Forum Discussion

Peanut2020's avatar
Peanut2020
Copper Contributor
Jun 18, 2025

Microsoft MFA, FSLogix and RDS Collection?

We have a Windows 2019 RDS collection that includes 7 RDSH servers. We implement conditional access policies to require MFA for all users and set the 'sign-in frequency' to 90 days. Initially, we whitelisted our office WAN IP by adding it as a trusted/named location. This allowed users to bypass MFA when working from the RDS. However, we then discovered that some users, who only work from the office, had never set up MFA (due to the trusted location/exception). As this is a security concern, we decided to remove the office IP from the trusted locations to ensure that all users registered for MFA. Now, users are prompted for MFA each time they log into the RDS, repeatedly. Even though we set the sign-in frequency to 90 days, I suspect this is because they often connect to a different RDS server each morning, which MFA interprets as a new device. Is there a way to store the MFA session token or cookie in the users' FSLogix profile?

1 Reply

  • Sederley's avatar
    Sederley
    Iron Contributor

    After configuration, test MFA prompts over multiple sessions and servers. Adjust sign-in policies accordingly.

Resources