Configure serial or COM port redirection over the Remote Desktop Protocol
Tip
This article is shared for services and products that use the Remote Desktop Protocol (RDP) to provide remote access to Windows desktops and apps.
Select a product using the buttons at the top of this article to show the relevant content.
You can configure the redirection behavior of serial or COM ports between a local device and a remote session over the Remote Desktop Protocol (RDP).
For Azure Virtual Desktop, we recommend you enable serial or COM port redirection on your session hosts using Microsoft Intune or Group Policy, then control redirection using the host pool RDP properties.
For Windows 365, you can configure your Cloud PCs using Microsoft Intune or Group Policy.
For Microsoft Dev Box, you can configure your dev boxes using Microsoft Intune or Group Policy.
This article provides information about the supported redirection methods and how to configure the redirection behavior serial or COM ports. To learn more about how redirection works, see Redirection over the Remote Desktop Protocol.
Prerequisites
Before you can configure serial or COM port redirection, you need:
An existing host pool with session hosts.
A Microsoft Entra ID account that is assigned the Desktop Virtualization Host Pool Contributor built-in role-based access control (RBAC) roles on the host pool as a minimum.
- An existing Cloud PC.
- An existing dev box.
A serial or COM port on a local device and a peripheral that connects to the port. Serial or COM port redirection uses opaque low-level redirection, so drivers need to be installed in the remote session for the peripheral to function correctly.
To configure Microsoft Intune, you need:
- Microsoft Entra ID account that is assigned the Policy and Profile manager built-in RBAC role.
- A group containing the devices you want to configure.
To configure Group Policy, you need:
- A domain account that has permission to create or edit Group Policy objects.
- A security group or organizational unit (OU) containing the devices you want to configure.
You need to connect to a remote session from a supported app and platform. To view redirection support in Windows App and the Remote Desktop app, see Compare Windows App features across platforms and devices and Compare Remote Desktop app features across platforms and devices.
Serial or COM port redirection
Configuration of a session host using Microsoft Intune or Group Policy, or setting an RDP property on a host pool governs the ability to redirect serial or COM ports from the local device to the remote session, which is subject to a priority order.
The default configuration is:
- Windows operating system: Serial or COM port redirection isn't blocked.
- Azure Virtual Desktop host pool RDP properties: Serial or COM ports are redirected from the local device to the remote session.
- Resultant default behavior: Serial or COM ports are redirected from the local device to the remote session.
Important
Take care when configuring redirection settings as the most restrictive setting is the resultant behavior. For example, if you disable serial or COM port redirection on a session host with Microsoft Intune or Group Policy, but enable it with the host pool RDP property, redirection is disabled.
Configuration of a Cloud PC governs the ability to redirect the serial or COM ports from the local device to the remote session, and is set using Microsoft Intune or Group Policy.
The default configuration is:
- Windows operating system: Serial or COM port redirection isn't blocked.
- Windows 365: Serial or COM ports are redirected from the local device to the remote session.
- Resultant default behavior: Serial or COM ports are redirected from the local device to the remote session.
Configuration of a dev box governs the ability to redirect Serial or COM port from the local device to the remote session, and is set using Microsoft Intune or Group Policy.
The default configuration is:
- Windows operating system: Serial or COM port redirection isn't blocked.
- Microsoft Dev Box: Serial or COM ports are redirected from the local device to the remote session.
- Resultant default behavior: Serial or COM ports are redirected from the local device to the remote session.
Configure serial or COM port redirection using host pool RDP properties
The Azure Virtual Desktop host pool setting COM ports redirection controls whether to redirect the serial or COM ports between the remote session and the local device. The corresponding RDP property is redirectcomports:i:<value>
. For more information, see Supported RDP properties.
To configure serial or COM port redirection using host pool RDP properties:
Sign in to the Azure portal.
In the search bar, type Azure Virtual Desktop and select the matching service entry.
Select Host pools, then select the host pool you want to configure.
Select RDP Properties, then select Device redirection.
For COM ports redirection, select the drop-down list, then select one of the following options:
- COM ports on the local computer are not available in the remote session
- COM ports on the local computer are available in the remote session (default)
- Not configured
Select Save.
Configure serial or COM port redirection using Microsoft Intune or Group Policy
Configure serial or COM port redirection using Microsoft Intune or Group Policy
Select the relevant tab for your scenario.
To allow or disable serial or COM port redirection using Microsoft Intune:
Sign in to the Microsoft Intune admin center.
Create or edit a configuration profile for Windows 10 and later devices, with the Settings catalog profile type.
In the settings picker, browse to Administrative templates > Windows Components > Remote Desktop Services > Remote Desktop Session Host > Device and Resource Redirection.
Check the box for Do not allow COM port redirection, then close the settings picker.
Expand the Administrative templates category, then toggle the switch for Do not allow COM port redirection to Enabled or Disabled, depending on your requirements:
To allow serial or COM port redirection, toggle the switch to Disabled.
To disable serial or COM port redirection, toggle the switch to Enabled.
Select Next.
Optional: On the Scope tags tab, select a scope tag to filter the profile. For more information about scope tags, see Use role-based access control (RBAC) and scope tags for distributed IT.
On the Assignments tab, select the group containing the computers providing a remote session you want to configure, then select Next.
On the Review + create tab, review the settings, then select Create.
Once the policy applies to the computers providing a remote session, restart them for the settings to take effect.
Test serial or COM port redirection
When using serial or COM port redirection, consider the following behavior:
Drivers for redirected peripherals connected to a serial or COM port need to be installed in the remote session using the same process as the local device. Ensure that Windows Update is enabled in the remote session, or that drivers are available for the peripheral.
Opaque low-level redirection is designed for LAN connections; with higher latency, some peripherals connected to a serial or COM port might not function properly, or the user experience might not suitable.
Peripherals connected to a serial or COM port aren't available on the local device locally while it's redirected to the remote session.
Peripherals connected to a serial or COM port can only be used in one remote session at a time.
Serial or COM port redirection is only available from a local Windows device.
To test serial or COM port redirection from a local Windows device:
Plug in the supported peripherals you want to use in a remote session to a serial or COM port.
Connect to a remote session using Window App or the Remote Desktop app on a platform that supports drive redirection. For more information, see Compare Windows App features across platforms and devices and Compare Remote Desktop app features across platforms and devices.
Check the device is functioning correctly in the remote session. As serial or COM ports are redirected using opaque low-level redirection, the correct driver needs to be installed in the remote session, which you need to do if it's not installed automatically.
Here are some ways to check the USB peripherals are available in the remote session, depending on the permission you have in the remote session:
Open Device Manager in the remote session from the start menu, or run
devmgmt.msc
from the command line. Check the redirected peripherals appear in the expected device category and don't show any errors.Open a Command Prompt or PowerShell prompt on both the local device and in the remote session, then run the following command in both locations. This command shows the serial or COM ports available locally and enable you to verify that they're available in the remote session.
chgport
The output is similar to the following example:
On the local device:
COM3 = \Device\Serial0 COM4 = \Device\Serial1
In the remote session:
COM3 = \Device\RdpDrPort\;COM3:2\tsclient\COM3 COM4 = \Device\RdpDrPort\;COM4:2\tsclient\COM4
Once the peripherals are redirected and functioning correctly, you can use them as you would on a local device.