Share via

Which product to use 2FA "Entra ID" on Remote Desktop Gateway on Active Directory

Fulvio Palma 0 Reputation points
2024-12-19T10:43:33.73+00:00

Hi.

I would like information on which products are needed to implement 2FA on our infrastructure.

We currently have 3 Windows Servers (one in version 2022 and two in version 2016) that some colleagues need to access remotely via a remote desktop gateway (also in version 2016).

We have an Active Directory domain with a Primary Domain Server and a Backup Domain Server (both 2016) on which we have also installed the NPS role.

Some colleagues already operate in remote desktop on these machines from the outside, and on these connections we would need to implement, for security reasons, 2FA.

Reading the online documentation and contacting the support service (Tracking ID # 2412051410001489) I was unable to get answers.

In particular, I would like to know which products we should purchase, with what minimum license level, to implement 2FA on remote desktop gateways, if it is possible "on premise", without relying on Azure.

We currently have the "Microsoft 365 Apps for Education" and "Microsoft 365 A3 for Education" licenses.

Thanks in advance to anyone who can provide me with useful information.

Microsoft Security | Microsoft Entra | Microsoft Entra ID

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Sanoop M 4,310 Reputation points Moderator
    2024-12-20T06:59:41.9966667+00:00

    Hello @Fulvio Palma ,

    Thank you for reaching out Microsoft Q&A.

    As per your requirement you want to implement Multi factor Authentication for Remote Desktop Gateways(RDGs).

    Please note that you can integrate the Remote Desktop Gateway infrastructure with Microsoft Entra Multi factor Authentication(MFA) using the Network Policy Server(NPS) extension for Microsoft Azure.

    The Network Policy Server (NPS) extension for Azure allows customers to safeguard Remote Authentication Dial-In User Service (RADIUS) client authentication using Azure's cloud-based multifactor authentication. This solution provides two-step verification for adding a second layer of security to user sign-ins and transactions.

    Pre-requisites:

    Before you begin, you must have the following prerequisites in place.

    • Remote Desktop Services (RDS) infrastructure
    • Microsoft Entra multifactor authentication License
    • Windows Server software
    • Network Policy and Access Services (NPS) role
    • Microsoft Entra synced with on-premises Active Directory
    • Microsoft Entra GUID ID

    Note:

    Please note that you need to have Microsoft Entra ID P1/P2 license to integrate the Remote Desktop Gateway infrastructure with Microsoft Entra Multi factor Authentication(MFA) using the Network Policy Server(NPS) extension.

    Please refer to the below document for the step-by-step instructions for integrating your Remote Desktop Gateway infrastructure with Microsoft Entra multifactor authentication using the Network Policy Server (NPS) extension for Microsoft Azure.

    https://learn.microsoft.com/en-us/entra/identity/authentication/howto-mfa-nps-extension-rdg

    If this answers your query, do click Accept Answer and Yes if this answer is helpful. And, additionally if you have any further queries please do let us know.

    Thanks and Best Regards,

    Sanoop Mohan

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.