Relayed RDP Shortpath for public networks now available

We are excited to announce the general availability of Relayed RDP Shortpath. This enhancement enables UDP connections through relays using the TURN (Traversal Using Relays around NAT) protocol, allowing everyone to extend the capabilities of RDP Shortpath on public networks.

What is TURN?

TURN enables indirect connections by relaying traffic through an intermediate server when direct connections are not possible. TURN is an extension of STUN (Simple Traversal Underneath NAT) with the added benefit of a known public IP address and port that can be managed through firewalls and network devices. The preferred path is RDP Shortpath with STUN, which allows direct UDP connections between the client device and the session host.

If a firewall or other network device blocks UDP traffic, the connection continues via TCP-based reverse connection transport, as shown in this diagram.

This diagram shows an endpoint connecting to the Internet and using reverse link transport to connect to a cloud PC through an Azure Virtual Desktop gateway, STUN server, or TURN server.

Configuration Requirements

To enable RDP Shortpath over TURN, you must allow the subnets and ports listed in Row 1 of the table below on both the cloud PC/session host side and the physical device side. This range is currently shared with Azure Communication Services. However, Windows 365 and Azure Virtual Desktop will soon transition to a dedicated subnet in Row 2. This subnet will only be available for Windows 365 and Azure Virtual Desktop. For Windows 365 and Azure Virtual Desktop users, we recommend configuring both ranges in your network environment now to ensure a smooth transition.

If you want to wait for an exclusive subnet or disable this feature, you can disable UDP using the following instructions. Configure RDP Shortpath for Azure Virtual DesktopBlocking the IP range 20.202.0.0/16 on your network may result in dropped connections when using VPN applications such as Zscaler.

Table 1. RDP Shortpath requirements over TURN for both the physical device and cloud PC/session host sides.

TURN Relay Availability

TURN relays are now available. 14 Azure regions. The choice of TURN relay depends on the location of the client endpoint. For example, if you are connecting from a home location in the UK to a cloud PC in the US, you would use the England South or England West TURN relay.

We are working to expand to global availability. If your physical device connection is not close to one of the above regions, TURN connectivity may not be successful at this time.

How to configure RDP Shortpath for public network

Windows apps are now generally available. For more information, see: Windows apps are now available on all major platforms.. We currently support Windows apps on the following platforms:

• Windows
• Mac OS
• iOS and iPadOS
• Android (Preview)

We support remote desktop apps on the following platforms:

• Windows, version 1.2.3488 or later
• Mac OS
• iOS and iPadOS
• android

How do I know if I am successfully using TURN?

Once you are connected to a cloud PC or session host, you can click the connection icon (four bars) in the Remote Desktop window.

This displays network details, including the type of transport being used.

Table 2: RDP Shortpath transfer and connection output.

For detailed configuration instructions, including prerequisites and basic configuration, see: Configure RDP Shortpath for Azure Virtual Desktop.

Keep the conversation going. Find best practices. Bookmark it. Windows Tech CommunityThen follow us @MSWindowsITPro About X and on LinkedIn. Looking for support? Visit Microsoft’s Windows Q&A.