Share via

Request for Python and GitHub Desktop Access on VDI

Mukku Poojitha (PricewaterhouseCoopers Advisory) 0 Reputation points Microsoft External Staff
2026-04-21T10:18:33.5266667+00:00

We are working as a PwC vendor supporting Microsoft DLP initiatives and are currently developing automation on VDI. We’ve observed that downloading tools such as Python and GitHub Desktop is currently restricted.

For our automation work, we require access to Python (to be used within VS Code) and GitHub Desktop for version control and collaboration. We request that the necessary permissions be granted.

Windows for business | Windows Server | User experience | Licensing for Azure Virtual Desktop
0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Harry Phan 17,515 Reputation points Independent Advisor
    2026-04-21T13:27:46.1766667+00:00

    Hi Mukku,

    In your case, the restriction you’re seeing is enforced by Microsoft’s DLP policies applied to the VDI environment. Tools like Python installers and GitHub Desktop are being blocked because executables and developer utilities fall under restricted categories in the current policy baseline. To proceed, you’ll need to raise a formal exception request through the Microsoft DLP governance channel, specifying the business justification, the exact executables required (python.exe for the latest stable release and GitHubDesktopSetup.exe), and the intended use within VS Code for automation. Typically, exceptions are granted only after risk assessment and approval from the Information Security team, and they may require installation via a controlled software distribution mechanism rather than direct download. I recommend submitting the request with clear mapping to project deliverables under PwC’s vendor engagement, as this will help expedite approval. Without that exception, the restrictions cannot be bypassed.

    If the above response helps answer your question, please hit "Accept Answer" so that others in the community facing similar issues can easily find the solution. Your contribution is highly appreciated.

    Harry.

    0 comments
  2. Q&A Assist
    2026-04-21T10:18:48.03+00:00
    AI generated content. This question contains an answer created with AI from Q&A Assist. Learn more

    On a locked-down Azure Virtual Desktop (AVD) or other secured VDI, installation of tools like Python and GitHub Desktop is typically controlled through central management (for example, Intune and Company Portal) and security policy. The appropriate approach is:

    1. Route the request through the standard privileged-access / secure-workstation process
      • For secured or privileged workstations, local application installation is intentionally restricted. Applications must be delivered as managed apps via Intune/Company Portal.
      • Follow the organization’s existing process to request additional tools on the secure workstation (for example, via your internal security or endpoint management team). Reference that these tools are required for Microsoft DLP automation work and Git-based source control.
    2. Request Visual Studio Code and Python as managed applications
      • Visual Studio Code is explicitly called out as an allowed tool on secured workstations to connect to Azure DevOps or GitHub and manage code repositories.
      • The endpoint management team can package VS Code (and similarly Python) as Win32 apps and deploy them via Intune:
        • Download the offline installer (for example, Visual Studio Code for Windows 64-bit).
        • Use the Microsoft Win32 Content Prep Tool (IntuneWinAppUtil.exe) to convert the installer into .intunewin format.
        • Publish and assign the app to the appropriate secure workstation device/user groups (for example, the equivalent of a “Secure Workstation Users” group).
      • Python can be handled in the same way: packaged as a Win32 app and deployed only to the required secure groups.
    3. Request GitHub Desktop or an approved Git client
      • For source control, the security guidance recommends Git for managing source code and a simple branching strategy.
      • Ask that an approved Git client (GitHub Desktop or an alternative Git client, depending on policy) be packaged and deployed via Intune/Company Portal to the same secure group used for VS Code and Python.
    4. Align with AVD / platform DevOps standards
      • For AVD and other cloud-hosted environments, DevOps guidance already assumes Git-based source control and CI/CD (Azure DevOps or GitHub Actions). Position the request as enabling:
        • Local development and testing of automation on the VDI using Python in VS Code.
        • Git-based version control for scripts and infrastructure definitions.
      • Emphasize that repositories and projects should remain private unless company policy requires otherwise, and that access will be controlled via existing GitHub/Azure DevOps permissions.
    5. Keep security and least privilege in scope
      • Confirm that:
        • Only the minimum set of users (for example, the DLP automation team) receive these tools on VDI.
        • Repos remain private and access is restricted to authorized team members.
        • Any required GitHub/Azure DevOps service connections or tokens are managed securely (for example, via Azure Key Vault and pipeline variable groups if CI/CD is used).

    In practice, the concrete next step is to submit a formal request to the internal endpoint/security/AVD platform team, referencing the secure workstation pattern where VS Code is deployed via Intune, and asking that Python and GitHub Desktop (or an approved Git client) be added and assigned to the DLP automation VDI group.

    References:

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.