AZURE BL 2-1 RDP Port 3389 is restricted to public access



By allowing public access (from IP  over the internet to RDP ports for Windows servers you are allowing attackers all over the internet to access your server and virtual instance and attempt exploitation of known vulnerabilities in operating systems or use brute force techniques to gain access to servers, data, and information systems.



Azure Portal

  1. Go to Azure Portal 
  2. Select Network Security Groups under resources
  3. Go to Security Group (or all groups one at a time)
  4. Under Settings->Inbound Security Rules
  5. On the right-hand pane, review the list of security rules
  6. Remove or update any inbound rule where incoming / ingress traffic is allowed from source IP '' and destination port is 3389  with protocol TCP


Additional documents