Windows 2019 TS server with mfa authentication

Henry Niekoop 86 Reputation points
2021-07-01T22:18:44.23+00:00

I have 2 questions:

  • Can you configure mfa authentication with a single rdp session host (without an rd gateway)?
  • Also can you configure mfa authentication for the first sign in on the RD gateway? Normally you will have to sign in 2 times. First for the website portal and second when you sign in with the rdp client. By default mfa prompts the user only when the user connects with the rdp client. However we would like to have users authenticate 1 time only with MFA.

Thanks.

Remote Desktop
Remote Desktop
A Microsoft app that connects remotely to computers and to virtual apps and desktops.
4,217 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,294 questions
0 comments No comments
{count} votes

Accepted answer
  1. Andy YOU 3,066 Reputation points
    2021-07-02T07:12:12.337+00:00

    HI HenryNiekoop-2622,

    1.I think the answer is negative. MFA need NPS server and NPS extension, meanwhile NPS server as authentication bridge between Azure AD and local Active Directory and there is "central servre running NPS" option on RDgateway server, So we think about "if there is no RDgateway server and there will be only sepearate NPS server in RDS environment, how win10 client contact session host server through this NPS server to complish MFA?"

    2."However we would like to have users authenticate 1 time only with MFA."
    I am think about RDWeb SSO, we check if it can work with MFA in your RDS environment.May be we can not implement to have users authenticate 1 time only with MFA.

    "ince password guessing and login access are among the top causes of cyber attacks, additional layers of protection are essential. Multi-factor authentication (MFA) requires users to enter two or more identification factors to access an application."

    Single Sign-On vs. MFA: Do You Know The Difference?
    https://fortifiedhealthsecurity.com/blog/single-sign-on-vs-mfa-do-you-know-the-difference/

    Please Note: Microsoft provides third-party contact information to help you find technical support. This contact information may change without notice.

    ============================================
    If the Answer is helpful, please click "Accept Answer" and upvote it.
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    0 comments No comments

3 additional answers

Sort by: Most helpful
  1. Henry Niekoop 86 Reputation points
    2021-07-02T14:12:03.877+00:00

    Thanks, good to know about Single Sign On for Remote Desktop Infrastructure. I realized that after signing into the RDWeb landing page users can download the rdp client file and save it on their local machine. From that point on you do not have to sign in on the landing page anymore but start a session directly with the rdp file.

    0 comments No comments

  2. Henry Niekoop 86 Reputation points
    2021-07-02T14:12:15.027+00:00

    Thanks, good to know about Single Sign On for Remote Desktop Infrastructure. I realize that after signing into the RDWeb landing page users can download the rdp client file and save it on their local machine. From that point on you do not have to sign in on the landing page anymore but start a session directly with the rdp file.


  3. Henry Niekoop 86 Reputation points
    2021-07-06T13:40:42.247+00:00

    I'm good. thanks.

    0 comments No comments