Securing Cloud Pcs And Azure Virtual Desktop [work] -

The CISO read the log. “What’s the lesson for the board?”

Because if you can access a virtual desktop from a beach in Bali, so can a threat actor—if they steal the right key.

“You’ll lose your malware, too,” Marta replied. “FSLogix will roam your profile. Your apps will be in the image. But the ghost? The ghost dies every night.” securing cloud pcs and azure virtual desktop

She showed him the log: A single API call to the AVD management plane, executed with stolen credentials. The call changed the assignment of a developer’s Cloud PC from “User A” to “Attacker B.” Then, the attacker launched a new session. No brute force. No malware. Just a misconfigured Azure RBAC role.

The attack had a name now: Midnight Proxy . The CISO read the log

The forensics team traced the ghost sessions back to a compromised managed identity. Someone had phished a helpdesk admin, stole a service principal’s secret, and used it to register a malicious device to the company’s Entra ID.

This was the nuclear option. She rebuilt the Azure Compute Gallery. Instead of persistent Cloud PCs that lived for months, she deployed multi-session AVD pools with Ephemeral OS disks . Every time a user signed out, their entire Cloud PC was destroyed and rebuilt from a fresh, immutable gold image. “FSLogix will roam your profile

“If we don’t lock down the control plane, yes,” Marta said. “The Cloud PC is a ghost. You can’t handcuff a ghost. You have to lock the séance room.”