You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/virtual-desktop/security-guide.md
+13-11Lines changed: 13 additions & 11 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -12,17 +12,19 @@ manager: lizross
12
12
---
13
13
# Security best practices
14
14
15
-
Windows Virtual Desktop is a managed virtual desktop service that includes many security capabilities for keeping your organization safe. In a Windows Virtual Desktop deployment, Microsoft manages portions of the services on the customer’s behalf. The service has namyh built-in advanced security features, such as Reverse Connect, which reduces the risk involved with having remote desktops accessible from anywhere.
15
+
Windows Virtual Desktop is a managed virtual desktop service that includes many security capabilities for keeping your organization safe. In a Windows Virtual Desktop deployment, Microsoft manages portions of the services on the customer’s behalf. The service has many built-in advanced security features, such as Reverse Connect, which reduce the risk involved with having remote desktops accessible from anywhere.
16
16
17
17
This article describes additional steps you can take as an admin to keep your customers' Windows Virtual Desktop deployments secure.
18
18
19
19
## Security responsibilities
20
20
21
-
Many cloud services share certain security responsibilities. When you use Windows Virtual Desktop, it’s important to understand that while some components come already secured for your environment, you'll need to configure other areas yourself to fit your organization’s security needs.
21
+
What makes cloud services different from traditional on-premises virtual desktop infrastructures (VDIs) is how they handle security responsibilities. For example, in a traditional on-premises VDI, the customer would be responsible for all aspects of security. However, in most cloud services, these responsibilities are shared between the customer and the company.
22
22
23
-
The following table shows which security needs users are responsible for.
23
+
When you use Windows Virtual Desktop, it’s important to understand that while some components come already secured for your environment, you'll need to configure other areas yourself to fit your organization’s security needs.
24
24
25
-
| Security need | Is the user responsible for this? |
25
+
Here are the security needs you're responsible for in your Windows Virtual Desktop deployment:
26
+
27
+
| Security need | Is the customer responsible for this? |
26
28
|---------------|:-------------------------:|
27
29
|Identity|Yes|
28
30
|User devices (mobile and PC)|Yes|
@@ -35,8 +37,12 @@ The following table shows which security needs users are responsible for.
35
37
|Physical network|No|
36
38
|Physical datacenter|No|
37
39
40
+
The security needs the customer isn't responsible for are handled by Microsoft.
41
+
38
42
## Azure security best practices
39
43
44
+
Windows Virtual Desktop is a service under Azure. To maximize the safety of your Windows Virtual Desktop deployment, you should make sure to secure the surrounding Azure infrastructure and management plane as well. To secure your infrastructure, consider how Windows Virtual Desktop fits into your larger Azure ecosystem. To learn more about the Azure ecosystem, see [Azure security best practices and patterns](../security/fundamentals/best-practices-and-patterns.md).
45
+
40
46
This section describes best practices for securing your Azure ecosystem.
41
47
42
48
### Enable Azure Security Center
@@ -55,13 +61,9 @@ To learn more, see [Onboard your Azure subscription to Security Center Standard]
55
61
56
62
Secure Score provides recommendations and best practice advice for improving your overall security. These recommendations are prioritized to help you pick which ones are most important, and the Quick Fix options help you address potential vulnerabilities quickly. These recommendations also update over time, keeping you up to date on the best ways to maintain your environment’s security. To learn more, see [Improve your Secure Score in Azure Security Center](../security-center/security-center-secure-score.md).
57
63
58
-
### Windows Virtual Desktop as part of your Azure environment
59
-
60
-
To maximize the safety of your Windows Virtual Desktop deployment, you should make sure to secure the surrounding infrastructure and management plane as well. To secure your infrastructure, consider how Windows Virtual Desktop fits into your larger Azure ecosystem. To learn more about the Azure ecosystem, see [Azure security best practices and patterns](../security/fundamentals/best-practices-and-patterns.md).
61
-
62
-
## Windows Virtual Desktop service security best practices
64
+
## Windows Virtual Desktop security best practices
63
65
64
-
This section explains best practices for Windows Virtual Desktop service security.
66
+
Windows Virtual Desktop has many built-in security controls. In this section, you'll learn about security controls you can use to keep your users and data safe.
65
67
66
68
### Require multi-factor authentication
67
69
@@ -92,7 +94,7 @@ Monitor your Windows Virtual Desktop service's usage and availability with [Azur
92
94
93
95
## Session host security best practices
94
96
95
-
This section describes best practices for session host security.
97
+
Session hosts are virtual machines that run inside an Azure subscription and virtual network. Your Windows Virtual Desktop deployment's overall security depends on the security controls you put on your session hosts. This section describes best practices for keeping your session hosts secure.
0 commit comments