Clipboard Controls for Browser-Based RDP

Cloudflare Access now includes clipboard controls for browser-based RDP sessions, giving administrators fine-grained control over data transfer between users' local machines and remote Windows servers.

Configuration Options

The feature provides two independent clipboard policies that can be configured per Access application:

• Local to Remote — Allow or deny users copying/pasting text from their local machine into the browser-based RDP session
• Remote to Local — Allow or deny users copying/pasting text from the RDP session back to their local machine

By default, both directions are denied for new policies, with existing Access applications preserving current behavior for backward compatibility.

Security & Use Cases

This capability is particularly valuable for organizations supporting bring-your-own-device (BYOD) policies or working with third-party contractors on unmanaged devices. By restricting clipboard access, organizations can prevent sensitive data from being transferred out of the remote session to personal devices.

When users attempt a restricted clipboard action, the clipboard content is replaced with an error message indicating the action is not allowed.

Getting Started

Clipboard controls are configured within individual Access policies in the Cloudflare One dashboard. For detailed configuration guidance, see the Clipboard controls documentation.