limited set of cookies to enhance your experience on our website. You can read more about this in our cookie policy

19 June 2024

Enhancing security in Azure Virtual Desktop: Best practices

Enhancing Security in Azure Virtual Desktop Best Practices

Azure Virtual Desktop (AVD) benefits from a wealth of security features available for the Microsoft 365 Business Premium license, including Microsoft Entra and Microsoft Intune. This article explores those security features and focuses on how you can utilise the tools already available to keep your AVD deployments secure.

 

Microsoft Entra

 

Multifactor Authentication (MFA)

 

MFA is a security measure that is notably more challenging to exploit than single-factor authentication security alone (username and password). MFA requires additional verification in the form of something you have, something you are and something you know to verify your identity when accessing your account.

 

Making the simple step to introduce MFA into your sign-in processes ensures that if an attacker was able to capture your login credentials, they still can't access your account unless they can also capture your authenticator (something you have) and biometrics (something you are), minimising the damage they can cause.

 

Conditional access

 

Implement conditional access as part of a zero-trust security strategy to manage risk by granting each user, application, and device the bare minimum access required to perform its role within the company. By limiting permissions and giving access to resources on a case-by-case basis, often via MFA, zero-trust security minimises the impact of a successful attack against an organisation.

 

Single sign-on

 

Provide secure and convenient access to resources across multiple platforms with Single Sign-on. Whether your employees work from the office, their homes, or on the go, Entra ID enables them to authenticate their identity and access the necessary resources securely. By leveraging multifactor authentication and conditional access policies, Entra ID ensures that only authorised individuals can access sensitive information, significantly reducing the risk of data breaches.

 

Identity management

 

Entra ID provides comprehensive auditing and reporting capabilities, allowing organisations to monitor and track user activities. This feature enables organisations to meet regulatory compliance requirements and maintain an audit trail of user access and actions. In the event of a security incident or an internal investigation, these logs can prove invaluable in identifying the source of the problem and taking appropriate remedial measures.

 

Microsoft Intune

 

Endpoint management

 

Endpoint security requires a depth of defence through multiple protective layers and mechanisms such as patching vulnerabilities, using next-generation antivirus to neutralise threats at the perimeter, harnessing auto investigation and response to remediate at the individual device level and automatic attack disruption at the organisation level to further limit the spread of an attack.

 

Mobile application management

 

A solution that modernises app management by providing simplified discovery, automated packaging, and deployment and updating outdated apps. This gives you access to a secure catalogue of prepackaged third-party apps that can be easily discovered, deployed, and updated directly from the Microsoft Intune admin centre.