How do I securely connect to AVD environment?

Ricky Sandhu 20 Reputation points
2024-09-05T15:33:19.31+00:00

Good morning, we have a requirement to setup AVD environment in Azure. End-users from various offices will be connecting to this environment using RDP. My question, do I need to setup a cloud router and create a VPN tunnel between the remote office router and Azure environment to provide encryption and security or can they directly connect to the RDP sessions running in Azure via their public IP addresses? What I am trying to figure out is that if the RDP session is secure enough going over the public internet or an added layer of VPN would be beneficial?

Attaching a crudely drawn sketch of what I am trying to achieve.

Thank you in advance for your time.

Azure AVD Connectivity

Azure Virtual Desktop
Azure Virtual Desktop
A Microsoft desktop and app virtualization service that runs on Azure. Previously known as Windows Virtual Desktop.
1,566 questions
0 comments
Accepted answer
  1. Prrudram-MSFT 24,921 Reputation points
    2024-09-05T16:21:54.47+00:00

    Hello @Ricky Sandhu

    It's great to know that you're looking to set up an AVD environment in Azure. When it comes to connecting to the RDP sessions running in Azure, there are a few different options available to you. One option is to allow end-users to connect directly to the RDP sessions using their public IP addresses. While this is technically possible, it's generally not recommended from a security standpoint. RDP traffic is not encrypted by default, so allowing RDP traffic to traverse the public internet without any additional security measures in place could potentially expose your environment to security risks. A better option would be to set up a VPN tunnel between the remote office router and the Azure environment. This would provide an additional layer of encryption and security for the RDP traffic, and help to protect your environment from potential security threats.

    You can use Azure VPN Gateway to create a site-to-site VPN connection between your remote office and Azure. Another option would be to use Azure ExpressRoute to establish a private, dedicated connection between your remote office and Azure. This would provide even greater security and reliability than a VPN connection, but it can be more expensive and complex to set up. In summary, while it is technically possible to allow end-users to connect directly to the RDP sessions using their public IP addresses, it's generally not recommended from a security standpoint. Setting up a VPN tunnel or using Azure ExpressRoute would provide an additional layer of encryption and security for the RDP traffic, and help to protect your environment from potential security threats.

    If I have answered your query, please click "Accept as answer" as a token of appreciation

    1 person found this answer helpful.

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.