Forum Discussion
Expanded TURN relay regions for Windows 365 and Azure Virtual Desktop
Starting June 15, 2025, we are launching a dedicated TURN relay IP range across the Microsoft Azure public cloud. This new range—51.5.0.0/16—enhances RDP Shortpath connectivity and delivers faster, more reliable performance for Azure Virtual Desktop and Windows 365 users in 40 regions worldwide.
What is TURN?
TURN (Traversal Using Relays around NAT) enables devices behind firewalls to establish reliable UDP connections. With RDP Shortpath for public networks, TURN acts as a fallback when a direct UDP-based connection isn’t possible—ensuring low-latency, high-reliability remote desktop sessions.
As part of this transition, connections will gradually move away from the existing ACS TURN Relay range (20.202.0.0/16). This change will occur behind the scenes, but, to ensure uninterrupted service, you will need to proactively bypass the new TURN relay range (51.5.0.0/16).
This new TURN relay range is part of the ‘WindowsVirtualDesktop’ service tag in Azure, making it easier for you to manage access and security configurations at scale.
Benefits of the new TURN relay
This change isn’t just a technical update—it’s a regional expansion. We’re scaling from 14 to 40 regions globally, bringing the TURN relay infrastructure closer to users, reducing latency, and improving connection reliability. Combined with a dedicated IP range for Azure Virtual Desktop and Windows 365 traffic, this initiative offers you more control, optimized routing, and a higher success rate for UDP-based communications. Here are the benefits in more detail:
Expanding regional coverage
By expanding from 14 to 40 regions globally, organizations will benefit from:
- Lower latency: Data travels shorter distances, resulting in faster connections and reduced lag.
- Improved reliability: Fewer dropped connections and more stable sessions, especially for real-time applications.
- Higher UDP success rates: Better performance for voice, video, and real-time data—even under variable network conditions.
Dedicated IP Range for Azure Virtual Desktop and Windows 365 traffic
This rollout introduces a dedicated IP range tailored for Azure Virtual Desktop and Windows 365 traffic, distinct from the ACS TURN relay. Benefits of this improvement include:
- Optimized traffic flow for Azure Virtual Desktop and Windows 365.
- Improved control over network security configurations.
- Customers can navigate restrictive security setups without compromising performance.
- Enhanced quality and speed for traffic, free from generic filtering
Supported regions
Below is a list of supported regions with the new TURN relay. A TURN relay is selected based on the physical endpoints, not the Cloud PC or session host. For example, a user physically located in the UK will use a relay in the UK South or the UK West regions. If the client is far from a supported region, the connection may fall back to TCP, potentially impacting performance.
| Australia East | Japan East | Spain Central | 
| Australia Southeast | Japan West | Sweden Central | 
| Brazil South | Korea Central | Switzerland North | 
| Canada Central | Korea South | Taiwan North | 
| Canada East | Mexico Central | UAE Central | 
| Central India | North Central US | UAE North | 
| Central US | North Europe | UK South | 
| East US | Norway East | UK West | 
| East US 2 | Poland Central | West Central US | 
| East US2 EUAP | South Africa North | West Europe | 
| France Central | South Africa West | West US | 
| Germany West Central | South Central US | West US 2 | 
| Israel Central | South India | West US 3 | 
| Italy North | Southeast Asia | 
How to prepare for this change
This new IP subnet will form a critical part of the resilient and performant connectivity provided for Windows 365 and Azure Virtual Desktop. As part of the ongoing transition, traffic will be progressively redirected from the current Azure Communication Service (ACS) TURN relay range (20.202.0.0/16) to a newly designated subnet (51.5.0.0/16). While this shift is designed to be seamless, it’s essential that you preemptively configure bypass rules for the new range to maintain uninterrupted service. With both IP ranges properly bypassed, end users will not experience any connectivity issues. You therefore need to ensure that traffic is both accessible and optimized.
Accessible
Your environment should have this subnet accessible from all networks used for Windows 365 or Azure Virtual Desktop connectivity, both on the physical network and cloud side. For Microsoft Hosted Network deployments in Windows 365 this underlying connectivity is already in place. For Azure Virtual Desktop and Windows 365 – Azure network connection ANC deployments, the ‘WindowsVirtualDesktop’ service tag contains this subnet so connectivity may already be in place.
Optimized
The subnet should also be optimized to ensure this critical, latency sensitive traffic has the most performant path available, this means:
- No TLS inspection on the traffic. This traffic is TLS encrypted transport with a nested TLS encrypted tunnel. TLS inspection yields no benefit but carries high risk of performance and reliability impact and puts significant additional load on the inspecting device.
- Locally egressed, meaning traffic is sent to Microsoft via the most direct and efficient path. In Azure this means directly routed onto Microsoft’ backbone and for customer side networks, directly to the internet where it will be picked up by Microsoft’s infrastructure locally.
- Bypassed from VPN, Proxy and Secure Web Gateway (SWG) tunnels and sent directly to the service as demonstrated in the example here.
- On the Cloud side this may involve using a User Defined Route (UDR) to send the Windows Virtual Desktop traffic direct to ‘internet’ instead of traversing a virtual firewall as can be seen in the example here.
Learn more
To learn more about RDP Shortpath and how to configure it for public networks, see our documentation on RDP Shortpath for Azure Virtual Desktop.
4 Replies
- rstuart68Brass ContributorWe thought we were ready for this rollout, but we've actually seen an increase in TCP connections and a decrease in TURN connections compared to the same time last week. Is it possible to get a list of the additional regions where it was rolled out this weekend to see if it correlates with our changes in connections? - Rinku_DalwaniMicrosoft The rollout to 1% of connection worldwide will complete tomorrow. So, you would only start seeing the connections flowing through new relay from tomorrow. 
 
- ZaZeroIron ContributorThis update is all about improving user experience—faster, more reliable connections—by expanding the relay infrastructure and providing dedicated IP ranges for optimized routing. As an admin or user, ensuring your network recognizes and correctly handles the new IP range will be key to seamless service. 
- Jie-AosiIron ContributorTURN is a crucial component for enabling RDP connections when a direct UDP connection can't be established, often due to firewalls or NAT (Network Address Translation) on the user's side. The expanded range is expected to improve performance and reliability of RDP sessions by providing more reliable fallback options.