Blog Post

Windows IT Pro Blog
4 MIN READ

Announcing General Availability of RDP Shortpath Configuration via GPO and Microsoft Intune

Rinku_Dalwani's avatar
Rinku_Dalwani
Icon for Microsoft rankMicrosoft
Jan 28, 2026

We are pleased to announce the general availability (GA) of centralized RDP Shortpath configuration using Microsoft Intune and Group Policy (GPO).

This update gives IT administrators a unified, policy-driven way to control which RDP Shortpath modes (Managed, Public/STUN, Public/TURN) are enabled across Azure Virtual Desktop (AVD) session hosts and Windows 365 Cloud PCs. These Shortpath controls now map directly to registry-backed policies, so IT admins can easily maintain consistent behavior across large or distributed environments.

RDP Shortpath provides multiple optimized UDP-based transport paths—Managed, Public/STUN, and Public/TURN—that improve connection performance and reliability across diverse network environments. These options collectively form the RDP Shortpath feature set, and we recommend keeping them all enabled so the best path can be selected automatically. However, if your organization requires stricter control—for example, disabling STUN based traversal to ensure traffic flows only through TURN’s dedicated port and subnet—admins now have the policy-driven flexibility to do so through centralized configuration.

Organizations using Windows 365 and AVD have asked for stronger policy-governed control over Shortpath behavior—especially as network environments grow more complex. With this release, admins:

  • No longer need per-host manual configuration.
  • Gain predictable, enforced behavior across managed devices.
  • Can centrally govern Shortpath modes based on security, NAT topology, or network readiness.

This release brings Shortpath into the same modern management motion that customers already use for Windows configuration, compliance, and security.

Benefits of centralized Shortpath configuration

Unified policy management across AVD and Windows 365

Admins can centrally control all three Shortpath modes through GPO or Intune, which directly writes the relevant registry-backed configuration on each session host. This ensures consistent and governed behavior across all devices.

Operates in addition to AVD host pool configuration

For Azure Virtual Desktop, these GPO and Intune configurations act in addition to host pool network settings. This gives admins an extra layer of control at the session host level. When both host pool settings and policies are configured, the session-host policy takes precedence, ensuring deterministic behavior. This layering model is reinforced in internal discussions where session host configuration remained necessary in cases such as enabling UDP listener paths.

 

 

Configuring RDP Shortpath using Intune

To enable the RDP Shortpath listener on your session hosts using Microsoft Intune:

 

  1. Sign in to the Microsoft Intune admin center.

  2. Create or edit a configuration profile  for Windows 10 and later devices, with the Settings catalog profile type.

  3. In the settings picker, browse to Administrative templates > Windows Components > Remote Desktop Services > Remote Desktop Session Host > Azure Virtual Desktop > RDP Shortpath.

  4. Expand the Administrative Templates category.

  5. For each RDP Shortpath type, toggle the setting to Enabled or Disabled.

    1. Enabled or Not Configured: The connection will attempt to use the specified network path.

    2. Disabled: The connection will not use this network path.

    3. Available RDP Shortpath types:

      1. RDP Shortpath for managed networks using NAT traversal

      2. RDP Shortpath for public networks using NAT traversal

      3. RDP Shortpath for public networks using Relay (TURN)

  6. Select Next.

  7. Optional: On the Scope tags tab, select a scope tag to filter the profile. For more information about scope tags, see Use role-based access control (RBAC) and scope tags for distributed IT. 

  8. On the Assignments tab, select the group containing the computers providing a remote session you want to configure, then select Next. 

  9. On the Review + create tab, review the settings, then select Create.

  10. Once the policy applies to the computers providing a remote session, restart them for the settings to take effect. 

Configuring RDP Shortpath using Group Policy (GPO) in an Active Directory domain

To configure the RDP Shortpath using Group Policy in an Active Directory domain: 

  1. Make the administrative template for Azure Virtual Desktop available in your domain by following the steps in Use the administrative template for Azure Virtual Desktop. 

  2. Open the Group Policy Management console on a device you use to manage the Active Directory domain. 

  3. Create or edit a policy that targets the computers providing a remote session you want to configure. 

  4. Navigate to Computer Configuration > Policies > Administrative Templates > Windows Components > Remote Desktop Services > Remote Desktop Session Host > Azure Virtual Desktop > RDP Shortpath 

  5. Review the available RDP Shortpath types: 

    1. RDP Shortpath for managed networks using NAT traversal  

    2. RDP Shortpath for public networks using NAT traversal  

    3. RDP Shortpath for public networks using Relay(TURN)  

  6. Double-click the policy setting Enable RDP Shortpath for managed networks to open it. 

  7. Set the policy to Enabled or Disabled:  

    1. Enabled or Not Configured: The connection will attempt to use the specified network path. 

    2. Disabled: The connection will not use this network path. 

  8. Ensure the policy is applied to the session hosts, then restart them for the settings to take effect. 

Note

After you configure the GPO policy, restart the session to ensure the changes take effect.

Summary

The GA of RDP Shortpath configuration via GPO and Microsoft Intune gives administrators: 

  • Stronger policy-governed control 
  • Deterministic Shortpath behavior 
  • A layered model that works with AVD host pool configuration 
  • A consistent management experience across Windows 365 and AVD 

While these policy settings simplify administration, network prerequisites still determine whether Shortpath will successfully establish. 

We welcome your feedback and hope these enhancements help streamline your connectivity strategy across Windows 365 and Azure Virtual Desktop environments. 

 

Continue the conversation. Find best practices. Bookmark the Windows Tech Community, then follow us on LinkedIn or @MSWindowsITPro for updates. Looking for support? Visit Windows on Microsoft Q&A .

Updated Jan 27, 2026
Version 1.0
windows 365
No CommentsBe the first to comment