Remote Desktop app for WVD doesn’t work with WIP

*** Solution – ensure the WVD feed URL (e.g. http://rdweb.wvd.microsoft.com/webclient) is part of the appropriate definitions in your WIP network isolation configuration

image

When I tried to update the feeds on my Remote Desktop client on Windows 10 for use with the Spring release of WVD I was greeted with the above issue with Windows Information Protection. (WIP). I tried setting the Remote Desktop app (msrdcw.exe) to be a protected app in WIP and still had the same issue. Also tried setting to be an exempt app, but that also didn’t help-. Only disabling WIP seemed to allow me to refresh the feeds. Once you do this you can turn WIP back on if you need to.

Hopefully Microsoft will address this issue in upcoming releases of he Remote Desktop app for Windows 10. Until then, there doesn’t seem to be much option but disabling WIP.

13 thoughts on “Remote Desktop app for WVD doesn’t work with WIP

  1. Any update on this issue would be great. Looking to implement WIP since the company is working 100% remote.

    Like

      1. Can you confirm if you mean in network boundary as have already added in rdweb.wvd.microsoft.com. Do I need to change this or add anything else in or update something elsewhere?

        Like

      2. I am talking about network boundary in Application Protection Policy in Intune that you configure when you configure Windows Information Protection (WIP)

        Like

      3. That’s where I have added in rdweb.wvd.microsoft.com, but you stated *** Solution – ensure the WVD feed URL (e.g. http://rdweb.wvd.microsoft.com/webclient) is part of the appropriate definitions in your WIP network isolation configuration. So do I need to change the entry I have already added?

        Like

      4. A neutral resource is a URL that doesn’t have WIP applied effectively. A network resource is one that does. If you want the URL subject to WIP and thus only allowed by an ‘enlightended’ app, add it there. If you want WIP not to be applied to that URL so that both ‘enlightended’ and ‘unenlightended’ app can use it, add it to neutral resources.

        Like

  2. I am still not sure what you are saying to be done here. I have put both the rdweb.wvd.microsoft.com in cloud resource and also tried ..wvd.microsoft.com

    Like

    1. It is very easy to get the domains wrong and the boundaries wrong in the setup of app protection in Intune. thus, I suggest disabling WIP to configure and re-enabling when you have it working to solve the issue. Without digging into your configuration in more details I can’t really offer more than that, sorry. Getting network boundaries and right and exceptions is tricky at times.

      Like

  3. im testing version 1.2.1672.0 Remote Desktop and having the WIP conflict. Anyone seen the same thing?

    I have tried to exempt the MSRDCW.EXE and MSRDC.EXE completely but they are still recognized at ‘personal’ apps on the endpoint client. Also added .wvd.microsoft.com as a cloud resources in the network boundaries.

    Any ideas?

    Like

    1. This is how I got mine to work:
      Created 2 entries in Targeted apps:
      Name product name type publisher file Min ver
      msrdcw * Desktop App O=….. msrdcw.exe *
      msrdc * Desktop App O=….. msrdc *

      Then in Network perimeter I added:
      cloud resources value = rdweb.wvd.microsoft.com

      You can check if the policy works by going to the test computer and opening task manager.
      Click the details tab
      Right click on the status tab or any tab and select “select columns” pick “Enterprise Context”.
      You should now be able to see if the 2 apps ( msrdcw and msrdc) switched from personal to Company owned. I had to do the sync from the company portal app a couple of times to see the apps switch.
      Hope this helps somebody, as it took me way to long to figure this out.

      Liked by 1 person

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s