AVD inherits a strong baseline from the managed control plane — notably no inbound RDP thanks to reverse connect — but a secure deployment still needs deliberate work across identity, access, network and the hosts themselves. Here’s how to apply Zero Trust to AVD.
Start with identity — it’s the real perimeter
In a cloud workspace, identity is the primary control plane. The essentials:
- Multi-factor authentication for every AVD sign-in, enforced via Conditional Access.
- Conditional Access policies scoped to the AVD and Windows Cloud Login apps — require MFA, compliant or hybrid-joined devices, and constrain risky sign-ins.
- Phishing-resistant methods (passkeys / FIDO2 / Windows Hello) where you can.
- No standing admin — use Privileged Identity Management for just-in-time elevation.
Target the right apps
Scope Conditional Access to ‘Azure Virtual Desktop’ and ‘Microsoft Remote Desktop / Windows Cloud Login’. Missing these is the most common reason MFA silently isn’t enforced on AVD sessions.
Least-privilege access to the AVD resources
Separate who can use desktops from who can manage the platform:
- Assign users to application groups via Entra ID groups — never individually at scale.
- Use AVD’s built-in RBAC roles (e.g. Desktop Virtualization User vs. Contributor) rather than broad subscription roles.
- Keep platform administration in a small, PIM-gated group.
Network isolation
Reverse connect means no inbound ports, but outbound and lateral movement still need control:
- Place session hosts in a dedicated subnet with NSGs limiting east-west traffic.
- Send outbound through a firewall; allow only the required AVD service FQDNs/endpoints.
- Use Private Link / private endpoints for storage (FSLogix) and other PaaS where possible.
- Consider RDP Shortpath for performance, understanding its network requirements.
| Layer | Control |
|---|---|
| Identity | MFA + Conditional Access + PIM |
| Authorization | AVD RBAC, group-based app-group assignment |
| Network | NSGs, firewall egress allow-list, private endpoints |
| Host | Security baseline, Defender, attack-surface reduction |
| Data | FSLogix on private storage, encryption, DLP via Purview |
Harden the session hosts
The hosts are still Windows machines that need the same discipline as any endpoint:
- Apply a security baseline (CIS or Microsoft) and AVD multi-session optimisations.
- Run Microsoft Defender for Endpoint and enable attack-surface-reduction rules.
- Enforce application control (AppLocker / WDAC) so only approved apps run.
- Patch via your automated image pipeline so every new host starts current.
- Disable unnecessary local admin; use LAPS-style managed local accounts if any remain.
Multi-session is multi-tenant within a host
On pooled hosts several users share one VM. App control, drive/clipboard redirection policy and resource limits matter more here than on a single-user device — one user shouldn’t be able to affect another.
Protect the data path
- Control clipboard, drive, printer and USB redirection through host-pool RDP properties to limit data exfiltration.
- Keep FSLogix profiles on private, encrypted storage.
- Layer Microsoft Purview for DLP and sensitivity labelling if data governance is in scope.
Monitor and verify
Zero Trust assumes breach, so visibility is part of the control set: stream AVD diagnostics and sign-in logs to Log Analytics, use AVD Insights for session and host health, and surface identity risk through Entra ID Protection. Alert on anomalous sign-ins and failed connection patterns.
AVD gives you a strong starting posture, but security is a layered build: identity first, then least-privilege access, network isolation, hardened hosts and a protected data path — all verified by monitoring. Apply the layers deliberately rather than relying on the platform defaults alone.
Need a hand with your AVD platform? 🚀
I help organisations design, migrate and optimise Azure Virtual Desktop. If you’re planning or troubleshooting a deployment, get in touch.
