A redirected biometric device can be isolated to a remote session. Such session level restrictions can be implemented using a filter driver that is layered on top of the device driver stack for the redirected biometric device. When a biometric device is redirected by a user to a remote session, the filter driver can obtain an identifier of the biometric device and maintain a mapping between the identifier and the session ID of the redirecting user's remote session. Then, when an application executing on the server attempts to enumerate biometric devices, a hooking component can inspect and modify the corresponding response to remove any biometric devices that are not redirected to the same user session in which the application is executing. In this way, the application will not be able to discover any biometric devices that are redirected to other user sessions.