Posts Tagged ‘Network Security Groups’

Restricting RDP access to Azure virtual machines

By default, every VM you’v e created within Azure has RDP (Remote Desktop Protocol) on port 3389 enabled. You can access you VM from anywhere in the world.

You can restrict RDP access on just that IP addresses you want, so you can limit the access. So for example, you can limit your company IP address and maybe you home address to access the specific VM in Azure.

To restrict access, I’ve created a NSG (Network Seciruty Group) with the following configuration:

1.) Create a new Inbound security rule with a priority of 4095 (every digit below the default of 65000 is fine!!)
2.) Configure the following rule:

Priority: 4096
Name: Deny-RDP-Access
Source: Service Tag
Source service tag: Internet
Source port ranges: *
Destination: VirtualNetwork
Destination port ranges: 3389
Protocol: TCP
Action: Deny

3.) Configure a second rule:

Priority: 4095
Name: Allow-RDP-Access
Source: IP Addressess
Source IP Addressess/CIDR ranges: YOUR IP ADDRESSESS
Source port ranges: *
Destination: Any
Destination port ranges: 3389
Protocol: TCP
Action: Allow

image

Now you can test your new configuration. RDP access is only allowed from your custom IP addressess!!