Hi,
PIV card is a kind of smart card. In a Remote Desktop scenario, a user is using a remote server for running services, and the smart card is local to the computer that the user is using. In a smart card logon scenario, the smart card service on the remote server redirects to the smart card reader connected to the local computer where the user is trying to log on. So if you have enabled smart card logon on your company's client PCs, you will be able to use the smart card to RDP to the remote servers.
You can refer following article for details.
Smart Card and Remote Desktop Services
https://learn.microsoft.com/en-us/windows/security/identity-protection/smart-cards/smart-card-and-remote-desktop-services
For enabling smart card logon on client PCs in your company, you can read below article for reference:
Guidelines for enabling smart card logon with third-party certification authorities
https://learn.microsoft.com/en-us/troubleshoot/windows-server/windows-security/enabling-smart-card-logon-third-party-certification-authorities
If you have RDS deployment with RDCB role and RD Gateway role installed, please follow below steps. If you only have RD session host role, just do step 2-4.
- On RDCB server, go to server manager, navigate to remote desktop services>Overview>Edit Deployment Properities>select RD Gateway>choose smard card authentication or allow user to select during connection for Logon method
- On Remote Desktop Session Host servers, set below group policies
Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Device and Resource Redirection
Do not allow supported Plug and Play device redirection - Disabled
Do not allow smart card device redirection - Disabled - On client, set below group policy
Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Connection Client\RemoteFX USB device Redirection
Allow RDP redirection of other supported RemoteFX USB devices from this computer - Enabled - When using mstsc to remote connect to the servers, go to Local Resources tab > Local devices and resources > More, make sure Smart cards and Other supported Plug and Play (PnP) devices have been checked. Then it will pop up the authentication window for you to choose whether using password or smart card to logon.
Thanks,
Eleven
----------
If the Answer is helpful, please click "Accept Answer" and upvote it. Thanks.