A supported Windows Remote Desktop client and session host can establish a direct UDP-based connection by using the RDP Shortpath functionality of Azure Virtual Desktop.
To activate RDP Shortpath, you must first fulfill the requirements. For your situation, choose one of the tabs below.
Prerequisites Public Networks scenario
If networks and firewalls permit the traffic through and RDP transport parameters in the Windows operating system for session hosts and clients are set to their default values, RDP Shortpath for public networks with STUN or TURN will operate automatically without any additional configuration. Both session hosts and clients are given instructions on how to configure RDP Shortpath for public networks in case these default settings have been altered.
- A client computer running the latest version of the Windows Remote Desktop client, 1.2.3488. Non-Windows clients are not supported at this time.
- Internet accessibility for both session hosts and customers. Session hosts require connections to STUN and TURN servers or outbound UDP connectivity from your session hosts to the internet. You can restrict the port range that clients utilize on public networks in order to lower the number of ports needed. See Network settings for RDP Shortpath for further details on how to set up firewalls and Network Security Groups.
- Run the avdnettest.exe executable to see if your client can establish connections to the STUN and TURN endpoints and confirm that the fundamental UDP capability functions. See Verifying STUN/TURN server access and NAT type for instructions on how to do this Verifying STUN/TURN server connectivity and NAT type.
- To use TURN, the connection from the client must be within a supported location. For a list of Azure regions that TURN is available, see supported Azure regions with TURN availability.
Enable RDP Shortpath
Session hosts – Public Networks
These instructions should be followed if session hosts and clients need to have their default settings changed in order to allow RDP Shortpath for public networks. You can accomplish this using Group Policy, either locally for session hosts joined to Azure Active Directory or centrally from your domain for session hosts attached to an Active Directory (AD) domain (Azure AD).
- Depending on whether you want to set up Group Policy directly for each session host or centrally from your domain:
Open the Group Policy Management Console (GPMC) and create or edit a policy that targets your session hosts.
Open the Local Group Policy Editor on the session host.
2. Browse to Computer Configuration > Administrative Templates > Windows Components > Remote Desktop Services > Remote Desktop Session Host > Connections.
3. Open the policy setting Select RDP transport protocols. Set it to Enabled, then for Select Transport Type, select Use both UDP and TCP.
4. Select OK and restart your session hosts to apply the policy setting.
Whether you want to use RDP Shortpath for managed networks or public networks, the steps to make sure your clients are configured properly are the same. For managed clients enlisted in an Active Directory domain and using Group Policy, this can be done. For managed clients enrolled in an Azure Active Directory (Azure AD) domain and using Intune, this can be done.
Using Group Policy, enable RDP Shortpath on managed and unmanaged Windows clients
- Depending on whether you want to configure managed or unmanaged clients:
- For managed clients, open the Group Policy Management Console (GPMC) and create or edit a policy that targets your clients.
- For unmanaged clients, open the Local Group Policy Editor on the client.
- Browse to Computer Configuration > Administrative Templates > Windows Components > Remote Desktop Services > Remote Desktop Connection Client.
- Open the policy setting Turn Off UDP On Client and set it to Not Configured.
- Select OK and restart your clients to apply the policy setting.
more details – RDP Shortpath for public networks