Azure and Azurestack alternative RDP port for VM
I have been exploring a bit with both Azure and Azurestack and when you onboard your VM´s to Log Analytics and the security center you soon get noticed about 100s of drilions attempts to log on to your mashine if you have made it available through RDP. Although there now is a way to take care of this in a better way using the Security Center JIT Access giving a timespan for opening the port and also limiting to certain IP/networks! Some times an JIT access is not what you can live with but an alternative port could be utilized then the following can be applied.
A recent update to the Azure portal have now surfaced where you get the option to dowload the RDP file with an alternative port instead of the standard 3389, that does not
- set the NSG to allow for the new port
- set the VM´s internal RDP service to respond to it
So to get the possibility to connect to the virtual machine we need to update the NSG and also reconfigure the virtual machine to actually listen on the new rdp port
First I add a row on the NSG
and then i utilize the custom script extension and change the listener on the virtual machine for RDP
$NewPort = "33899"
Set-ItemProperty -path 'HKLM:\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp' -Name Portnumber -Value $NewPort
New-NetFirewallRule -DisplayName 'Allow RDP in Custom Port' -Profile @('Domain', 'Private','Public') -Direction Inbound -Action Allow -Protocol TCP -LocalPort @($NewPort)
If I am utilizing an AzureStack all above can be achieved but in the portal the connect button will be greyed out so you can still connect to it but you need to manually enter the public IP and custom port: