Downloaded RDP files may be saved for reuse, and will not require two-factor authentication from RD Web at launch.Īfter your remote users pass primary login to the RD Web portal, they receive the Duo enrollment or authentication page.
RD Gateway connections do not require two-factor authentications. In this scenario Duo protects logons via browser to the RD Web portal. Refer to the Duo Authentication for Remote Desktop Web and Remote Desktop Gateway 2012 and later instructions. Install Duo Authentication for RD Web onto your RD Web servers then install Duo Authentication for RD Gateway onto your RD Gateway servers. Users connecting to RemoteApp or RDP via RD Gateway from a local client receive an automatic push or phone call from Duo after primary authentication. When logging on to the RD Web portal users are presented with the Duo enrollment or authentication page after primary authentication. The RD Web and RD Gateway roles may be deployed on separate servers or on the same server. Downloaded RDP files may be saved for reuse. Connecting to a computer directly from RD Web using the "Connect to a remote PC" feature with RD Gateway authentication is permitted. Users authenticate to Duo when logging on to the RD Web portal and then again when launching a RemoteApp connection through RD Gateway. In this scenario Duo two-factor authentication protects logons via browser to the RD Web portal as well as logons via local RDP client and RemoteApp and Desktop Connections from the local system to an RD Gateway server. Block direct RDP access to these hosts to mitigate the potential for bypass. If clients can establish a direct connection to your RD Connection Broker and/or Session Host(s), then they may be able to bypass two-factor authentication. If you want to enforce two-factor authentication for all your clients, you should ensure that they must connect through RD Web Access with Duo and/or RD Gateway with Duo.
0 kommentar(er)
