question

Mitch-4183 avatar image
0 Votes"
Mitch-4183 asked MarileeTurscak-MSFT commented

Only allow MFA connection to RDP server

I've set up our Remote Desktop server to allow access by using Multi Factor Authentication through the Microsoft Authenticator app by using this guide.

This works for all new connections through the rd web access site, users must authenticate with the app before it allows them remote into the server. But for people who have created their own RDP shortcuts, with the "Automatically detect RD Gateway server settings" option selected, can bypass MFA and connect with just their username and password.

Is there a way to restrict connection so that users must use MFA to connect?


remote-desktop-servicesazure-ad-multi-factor-authentication
· 2
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

I would think that even if they have that setting enabled, you could use a conditional access policy to enforce the MFA anyway. I've reached out to the product team to confirm though.

0 Votes 0 ·
MarileeTurscak-MSFT avatar image MarileeTurscak-MSFT MarileeTurscak-MSFT ·

I'm not aware that a setting in the RDP file will keep MFA from happening. I am wondering if there is already a MFA token and that is why they are not getting prompted? It is difficult to say since we don't have any diagnostic logging available to us.

0 Votes 0 ·

0 Answers