Only allow MFA connection to RDP server

Mitch 1 Reputation point
2021-09-16T17:00:49.63+00:00

I've set up our Remote Desktop server to allow access by using Multi Factor Authentication through the Microsoft Authenticator app by using this guide.

This works for all new connections through the rd web access site, users must authenticate with the app before it allows them remote into the server. But for people who have created their own RDP shortcuts, with the "Automatically detect RD Gateway server settings" option selected, can bypass MFA and connect with just their username and password.

Is there a way to restrict connection so that users must use MFA to connect?

Remote Desktop
Remote Desktop
A Microsoft app that connects remotely to computers and to virtual apps and desktops.
4,332 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
20,101 questions
{count} votes

1 answer

Sort by: Most helpful
  1. Pieter van Kampen 1 Reputation point
    2021-10-29T19:50:43.007+00:00

    Are you sure? I think MFA does not work when you login to an existing (disconnected) session, it only works when you login to a computer where the user previously logged out. Can you try that?

    How do you block the non-MFA connection at the firewall level?

    0 comments No comments