MC894574 – Plan for change: New Windows 365 IP Subnet for RDP Connectivity

cloudscout.one Icon

check before: 2024-09-21

Product:

Windows 365

Platform:

Online, Web, Windows Desktop, World tenant

Status:

Change type:

Admin impact

Links:

Details:

Summary:
A new dedicated subnet, 40.64.144.0/20, will be implemented for Windows 365 RDP Reverse Connect traffic. Customers using IP addresses for connectivity must update their configurations to include this subnet. The FQDN *.wvd.microsoft.com and port TCP:443 remain unchanged. No action is needed for those using the FQDN or Azure Service tag directly.

Details:
Coming soon, we are implementing a change to the core TCP-based RDP traffic for Cloud PC connections. This traffic uses the wildcard fully qualified domain name (FQDN) *.wvd.microsoft.com, which is outlined in the documentation. While the FQDN remains unchanged, the underlying IP addresses associated with it will be updated.

Change Category:
XXXXXXX ... free basic plan only

Scope:
XXXXXXX ... free basic plan only

Release Phase:

Created:
2024-09-21

updated:
2024-09-21

Task Type

XXXXXXX ... free basic plan only

Docu to Check

XXXXXXX ... free basic plan only

MS How does it affect me

XXXXXXX ... free basic plan only

MS Preperations

XXXXXXX ... free basic plan only

MS Urgency

XXXXXXX ... free basic plan only

MS workload name

XXXXXXX ... free basic plan only

summary for non-techies**

Windows 365 is updating the internal IP addresses for RDP traffic to a new dedicated subnet (40.64.144.0/20), requiring users who manage connections with specific IP addresses to update their configurations, while those using the FQDN or Azure Service tag need not take any action.

Direct effects for Operations**

Connectivity Issues
If the new subnet is not configured, users relying on IP addresses for RDP connectivity may experience disruptions in accessing their Cloud PCs, leading to potential downtime.
   - roles: IT Administrators, End Users
   - references: https://learn.microsoft.com/azure/virtual-desktop/network-connectivity, https://learn.microsoft.com/windows-365/enterprise/requirements-network?tabs=enterprise%2Cent#windows-365-service

Increased Support Tickets
Failure to update configurations may result in an increase in support requests from users facing connectivity issues, impacting IT support resources.
   - roles: Help Desk Support, IT Administrators
   - references: https://learn.microsoft.com/windows-365/enterprise/azure-firewall-windows-365#windows365-tag" target="_blank" rel="nofollow noopener noreferrer">https://learn.microsoft.com/windows-365/enterprise/azure-firewall-windows-365#windows365-tag, https://learn.microsoft.com/windows-365/enterprise/whats-new#fqdn-tags-

User Experience Degradation
Users who depend on manual IP configurations may face delays and frustration due to connectivity problems, negatively affecting their productivity.
   - roles: End Users, IT Administrators
   - references: https://learn.microsoft.com/azure/virtual-desktop/required-fqdn-endpoint?tabs=azure#service-tags-and-fqdn-tags, https://learn.microsoft.com/windows-365/enterprise/azure-firewall-windows-365#windows365-tag" target="_blank" rel="nofollow noopener noreferrer">https://learn.microsoft.com/windows-365/enterprise/azure-firewall-windows-365#windows365-tag

Configutation Options**

XXXXXXX ... paid membership only

Opportunities**

Simplified Configuration Management
Transitioning to a dedicated subnet for RDP traffic minimizes the need for frequent IP address updates, reducing the administrative burden on IT teams. This allows for more efficient management of network configurations and reduces potential downtime due to misconfigurations.
   - next-steps: Communicate the change to all relevant teams and provide training on the new subnet configuration. Update internal documentation to reflect the new subnet usage.
   - roles: Network Administrators, IT Support Teams, System Administrators
   - references: https://learn.microsoft.com/azure/virtual-desktop/network-connectivity" target="_blank" rel="nofollow noopener noreferrer">https://learn.microsoft.com/azure/virtual-desktop/network-connectivity, https://learn.microsoft.com/windows-365/enterprise/requirements-network?tabs=enterprise%2Cent#windows-365-service

Enhanced Security Posture
By exempting RDP traffic from TLS inspection and ensuring it bypasses VPN/SWG tunnels, organizations can improve security for remote connections, ensuring that sensitive data is not subjected to unnecessary scrutiny and potential exposure.
   - next-steps: Review current security policies regarding TLS inspection and VPN/SWG configurations. Update policies to allow for the new subnet exemptions and educate security teams on the rationale behind these changes.
   - roles: Security Administrators, Network Security Engineers, Compliance Officers
   - references: https://learn.microsoft.com/windows-365/enterprise/azure-firewall-windows-365#windows365-tag, https://learn.microsoft.com/azure/virtual-desktop/required-fqdn-endpoint?tabs=azure#service-tags-and-fqdn-tags

Improved User Experience
Direct routing of RDP traffic through the new subnet can lead to lower latency and improved connection stability for users accessing Cloud PCs, enhancing overall productivity and satisfaction.
   - next-steps: Monitor user feedback and connection performance metrics post-implementation. Consider conducting user training sessions to ensure they understand the benefits and how to optimize their settings accordingly.
   - roles: End Users, IT Support Teams, Network Administrators
   - references: https://learn.microsoft.com/windows-365/enterprise/whats-new#fqdn-tags-, https://learn.microsoft.com/azure/virtual-desktop/network-connectivity" target="_blank" rel="nofollow noopener noreferrer">https://learn.microsoft.com/azure/virtual-desktop/network-connectivity

Potentional Risks**

XXXXXXX ... paid membership only

IT Security**

XXXXXXX ... paid membership only

explanation for non-techies**

XXXXXXX ... free basic plan only

** AI generated content. This information must be reviewed before use.

a free basic plan is required to see more details. Sign up here


A cloudsocut.one plan is required to see all the changed details. If you are already a customer, choose login.
If you are new to cloudscout.one please choose a plan.



Share to MS Teams

Login to your account

Welcome Back, We Missed You!