Using Unified Tenant Configuration Management in Microsoft Graph to define baselines and detect drift in Intune compliance policies.

We are pleased to announce the general availability (GA) of centralized RDP Shortpath configuration using Microsoft Intune and Group Policy (GPO). This update gives IT administrators a unified, policy-driven way to control which RDP Shortpath modes (Managed, Public/STUN, Public/TURN) are enabled across Azure Virtual Desktop (AVD) session hosts and Windows 365 Cloud PCs. These Shortpath controls now map directly to registry-backed policies, so IT admins can easily maintain consistent behavior across large or distributed environments. RDP Shortpath provides multiple optimized UDP-based transport paths—Managed, Public/STUN, and Public/TURN—that improve connection performance and reliability across diverse network environments. These options collectively form the RDP Shortpath feature set, and we recommend keeping them all enabled so the best path can be selected automatically. However, if your organization requires stricter control—for example, disabling STUN based traversal to ensure traffic flows only through TURN’s dedicated port and subnet—admins now have the policy-driven flexibility to do so through centralized configuration. Organizations using Windows 365 and AVD have asked for stronger policy-governed control over Shortpath behavior—especially as network environments grow more complex. With this release, admins: * No longer need per-host manual configuration. * Gain predictable, enforced behavior across managed devices. * Can centrally govern Shortpath modes based on security, NAT topology, or network readiness. This release brings Shortpath into the same modern management motion that customers already use for Windows configuration, compliance, and security. Benefits of centralized Shortpath configuration Unified policy management across AVD and Windows 365 Admins can centrally control all three Shortpath modes through GPO or Intune, which directly writes the relevant registry-backed configuration on each session host. This ensures consistent and governed behavior across all devices. Operates in addition to AVD host pool configuration For Azure Virtual Desktop, these GPO and Intune configurations act in addition to host pool network settings. This gives admins an extra layer of control at the session host level. When both host pool settings and policies are configured, the session-host policy takes precedence, ensuring deterministic behavior. This layering model is reinforced in internal discussions where session host configuration remained necessary in cases such as enabling UDP listener paths.   Important! The settings described in this article update registry-backed policies that enable or disable RDP Shortpath modes. Network prerequisites must still be in place (UDP allowed; STUN/TURN endpoints reachable) for connections to succeed. After policies apply, restart the session hosts or Cloud PCs for changes to take effect. See Optimization of RDP documentation for more detail.   Configuring RDP Shortpath using Intune To enable the RDP Shortpath listener on your session hosts using Microsoft Intune:   * Sign in to the Microsoft Intune admin center. * Create or edit a configuration profile  for Windows 10 and later devices, with the Settings catalog profile type. * In the settings picker, browse to Administrative templates > Windows Components > Remote Desktop Services > Remote Desktop Session Host > Azure Virtual Desktop > RDP Shortpath. * Expand the Administrative Templates category. * For each RDP Shortpath type, toggle the setting to Enabled or Disabled. * Enabled or Not Configured: The connection will attempt to use the specified network path. * Disabled: The connection will not use this network path. * Available RDP Shortpath types: * RDP Shortpath for managed networks using NAT traversal * RDP Shortpath for public networks using NAT traversal * RDP Shortpath for public networks using Relay (TURN) * Select Next. * Optional: On the Scope tags tab, select a scope tag to filter the profile. For more information about scope tags, see Use role-based access control (RBAC) and scope tags for distributed IT.  * On the Assignments tab, select the group containing the computers providing a remote session you want to configure, then select Next.  * On the Review + create tab, review the settings, then select Create. * Once the policy applies to the computers providing a remote session, restart them for the settings to take effect.  Configuring RDP Shortpath using Group Policy (GPO) in an Active Directory domain To configure the RDP Shortpath using Group Policy in an Active Directory domain:  * Make the administrative template for Azure Virtual Desktop available in your domain by following the steps in Use the administrative template for Azure Virtual Desktop.  * Open the Group Policy Management console on a device you use to manage the Active Directory domain.  * Create or edit a policy that targets the computers providing a remote session you want to configure.  * Navigate to Computer Configuration > Policies > Administrative Templates > Windows Components > Remote Desktop Services > Remote Desktop Session Host > Azure Virtual Desktop > RDP Shortpath.   * Review the available RDP Shortpath types:  * RDP Shortpath for managed networks using NAT traversal   * RDP Shortpath for public networks using NAT traversal   * RDP Shortpath for public networks using Relay(TURN)   * Double-click the policy setting Enable RDP Shortpath for managed networks to open it.  * Set the policy to Enabled or Disabled:   * Enabled or Not Configured: The connection will attempt to use the specified network path.  * Disabled: The connection will not use this network path.  * Ensure the policy is applied to the session hosts, then restart them for the settings to take effect.  Note After you configure the GPO policy, restart the session to ensure the changes take effect. Summary The GA of RDP Shortpath configuration via GPO and Microsoft Intune gives administrators:  * Stronger policy-governed control  * Deterministic Shortpath behavior  * A layered model that works with AVD host pool configuration  * A consistent management experience across Windows 365 and AVD  While these policy settings simplify administration, network prerequisites still determine whether Shortpath will successfully establish.  We welcome your feedback and hope these enhancements help streamline your connectivity strategy across Windows 365 and Azure Virtual Desktop environments.    Continue the conversation. Find best practices. Bookmark the Windows Tech Community, then follow us on LinkedIn or @MSWindowsITPro for updates. Looking for support? Visit Windows on Microsoft Q&A .

YouTube video by Travis Roberts

Subscribe to Microsoft Azure today for service updates, all in one place. Check out the new Cloud Platform roadmap to see our latest product plans.

We wanted to provide the updated Exchange Online SMTP AUTH Basic Authentication Deprecation Timeline.  

Ready to take your Fabric security to the next level? This article breaks down how to secure your tenant by routing traffic through private…

A new four‑part webinar series that helps you turn the 2026 identity strategy into actionable steps—with demos, templates, and guidance from Microsoft Entra.

AI agents are transforming how organizations operate, but their autonomy also expands the attack surface.

This month, Microsoft re-released PowerShell as a command-line option for Intune Win32 packages, making it easy to update the installation script without recreating the IntuneWin package. In this b…

Code reviews can be a tough and frustrating experience due to long wait times, nitpicking, constant context switching, and many other reasons. GitHub has offered AI-assisted code reviews for quite …

Unlock AVD Direct URI: Launch Windows App straight to your Azure Virtual Desktop! Want faster remote access to your Azure Virtual Desktop? In this tutorial, we’ll show you how to use the Windows App…

Azure Application Gateway now supports TCP and TLS termination, enabling a single gateway to handle web and non‑HTTP traffic alike. This update simplifies architecture, centralises TLS management, and...

Migrating workloads to the cloud can feel like navigating a minefield — full of potential misconfigurations, inconsistent environments, and compliance pitfalls. That’s why the latest episode of the...

: PostgreSQL 18 is now GA on Azure Postgres with in-place upgrades, Entra ID, Query Store, and global availability.

Learn how to deploy AVD with FSLogix using Entra-only identities and Azure Files for a fully cloud-native setup. Includes step-by-step demo and prerequisites.

In July 2026, Microsoft will raise the price of most Microsoft 365 commercial subscription tiers, some dramatically. The post Microsoft 365 Commercial is Getting More Expensive in 2026 appeared first on Thurrott.com.