wheireland.blogg.se

If you want to enforce two-factor authentication for all your clients, you should ensure that they must connect through RD Web Access with Duo and/or RD Gateway with Duo. This alternative also supports passcode authentication. If operational requirements mandate continued use of RD CAPs/RAPs, you may want to consider installing Duo for Windows Logon at your RDS Session Hosts instead. The CAPs and RAPs become inaccessible from the Remote Desktop Gateway Manager and previously configured policy settings are ignored by Remote Desktop Gateway. Installing Duo's RD Gateway plugin disables Remote Desktop Connection Authorization Policies (RD CAP) and Resource Authorization Policies (RD RAP).

Remote applications may no longer be launched from the "RemoteApp and Desktop Connections" app feed after Duo is installed on your RD Web server.īefore you begin deploying Duo in your RDS environment, please read our Duo 2FA for Microsoft Remote Desktop Services overview to understand the capabilities and limitations of the different deployment options. Subsequent RemoteApp launches do not require additional Duo authentication during the same session. Users need to perform Duo 2FA authentication at the RD Web server when logging on via the browser, and then approve another Duo request when launching the first RemoteApp of that session. This configuration does not support passcodes or inline self-enrollment. When logging on to the RD Web portal, users receive the Duo enrollment or authentication page after primary authentication.ĭuo Authentication for Remote Desktop Gateway adds two-factor authentication to your RemoteApp connections launched from RD Web, and blocks any connections to your Remote Desktop Gateway server(s) from users who have not completed two-factor authentication when all connection requests are proxied through a Remote Desktop Gateway. Overviewĭuo Authentication for Microsoft Remote Desktop Web Access adds two-factor authentication protection to RD Web portal browser logons. Duo integrates with Remote Desktop Web Access (previously Terminal Services) and Remote Desktop Gateway to add two-factor authentication to RD Web and RD Gateway logons.