ACSC Logo
© 2026 GEMXIT
GEMXIT Logo
Azure VM • RDP Exposure • Attack Surface

The RDP Port Was Open… And Everyone Could See It

A practical Azure security briefing showing how quickly exposed RDP becomes visible to scanning systems, brute-force attempts and password spray activity across the internet.

Discuss your environment Back to briefings
Agent Foskett RDP exposure briefing
Briefing summary

The VM looked normal at first glance, but a public IP and open RDP port meant it was already being probed from around the world.

Public IP assigned
RDP open on 3389
Global scanning activity

What happened

Internet visibility changes the risk immediately.
The setupA Windows Server VM in Azure was hosting a business application and had a public IP assigned for remote administration.
The exposureLogs showed thousands of connection attempts from IP addresses around the world, including brute-force activity, password spraying and vulnerability probing.
Lesson learnedIf RDP is open to the world, it will be found. Secure administrative access needs to be engineered, not assumed.
Need an Azure access and exposure review?
GEMXIT helps reduce attack surface with Azure Bastion, JIT access, NSGs, Entra ID and safer administration design.
Contact GEMXIT
ACSC Logo  GEMXIT PTY LTD   GEMXIT UK LTD   © GEMXIT 2026

Agent Foskett The RDP Port Was Open

This Agent Foskett cyber briefing covers exposed RDP in Azure, public IP risk, password spraying, brute-force attacks, Azure Bastion, JIT access and cloud attack surface reduction.

It highlights why exposed administrative ports are quickly discovered and targeted.