cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

AVD Adding users to Remote Desktop User Group

XerxesH
Copper Contributor

‎May 07 2024 03:31 AM

‎May 07 2024 03:31 AM

AVD Adding users to Remote Desktop User Group

Hi all,

 

From my understanding AVD uses port 443 (HTTPS) to connect users to their virtualized environment. However, I have noticed that AVD automatically adds users to the Remote Desktop Users Group, which is meant originally for port 3389 (RDP). I spoke with a Microsoft Support Specialist regarding this and it was mentioned this was used as a break-glass method in case users cannot connect through 443. My question is then, is it necessary to have users added to the Remote Desktop Users Group? And is there any way we could stop the automation in adding users to that group?

 

Best Regards

Xerxes

213 Views
0 Likes
4 Replies
Reply
4 Replies
jlou65535

‎May 07 2024 01:23 PM

‎May 07 2024 01:23 PM

Re: AVD Adding users to Remote Desktop User Group

@XerxesH Just tested on an Azure Virtual Desktop host pool Entra ID join and you are right.
But my RDP direct access is also working without being part of Remote Desktop Users Group, as soon my Entra ID user is having the Virtual Machine User Login role on the AVD VMs

 

Why do you want to remove that automation mechanism ?

Security purpose ?

0 Likes
Reply
XerxesH

‎May 07 2024 01:57 PM

‎May 07 2024 01:57 PM

Re: AVD Adding users to Remote Desktop User Group

Hi @jlou65535 

 

Yes correct! Thanks for verifying! When a user receives a session by opening remote app or virtual desktop, they are automatically added into that group, giving them RDP access. In my opinion they should not be added to the group as normal users should not have direct RDP to the session hosts as it does pose as a security risk.

 

Best Regards

Xerxes Hansen

0 Likes
Reply
Kidd_Ip

‎May 07 2024 05:58 PM

‎May 07 2024 05:58 PM

Re: AVD Adding users to Remote Desktop User Group

@XerxesH 

 

How about to control in network or port level?

0 Likes
Reply
XerxesH

‎May 07 2024 11:53 PM

‎May 07 2024 11:53 PM

Re: AVD Adding users to Remote Desktop User Group

Hi @Kidd_Ip,

 

Absolutely. I was thinking Just-In-Time Access and/or restriction through firewall, but just wondering why that automatic procedure was there in the first place x) I find it weird to have to have a solution/work-around on something not in use (unless it is proven that it is). Thanks for the answers tho!

 

Best Regards

Xerxes

0 Likes
Reply