Share via

How to enable multi-factor authentication for rdp connections

RsysMartem 41 Reputation points
2022-04-12T09:04:12.953+00:00

Hi, I need to set up a multi-factor authentication system for rdp connections to my windows server 2016. I have been looking at all the guides out there on this. I have it configured with microsoft authenticator for a group of users accessing the azure portal, but I do not know how to move this to the rdp connections as all the guides tell me that it is done with a multifactor authentication server that can no longer be downloaded or by nps, it would be nice to do it by nps but while I configure it I see that only has two methods, or password or smart card, I want to do it to ask for authentication by sms or microsoft authenticator.
Any solution for this?
Greetings and thanks in advance

Remote Desktop
Remote Desktop
A Microsoft app that connects remotely to computers and to virtual apps and desktops.
4,551 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
21,702 questions
Accepted answer
  1. AmanpreetSingh-MSFT 56,601 Reputation points
    2022-04-12T09:54:55.137+00:00

    Hi @RsysMartem • Thank you for reaching out.

    You can achieve these requirements by using Azure AD MFA Service, which is different from Azure MFA Server. Now you don't need to install the MFA Server software on any of your servers and can directly use the Azure MFA Service to trigger MFA when RDPing to your Windows machines, with the help of NPS Extension. The purpose of the NPS extension is to translate the NPS RADIUS calls to REST (HTTPS) calls that Azure AD supports and directly leverage the Azure AD MFA, without needing to have on-prem MFA server.

    Below are the prerequisites:

    • Remote Desktop Gateway
    • Azure AD MFA License
    • NPS Server with NPS Extension installed
    • Azure Active Directory synched with on-premises Active Directory

    Once the above prerequisites are checked, you can follow Integrate your Remote Desktop Gateway infrastructure using the Network Policy Server (NPS) extension and Azure AD for step-by-step instructions.

    Note: The MFA method that you choose must not require users to input any type of code/OTP for 2nd factor of authentication as the Remote Desktop Connection doesn't provide you with an option to enter a code. So, you must choose Phone Call or Authenticator App notification (not Authenticator App with Code) and the SMS method won't work in this case.

    -----------------------------------------------------------------------------------------------------------

    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

    2 people found this answer helpful.

6 additional answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Dharmalingam K 1 Reputation point
    2023-03-29T05:09:33.6766667+00:00

    can we integrate on prem servers as well by using Azure Bastion**

    0 comments
  2. Deleted

    This answer has been deleted due to a violation of our Code of Conduct. The answer was manually reported or identified through automated detection before action was taken. Please refer to our Code of Conduct for more information.

    Comments have been turned off. Learn more

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.