The Windows Microsoft Remote Desktop Policy allows administrators to control whether users can remotely connect to their Windows devices using Microsoft Remote Desktop Services (RDS).
This policy is applicable to both BYOD and corporate-owned Windows 10+ devices.
Enabling or restricting Remote Desktop can be critical for security, IT support workflows, and corporate compliance requirements.
Requirements
Windows 10 or later
Overview
Remote Desktop Services (RDS) allow users or IT administrators to access a Windows machine remotely.
This capability is useful for:
Remote IT troubleshooting
Remote work and hybrid access
Administrative access to servers or workstations
Secure access to corporate resources through VPN or other protected channels
However, Remote Desktop can also introduce security risks if misconfigured.
The Windows Microsoft Remote Desktop Policy provides a simple MDM-based control to enforce your organization's preferred setting.
Configurable Settings
Allow Users To Connect Remotely
Controls whether users can connect to the device via Remote Desktop.
Setting | Behavior |
True | Remote Desktop is enabled. Users can connect using RDP clients. |
False | Remote Desktop is disabled. Remote connections are blocked. |
What happens when Remote Desktop is enabled?
The device allows inbound RDP connections
IT or authorized users may connect for support
Remote Desktop applications (e.g., Microsoft Remote Desktop, mstsc.exe) can connect
Network-level authentication (NLA) may still apply, depending on the system
What happens when Remote Desktop is disabled?
The device blocks remote RDP connections
Remote support via RDP is not possible
Users must rely on alternative remote support tools (e.g., Splashtop, Intune Remote Help, TeamViewer)
Security Considerations
Enabling Remote Desktop should be done carefully. Best practices include:
Require VPN or secure tunnel access before allowing RDP
Use strong authentication (NLA recommended)
Restrict RDP to trusted IP ranges
Enable firewall controls
Use Conditional Access or network segmentation
Disable RDP on high-security or sensitive systems unless absolutely necessary
Integrating this policy with other Swif.ai Windows policies helps maintain compliance and reduce risk.
When to Use This Policy
Enable Remote Desktop if:
IT needs remote access for troubleshooting
Users require remote workstation access for productivity
You have a secure network and identity environment
Disable Remote Desktop if:
Devices are high-security endpoints
Users do not need remote console access
Your compliance framework restricts remote protocol usage
You rely exclusively on alternative remote support solutions
How to Configure
Open the Swif Admin Console
Navigate to Policies β Create New Policy
Select Windows Microsoft Remote Desktop Policy
Set Allow Users To Connect Remotely to True or False
Click Continue
Assign to devices or device groups
Save and apply
Devices will enforce the setting during their next MDM sync.
Troubleshooting
Remote Desktop remains disabled
Confirm the device is running Windows 10+
Ensure there is no conflicting GPO or security configuration blocking RDP
Reboot the device to apply system-level changes
Users still cannot connect even when enabled
Possible causes include:
Firewall rules blocking RDP (TCP port 3389)
Network-level authentication (NLA) requirements
VPN not connected
Credential restrictions
Licensing requirements in Windows editions (Home edition does not accept inbound RDP connections)
RDP works but performance is poor
Check network latency
Confirm the device is not in a low-power/standby state
Ensure VPN or QoS policies are not throttling traffic