Best Practices for Remote Desktop Access of Windows 10 Virtual Machine

%3CLINGO-SUB%20id%3D%22lingo-sub-2399497%22%20slang%3D%22en-US%22%3EBest%20Practices%20for%20Remote%20Desktop%20Access%20of%20Windows%2010%20Virtual%20Machine%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2399497%22%20slang%3D%22en-US%22%3E%3CP%3EDear%20Experts%2C%3C%2FP%3E%3CP%3EI%20want%20to%20use%20a%20Win10%20VM%20on%20Azure%20as%20virtual%20desktop.%20For%20RDP%2C%20I%20will%20have%20to%20open%20port%203389.%20I%20want%20to%20know%20what%20are%20best%20practices%20for%20securely%20using%20RDP%3F%20I%20saw%20on%20Azure%20that%20VPN%20is%20an%20option.%20If%20I%20connect%20from%20a%20regular%20laptop%2Fdesktop%20to%20VM%20via%20Azure%20VPN%2C%20will%20it%20be%20free%20or%20there%20will%20be%20charges%3F%26nbsp%3B%3C%2FP%3E%3CP%3EFinally%2C%20if%20I%20make%20an%20inbound%20rule%20and%20open%20all%20connections%20on%203389%20for%20a%20brief%20time%20to%20RDP%20to%20VM%20and%20then%20immediately%20block%20all%20inbound%20connection%20to%20Azure%2C%20will%20it%20be%20a%20very%20secure%20practice%3F%26nbsp%3B%3C%2FP%3E%3CP%3ELooking%20for%20your%20insight.%20Much%20appreciate%20your%20help.%3C%2FP%3E%3CP%3EThanks%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-2399497%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAzure%20Firewall%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EVirtual%20Network%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EVPN%20Gateway%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E
New Contributor

Dear Experts,

I want to use a Win10 VM on Azure as virtual desktop. For RDP, I will have to open port 3389. I want to know what are best practices for securely using RDP? I saw on Azure that VPN is an option. If I connect from a regular laptop/desktop to VM via Azure VPN, will it be free or there will be charges? 

Finally, if I make an inbound rule and open all connections on 3389 for a brief time to RDP to VM and then immediately block all inbound connection to Azure, will it be a very secure practice? 

Looking for your insight. Much appreciate your help.

Thanks

1 Reply
Take a look at Azure Bastion - https://azure.microsoft.com/en-au/services/azure-bastion/

If you don't mind paying for Defender in Azure you can configure Just in Time RDP access to the server as well: https://docs.microsoft.com/en-us/azure/security-center/security-center-just-in-time?tabs=jit-config-...

and of course: you can also look at: https://azure.microsoft.com/en-us/services/virtual-desktop/