Configure the clipboard transfer direction and types of data that can be copied in Azure Virtual Desktop

  • Article

Important

Configuring the clipboard transfer direction in Azure Virtual Desktop is currently in PREVIEW. See the Supplemental Terms of Use for Azure Previews for legal terms that apply to Azure features that are in beta, preview, or otherwise not yet released into general availability.

Clipboard redirection in Azure Virtual Desktop allows users to copy and paste content, such as text, images, and files between the user's device and the remote session in either direction. You might want to limit the direction of the clipboard for users, to help prevent data exfiltration or malicious files being copied to a session host. You can configure whether users can use the clipboard from session host to client, or client to session host, and the types of data that can be copied, from the following options:

  • Disable clipboard transfers from session host to client, client to session host, or both.
  • Allow plain text only.
  • Allow plain text and images only.
  • Allow plain text, images, and Rich Text Format only.
  • Allow plain text, images, Rich Text Format, and HTML only.

You apply settings to your session hosts. It doesn't depend on a specific Remote Desktop client or its version. This article shows you how to configure the direction the clipboard and the types of data that can be copied you can configure the local Group Policy or registry of session hosts.

Prerequisites

To configure the clipboard transfer direction, you need:

  • Session hosts running Windows 11 Insider Preview Build 25898 or the most recent version of Windows Insider Build (Dev Channel). You must join the Windows Insider Program to activate the Dev Channel Preview Build.

  • Host pool RDP properties must allow clipboard redirection, otherwise it will be completely blocked.

  • Depending on the method you use to configure the clipboard transfer direction:

    • For configuring the local Group Policy or registry of session hosts, you need an account that is a member of the local Administrators group.

Configure clipboard transfer direction

Here's how to configure the clipboard transfer direction and the types of data that can be copied. Select the relevant tab for your scenario.

To configure the clipboard using Group Policy, follow these steps.

Important

These policy settings appear in both Computer Configuration and User Configuration. If both policy settings are configured, the stricter restriction is used.

  1. Open Local Group Policy Editor from the Start menu or by running gpedit.msc.

  2. Browse to one of the following policy sections. Use the policy section in Computer Configuration to the session host you target, and use the policy section in User Configuration applies to specific users you target.

    • Machine: Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Device and Resource Redirection
    • User: User Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Device and Resource Redirection

  3. Open one of the following policy settings, depending on whether you want to configure the clipboard from session host (server) to client, or client to session host:

    • To configure the clipboard from session host to client, open the policy setting Restrict clipboard transfer from server to client, then select Enabled. Choose from the following options:

      • Disable clipboard transfers from server to client.
      • Allow plain text.
      • Allow plain text and images.
      • Allow plain text, images, and Rich Text Format.
      • Allow plain text, images, Rich Text Format, and HTML.

    • To configure the clipboard from client to session host, open the policy setting Restrict clipboard transfer from client to server, then select Enabled . Choose from the following options:

      • Disable clipboard transfers from client to server.
      • Allow plain text.
      • Allow plain text and images.
      • Allow plain text, images, and Rich Text Format.
      • Allow plain text, images, Rich Text Format, and HTML.

  4. Select OK to save your changes.

  5. Once you configured settings, restart your session hosts for the settings to take effect.

  6. Connect to a remote session with a supported client and test the clipboard settings you configured are working by trying to copy and paste content.

Tip

During the preview, you can also configure Group Policy centrally in an Active Directory domain by copying the terminalserver.admx and terminalserver.adml administrative template files from a session host to the Group Policy Central Store in a test environment.

Related content