A while ago, I showed you how to enable RemoteFX USB Redirection for your Windows 365 CloudPCs using Intune: https://mikemdm.de/2025/01/05/enable-remotefx-usb-redirection-for-avd-or-windows-365-using-intune/
Generic devices
While this works fine for most USB Devices like your USB Floppy:
When working with strange / special devices, you will notice quickly that not all devices seem to be available to be redirected. Microsoft lists a group of devices that may not be available: Some USB devices are not available
- Printer
- Audio Recording/Playback
- Mass Storage Device (examples include hard drives, CD/DVD-RW drives, flash drives, and memory card readers)
- Smart Card Reader
- PTP Camera
- MTP Media Player
- Apple iPod/iPod Touch/iPhone/iPad
- Blackberry PDA
- Windows Mobile PDA
- Network Adapter
For Ethernet Connections I have built a Solution that will use a dynamic channel of the RDP protocol to create a VPN Tunnel through RDP: https://mikemdm.de/2025/12/07/windows-365-rdp-ethernet-redirection/
Other devices
What can we do, if we need to redirect a device that is not shown? Fortunately, Microsoft describes a way to override this “pre-selection” using device GUIDs in the registry. Be aware that for most of these devices there is a reason why you should not redirect them, but there are situations where the benefits outweigh the risks in my opinion.
USB Ethernet Adapters
Even though we have a cool Ethernet Redirection available, there can still be a reason to redirect a whole USB Ethernet Adapter. For example, if you need to access devices that are not talking TCP/IP or need some L2 Discovery like lldp, which cannot be routed through a L3 VPN Tunnel. We can allow these devices by adding the GUID {CAC88484-7515-4C03-82E6-71A87ABAC361} to the allow list.
With that in place, we will see our USB Ethernet Adapter in the list of available devices:
One thing to keep in mind, when allowing USB Ethernet Adapters to be redirected is, since Windows 365 will automatically redirect all available devices by default, you should not be connected to the internet through a USB Ethernet Adapter, as you will cut the tree that you are sitting on…
SD/CF-Cards
One other category that I was asked to test, were SD or CF Cards. While there are a lot better options to share files, there are situations where you need raw access to a SD or CF card from within our CloudPC, e.g. when the software writing a bootable image to the card, is only available on our CloudPC. To allow these devices we need this GUID {53F56307-B6BF-11D0-94F2-00A0C91EFB8B} in the allow list:
Don’t expect any performance as the USB protocol was never meant to be delivered over more than a few meters, and not routed through the internet, but if needed it works for me:
PowerShell GUI
One real cool thing about this list is, it is evaluated live without the need to re-establish the RDP connection, meaning we can add and remove GUIDs on the fly. To make it easier for the user, I created a simple PowerShell sample for the USB Ethernet Redirection, which will allow the user to add and remove the GUID for that on-demand. Check out my GitHub if you are interested: Scripts/RemoteFX/RemoteFX USB Ethernet Redirection.ps1 at main · mmeierm/Scripts
Conclusion
While there a for sure good reasons not to redirect these devices by default, there are times and situations where the benefits outweigh the risks and then it’s good to know that there are options to override the default behavior and allow these devices to be available in our CloudPCs.
Leave a Reply