Blog Post

Security, Compliance, and Identity Blog
2 MIN READ

First look at updates coming to Remote Desktop Services

TechCommunityAPIAdmin's avatar
TechCommunityAPIAdmin
Icon for Community Manager rankCommunity Manager
Sep 08, 2018

First published on CloudBlogs on Sep 20, 2017 by Enterprise Mobility + Security Team
Remote Desktop Services (RDS) allows you to access a remotely-hosted Windows desktop environment or application from almost any device. We’re extending the capabilities of RDS to offer more security, flexibility to run Windows apps on any device, and cloud-readiness with upcoming additions to the RDS platform.

 

This week, I join Simon May to explain and demonstrate the updates to RDS architecture and services. The RDS team has innovated in three key areas:

  1. Security: RDS-hosted environments can use authentication with Azure Active Directory – see how you get advantages like Conditional Access policies, Multifactor Authentication, Integrated authentication with other SaaS Apps using Azure AD, and the ability to get security signals from the Intelligent Security Graph. Moreover, by isolating the infrastructure roles (Gateway, Web, connection broker and others) from the desktop and app deployment hosts, we add another layer to separation for higher security of your virtualized environments.
  2. Cloud readiness: There are updates coming to infrastructure roles with innovations in the existing RD infrastructure roles – Web, Gateway, Connection Broker, Licensing – see how to take advantage of the elasticity and scale capabilities of Azure. Get a first look at the new Diagnostics role that helps you monitor your deployment effectively.
  3. Windows apps on ANY device: RDS has long had the flexibility to run on cross-platform desktop and mobile operating systems using apps, but we are now building support for HTML5 browser-delivered experiences. Of course, RDS works with Windows – even Windows 10 S – offering even more flexibility for how your apps and desktops are accessed.

To see these new capabilities for yourself, along with new cloud-integrated architectural options explained, check out the show. -Scott Manchester Principal Group Program Manager, Remote Desktop Services

Updated May 11, 2021
Version 6.0
  • The_Underlord's avatar
    The_Underlord
    Copper Contributor
    Dear Microsoft Regarding RDS, our pen testers highlighted that this uses TLSv1.0 which is now an insecure protocol and should be disabled, however, if you do this RDS breaks! You’d think MS would provide an update to mitigate this security risk but instead they state that this is expected as the connection broker depends on TLS 1.0 (https://support.microsoft.com/en-nz/help/4036954/disabling-tls1-0-can-cause-rds-connection-broker-or-rdms-to-fail) and the resolution options are: • Set up RDS without Connection Broker for a single server installation. • Do not disable TLS 1.0 on a single Connection Broker deployment. • Configure a high availability Connection Broker deployment that uses dedicated SQL Server. Microsoft - surely it is your responsibility to remove use of TLS v1.0 and replace with v1.2 to continue to make your product secure for your customers, instead of putting the onus on your customers to roll out a ha deployment solution at their own cost? Surely you can provide an update to mitigate this issue?