RDP access can be configured on either the network security group or in the network security group rule.
RDP access should not be permitted from the internet (*, 0.0.0.0, /0, internet, any). Consider using the Azure Bastion Service.
The following example will fail the AZU024 check.
The following example will pass the AZU024 check.