How to RDP to my Azure VM with no public IP or Bastion Host

Question

I am completely at a loss on how to get round this issue and would welcome some ideas.

I've provisioned an Azure Windows Virtual Desktop (WVD) in my organisation's Azure VNet. I'd now like to RDP onto the virtual machine that I created when provisioning the WVD and although it's status shows that it is running and with no issues, I am simply unable to RDP onto it.

Two key things I have to point out before the suggestion is even made, our Azure VNet is locked down with security rules to ensure there can be no use of a:

• Public IP (All IPs are Private only)
• Bastion Host

Now, if I could perhaps even RDP from one virtual machine within the same VNet to my target virtual machine, I could no doubt perform the required changes or updates that I desperately need to apply to my target VM. Problem I'm facing is:

1. I can't figure out how to RDP to the target VM from another within the VNet.
2. When I download the RDP file for the target VM to my PC/Laptop, I get no joy either.

Answer 1

You can implement Azure just-in-time VM access using Security Centre Service. This reduces exposure to attacks while providing easy access when you need to connect to a VM.

Please refer the link to implement it.

Answer 2

I agree that Jumpbox VM inside another subnet of your VNET or VPN gateway can solve the issue as suggested by @Jesus Hernandez.

I would like to add another solution which is Windows desktop Client .

By using Windows Desktop Client you can access all the resources that are present on the host pool of your Azure Virtual Desktop.

You can refer to the public document here.

Answer 3

You need to deploy a Jumpbox VM inside another subnet of your VNET. You can then access the VM in the other subnet from inside the Jumpbox.

Another solution is to set up a VPN Gateway in your VNET so you can access the VM from your on-premise computer without the need of using an IP Public address.