Plan for change: New TURN Relay IP Range for Windows 365 to Enhance RDP Shortpath

Starting June 15, 2025, Microsoft will roll out a new TURN relay IP range (51.5.0.0/16) in Azure for Windows 365, enhancing RDP Shortpath performance. Organizations using custom networking must allow this range through firewalls. TCP-based RDP is unaffected. Benefits include expanded global coverage and improved connection quality.

Starting June 15, 2025, Microsoft will begin rolling out a new TURN (Traversal Using Relays around NAT) relay IP range (51.5.0.0/16) in the Azure public cloud. This update supports RDP Shortpath for public networks, providing improved performance and reliability for UDP-based connections in Windows 365 Cloud PC scenarios.

This change will gradually shift connections from the existing ACS TURN Relay range (20.202.0.0/16) to the new Azure Virtual Desktop and Windows 365 dedicated TURN Relay range (51.5.0.0/16). While the transition is seamless, proactive configuration is required to avoid disruptions. TCP-based connectivity is unaffected by this change.

[How this will affect your organization:]

If your organization uses custom networking configurations such as Azure Network Connections (ANC) or hybrid networks, action is required to ensure UDP-based connectivity is maintained.

TCP-based RDP connectivity is unaffected by this change.

[What you need to do to prepare:]

1. Ensure Accessibility

• Allow 51.5.0.0/16 through your firewalls and security appliances.
• For ANC users, allow the WindowsVirtualDesktop service tag in NSGs, UDRs or firewall rules.
• If you're using Microsoft Hosted Network Windows 365 deployments, no changes are required, but optimization is recommended.

2. Optimize Connectivity

• Bypass TLS inspection for TURN relay traffic, it is already double encrypted, and inspection can degrade session quality.
• Enable local egress, so traffic exits the network as close to the user as possible.
• Bypass VPNs, proxies, and Secure Web Gateways (SWGs) to allow direct routing to Microsoft TURN services.
• In Azure, consider configuring User Defined Routes (UDRs) to send TURN traffic directly to the internet and avoid unnecessary inspection via virtual appliances or firewalls.

Key benefits:

• Expanded Global Coverage: From 14 to 40 Azure regions
• Improved Connection Quality: Faster reconnections, fewer dropouts
• Optimized Routing: Dedicated TURN range specific to Windows 365 RDP Shortpath

Note: The TURN relay used is based on the user’s physical location, not the Cloud PC location.

Additional Resources:

• Use RDP Shortpath with Windows 365 Cloud PCs
• WindowsVirtualDesktop service tag reference
• RDP Shortpath Documentation
• Expanded TURN relay regions for Windows 365 and Azure Virtual Desktop