Skip to Content

How do I configure RDP Shortpath via Intune to reduce Azure Virtual Desktop latency?

By: Author Alex Lim

Posted on

Categories Troubleshooting

Home » Troubleshooting » How do I configure RDP Shortpath via Intune to reduce Azure Virtual Desktop latency?

Is the new RDP Shortpath GPO update essential for Windows 365 connection stability?

Optimizing Azure Virtual Desktop: RDP Shortpath Configuration Guide

Administrators managing Azure Virtual Desktop (AVD) environments received a critical toolset update on February 4, 2026. Microsoft effectively established general availability for RDP Shortpath configuration through Group Policy (GPO) and Microsoft Intune. This shift allows IT teams to manage connection protocols centrally rather than relying on individual host configurations.

Understanding RDP Shortpath

You must understand the transport layer to appreciate this feature. Standard remote desktop connections often rely on TCP-based reverse connect transport. While functional, TCP can suffer from latency issues.

RDP Shortpath forces the connection to use a UDP-based transport between the client and the session host. This direct path improves data throughput. The result is a more responsive user experience with fewer connection drops. The system treats the traditional TCP connection merely as a fallback mechanism if UDP fails.

The Mechanism: How It Works

RDP Shortpath utilizes Interactive Connectivity Establishment (ICE). This protocol allows the client and host to negotiate the most efficient path. The system collects network candidates and runs connectivity tests instantly. It selects the optimal route, whether that is a direct connection or a redirected UDP path.

New Management Capabilities

The release simplifies how you enforce these optimized connections. Administrators can now map Shortpath controls directly to registry-based policies. This ensures consistent behavior across distributed environments, including Windows 365 Cloud PCs.

You can now control three specific modes via policy:

  1. Managed Networks: Direct connectivity within private networks.
  2. Public/STUN: Traversal using Session Traversal Utilities for NAT (STUN).
  3. Public/TURN: Relayed traffic using Traversal Using Relays around NAT (TURN).

Strategic Recommendations

Microsoft advises leaving all three options enabled. This flexibility allows the ICE protocol to automatically select the best available path for the specific network conditions of the user.

However, security policies may dictate your configuration. If your organization requires strict traffic inspection or utilizes specific subnets, you might need to disable STUN-based traversal. This forces traffic through the dedicated TURN port. The new GPO and Intune integration makes applying these granular restrictions to your entire fleet straightforward.