Securing Cloud Pcs And Azure Virtual Desktop Today

“They’re not breaking the glass,” Marta explained to the CISO the next morning. “They’re walking through the front door wearing our uniform.”

Marta smiled. “The cloud isn’t a castle. It’s a river. You can’t build walls. You have to control the flow of trust. Secure the identity. Lock the control plane. And never, ever let the ghost sleep in the gold image.”

A Security Architect’s Diary

Reason: Device not compliant. Sign-in risk: Medium.

The CISO went pale. “So they can just… reassign a computer to themselves?” securing cloud pcs and azure virtual desktop

Frustrated, the attacker pivoted. They tried to deploy a new session host directly via the Azure API. But Marta had locked down the with Azure Privileged Identity Management (PIM) . You couldn’t spin up a host without a time-bound, approved, audited elevation request.

Marta implemented what she called the Three Locks of Aether . “They’re not breaking the glass,” Marta explained to

Marta pulled up a diagram. The AVD architecture was a Rube Goldberg machine of trust.