question

RenatoPereira avatar image
0 Votes"
RenatoPereira asked prmanhas-MSFT answered

Azure - VPS Windows - Logon with M.F.A - Native or with another apps?

Hi,

Is there a way to protect RDP connection to a VPS Windows Server running on Azure environment with M.F.A at the login or should we use another app like Cisco Duo Security?

windows-serverazure-virtual-machines
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

prmanhas-MSFT avatar image
0 Votes"
prmanhas-MSFT answered

@RenatoPereira Apologies for the delay in response and all the inconvenience caused because of the issue.

We do have one option in place which is applicable for Windows Server 2019 Datacenter edition or Windows 10 1809 and later using Azure AD Authentication enabled on your Azure VM.

You will be able to centrally control and enforce Azure RBAC and Conditional Access policies that allow or deny access to the VMs.

You can read more about it here.

If the mentioned server comes under these categories you can try to apply conditional access policy on these and MFA should mostly work. Also this would be recommended setting from Microsoft.

Once you enable this capability, your Windows VMs in Azure will be Azure AD joined. You cannot join it to other domain like on-premises AD or Azure AD DS. If you need to do so, you will need to disconnect the VM from your Azure AD tenant by uninstalling the extension.

You can enable Duo configuration as well but their documentation has recommended Conditional Access as well.

Hope it helps!!!

Please "Accept as Answer" if it helped so it can help others in community looking for help on similar topics.



5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.