News

Microsoft Remote Desktop Services Improvements Previewed

• By Kurt Mackie
• 09/22/2017

Microsoft this week briefly showed access and security improvements that will be coming to Remote Desktop Services (RDS), which is a Windows Server capability for virtual desktop infrastructure (VDI) scenarios.

The improvements include Azure Active Directory support, a more secure architecture and HTML5 browser access support. The announcement today, including a video, didn't specify when the new RDS improvements would arrive, but suggested that all would be "in preview soon."

New RDS security protections will be enabled by coming Azure Active Directory support. Organizations will be able to impose multifactor authentication, an identity verification scheme that uses phone calls or text messages to secondarily confirm a user's identity. They'll also get conditional access support, which might be used to affirm a device's compliance status with IT policies before granting access.

Microsoft's video showed that users logged into an application will be able to quickly switch to other applications with the new RDS security approach. RDS also will get access to the Microsoft Security Graph service.

Microsoft is contending that an architectural change will add security to the service. Specifically, the RDS Gateway and Web roles aren't Internet facing anymore and thus subject to attack. Here's how Scott Manchester, principal group program manager for Remote Desktop Services, described it:

With the modern infrastructure roles, we isolate the infrastructure components from the Application and Desktop Host, and the infrastructure roles, like the Gateway and RD Web, and the rest of the infrastructure, are no longer joined to the domain. And because of this, now we can support multitenant deployments. And notice one other change. There's no RDVH role now. We've brought those same capabilities for VDI management directly into the Connection Broker. And we've also added a new role, Diagnostics. This new role collects information on the health of the deployment and can be used to troubleshoot end-to-end connectivity problems. And finally the Application and Desktop Host no longer requires open inbound ports. They establish an outbound connection to the infrastructure using Port 443.

The architectural changes will help RDS hosters better serve multiple tenants, Manchester added. They can use cloud infrastructure such as Microsoft Azure, as well as hybrid deployments where the Application and Desktop Host role gets located on the organization's premises.

RDS can also be accessed via HTML5 browsers with the new approach, in addition to RDS applications. The new browser-based access can be used to support remote access to resources by travelers. It also supports kiosk worker types of scenarios.