Reverse Connect RDP over HTTPS for AVD

Azure Virtual Desktop (AVD) Reverse Connect RDP over HTTPS Architecture

Client ----[HTTPS + RDP]----> Azure Virtual Desktop Gateway

| | (Verification) |

| Authentication ------> Azure AD (Active Directory) |

| | (Authorization) |

-----> RDP ------> Azure Virtual Desktop

| | (Secure Desktop Session) |

| | (Data Transfer) |

<------ RDP ------< v

Internet Security (Firewalls)

Explanation:

Client Initiates Connection:?The user on their client device initiates the connection by sending their authentication data (username and password) over a secure HTTPS connection to the Azure Virtual Desktop Gateway.

Gateway to Azure AD:?The Azure Virtual Desktop Gateway receives the authentication data and forwards it to Azure Active Directory (Azure AD) for verification.

Azure AD Verification:?Azure AD checks the validity of the username and password against the configured credentials.

Authorization Token:?If the credentials are valid, Azure AD sends an authorization token back to the Azure Virtual Desktop Gateway.

Gateway Initiates RDP:?The Gateway leverages the authorization token to establish a secure RDP connection directly with the user's assigned Azure Virtual Desktop session.

Secure Desktop Session:?All data transfer between the client device and the Azure Virtual Desktop session occurs over the encrypted RDP connection.

Enhanced Security:?Because no RDP port is directly exposed to the internet, this approach enhances overall security by reducing the attack surface for potential threats.

Benefits of Reverse Connect RDP over HTTPS:

Improved Security:?By eliminating the need for an exposed RDP port on the internet, it reduces the vulnerability to unauthorized access attempts.

Simplified Management:?There's no need to manage RDP firewall rules on individual virtual desktop machines.

Flexible Access:?Users can access their Azure Virtual Desktops from anywhere with an internet connection.