-
> In this case, the subnet-level NSG (TDSG-TDSub1) already has an inbound rule that allows TCP traffic on port 3389,
I don’t see that anywhere in the the question. The question says (copy/paste) :
> TDSG-TDSub1 uses default inbound security rules whileTDSG-TD1 has the default inbound security rules with a custom rule
If TDSG-TDSub1 is using default inbound security rules than it does not have an inbound rule that allows TCP traffic on port 3389.
Regards,
Sam
