To get more information about setting up, go to our Windows Virtual Desktop product page. Microsoft documentation on Windows Virtual Desktop offers a tutorial and how-to guide on enabling your Azure tenant for Windows Virtual Desktop and connecting to the virtual desktop environment securely, once it is established.
Remote Desktop Services are being used not only by employees for remote access, but also by many system developers and administrators to manage cloud and on-premises systems and applications. Allowing administrative access of server and cloud systems directly through RDP elevates the risk because the accounts used for these purposes usually have higher levels of access across systems and environments, including system administrator access.
Microsoft Azure helps system administrators to securely access systems using Network Security Groups and Azure Policies.
Considerations for selection and implementation of a remote access solution should always consider the security posture and risk appetite of your organization. Leveraging remote desktop services offers great flexibility by enabling remote workers to have an experience like that of working in the office, while offering some separation from threats on the endpoints i. At the same time, those benefits should be weighed against the potential threats to the corporate infrastructure network, systems, and thereby data.
Regardless of the remote access implementation your organization uses, it is imperative that you implement best practices around protecting identities and minimizing attack surface to ensure new risks are not introduced. Skip to main content. Security considerations for remote desktop include: Direct accessibility of systems on the public internet. Vulnerability and patch management of exposed systems. Internal lateral movement after initial compromise. Multi-factor authentication MFA. Cancel Submit.
Frederik Long. How satisfied are you with this reply? Thanks for your feedback, it helps us improve the site. What settings do I have to set on the firewall to get through? What change did you make in the registry, and why? I mentioned before that enabling RDP is the simplest way to adjust the firewall. This site in other languages x. Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact tnmff microsoft.
Hi, I would apologize for the delayed reply. May I ask whether you have tried to run command netstat -ano on RDSH server for further verify which process using the ports?
Based on my research, I couldn't found related Microsoft official document about the listed ports above. It's just a shame that no documentation exists about it, it is quite an important security measure to harden the firewall ports, so I'm a bit surprised it isn't documented.
I also checked the listened ports in my lab, but the ports which you mentioned were not listed in my lab. I would suggest you check the running services to see whether there has some suspicious services. Please Note: Since the web site is not hosted by Microsoft, the link may change without notice.
Microsoft does not guarantee the accuracy of this information. So indeed the port in this situation which seems to be the problematic one is used by the TermService, however it doesn't seem to be documented anywhere. And before, it was using instead of if I remember correctly.
I'm running into this issue as well. On some systems the lsass, wininit, spoolsv, etc. I'm not certain as to why the system is choosing which pool but it seems Microsoft has documented this behavior:. For me, it seems to be related to SQL server. My guess is that systems with some enterprise grade software exchange, SQL, etc.
I get back "start port , Number of Ports " on the systems using low ports and "Start port , Number of ports " on regular systems.
They give commands to change the ports, though I don't know if there are consequences to changing it back when one of the special applications are running:. Office Office Exchange Server. Not an IT pro? Resources for IT Professionals.
0コメント