Too Long Didn’t Read: Whilst generally a good service that offers flexibilities and cost savings (in some scenarios), WVD has a number of quirks to be aware of, including that if a capable attacker gets on your user’s personal device, they can access WVD as that user. Service is improving all the time, but still has rough edges.
Introduction
I have been involved in deploying Windows Virtual Desktops (WVD) for access to corporate resources from personal devices. As a relatively new service there wasn’t much written about WVD and so I’m writing up the experiences. This is generally intended for people in security leadership positions, internal security or IT staff, and pentesters.
WVD is Microsoft’s service for cloud delivery of a VM. Think completely cloud hosted Citrix. VMs have to run in Azure and users access it either through an updated version of MS’ Remote Desktop (RDP) client or through a browser. It is still early days for the service and feels a lot like MS took on-prem RDS and put it in the cloud for the “Azure Bastion” service (that offers SSH or RDP through a client or browser) and then rejigged it to be for mass consumption of VMs. That comes with some side effects, discussed later.
This can be a highly flexible and even cost-effective way of providing access to end users, however, how hard is it to secure?
I will structure this article in terms of the user experience: starting from their host, connecting through WVD to a VM, and then accessing the corp resources. I also cover Pentesting and Monitoring, before closing with my desires for how the service might evolve.
Client
Users can access WVD through either an installed client or through a browser. Clients are available for windows or MacOS and I have my suspicions that a small part of the motivation to release Edge browser for Linux is to provide a more reliable Linux WVD experience without needing to release a full client.
Pivoting — The primary issue on the client is that testing confirmed that if an attacker has compromised a client, they can pivot into WVD as the user, after the user has logged in. I.e., the attacker can bypass password and multifactor checks. For browsers this is as simple as stealing session cookies. For the client it is harder but still possible. WVD doesn’t allow a user to be logged into 2 VMs at once, so an attacker would need to wait for user to log off. An attack would therefore look like at least one “normal” session, followed by a “suspicious” session.
Client Validation — So, if an attacker can pivot through a user’s device, how likely is it that device will be compromised? Generally, user’s machines have weaker controls than corporate devices, and users are more likely to do risky behaviour (downloading pirated games etc) from them.
This means the chance of malware is much higher, however malware is very likely to be generic spambots, ransomware etc and the operators may not realise they have compromised a host with onward access. Ryuk was seen to be searching hosts for files of interest to flag hosts, however with WVD there shouldn’t be such files on the user’s system.
There is a small chance that if the malware was scraping passwords and usernames it might flag to the operators. The more likely scenario is that an attacker targets an employee through personal channels (email, Facebook, LinkedIn), having established their identity through OSINT such as LinkedIn hunting. This threat model only applies to organisations where attackers care enough to do that to compromise an employee.
It is possible to use InTune to assess compliance to policies such as having an AV, being patched etc. However, there are some caveats. Users need to install Intune and register their devices to Azure. Intune is technically able to exert control over devices, and as Windows lacks a permissions model like Android/iOS, you are “An Azure Admin clicks the wrong group” away from accidentally applying policies, pushing software down, or even wiping users’ personal devices. That’s quite a lot of risk.
InTune is also limited in MacOS and Linux support. As such it’s hard to say that Windows users must have robust controls and Linux do not. There is an argument about likelihood of malware on different OS but I feel as targeted attacks more relevant here than mass attacks, that argument has less weight.
Pollution of user’s OS — An issue with the client, that emerges from it being the standard Remote Desktop Client, is that it bakes into the user’s OS more than you might expect. In some conditions, logging into WVD would then cause other MS software, such as Word, to start showing corporate resources in the “Save and Open” locations. I.e., the corporate SharePoint and OneDrive appears as options. Hopefully you have conditional access policies that then prevent the users opening corp onedrive documents from their personal device but this can spook users. It can be removed by going to “Work or school” in Start Menu and clicking “remove work account”.
Accessing WVD
This is a simple part of the process, and there is not too much to say except ensure conditional access policies are correct. This may be the first time you’re allowing personal devices to access M365 resources, or you may be building on allowing mobile devices. Either way, check you aren’t making mistakes such as inadvertently allowing users to use personal PCs to save documents from corporate SharePoint. That way breaches lie…
All previous guidance from organisations like NCSC applies here, you want at a minimum to be enforcing robust multifactor as well. Ensure you’ve chosen the security settings you want from WVD too, such as denying copy/paste from WVD to the host.
The Virtual Machines
The most difficult part of securing WVD is the VMs themselves. Maintaining images is not trivial and will require thought. Whilst it is possible to snapshot an image, then open the master image and update if requires you to do it manually easy time which introduces risk of error. People therefore tend to rebuild images each time and there are 3 rough approaches to doing so:
- the easiest way is that each revision, to rebuild the image by hand from the marketplace images. This takes time and is vulnerably to steps being missed, you need a good testing process to ensure that the builder didn’t forget to install something.
- You can script the creation, this is more reliable, but you need someone to own and maintain those scripts.
- You can maintain images on prem and ship them into the cloud. If you already have the capability for this it might be easier but can be as difficult.
As such you want to ensure that images:
- Are built to your corp policies.
- Don’t give users admin privileges, as multiple users will be on the same host, making attacking other users possible.
- Haven’t had stages missed on most recent build.
- Are being patched and updated, particularly in response to critical or exploited vulnerabilities. Whilst Microsoft can be assumed to be patching WVD itself, all classic Citrix/RDS controls apply here.
Network Considerations — You may want to consider using an Azure Firewall to control inbound and outbound traffic. Whilst it won’t provide a full proxy (see below) it will provide a point of logging and control. It will also let you allow applications that don’t work well through proxies (like Skype and Teams) direct access to the internet.
Many organisations require browsing to go through a content proxy. Browsing from WVD sessions can be directed through a cloud web proxy, however if you’re using profile syncing, you might get breaking TLS issues when a user logs into a different VM than the one they first accessed an HTTPS site with.
An alternative to a web proxy would be to use Defender-ATP’s web browsing controls, which are still in early stages of maturity, but may help avoid forcing a proxy into a cloud native solution.
You may also have on premises applications, or applications that use IP allowlisting. Two solutions are either to use AppProxy (which can be configured to point at external sites, therefore avoiding allowlisting issues) or to build your own proxy on prem and VPN back from Azure, and use an Azure Firewall to route appropriately.
Security Testing
Generally, you want to be doing a configuration review of:
- Conditional Access Policies
- WVD settings
- VM configuration
It’s also crucial to review policy in crucial areas:
- Data protection — is data being exposed, are users aware what this means for them etc.
- Image builds and verification.
- Browsing / acceptable use
- Working from home guidance
- Can/Should users now report security issues on personal devices? If so, what is a proper response. Until we clarified we had a small number of users worried that using this service might open them up to their personal computers being “seized” if there was malware.
Monitoring
Monitoring is reasonably good, as WVD uses mostly existing Azure primatives. Initial logins or attempts are captured by Azure Active Directory and surfaced in Sentinel, Log Analytics, MTP. It can be set to deny access when a user is “risky” or comes from an unexpected country. There is a debate to be had here, in that a capable attacker will realise from the “you can’t get there from here” message that it was network location leading them to be blocked and choose to pivot through a UK VM/VPN. Alerting rather than blocking may be more fruitful.
MS recently enabled Defender ATP to work on multi-user Win10 systems (Ie WVD) and so you can use Defender ATP to check the hosts for suspicious behaviour and threat hunt on them.
LogAnalytics/Sentinel, MCAS, and MTP can fill in what a user did once logged in.
My hopes for the service
Overall WVD is good, and certainly in lockdown times was a great way to get access to corporate resources for personal devices. As it matures, I could even see it becoming a primary method for providing end user work environments. The security separation is good and prevents documents ending up on user’s machines uncontrolled, whilst the risk of an attacker pivoting is unavoidable sadly.
My main gripes are that it is a service that feels like an early version. Examples: it was only in the last few months that the ability to do Teams calls was added, or for defender ATP to cope with multiuser win 10 systems. The benefit is that it’s improving all the time but there are the two things I hope improve sooner.
Client — The client should not be the remote desktop client, it’s a different use case. It should be a standalone application that has no other hooks into the OS but can attest as to the current controls on the device. It should be available on Win, MacOS and Linux.
Image Management — It still feels that creating and maintaining images is too manual or requires custom scripts. WVD is being positioned as a 1st tier user access pattern and so I’m hoping Microsoft find a way to make this slicker.
