Best Practice for Remote Desktop Access of Windows 10 Virtual Machine

TechGuy_MS1 61 Reputation points
2021-05-30T18:56:12.693+00:00

Dear Experts,

I want to use a Win10 VM on Azure as virtual desktop. For RDP, I will have to open port 3389. I want to know what are best practices for securely using RDP? I saw on Azure that VPN is an option. If I connect from a regular laptop/desktop to VM via Azure VPN, will it be free or there will be charges? 

Finally, if I make an inbound rule and open all connections on 3389 for a brief time to RDP to VM and then immediately block all inbound connection to Azure, will it be a very secure practice? 

Looking for your insight. Much appreciate your help.

Thanks

Azure Virtual Machines
Azure Virtual Machines
An Azure service that is used to provision Windows and Linux virtual machines.
7,082 questions
Azure VPN Gateway
Azure VPN Gateway
An Azure service that enables the connection of on-premises networks to Azure through site-to-site virtual private networks.
1,368 questions
Windows 10 Security
Windows 10 Security
Windows 10: A Microsoft operating system that runs on personal computers and tablets.Security: The precautions taken to guard against crime, attack, sabotage, espionage, or another threat.
2,747 questions
Microsoft Defender for Cloud
Microsoft Defender for Cloud
An Azure service that provides threat protection for workloads running in Azure, on-premises, and in other clouds. Previously known as Azure Security Center and Azure Defender.
1,186 questions
0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Andreas Baumgarten 95,411 Reputation points MVP
    2021-05-30T20:21:29.413+00:00

    Hi @TechGuy_MS1 ,

    Azure VPN is not free of costs.
    https://azure.microsoft.com/en-us/pricing/details/vpn-gateway/

    Maybe the Just-In-Time access is an option for you:
    https://learn.microsoft.com/en-us/azure/security-center/just-in-time-explained

    ----------

    (If the reply was helpful please don't forget to upvote and/or accept as answer, thank you)

    Regards
    Andreas Baumgarten

    0 comments
  2. Karlie Weng 13,951 Reputation points Microsoft Vendor
    2021-05-31T05:58:45.393+00:00

    Hello @TechGuy_MS1

    There some ways introduced in this article: Securely connect to your Azure Virtual Machines – the options

    1.RDP using a Private IP address across a Site to Site VPN
    2.Lock down RDP to a source IP or IP Range
    3.Just-in-time VM access
    4.Public Load Balancer with Network Address Translation (NAT)
    5.Provision a Jumphost VM
    6.Azure Bastion – a jump host PaaS service

    Best Regards
    Karlie

    If the Answer is helpful, please click "Accept Answer" and upvote it.

    0 comments