Share via

Using Azure Front Door to secure RDP Web access URL?

EnterpriseArchitect 5,406 Reputation points
2023-05-17T14:38:48.78+00:00

Does the Azure Front Door have the ability to defend against Brute Force attacks on both the RDP port 3389 and the published URL for Remote Desktop Web access?

like: https://server_FQDN/RDWeb/

What other options do I have if I want to secure my Windows Server 2016 Remote Desktop servers that have a public IP address?

I welcome any feedback and suggestions.

Azure Front Door
Azure Front Door
An Azure service that provides a cloud content delivery network with threat protection.
695 questions
Azure Virtual Network
Azure Virtual Network
An Azure networking service that is used to provision private networks and optionally to connect to on-premises datacenters.
2,513 questions
Azure Content Delivery Network
Azure Web Application Firewall
Windows Server Security
Windows Server Security
Windows Server: A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.Security: The precautions taken to guard against crime, attack, sabotage, espionage, or another threat.
1,853 questions
0 comments
Accepted answer
  1. ChaitanyaNaykodi-MSFT 26,216 Reputation points Microsoft Employee
    2023-05-18T02:08:41.9733333+00:00

    @EnterpriseArchitect

    Thank you for reaching out.

    Based on your questions above.

    Does the Azure Front Door have the ability to defend against Brute Force attacks on both the RDP port 3389 and the published URL for Remote Desktop Web access?

    I am assuming here that you will also have a WAF deployed with your Azure Front Door. In this case you can use the rate limiting for Azure Front Door Service. Rate limiting enables you to detect and block abnormally high levels of traffic from any socket IP address. The socket IP address is the address of the client that initiated the TCP connection to Front Door. Typically, the socket IP address is the IP address of the user, but it might also be the IP address of a proxy server or another device that sits between the user and the Front Door. By using the web application firewall (WAF) with Azure Front Door, you can mitigate some types of denial of service attacks. Rate limiting also protects you against clients that have accidentally been misconfigured to send large volumes of requests in a short time period.

    Based on the client locations, you can also take a look at geo-filtering on a domain for Azure Front Door Service to either allow or block access from specified countries/regions

    What other options do I have if I want to secure my Windows Server 2016 Remote Desktop servers that have a public IP address?

    I think you check can out Publish Remote Desktop with Azure Active Directory Application Proxy as this will give you a set of two-step verification and Conditional Access controls to RDS.

    You can also check out this article to see if you can use it in combination with Azure Front Door.

    Since WAF protects you against layer-7 attacks, you can also check Azure DDoS IP Protection service which can defend against L3/L4 DDoS attack.

    Hope this helps! Please let me know if you have any questions. Thank you!

    ​​Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

    1 person found this answer helpful.

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.