Remote Desktop RDP Port
You could of course manually configure RDP to listen on different ports to allow connection from other standard or non-standard ports. In my case, I need to be able to RDP to an Azure Virtual Machine from a local school or customer office where the IT department has blocked port 3389. There is a new Virtual Machine Type in the Azure Image Gallery called “Windows Server Essentials Experience Windows Server 2012 R2”. This machine already has Windows Server Essentials Experience role enabled so it is a simple matter to configure everything so someone can connect with HTTPS (via VPN) to an RDP Server. We will leverage this image for this Step-By-Step post. By default when you create a new machine the Windows Server Essentials Experience is not “configured” for Anywhere Access (VPN) functionalities and you have to Remote Control to the server to configure it. Therefore, I will be leveraging an artificial [Magic] “port swap” by managing end points for the server using the Azure End Points Configure screen to configure Windows Server Essentials Experience. These procedures will work for Windows Server 2012 R2 Datacenter as well. You only need to use the Essentials image if you need Anywhere Access (VPN) connectivity. Anywhere Access basically gives you the capability to VPN over HTTPS.
OR… If you want to do Essentials…
I am assuming you already have an Azure account but if you do not, you can always get a free trial from
Before we can create the virtual machine, we need to setup some infrastructure. First is the Network.
In the lower left corner of the screen, click New. In the navigation pane, click Network services, and then click Virtual Network. Click Custom Create to begin the configuration wizard.
On the Virtual Network Details page, enter the following information.
Note: For more information about the settings on the details page, see the Virtual Network Details section in Configuring a Virtual Network using the Management Portal.
In the Name box, type a name for the virtual network (for example, GuruNetwork).
In the Location drop-down list, select an existing Location. Click the Next arrow.
Skip the DNS Servers and VPN Connectivity page.
On the Virtual Network Address Spaces page, enter the following information, and then click the checkmark on the lower right to configure your network.
Type the starting IP address and CIDR (address count), such as 10.0.0.0/24.
Note: We recommend that the address count of the network and the subnet are equal or larger than /24 (256).
Create a Storage Account
In the taskbar, click New, click Data Service, click Storage, and then click Quick Create.
In the quick create form, do the following: In the URL box, type a unique URL (for example, gurustorage). In the Location/Affinity Group drop-down list, select the same affinity group as the virtual network (for example, East US 2).
Ensure that the Enable Geo-Replication check box is selected. (However, if you don’t want geo-replication for your storage account, clear the Enable Geo-Replication check box.)
Click the checkmark to create your virtual storage account.
Note: It can take a while for the storage account to be created. To check the status, you can monitor the notifications in the status bar of the Management Portal. After the storage account has been created, your new storage account shows an Online status, and it is ready to use.
Create Virtual Machine
In the taskbar, click New.
In the navigation pane, click Compute, click Virtual Machine, and then click From Gallery to launch the Create a Virtual Machine Wizard.
On the Virtual Machine Operating System Selection screen, select Windows Server Essentials Experience on WS 2012 R2 as the platform image.
On the Virtual machine configuration page, enter the following information:
In the Virtual Machine Name box, type a unique virtual machine name. For example, GuruTS.
In the New user name box, type a user name. In the New Password box, type a strong password.
Leave the Tier at Standard
In the Size drop-down list, select A2 (2 cores, 3.5 GB memory), which supports >5 – 200 client computers. If you want the virtual machine to support less than 5 client computers, you can select Small (1 core, 1.75 GB memory).
In the Confirm Password box, type the password again.
Tip: Write down the user name and password because these are the credentials that you will use to sign in to your new virtual machine.
Click the Right Arrow to move to the Next screen in the Wizard.
For Cloud Service, select Create a new cloud service. Keep the automatically generated cloud service DNS name, or specify a new one.
In the Region/Affinity Group/Virtual Network drop-down list, select the virtual network that you created earlier (for example, GuruNetwork). IMPORTANT: Do not keep the default, do not select the Affinity Group… Select the NETWORK
Leave the default selection for Virtual network subnets, or select a different subnet as needed.
In the Storage Account field, select the storage that was created in the previous step (for example, GuruStorage).
On the Virtual machine configuration page, add two new endpoints as follows: Click to expand the dropdown list in the new line below PowerShell, and then select HTTP. Verify that the protocol is TCP, and that the public port and the private port are 80.
Note: The Media Streaming feature does not work if Port 80 is not enabled.
Click to expand the dropdown list in the new line below HTTP, and then select HTTPS. Verify that the protocol is TCP, and that the public port and the private port are 443. Click the checkmark to begin the virtual machine creation.
It can take a while for the virtual machine to deploy. You can monitor the status of the virtual machine deployment in the status bar of the Management Portal.