Microsoft recently announced that the Azure Virtual Machine Serial Console is generally available in global Azure regions. With this feature, we are being able to access the Virtual Machine (Windows or Linux) via a text-based console, which is connected to the COM1 virtual machines port.


  • Azure Serial Console is ONLY available in ARM resources and NOT in ASM (Classic)
  • Boot diagnostics MUST be enabled
  • To access this feature from the Azure Portal, the account MUST have contributor role.
  • The VM which want to access using the Azure Serial Console MUST have a password-based admin account.
Serial Console Supports Ctrl + Shift + C and Ctrl + Shift + V to copy and paste into the terminal

To better understand how we can use this serial console we will disable all the Windows Firewall rules for the Remote Desktop Port and we will disable the Windows Firewall to get access temporarily on the Virtual Machine and correct our mistake with the rules.

The Demo Steps

After we disable the rules, we try to access the Virtual Machine via RDP.

Of course, we all know the error message...

The Solution

To solve this problem we first open the Azure Portal in the Virtual Machine main blade and we select the Serial Console from the Support + troubleshooting section.

Connect to the Azure Serial Console

First, we must wait for a few seconds until connection to the Virtual Machine is established.

In the next step, we type the command cmd and click Enter, as the image below shows

After that, click the buttons Esc + Tab and we are ready to log in using the windows credentials. Type Username, Domain (if exists), Password and press Enter.

After we log in we have access to the VM, and we are able to run commands via cmd. For the demo purposes, we need to disable the Windows Firewall, so we execute the following command,

NetSh Advfirewall set allprofiles state off

And the result is that we can access the VM via RDP again, BUT we must check again the Windows Firewall rules.

Netsh Commands

Network Shell (Netsh) commands are using Dynamic - Link Libraries (DLL) to interact with Operating System (OS) components like Windows Firewall. We can execute these commands from Windows Command Prompt (CMD), Powershell, and of course from the Azure Serial Console.

# List ALL Windows Firewall Network Profiles
advfirewall show allprofiles
# Turn Off Windows Firewall
advfirewall set currentprofile state off
# List Windows Firewall Current Configuration
advfirewall show currentprofile
# Windows Firewall - Open Remote Desktop Port (RDP)
advfirewall firewall add portopening tcp 3389 RemoteDesktopPort
# Windows Firewall - Close Remote Desktop Port
firewall delete portopening tcp 3389


Reading this post we understand that Microsoft listens to us all and for that reason, we have the Serial Console in Azure Portal. By using this tool we are able to manage and configure the Virtual Machine(s). This is accomplished by enabling the Special Administration Console (SAC) which is exposed via the Serial Console.

See Also