InformationThis policy setting specifies whether to require the use of a specific encryption level to secure communications between client computers and RD Session Host servers during Remote Desktop Protocol (RDP) connections. This policy only applies when you are using native RDP encryption. However, native RDP encryption (as opposed to SSL encryption) is not recommended. This policy does not apply to SSL encryption.
The recommended state for this setting is: Enabled: High Level.
If Remote Desktop client connections that use low level encryption are allowed, it is more likely that an attacker will be able to decrypt any captured Remote Desktop Services network traffic.
None - this is the default behavior.
SolutionTo establish the recommended configuration, set the following Device Configuration Policy to Enabled: High Level:
To access the Device Configuration Policy from the Intune Home page:
Click Configuration profiles
Click Create profile
Select the platform (Windows 10 and later)
Select the profile (Administrative Templates)
Enter a Name
Configure the following Setting
Path: Computer Configuration/Windows Components/Remote Desktop Services/Remote Desktop Session Host/Security
Setting Name: Set client connection encryption level
Configuration: Enabled: High Level
Continue through the Wizard to complete the creation of the profile (profile assignments, applicability etc.)
Note: More than one configuration setting from each of the Configuration profiles (ex: Administrative Templates, Custom etc.) can be added to each Device Configuration Policy.
Enabled: High Level. (All communications between clients and RD Session Host servers during remote connections using native RDP encryption must be 128-bit strength. Clients that do not support 128-bit encryption will be unable to establish Remote Desktop Server sessions.)