check before: 2024-09-21
Product:
Windows 365
Platform:
Online, Web, Windows Desktop, World tenant
Status:
Change type:
Admin impact
Links:
Details:
Summary:
A new dedicated subnet, 40.64.144.0/20, will be implemented for Windows 365 RDP Reverse Connect traffic. Customers using IP addresses for connectivity must update their configurations to include this subnet. The FQDN *.wvd.microsoft.com and port TCP:443 remain unchanged. No action is needed for those using the FQDN or Azure Service tag directly.
Details:
Coming soon, we are implementing a change to the core TCP-based RDP traffic for Cloud PC connections. This traffic uses the wildcard fully qualified domain name (FQDN) *.wvd.microsoft.com, which is outlined in the documentation. While the FQDN remains unchanged, the underlying IP addresses associated with it will be updated.
Change Category:
XXXXXXX ... free basic plan only
Scope:
XXXXXXX ... free basic plan only
Release Phase:
Created:
2024-09-21
updated:
2024-09-21
Task Type
XXXXXXX ... free basic plan only
Docu to Check
XXXXXXX ... free basic plan only
MS How does it affect me
XXXXXXX ... free basic plan only
MS Preperations
XXXXXXX ... free basic plan only
MS Urgency
XXXXXXX ... free basic plan only
MS workload name
XXXXXXX ... free basic plan only
summary for non-techies**
Windows 365 is updating the internal IP addresses for RDP traffic to a new dedicated subnet (40.64.144.0/20), requiring users who manage connections with specific IP addresses to update their configurations, while those using the FQDN or Azure Service tag need not take any action.
Direct effects for Operations**
Connectivity Issues
If the new subnet is not configured, users relying on IP addresses for RDP connectivity may experience disruptions in accessing their Cloud PCs, leading to potential downtime.
- roles: IT Administrators, End Users
- references: https://learn.microsoft.com/azure/virtual-desktop/network-connectivity, https://learn.microsoft.com/windows-365/enterprise/requirements-network?tabs=enterprise%2Cent#windows-365-service
Increased Support Tickets
Failure to update configurations may result in an increase in support requests from users facing connectivity issues, impacting IT support resources.
- roles: Help Desk Support, IT Administrators
- references: https://learn.microsoft.com/windows-365/enterprise/azure-firewall-windows-365#windows365-tag" target="_blank" rel="nofollow noopener noreferrer">https://learn.microsoft.com/windows-365/enterprise/azure-firewall-windows-365#windows365-tag, https://learn.microsoft.com/windows-365/enterprise/whats-new#fqdn-tags-
User Experience Degradation
Users who depend on manual IP configurations may face delays and frustration due to connectivity problems, negatively affecting their productivity.
- roles: End Users, IT Administrators
- references: https://learn.microsoft.com/azure/virtual-desktop/required-fqdn-endpoint?tabs=azure#service-tags-and-fqdn-tags, https://learn.microsoft.com/windows-365/enterprise/azure-firewall-windows-365#windows365-tag" target="_blank" rel="nofollow noopener noreferrer">https://learn.microsoft.com/windows-365/enterprise/azure-firewall-windows-365#windows365-tag
Configutation Options**
XXXXXXX ... paid membership only
Opportunities**
Simplified Configuration Management
Transitioning to a dedicated subnet for RDP traffic minimizes the need for frequent IP address updates, reducing the administrative burden on IT teams. This allows for more efficient management of network configurations and reduces potential downtime due to misconfigurations.
- next-steps: Communicate the change to all relevant teams and provide training on the new subnet configuration. Update internal documentation to reflect the new subnet usage.
- roles: Network Administrators, IT Support Teams, System Administrators
- references: https://learn.microsoft.com/azure/virtual-desktop/network-connectivity" target="_blank" rel="nofollow noopener noreferrer">https://learn.microsoft.com/azure/virtual-desktop/network-connectivity, https://learn.microsoft.com/windows-365/enterprise/requirements-network?tabs=enterprise%2Cent#windows-365-service
Enhanced Security Posture
By exempting RDP traffic from TLS inspection and ensuring it bypasses VPN/SWG tunnels, organizations can improve security for remote connections, ensuring that sensitive data is not subjected to unnecessary scrutiny and potential exposure.
- next-steps: Review current security policies regarding TLS inspection and VPN/SWG configurations. Update policies to allow for the new subnet exemptions and educate security teams on the rationale behind these changes.
- roles: Security Administrators, Network Security Engineers, Compliance Officers
- references: https://learn.microsoft.com/windows-365/enterprise/azure-firewall-windows-365#windows365-tag, https://learn.microsoft.com/azure/virtual-desktop/required-fqdn-endpoint?tabs=azure#service-tags-and-fqdn-tags
Improved User Experience
Direct routing of RDP traffic through the new subnet can lead to lower latency and improved connection stability for users accessing Cloud PCs, enhancing overall productivity and satisfaction.
- next-steps: Monitor user feedback and connection performance metrics post-implementation. Consider conducting user training sessions to ensure they understand the benefits and how to optimize their settings accordingly.
- roles: End Users, IT Support Teams, Network Administrators
- references: https://learn.microsoft.com/windows-365/enterprise/whats-new#fqdn-tags-, https://learn.microsoft.com/azure/virtual-desktop/network-connectivity" target="_blank" rel="nofollow noopener noreferrer">https://learn.microsoft.com/azure/virtual-desktop/network-connectivity
Potentional Risks**
XXXXXXX ... paid membership only
IT Security**
XXXXXXX ... paid membership only
explanation for non-techies**
XXXXXXX ... free basic plan only
** AI generated content. This information must be reviewed before use.
a free basic plan is required to see more details. Sign up here
A cloudsocut.one plan is required to see all the changed details. If you are already a customer, choose login.
If you are new to cloudscout.one please choose a plan.