Information
This policy setting specifies whether Remote Desktop Services retains a user's per-session temporary folders at logoff.
The recommended state for this setting is: Disabled.
Rationale:
Sensitive information could be contained inside the temporary folders and visible to other administrators that log into the system.
Impact:
None - this is the default behavior.
Solution
To establish the recommended configuration, set the following Device Configuration Policy to Disabled:
To access the Device Configuration Policy from the Intune Home page:
Click Devices
Click Configuration profiles
Click Create profile
Select the platform (Windows 10 and later)
Select the profile (Administrative Templates)
Click Create
Enter a Name
Click Next
Configure the following Setting
Path: Computer Configuration\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Temporary Folders
Setting Name: Do not delete temp folders upon exit
Configuration: Disabled
Select OK
Continue through the Wizard to complete the creation of the profile (profile assignments, applicability etc.)
Note: More than one configuration setting from each of the Configuration profiles (ex: Administrative Templates, Custom etc.) can be added to each Device Configuration Policy.
Default Value:
Disabled. (Temporary folders are deleted when a user logs off.)