Forum Discussion
RDP Web Access MFA
This has got to be a stupid question but here goes. We use Remote Desktop Services to deliver remote desktops and apps to external parties. We have MFA setup on the launching of the published a...
You're correct to question the claim that Multi-Factor Authentication (MFA) cannot be applied to the Remote Desktop Web Access (RD Web Access) portal. It is possible to enable MFA on RD Web Access to mitigate the risk of password-guessing attacks. Here’s an explanation and solution
The RD Web Access portal is an external-facing endpoint, making it a prime target for brute-force or credential-stuffing attacks. Without MFA, it relies solely on passwords, which can be compromised.
Solution Overview
To protect the RD Web Access portal with MFA, you can integrate it with:
- Azure AD MFA
- Third-party MFA solutions (e.g., Duo, Okta)
- Conditional Access policies via Azure AD (if you use Hybrid Azure AD or Azure AD authentication).