Using Azure Front Door to secure RDP Web access URL?

@EnterpriseArchitect

Thank you for reaching out.

Based on your questions above.

Does the Azure Front Door have the ability to defend against Brute Force attacks on both the RDP port 3389 and the published URL for Remote Desktop Web access?

I am assuming here that you will also have a WAF deployed with your Azure Front Door. In this case you can use the rate limiting for Azure Front Door Service. Rate limiting enables you to detect and block abnormally high levels of traffic from any socket IP address. The socket IP address is the address of the client that initiated the TCP connection to Front Door. Typically, the socket IP address is the IP address of the user, but it might also be the IP address of a proxy server or another device that sits between the user and the Front Door. By using the web application firewall (WAF) with Azure Front Door, you can mitigate some types of denial of service attacks. Rate limiting also protects you against clients that have accidentally been misconfigured to send large volumes of requests in a short time period.

Based on the client locations, you can also take a look at geo-filtering on a domain for Azure Front Door Service to either allow or block access from specified countries/regions

What other options do I have if I want to secure my Windows Server 2016 Remote Desktop servers that have a public IP address?

I think you check can out Publish Remote Desktop with Azure Active Directory Application Proxy as this will give you a set of two-step verification and Conditional Access controls to RDS.

You can also check out this article to see if you can use it in combination with Azure Front Door.

Since WAF protects you against layer-7 attacks, you can also check Azure DDoS IP Protection service which can defend against L3/L4 DDoS attack.

Hope this helps! Please let me know if you have any questions. Thank you!

​​Please "Accept the answer" if the information helped you. This will help us and others in the community as well.