Web Client Bypass on RDG with Azure AD MFA NPS extension

Pavlo Vyliehzhanin 11 Reputation points
2022-10-05T02:32:09.13+00:00

Hi,

Is it possible to bypass RD Web Client when using Remote Desktop Gateway with AzureAD MFA NPS extension?

My plan is to use Web Client through AzureAD Application Proxy in browser and Remote Desktop Gateway with AzureAD MFA NPS extension using Microsoft Store Remote Desktop Client.

Windows for business | Windows Client for IT Pros | User experience | Remote desktop services and terminal services
Microsoft Security | Microsoft Entra | Microsoft Entra ID
Windows for business | Windows Server | User experience | Other
{count} votes

2 answers

Sort by: Most helpful
  1. Akshay-MSFT 17,956 Reputation points Microsoft Employee Moderator
    2022-10-06T09:59:06.973+00:00

    Hello @PaulVyile,

    Thanks for posting your query on Microsoft Q&A. From your description I could understand that you want to:

    Exclude the remote desktop web client from MFA triggered due to integration of Network Policy Server (NPS) infrastructure with Azure AD Multi-Factor Authentication

    Please correct me if this is not the case by responding in comments section else follow below suggestions:

    248025-image.png

    • Then select Conditions > Client Apps > Keep "Browser Clients" unchecked and check all other options, this will enforce the CA policy for MFA only on non-browser clients:

    248085-image.png

    Thanks,
    Akshay Kaushik

    Do let me know if you have any queries in the comments section OR please "Accept the answer" if the information helped you. This will help us and others in the community as well.

    1 person found this answer helpful.

  2. Limitless Technology 39,926 Reputation points
    2022-10-06T10:18:32.117+00:00

    Hello there,

    I suppose it is possible to do so. Prior to the availability of the NPS extension for Azure, customers who wished to implement two-step verification for integrated NPS and Azure AD MFA environments had to configure and maintain a separate MFA Server in the on-premises environment.

    The availability of the NPS extension for Azure now gives organizations the choice to deploy either an on-premises based MFA solution or a cloud-based MFA solution to secure RADIUS client authentication.

    ------------------------------------------------------------------------------------------------------------------------------------------

    --If the reply is helpful, please Upvote and Accept it as an answer--


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.