Azure AVD Security

Neil Phelan 1 Reputation point
2022-09-29T15:46:31.29+00:00

Hi

I am looking to setup an AVD environment for 5 remote users. and I am seeking advice on whether I need a firewall or not.
The Azure firewall at €914 per month seems excessive.

I plan on using Defender for buisness which is in Business Premium subscription to secure the endpoint.

What's recommended?

Thanks.

Azure Firewall
Azure Firewall
An Azure network security service that is used to protect Azure Virtual Network resources.
580 questions
Azure Virtual Desktop
Azure Virtual Desktop
A Microsoft desktop and app virtualization service that runs on Azure. Previously known as Windows Virtual Desktop.
1,383 questions
Windows 10 Security
Windows 10 Security
Windows 10: A Microsoft operating system that runs on personal computers and tablets.Security: The precautions taken to guard against crime, attack, sabotage, espionage, or another threat.
2,779 questions
{count} votes

2 answers

Sort by: Most helpful
  1. Reza-Ameri 16,836 Reputation points
    2022-09-29T16:17:26.02+00:00

    Having Azure Firewall is not mandatory and it depends on your requirements.
    However, having Azure Firewall gives you more flexibility and better protection.
    Have a look at:
    https://learn.microsoft.com/en-us/azure/firewall/protect-azure-virtual-desktop
    However, it really depends on your requirements.

    0 comments No comments

  2. Luke Murray 10,611 Reputation points MVP
    2022-09-29T18:15:45.607+00:00

    Azure Firewall - comes into play if you want to restrict Web traffic (i.e. stop people from going to Gambling sites etc.), or you are publishing something remotely (ie an application that external users connect to).

    You do not NEED Azure Firewall for Azure Virtual Desktop - if you don't have any requirements to stop web-based traffic, or restrict access internally in the Azure network (from SUBNET A to talk to SUBNET B).

    If you do decide to implement the Azure Firewall - check out this ARM template: https://github.com/Azure/RDS-Templates/tree/master/AzureFirewallPolicyForAVD - it will create an Azure Firewall Policy with the Azure Virtual Desktop required IPs/FQDNs already whitelisted.

    0 comments No comments