Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
The Remote Desktop Protocol (RDP) Shortpath feature uses UDP to improve reliability and performance for Windows 365 connections. Windows 365 uses Interactive Connectivity Establishment (ICE) to find a network path. It can connect directly over UDP using STUN. If a direct path isn’t available, it relays traffic through Microsoft TURN servers on known IP addresses and ports. RDP Shortpath is enabled by default and should remain enabled wherever possible to ensure consistent connectivity and an optimal user experience.
Important
Keep TURN enabled unless disabling for troubleshooting. TURN provides a predictable, reliable path when direct UDP (STUN) can’t be established, for example, behind symmetric NAT or restrictive firewalls. Disabling TURN reduces successful connection rates and can force fallback to TCP, degrading performance, and reliability.
The settings described in this article update registry‑backed policies that enable or disable RDP Shortpath models. Network prerequisites must still be in place (UDP allowed; STUN/TURN endpoints reachable) for connections to succeed. After policies apply, restart the session hosts or Cloud PCs for changes to take effect. See Optimization of RDP documentation for more detail.
Configuring RDP Shortpath methods using Intune
To enable the RDP Shortpath listener on your session hosts using Microsoft Intune, use the following steps:
Sign in to the Microsoft Intune admin center.
Create or edit a configuration profile for Windows 10 and later devices, with the Settings catalog profile type.
In the settings picker, browse to Administrative templates > Windows Components > Remote Desktop Services > Remote Desktop Session Host > Azure Virtual Desktop > RDP Shortpath.
Expand the Administrative Templates category.
For each RDP Shortpath type, toggle the setting to Enabled or Disabled.
a. Enabled or Not Configured: The connection attempts to use the specified network path.
b. Disabled: The connection doesn't use this network path.
Available RDP Shortpath Types:
RDP Shortpath for managed networks using NAT traversal
RDP Shortpath for public networks using NAT traversal (STUN)
RDP Shortpath for public networks using Relay (TURN)
See RDP Documentation for more detail on these three methods.
Select Next.
Optional: On the Scope tags tab, select a scope tag to filter the profile. For more information about scope tags, see Use role-based access control (RBAC) and scope tags for distributed IT.
On the Assignments tab, select the group containing the computers providing a remote session you want to configure, then select Next.
On the Review + create tab, review the settings, then select Create.
Once the policy applies to the computers providing a remote session, restart them for the settings to take effect.
Diagram 1: RDP method configuration in Intune
Important
TURN is essential for performance and reliability on public networks. Enable and optimize TURN in all environments, especially on networks you don’t manage.
Configuring RDP Shortpath methods using Group Policy
To configure the RDP Shortpath using Group Policy in an Active Directory domain:
Make the administrative template for Azure Virtual Desktop available in your domain by following the steps in Use the administrative template for Azure Virtual Desktop.
Open the Group Policy Management console on a device you use to manage the Active Directory domain.
Create or edit a policy that targets the computers providing a remote session you want to configure.
Navigate to Computer Configuration > Policies > Administrative Templates > Windows Components > Remote Desktop Services > Remote Desktop Session Host > Azure Virtual Desktop > RDP Shortpath.
Review the available RDP Shortpath types:
RDP Shortpath for managed networks using NAT traversal
RDP Shortpath for public networks using NAT traversal
RDP Shortpath for public networks using Relay (TURN)
Double-click the policy setting Enable RDP Shortpath for managed networks to open it.
Set the policy to Enabled or Disabled:
Enabled or Not Configured: The connection attempts to use the specified network path.
Disabled: The connection doesn't use this network path.
Ensure the policy is applied to the session hosts, then restart them for the settings to take effect.
Note
After you configure the Group Policy, restart the Cloud PC to ensure the changes take effect.
Diagram 2: RDP method configuration in Group Policy Editor