Your company has deployed an Azure virtual Desktop and a Domain Controller to an Azure VNet.
The company has a strict policy that does not allow direct RDP access to any servers inside the VNet.
Which of the following solution will allow the administration of the session hosts and domain controller from outside the VNet? (Choose the best reliable option)
Click on the arrows to vote for the correct answer
A. B. C. D.Correct Answer: B
Azure Bastion utilizes an HTML5 based web client automatically streamed to your local device.
Here, you get your RDP/SSH session over TLS over port 443, which enables you to traverse company firewalls securely.
Option A is incorrect.
Conditional Access Policy won't help with the administration of the session hosts and domain controller from outside the VNet.
Option B is correct.
Azure Bastion will offer remote desktop access to servers in the virtual network over port 443, without opening RDP ports to external networks.
Option C is incorrect.
Azure Advisor analyzes your configurations and telemetry to provide personalized recommendations to solve the common issues and problems.
It won't resolve the given issue.
Option D is incorrect.
Just In Time access also opens RDP ports, but temporarily.
To know more about Azure Bastion, please visit the below-given link:
The correct answer in this scenario is B. Azure Bastion.
Explanation:
Azure Bastion is a fully managed PaaS service that provides secure and seamless RDP and SSH connectivity to Azure virtual machines (VMs) directly from the Azure portal over TLS. Azure Bastion removes the need to expose RDP/SSH ports to the Internet, which is the case with the other options listed in the question.
Conditional Access Policy is a service in Azure Active Directory that allows an organization to set policies that grant or deny access to applications or resources based on specific conditions, such as location, device, or user. While it can be used to restrict access to Azure Virtual Desktop, it does not provide a way to administer the session hosts and domain controller from outside the VNet.
Azure Advisor is an AI-powered tool that analyzes the usage and performance of Azure resources, and provides recommendations to improve reliability, security, and cost optimization. It does not provide a solution to allow administration of the session hosts and domain controller from outside the VNet.
Just In Time Access is an Azure security feature that allows an organization to secure access to Azure VMs by providing access only when needed and for a limited time period. It can be used to secure access to Azure Virtual Desktop, but it does not provide a way to administer the session hosts and domain controller from outside the VNet.
In summary, Azure Bastion is the best and most reliable option to provide secure and seamless RDP access to session hosts and domain controller in Azure Virtual Desktop, without exposing RDP ports to the Internet.