Best option under Azure to provide remote desktop access to an application?

remote-desktop-services azure rdp windows-server-2012-r2

Azure VDI is a better bet for what you're talking about. You deploy your application, and then license user access to it through your Azure subscription. This requires a significant amount of back-end setup, especially given that you've already got a working version of your app, but is really what you want to do. For a deployment that's going to service 500 individual users, you should reach out to your Azure rep for assistance in planning and licensing the solution. The Solarwinds walkthrough on publishing a non-built-in Windows application is very thorough and easy to follow if you speak PowerShell. If you don't speak PowerShell it's all gonna be a slog.

If you want to use RDS, you will need to build an RDS farm to support that many users.

Deploying an RDS farm on Azure can be done through the Azure Marketplace. If you don't want to use the marketplace version, deploying on Azure is essentially the same as deploying on-prem, you need a gateway, some number of session hosts depending on how resource intensive your application is, firewall settings, and of course licensing. You can find more details about how to perform the technical setup here.

With per-user CALs, you need to license every user that will connect, regardless of if they are connecting concurrently or not. You attach each of these CALs to a user in your AD. With per-device CALs, you need to license the device that users are connecting FROM. So depending on how your users are connecting, your licensing options are ~the same, or vastly different. You can find more details here, but it's as clear as anything Microsoft releases about licensing.

Your best bet with any licensing is to talk to Microsoft about how to license things properly; there's a reason they offer certifications in licensing.

You should also plan to migrate off of Server 2012 if your application can support it. 2012 is out of mainstream support, and will be leaving extended support in the next 3 years. If you're running everything in Azure, the price difference is significant only if you're using the hybrid licensing benefit. If you don't have SA, you're probably in breach of licensing if you're using it. If you've got active SA, you should be deploying on Server 2016, or 2019. There are considerable improvements, as well as security enhancements between 2012(r2) and 2016, even more so with 2019.

Related

Unable to ssh with authorized keys, password always prompted
Where to securely deploy Citrix Netscaler?
Kubernetes eks supported HPA api version
How can I filter a Dynamic Distribution Group by Database name?
systemd starts one more 'unwanted' instance of my template
Rewrite robots.txt based on host with htaccess
Load, Compare & Diff Registry of Windows Servers & Clients on VHDs?
Is there a way to control how pytest-xdist runs tests in parallel?
How to read "List Separator" settings from Regional configuration of control panel?
How do I add typescript to an existing Asp.Net MVC project? [duplicate]
Git changes my file permissions upon checkout
Which exception to throw for invalid input which is valid from client perspective