UDP support over Private Link for Azure Virtual Desktop is now generally available. This release enables a direct, high‑performance, UDP‑based RDP connection between AVD session hosts and clients over Azure Private Link using RDP Shortpath for managed networks.
This capability complements the existing TCP-based RDP connectivity over Private Link. Together, these options support customers with strict private network boundaries by allowing RDP traffic over both TCP and UDP transports, using defined private IPs when Private Link is in use.‑based RDP connectivity over Private Link. Together, these options support customers with strict private network boundaries by allowing RDP traffic over both TCP and UDP transports.
Standard AVD RDP connectivity connectivity already provides high resiliency and strong security with lower operational complexity and reduced risk of misconfiguration. It also supports private network options for UDP without requiring Private Link, making it the recommended connectivity model for the majority of deployments.
The addition of UDP support over Private Link is primarily intended for customers who already rely on Private Link and need tighter control over the IP addresses used for RDP traffic. This allows more precise routing and policy enforcement in highly restricted or regulated network environments.
To use UDP transport over Private Link, administrators must explicitly enable UDP in the updated Networking settings in the Azure portal. Until this setting is enabled, AVD connections over Private Link will continue to use the existing WebSocket‑based TCP transport, ensuring uninterrupted connectivity.
This opt-in model provides predictable and secure transport behaviour, giving administrators full control over when and how UDP is introduced into managed or constrained network environments.‑in model provides predictable and secure transport
How to enable UDP over Private Link
To use UDP-based transports such as RDP Shortpath for managed networks over Azure Virtual Desktop Private Link, you must explicitly enable UDP on the workspace or host pool and ensure that public Shortpath options are disabled.
To enable UDP:
- In the Azure portal, open your Azure Virtual Desktop Host pools or Workspaces resource.
- Go to Networking → Public access.
- Under Public access, choose one of the following:
o Enable public access for end users, use private access for session hosts, or
o Disable public access and use private access
When either of these options is selected, the portal displays an additional opt in checkbox:
4. Turn on Allow Direct UDP network path over Private Link to allow UDP‑based transports (for example, RDP Shortpath for managed networks).
5. Go to the RDP Shortpath tab and disable the public Shortpath options:
o RDP Shortpath for public networks (via STUN)
o RDP Shortpath for public networks (via TURN) The portal will block Save and show a Configuration Error if these public options are still enabled.
6. Select Save.
|
Important Note: The UDP opt‑in checkbox is mandatory for enabling RDP Shortpath over Private Link. |
Learn more
For more information about Private Link, check out the following articles on Microsoft Learn:
- Private Link for Azure Virtual Desktop – Overview
Learn how Private Link secures feed discovery, feed download, and host pool connections. - Configure Private Link with Azure Virtual Desktop
Step by step guidance for creating private endpoints for workspaces, host pools, and initial feed discovery. - Learn more details about RDP Shortpath for Azure Virtual Desktop.
Stay up to date! Bookmark the Azure Virtual Desktop Tech Community.
Microsoft