The Cloud Experience Everywhere

How does Azure approach VDI Security [4 Components]

83 percent of businesses say they’re at risk from security breaches because of the complexity of their business and IT operations [Citrix].

Despite this concern, many organisations still remain cautious about virtualising desktops and applications in the cloud.

There seems to be an inherent fear of cloud VDI (Virtual Desktop Infrastructure) security, when in reality, Microsoft and Citrix are developing some of the most robust security and identity management tools available.

However, Gartner are predicting that by 2019, 50 percent of new virtual desktop users will be deployed on DaaS (Desktop-as-a-service) platforms, changing the way employees access their desktops and applications.

So just how secure is Azure VDI?

What are the Biggest Threats in Workspace?

Before we go on to discuss VDI, let us first start with the workspace as a whole...

In today’s mobile, social, flexible world of work, traditional perimeter security is no longer enough. With new mobility, comes new threats to your desktops and data:

  • Threats to reputation – Data leaks are now front page news. Organisations need to be agile enough to implement effective breach response tactics and an architecture centred on regulatory compliance.
  • Everyday threats – Insider crime, user negligence, new kinds of attack (such as Ransomware), hacktivists, and criminal enterprises remain an ever-present threat. Where cybercriminals are constantly evolving their attacks, standing pat on outdated security is increasingly risky.
  • Special cases – While less common, nation states and industrial espionage can harm the integrity of larger enterprises and advocate a more holistic approach to security.

Cybersecurity is an Identity Crisis

Malicious insiders are responsible for 60 percent of cybersecurity attacks.

This statistic proves that burying your data behind firewalls will only get you so far. The new perimeter is identity and therefore your approach to desktop security should focus on sealing the access layer.

Taking this mantra to heart, both Microsoft and Citrix have begun rolling out technology that focuses on authentication and identity access management (IAM). Their aim is to combat those attempting to bypass traditional security measures and prevent them from gaining privileged access to mission-critical data.

Building these measures into Azure VDI has been the key to creating desktops that stand up to stringent regulations without affecting user productivity and mobility.

How does Azure Plug the Gaps in VDI Security Defences?

When it comes to shoring up virtual systems, IT staff note identifying vulnerabilities and strengthening remote access as two of the biggest tasks facing their department.

With a higher demand for workspace mobility, your security team now has the unenviable task of monitoring and patching a distributed range of assorted devices.


statistic_id709789_most-pressing-cyber-security-issues-according-to-infosec-professionals-worldwide-2017 (1)


IT security teams face increased pressure in tasks such as identifying vulnerabilities and strengthening remote access.

So, how are Azure and Citrix helping deliver secure desktops and applications without jeopardising employee freedom?

Here’s a breakdown of everything the two companies are doing to address this issue.

1. Network and Tenant Isolation

Hosting more than one tenant (customer) per server instance allows Microsoft to cut the price of its DaaS offering. While you may have to share resources with a few noisy neighbours, you also benefit from cheaper, more flexible retail space.

To ensure tenants don’t cross paths in the hall way, Azure VDI uses network and tenant isolationto keep customers segmented.

To regulate this segmentation, Microsoft extends Active Directory into the cloud, tethering each tenant to its own private directory. Tenants are also isolated from Azure’s own infrastructure, so, during the event of a breach, hackers won’t be able to springboard from one directory to the next.

2. Centralised Desktop Management

A major plus for Azure VDI is its focus on consolidated IT security. Since data, apps, and desktops sit in the same datacentre, you can monitor them all from one portal and implement patches and updates in minutes rather than days or weeks.

In a world where employees access corporate files from all manner of devices and locations, centralised management has become the holy grail of integrated IT.

Citrix has worked with Microsoft to ensure that their XenApp and XenDesktop services offer a single, unified point of desktop security.

3. Shedding Light on Shadow IT

By 2020, 35 percent of an organisation’s technology budget will be spent outside the IT department. This is the reality of shadow IT; one that is continuing to pose a challenge as digital transformation blossoms.

Instead of restricting the purchase of new applications and services, IT need a way of verifying those purchases. With Citrix on Azure, Microsoft has identified the importance of ensuring trusted users download trusted apps on trusted devices.

Solutions such as Cloud App Discovery are built with native security in mind. These services increase the visibility of user activity, making it easier to see exactly what your employees are subscribing to.

4. Intelligent Defences

Azure VDI takes advantage of Microsoft’s Intelligent Security Graph to keep track of all connected devices in your network. If your workforce is distributed across the globe, you can use a wide range of intelligence features to secure any device on which they access their desktop:

  • Real-time analysis of user risk – If an employee accesses their desktop from a new device, Azure VDI will automatically check their identity credentials and decide whether further authentication is necessary. Telemetry is sent in real-time, with Azure taking into account factors such as device compliancy, app authenticity, and physical location.
  • Data archiving and governance – Azure routinely backups and archives user data in the cloud, using geo-redundant storage. Since no data is ever stored on end-point devices, you don’t need to worry about lost, stolen or compromised PCs. You can manage all your backups from a centralised dashboard, even if they are spread across several Azure regions for compliance reasons.
  • Integrated identity management – For organisations using the hybrid cloud, Azure has created an integrated authentication and authorisation tool, available across both on-premises and cloud platforms. Employees are given a single identity to access both environments, making it easier to monitor their activity and grant/deny privileges.

The Citrix components of Azure VDI also integrate with these features, allowing you to access all your Azure VDI desktops through a XenDesktop module and eliminate the need to switch between workspaces.

Azure VDI Security best Practices

Despite the infrastructure assurances Microsoft can offer your organisation, it’s up to you to implement policies and setup Azure security features to ensure your desktops and applications are as secure as possible:

  • Setup Azure Active Directory authentication for all your apps
  • Force all incoming traffic over a HTTPS connection
  • Enforce file level data protection with Azure RMS
  • Setup VPN gateways for secure site-to-site connectivity
  • Protect your virtual machines with Azure Backup and Azure Site Recovery

You can find out more about these security measures in Microsoft’s Azure security whitepaper.

Committing to a New Model of VDI Security

Two out of three customers view Citrix as a vital part of their security architecture. For those using Microsoft Azure, the integration of XenApp and XenDesktop has brought peace of mind, as well as improved productivity and performance.

Microsoft’s shift to identity-centric VDI security and an integrated Citrix toolset is making it far simpler – and less intrusive - to manage and control access privileges across a range of environments, locations, and devices.

To find out how you can move to Azure VDI, check out some of the work we’ve done in the cloud workspace sector.

0 Kudos
About the Author


HPE Pointnext Services experts share their insights on the topics and technologies that matter most for your business.