🔹 Feature: New Endpoint Security for Azure Virtual Desktop & Windows 365
🔹 What It Does: Stop keyloggers from capturing what you type, and stop screen scrapers from capturing what you see.
🆕 What’s New:
✅ Windows Cloud Keyboard Input Protection: Establishes a secure channel from the endpoint kernel all the way to the Cloud PC or AVD session host. Keystrokes are encrypted at the kernel driver level on the physical device and only decrypted inside the remote VM — keyloggers and keystroke injection malware on the endpoint see nothing but ciphertext.
✅ Screen Capture Protection: Blocks screen recording tools, screenshot utilities, and screen-sharing apps from capturing AVD/W365 session content. Available in two modes — block client only, or block client + everything in front of it (camera-of-screen scenarios still need DLP).
✅ BYOD-Ready Trust Boundary: Shifts the security perimeter from “trust the device” to “trust the encrypted channel” — critical when users connect from unmanaged Windows 11 personal devices.
✅ Kernel-Level Enforcement: Software kernel driver + system-level encryption service routes all keyboard input directly to the VM in encrypted format — bypasses user-mode interception entirely.
✅ Transparent to Users: No workflow change, no perceptible latency, no IT admin overhead beyond a Group Policy toggle and the WCIO Protect.msi rollout.
✅ Compliance Win: Demonstrable kernel-to-cloud protection of credentials and sensitive input data — useful evidence for regulated industries (finance, healthcare, public sector).
🌐 https://techcommunity.microsoft.com/blog/windows-itpro-blog/keyboard-input-protection-for-windows-365-and-azure-virtual-desktop-now-in-previ/4468102
🌐 https://learn.microsoft.com/en-us/windows-365/enterprise/windows-cloud-input-protection
🌐 https://learn.microsoft.com/en-us/azure/virtual-desktop/screen-capture-protection?tabs=intune
