Best Practice for Remote Desktop Access of Windows 10 Virtual Machine

Question

Dear Experts,

I want to use a Win10 VM on Azure as virtual desktop. For RDP, I will have to open port 3389. I want to know what are best practices for securely using RDP? I saw on Azure that VPN is an option. If I connect from a regular laptop/desktop to VM via Azure VPN, will it be free or there will be charges? 

Finally, if I make an inbound rule and open all connections on 3389 for a brief time to RDP to VM and then immediately block all inbound connection to Azure, will it be a very secure practice? 

Looking for your insight. Much appreciate your help.

Thanks

Answer 1

Hi @TechGuy_MS1 ,

Azure VPN is not free of costs.
https://azure.microsoft.com/en-us/pricing/details/vpn-gateway/

Maybe the Just-In-Time access is an option for you:
https://learn.microsoft.com/en-us/azure/security-center/just-in-time-explained

----------

(If the reply was helpful please don't forget to upvote and/or accept as answer, thank you)

Regards
Andreas Baumgarten

Answer 2

Hello @TechGuy_MS1

There some ways introduced in this article: Securely connect to your Azure Virtual Machines – the options

1.RDP using a Private IP address across a Site to Site VPN
2.Lock down RDP to a source IP or IP Range
3.Just-in-time VM access
4.Public Load Balancer with Network Address Translation (NAT)
5.Provision a Jumphost VM
6.Azure Bastion – a jump host PaaS service

Best Regards
Karlie

---

If the Answer is helpful, please click "Accept Answer" and upvote it.