Step by step guide to Disable or Enable Drive Redirection in AVD Session Host with Intune

In March 2025, we saw massive improvement in AVD Drive Redirection Performance.

What is this improvement?

When a user opens or lists the contents of a redirected drive, the remote session enumerates files and folders of the current directory. If you have a large number of files and folders on the redirected drives, the enumeration process can take a long time and impact the performance of the remote session. For session hosts running Windows 11 24H2, Microsoft has improved the performance of enumerating files and folders on redirected drives, and drive redirection is greatly improved. To improve your performance, you need to configure your session hosts or you can do it with Intune.

In today’s article I will show you how you can disable or enable the drive redirection with a Policy in Intune.

Prerequisites

Before configuring drive redirection, ensure the following requirements are met:

• You have an existing host pool with active session hosts.
• A Microsoft Entra ID account is assigned at minimum the Desktop Virtualization Host Pool Contributor built-in role on the host pool (using role-based access control – RBAC).
• Each drive intended for redirection must have an assigned drive letter on the local device.
• If testing with a removable drive, ensure it is properly connected to the local device.

For Microsoft Intune Configuration:

• A Microsoft Entra ID account assigned the Policy and Profile Manager built-in RBAC role.
• A group that contains the target devices for configuration.

For Group Policy Configuration:

• A domain account with permissions to create or edit Group Policy Objects (GPOs).
• A security group or Organizational Unit (OU) containing the target devices.

Additionally, you must connect to the remote session using a supported application and platform. To check drive redirection support, refer to:

• Compare Windows App features across platforms and devices
• Compare Remote Desktop app features across platforms and devices

Configure drive redirection

Configuration of a session host using Microsoft Intune or Group Policy, or setting an RDP property on a host pool governs the ability to redirect drives from a local device to a remote session, which is subject to a priority order.

The default configuration is:

• Windows operating system: Drive and storage redirection isn’t blocked.
• Azure Virtual Desktop host pool RDP properties: All drives are redirected from the local device to a remote session, including ones that are connected later.
• Resultant default behavior: All drives are redirected from the local device to a remote session, including ones that are connected later.

Configure drive redirection using Microsoft Intune or Group Policy

In the above image it’s shown that the drive redirection is already enabled. In this case my AVD Session Host is Entra ID joined, and I am going to disable this drive redirection with the implementation of an Intune Policy.

In the first step I will create a security group In Entra ID, to do this please follow the below steps.

1. Go to the Microsoft Entra admin center
   • Open your browser and navigate to https://entra.microsoft.com.
   • Sign in with an account that has the Global Administrator or Groups Administrator role.
2. Access Microsoft Entra ID
   • In the left-hand navigation pane, click on “Microsoft Entra ID”.
3. Navigate to Groups
   • Under Manage, select “Groups”.
4. Create a New Group
   • Click the “+ New group” button at the top.

1. Fill in Group Details
   • Group type: Select Security.
   • Group name: Enter a name for your group (e.g., WVD-Users-SG).
   • Group description: (Optional) Provide a meaningful description of the group’s purpose.
   • Membership type:
     • Assigned – You manually add members.
     • Dynamic User – Automatically add users based on rules.
     • Dynamic Device – Automatically add devices based on rules.
   • Choose Assigned for manual control over group membership.
2. Add Members (for Assigned groups)
   • Click “No members selected”.
   • Use the search field to find users or devices.
   • Select members, then click “Select” to confirm.

1. Create the Group
   • After reviewing all settings, click “Create”.

1. Verify the Group
   • You’ll be redirected back to the Groups page.
   • The newly created group should now appear in the list.
   • Click on the group to view or manage its members, ownership, and settings

Now, Sign in to the Microsoft Intune admin center.

1. Create or edit a configuration profile for Windows 10 and later devices, with the Settings catalog profile type.

1. Create or edit a configuration profile for Windows 10 and later devices, with the Settings catalog profile type.

1. In the settings picker, browse to Administrative templates > Windows Components > Remote Desktop Services > Remote Desktop Session Host > Device and Resource Redirection.

1. Check the box for Do not allow drive redirection, then close the settings picker.
2. Expand the Administrative templates category, then toggle the switch for Do not allow drive redirection to Enabled or Disabled, depending on your requirements: To allow drive redirection, toggle the switch to Disabled. To disable drive redirection, toggle the switch to Enabled.

1. Select Next.
2. Optional: On the Scope tags tab, select a scope tag to filter the profile. For more information about scope tags, see Use role-based access control (RBAC) and scope tags for distributed IT.

1. On the Assignments tab, select the group containing the computers providing a remote session you want to configure, then select Next.

1. On the Review + create tab, review the settings, then select Create.

1. Once the policy applies to the computers providing a remote session, restart them for the settings to take effect
   
   
   

Once Restart of the AVD session host is completed it should show like this in the explorer that means drive re direction has been stopped.

You should be able to see this in Applied Policy List as shown below.

To Test this, you can run the below PowerShell script. You need to Login to the VM and need to run the below script which I have uploaded in my GitHub Portal.

Purpose of the Script

This PowerShell script is designed to:

Identify and list all local drives or folders that have been redirected into a Remote Desktop session.

Context & Use Case of the Script.

When users connect to a remote computer using Remote Desktop (RDP), they often choose to redirect local drives (e.g., C:, D:, USB drives) so they appear within the remote session. These redirected drives are registered in the Windows Registry under CLSID entries with the label:

“Drive or folder redirected using Remote Desktop”

This script scans the Windows Registry to:

1. Find all CLSID registry entries that match this redirection label.
2. Extract the default values from those entries, which typically contain the names of the redirected drives.
3. Display the list of redirected drives currently available in the remote session.

Click Here for the Github Link.

That’s all for today; thanks for reading.