Hello @Schneider, Andreas , Welcome to the Microsoft Q&A forum.
As per my understanding of the question. You have successfully set-up a P2S VPN connection and now you want to set up a mechanism where only the users connected by the VPN can RDP into the VMs. Please correct me if my understanding is wrong.
This can be achieved by modifying the RDP rule associated with VM's NSG. You can do that by following the steps mentioned below.
- Validate your P2S connectivity and check if you have received an IP address from the Point-to-Site VPN Client Address Pool that you specified in your configuration.
- Initiate an RDP connection to the VM using its private IP address and validate the connectivity. If VMs are present in different Vnets and they are not peered, you can follow this thread to establish connectivity.
- If the connectivity above is successful, locate the RDP rule within your NSG and modify it to only allow the Point-to-Site VPN Client Address Pool as the source address for RDP connection as discussed here.
- After you have edited the NSG rule, validate the RDP connection once again to see if everything is working as expected.
Hope this helps. Please let me know if you have any additional questions. Thank you!