3- To secure the remote desktop protocol (RDP) with Azure Multifactor, you must install the Azure MFA server in the same RDP server, in other word assume you have a server called “SRV1”, then you should install the MFA setup in the “SRV1” server, if you look back to point #2 you can conclude that you cannot secure the RDP for windows. Mar 01, 2021 Citrix Gateway presents all hosted, SaaS, web, enterprise, and mobile applications to users on any device and any browser. It uses nFactor Authentication to authenticate users against on-premises Microsoft AD and leverages Microsoft AD FS for Azure Multi-Factor Authentication (MFA).
Since everyone started working remotely, I've personally needed to Remote Desktop into more computers lately than ever before. More this week than in the previous decade.
I wrote recently about to How to remote desktop fullscreen RDP with just SOME of your multiple monitors which is super useful if you have, say, 3 monitors, and you only want to use 2 and 3 for Remote Desktop and reserve #1 for your local machine, email, etc.
IMHO, the Remote Desktop Connection app is woefully old and kinda Windows XP-like in its style.
There is a Windows Store Remote Desktop app at https://aka.ms/urdc and even a Remote Desktop Assistant at https://aka.ms/RDSetup that can help set up older machines (earlier than Windows 10 version 1709 (I had no idea this existed!)
The Windows Store version is nicer looking and more modern, but I can't figure out how to get it to Remote into an Azure Active Directory (AzureAD) joined computer. I don't see if it's even possible with the Windows Store app. Let me know if you know how!
So, back to the old Remote Desktop Connection app. Turns out for whatever reason, you need to save the RDP file and open it in a text editor.
Add these two lines at the end (three if you want to save your username, then include the first line there)
Note that you have to use the style .AzureADemail@domain.com
The leading .AzureAD is needed - that was the magic in front of my email for login. Then enablecredsspsupport along with authentication level 2 (settings that aren't exposed in the UI) was the final missing piece.
Add those two lines to the RDP text file and then open it with Remote Desktop Connection and you're set! Again, make sure you have the email prefix.
The Future?
Given that the client is smart enough to show an error from the remote machine that it's Azure AD enabled, IMHO this should Just Work.
More over, so should the Microsoft Store Remote Desktop client. It's beyond time for a refresh of these apps.
NOTE: Oddly there is another app called the Windows Desktop Client that does some of these things, but not others. It allows you to access machines your administrators have given you access to but doesn't allow you (a Dev or Prosumer) to connect to arbitrary machine. So it's not useful to me.
There needs to be one Ultimate Remote Windows Desktop Client that lets me connect to all flavors of Windows machines from anywhere, is smart about DPI and 4k monitors, remotes my audio optionally, and works for everything from AzureAD to old school Domains.
Between these three apps there's a Venn Diagram of functionality but there's nothing with the Union of them all. Yet.
Until then, I'm editing RDP files which is a bummer, but I'm unblocked, which is awesome.
Sponsor: Couchbase gives developers the power of SQL with the flexibility of JSON. Start using it today for free with technologies including Kubernetes, Java, .NET, JavaScript, Go, and Python.
About Scott
Scott Hanselman is a former professor, former Chief Architect in finance, now speaker, consultant, father, diabetic, and Microsoft employee. He is a failed stand-up comic, a cornrower, and a book author.
Azure Mfa Remote Desktop
AboutNewsletter -->
Azure Mfa Remote Desktop Gateway Nps
Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016
Leverage the power of Active Directory with Multi-Factor Authentication to enforce high security protection of your business resources.
For your end-users connecting to their desktops and applications, the experience is similar to what they already face as they perform a second authentication measure to connect to the desired resource:
- Launch a desktop or RemoteApp from an RDP file or through a Remote Desktop client application
- Upon connecting to the RD Gateway for secure, remote access, receive an SMS or mobile application MFA challenge
- Correctly authenticate and get connected to their resource!
Mfa For Remote Desktop
For more details on the configuration process, check out Integrate your Remote Desktop Gateway infrastructure using the Network Policy Server (NPS) extension and Azure AD.