AZ-009 Microsoft Azure

No NSG allows unrestricted inbound RDP (3389) from the internet.

No NSG allows unrestricted inbound RDP (3389) from the internet.

Domain
Microsoft Azure
Area
Networking
Automated / manual
Automated

Risk if it fails

Open RDP is a top ransomware entry point.

RDP open to the world is relentlessly attacked. Most ransomware crews start exactly here: guess a password, log into the desktop, then encrypt everything.

How Tess tests it

1 test — each concludes only on cited evidence.

No NSG allows unrestricted inbound RDP (3389) from the internet.

Automated
Procedure
Enumerate NSG rules and flag Allow inbound 3389 from '*'/Internet.

Read-only command 

az network nsg list --query "[].{Name:name,Rules:securityRules[?destinationPortRange=='3389' && access=='Allow' && (sourceAddressPrefix=='*' || sourceAddressPrefix=='Internet')]}"

More in Microsoft Azure

AZ-001 MFA is enforced for all users, especially privileged roles. AZ-002 Number of Global Administrators is limited (typically 2-4). AZ-003 Privileged Identity Management (PIM) provides just-in-time elevation. AZ-004 Legacy/basic authentication is blocked.

Want Tess to test AZ-009 against your evidence?

Book a demo