Your company has an Azure Virtual Desktop deployment.
There is a RemoteApp named App2
Someone noticed that from the "Save As" dialog box of App2, users can run executable applications other than App2 on the session hosts.
You have been asked to suggest a solution to ensure that the users can run only the published apps on the session hosts.
Which of the following would you suggest?
Click on the arrows to vote for the correct answer
A. B. C. D.Correct Answer: B
Preventing the unwanted software from running on session hosts is also one way to strengthen the security of the session host.
hosts.
You can enable/configure AppLocker on the session hosts to ensure that only the applications that you allow can run on the session hosts.
Option A is incorrect.
Conditional access policies won't help in meeting the goal.
Option B is correct.
AppLocker policy can be configured on the session hosts to ensure that the users are able to run only the published apps on the session hosts.
Option C is incorrect.
Customizing the RDP properties of the host pool helps in delivering an optimal experience to the users depending upon their needs.
Option D is incorrect.
Changing the access control settings is the incorrect solution.
To know more about security best practices in Azure Virtual Desktop, please visit the below-given link:
The correct solution to restrict users from running executable applications other than the published apps on session hosts in Azure Virtual Desktop is to implement an AppLocker policy on the session hosts.
Explanation:
AppLocker is a Windows feature that enables administrators to specify which apps are allowed to run on users' devices. It can be used to restrict users from running unauthorized applications on session hosts. By configuring an AppLocker policy on the session hosts, you can specify which executable files are allowed to run and which are not.
Conditional access policies in Azure AD are used to control access to cloud apps based on specific conditions, such as location or device. However, they cannot be used to restrict access to executable files on session hosts.
Changing RDP properties of the host pool or changing the access control settings of the host pool will not help in restricting users from running executable applications other than the published apps on the session hosts.
Therefore, the correct solution to restrict users from running executable applications other than the published apps on session hosts in Azure Virtual Desktop is to implement an AppLocker policy on the session hosts.