This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(275.2, 54%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ENP%3C/text%3E%3C/svg%3E)
Hi
I am looking to setup an AVD environment for 5 remote users. and I am seeking advice on whether I need a firewall or not.
The Azure firewall at €914 per month seems excessive.
I plan on using Defender for buisness which is in Business Premium subscription to secure the endpoint.
What's recommended?
Thanks.
I recommend Defender for Endpoint. :-)
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(89.60000000000001, 81%, 18%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERA%3C/text%3E%3C/svg%3E)
Having Azure Firewall is not mandatory and it depends on your requirements.
However, having Azure Firewall gives you more flexibility and better protection.
Have a look at:
https://learn.microsoft.com/en-us/azure/firewall/protect-azure-virtual-desktop
However, it really depends on your requirements.
Azure Firewall - comes into play if you want to restrict Web traffic (i.e. stop people from going to Gambling sites etc.), or you are publishing something remotely (ie an application that external users connect to).
You do not NEED Azure Firewall for Azure Virtual Desktop - if you don't have any requirements to stop web-based traffic, or restrict access internally in the Azure network (from SUBNET A to talk to SUBNET B).
If you do decide to implement the Azure Firewall - check out this ARM template: https://github.com/Azure/RDS-Templates/tree/master/AzureFirewallPolicyForAVD - it will create an Azure Firewall Policy with the Azure Virtual Desktop required IPs/FQDNs already whitelisted.