Just Don't Allow Public RDP and SSH, Period.
This good article touches on the vulnerabilities of SSH and RDP brute force attacks against Azure VMs. Who else is frightened by the huge expansion of super-easy direct public Internet access to compute in Azure, AWS and other cloud platforms? It's just too simple to open, vulnerable to sloppy security practices. Secure your VPCs, your VNETs, your VMs just like you secure your colo or on-premise data center, via automated builds and tight change management processes.