Powershell – How to modify Azure VM firewall rule for remote desktop

You're trying to set this rule in the RDP configuration page, you should be setting it in the firewall configuration page.

Basically, you need to click start, search for Windows Firewall and follow the screen shots that I've provided below. You'll be adding a Remote IP Allow rule to the pre-defined RDP-IN rule that should already be enabled.

Edit: Added screenshots

Step 1: Open the Windows Firewall with Advanced Configuration

Step 2: Locate the Remote Desktop rule that's currently enabled and edit it.

Step 3: In the Scope tab, change the allowed Remote IPs field to whatever you want. This is the source address that you wish to restrict.

IMHO, by far the quickest and easiest solution would be to use an IPSec setup using transport mode only and certificate based authentication.

This would allow you to connect to the public IP of your server from only your specific laptop (or wherever you install your custom certificate).

VPN is great but it is really overkill if all you need is the transport mode - most VPN guides assume needing to set up tunneling and that is overkill in your use case.

If I were going to do this:

1. Create a local self signed certificate on both the server and workstation.
2. Import the workstation cert on the server and visa versa. They need to be in the trusted root store.
3. Create a connection security rule using the settings 'any remote ip' for endpoint 1 and 'your server ip here' for endpoint 2, using certificate authentication. This will let the server optionally use IPSec. The same rule would also need to be set up on your workstation.
4. Create a Windows Firewall rule on the server using the 'allow the connection if it is secure' option. I'd start with a single protocol such as Remote Desktop. You could broaden it later.

Note there might be a couple AWS specific steps such as ports required to be opened I haven't covered. You might want to spin up a test instance to try this out on.