Web Client Bypass on RDG with Azure AD MFA NPS extension

Pavlo Vyliehzhanin 11 Reputation points
2022-10-05T02:32:09.13+00:00

Hi,

Is it possible to bypass RD Web Client when using Remote Desktop Gateway with AzureAD MFA NPS extension?

My plan is to use Web Client through AzureAD Application Proxy in browser and Remote Desktop Gateway with AzureAD MFA NPS extension using Microsoft Store Remote Desktop Client.

Windows Server
Windows Server
A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.
12,291 questions
Remote Desktop
Remote Desktop
A Microsoft app that connects remotely to computers and to virtual apps and desktops.
4,299 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,854 questions
{count} votes

2 answers

Sort by: Most helpful
  1. Akshay-MSFT 16,511 Reputation points Microsoft Employee
    2022-10-06T09:59:06.973+00:00

    Hello @PaulVyile,

    Thanks for posting your query on Microsoft Q&A. From your description I could understand that you want to:

    Exclude the remote desktop web client from MFA triggered due to integration of Network Policy Server (NPS) infrastructure with Azure AD Multi-Factor Authentication

    Please correct me if this is not the case by responding in comments section else follow below suggestions:

    248025-image.png

    • Then select Conditions > Client Apps > Keep "Browser Clients" unchecked and check all other options, this will enforce the CA policy for MFA only on non-browser clients:

    248085-image.png

    Thanks,
    Akshay Kaushik

    Do let me know if you have any queries in the comments section OR please "Accept the answer" if the information helped you. This will help us and others in the community as well.

    1 person found this answer helpful.

  2. Limitless Technology 39,436 Reputation points
    2022-10-06T10:18:32.117+00:00

    Hello there,

    I suppose it is possible to do so. Prior to the availability of the NPS extension for Azure, customers who wished to implement two-step verification for integrated NPS and Azure AD MFA environments had to configure and maintain a separate MFA Server in the on-premises environment.

    The availability of the NPS extension for Azure now gives organizations the choice to deploy either an on-premises based MFA solution or a cloud-based MFA solution to secure RADIUS client authentication.

    ------------------------------------------------------------------------------------------------------------------------------------------

    --If the reply is helpful, please Upvote and Accept it as an answer--