RDP Shortpath for public networks in Azure Virtual Desktop

We are pleased to announce that we will start deploying RDP Shortpath for public networks on September 6th. We anticipate the regional deployments will be complete by the end of September, first delivering the feature to validation host pools before going live in production host pools. RDP Shortpath improves the transport reliability of Azure Virtual Desktop connections by establishing a direct UDP data flow between the Remote Desktop client and session hosts. This feature will be enabled by default for all customers.

What is RDP Shortpath for public networks? 

RDP Shortpath lets user sessions directly establish a User Datagram Protocol (UDP) flow between client and session host using the Simple Traversal Underneath NAT (STUN) and Interactive Connectivity Establishment (ICE) protocols. This will enhance transport reliability for Azure Virtual Desktop. For more information, check out Azure Virtual Desktop RDP Shortpath for public networks.

Due to change in the data flow between session host and client, there will be egress network charge per Azure standard pricing for the internet bandwidth consumed.

When will this feature be generally available? 

We have been previewing this feature with great feedback from our customers and will begin making this generally available September 6th. We anticipate all customers will receive this feature by the end of September. First, we’ll enable it only in validation host pools, before going live in production host pools.  The feature will be enabled for all customers by default. Once it’s available in production host pools, we recommend deleting the preview registry key.

Who will get RDP Shortpath for public networks?

To ensure a seamless rollout and that most customers receive the improved reliability RDP Shortpath offers without making extra work for the IT admins, we’ll enable this feature for all connections by default. This feature requires outbound connectivity between the session hosts and client to function as intended. Therefore, we recommend allowing outbound UDP connectivity to the Internet. IT Admins can limit the port range used to listen to the incoming UDP flow. For more information about how to configure firewalls for RDP Shortpath, see allow outbound UDP connectivity

Symmetric Network Address Translation (NAT) environments, also known as bidirectional NAT environments, don’t support RDP Shortpath. Therefore, IT admins in large organizations that have some users in symmetric NAT while others aren’t, may see that some users won't benefit immediately from this new capability.

For network environments that don’t support RDP Shortpath, the Remote Desktop client will fall back to existing paths, such as Transmission Control Protocol (TCP)-based reverse connect transport, and will continue to function as normal.

If you’d prefer to keep using TCP-based reverse connect, you can turn this feature off by using one of the following options, which you can configure at any time before or during the feature rollout:

• Turn off User Datagram Protocol (UDP) support for the following group policy to deactivate the feature in the session host:
  1. Run gpedit.msc or open the control panel and search “Edit group policy.”
  2. Go to Computer Configuration > Administration Templates > Windows Components > Remote Desktop Services > Remote Desktop Connection Host > Connections > Select RDP transport protocols.
  3. Select Use TCP only.
• Disable the following ‘Group Policy’ to turn off the UDP support for a specific client:
  1. Run gpedit.msc or open the control panel and search for “Edit group policy.
  2. Go to Computer Configuration > Administration Templates > Windows Components > Remote Desktop Services > Remote Desktop Connection Client.
  3. Set the "Turn Off UDP On Client" setting to Enabled.
• Customers can also turn this feature off using Intune:
  1. Follow the instructions in this article to set the Intune policy “ADMX_TerminalServer/TS_SELECT_TRANSPORT” as "Use only TCP.”