Azure - VPS Windows - Logon with M.F.A - Native or with another apps?

Renato Pereira 181 Reputation points


Is there a way to protect RDP connection to a VPS Windows Server running on Azure environment with M.F.A at the login or should we use another app like Cisco Duo Security?

Azure Virtual Machines
Azure Virtual Machines
An Azure service that is used to provision Windows and Linux virtual machines.
7,518 questions
Windows Server
Windows Server
A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.
12,575 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. prmanhas-MSFT 17,901 Reputation points Microsoft Employee

    @Renato Pereira Apologies for the delay in response and all the inconvenience caused because of the issue.

    We do have one option in place which is applicable for Windows Server 2019 Datacenter edition or Windows 10 1809 and later using Azure AD Authentication enabled on your Azure VM.

    You will be able to centrally control and enforce Azure RBAC and Conditional Access policies that allow or deny access to the VMs.

    You can read more about it here.

    If the mentioned server comes under these categories you can try to apply conditional access policy on these and MFA should mostly work. Also this would be recommended setting from Microsoft.

    Once you enable this capability, your Windows VMs in Azure will be Azure AD joined. You cannot join it to other domain like on-premises AD or Azure AD DS. If you need to do so, you will need to disconnect the VM from your Azure AD tenant by uninstalling the extension.

    You can enable Duo configuration as well but their documentation has recommended Conditional Access as well.

    Hope it helps!!!

    Please "Accept as Answer" if it helped so it can help others in community looking for help on similar topics.

    0 comments No comments