Microsoft is making some changes to its Windows 365 Cloud PCs that are bound to impact both administrators and end users. Starting later this year, new Cloud PCs will come with clipboard, USB, drive, and printer redirection turned off by default. The company says this shift is part of a broader effort to make its Secure Future Initiative more than just a buzzword.
These default restrictions apply to both newly provisioned and reprovisioned Cloud PCs. The goal is to cut down on potential attack vectors such as data exfiltration and malware infiltrations. If you’re thinking about accessing a USB stick or copying something from your Cloud PC to your physical device, you may be out of luck unless your IT department re-enables those settings manually.
Interestingly, Microsoft is not applying this blanket change to everything. Common devices like mice, keyboards, and webcams will continue to work as expected. These peripherals rely on high-level redirection, which Microsoft is still allowing. It is only the low-level device access that is getting shut off by default, and even then, only for newly created or reprovisioned machines using updated provisioning policies.
For those managing fleets of Cloud PCs, Microsoft is introducing banners in the Intune Admin Center to alert IT admins about the changes. If an admin reprovisions a device from the overview page, the old settings will stick. But if they do it from the provisioning policy page, the new defaults kick in. That creates a bit of a divide and could cause confusion if administrators are not paying attention to where they click.
The company is also quietly rolling out additional security features. New Cloud PCs built with Windows 11 gallery images will have virtualization-based security, Credential Guard, and memory integrity turned on by default. These protections are meant to isolate sensitive processes and help prevent credential theft and kernel-level exploits. Best of all, these tools do not require manual configuration. They just work.
Of course, there is still a way to bring back the redirection features if needed. Admins can use Intune or Group Policy Objects to override the new defaults. Microsoft even recommends using built-in device groups and filters in Intune as a quick way to handle the change without much fuss.
All of this means Cloud PCs are getting locked down tighter than ever before. Some users might not be thrilled about the added friction, but for organizations concerned about security, these changes will likely be seen as long overdue. Whether other cloud providers will follow Microsoft’s lead remains to be seen, but for now, the message is clear. Microsoft wants the cloud to be secure by default, even if that means sacrificing some convenience.
