RDP: Block IP address after failed login attempts RRS feed

  • Question

  • It is surprisingly high the number of RDP access attempts nowadays, regardless of the external port being used. Even more surprising is the fact that Microsoft systems do not have their own blocking feature for offending IPs, which would be appropriate to be enabled by default.

    Is there documentation that explains why Microsoft does not include this very important feature, crucial even to the company's own security reputation?

    What server-side alternative solutions would you recommend to mitigate botnets and so many other online brute force and similar threats?
    Saturday, July 13, 2019 12:33 AM

All replies

  • You can apply restrictions from your server it self such as restricting RDP access based on source address so that the server does not accept any request from other IPs unless allowed. You can also change the default RDP port to something else and share it with whomever necessary. The attacks usually come on default ports thus making a few changes will be a cost effective solution to avoid such attacks.

    Basheer Syed

    Monday, July 15, 2019 10:24 AM
  • hi
    Is there any progress on your question?
    Microsoft Defender Advanced Threat Protection

    Best Regards
    Andy YOU
    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact

    Monday, July 15, 2019 3:39 PM