1.I think the answer is negative. MFA need NPS server and NPS extension, meanwhile NPS server as authentication bridge between Azure AD and local Active Directory and there is "central servre running NPS" option on RDgateway server, So we think about "if there is no RDgateway server and there will be only sepearate NPS server in RDS environment, how win10 client contact session host server through this NPS server to complish MFA?"
2."However we would like to have users authenticate 1 time only with MFA."
I am think about RDWeb SSO, we check if it can work with MFA in your RDS environment.May be we can not implement to have users authenticate 1 time only with MFA.
"ince password guessing and login access are among the top causes of cyber attacks, additional layers of protection are essential. Multi-factor authentication (MFA) requires users to enter two or more identification factors to access an application."
Single Sign-On vs. MFA: Do You Know The Difference?
Please Note: Microsoft provides third-party contact information to help you find technical support. This contact information may change without notice.
If the Answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.