Multifactor Authentication and secure RDP access to servers

%3CLINGO-SUB%20id%3D%22lingo-sub-310312%22%20slang%3D%22en-US%22%3EMultifactor%20Authentication%20and%20secure%20RDP%20access%20to%20servers%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-310312%22%20slang%3D%22en-US%22%3E%3CP%3EHello%20Community!%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EA%20question%20as%20we%20are%20rolling-out%20Azure%20MFA%20at%20one%20organization%20in%20order%20to%20enhance%20security%2C%20due%20to%20compliance%20a%20second%20factor%20authentication%20is%20required%20for%20administrators%20connecting%20via%20RDP%20to%20some%20specific%20servers.%3C%2FP%3E%3CP%3EI%20know%20that%20is%20possible%20to%20integrate%20Azure%20MFA%20with%20a%20%3CA%20title%3D%22Integrate%20your%20Remote%20Desktop%20Gateway%20infrastructure%20using%20the%20Network%20Policy%20Server%20(NPS)%20extension%20and%20Azure%20AD%22%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Fauthentication%2Fhowto-mfa-nps-extension-rdg%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3ERemote%20Desktop%20Gateway%20Infrastructur%3C%2FA%3Ee%20but%20I%20was%20wondering%20if%20it%20is%20possible%20to%20integrate%20Azure%20MFA%20to%20request%20a%20second%20authentication%20factor%20while%20connecting%20directly%20to%20servers%20for%20administration%20purposes%20using%20RDP%20without%20a%20third%20party%20solution%20or%20if%20there%20are%20plans%20to%20bring%20this%20feature%20in%20the%20future.%3C%2FP%3E%3CP%3EAny%20comment%20or%20similar%20experience%20is%20welcome!%3C%2FP%3E%3CP%3EThanks%20in%20advance%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ECristian%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-310312%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3ECompliance%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EIdentity%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3ESecurity%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-310459%22%20slang%3D%22en-US%22%3ERe%3A%20Multifactor%20Authentication%20and%20secure%20RDP%20access%20to%20servers%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-310459%22%20slang%3D%22en-US%22%3E%3CP%3EThanks%20Vasil%3C%2FP%3E%3CP%3EDefinitely%20sounds%20like%20a%20comprehensive%20solution%20in%20this%20case%2C%20I'll%20just%20have%20to%20double%20check%20the%26nbsp%3Bupgrade%20plan%20to%20W10%20as%20a%20big%20amount%20of%20workstations%20are%20still%20running%20Windows%207.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EBest%20regards.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ECristian%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-310356%22%20slang%3D%22en-US%22%3ERe%3A%20Multifactor%20Authentication%20and%20secure%20RDP%20access%20to%20servers%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-310356%22%20slang%3D%22en-US%22%3E%3CP%3EHave%20you%20looked%20at%20Windows%20Hello%3A%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fwindows%2Fsecurity%2Fidentity-protection%2Fhello-for-business%2Fhello-features%23remote-desktop-with-biometrics%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fwindows%2Fsecurity%2Fidentity-protection%2Fhello-for-business%2Fhello-features%23remote-desktop-with-biometrics%3C%2FA%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E
Occasional Contributor

Hello Community!

 

A question as we are rolling-out Azure MFA at one organization in order to enhance security, due to compliance a second factor authentication is required for administrators connecting via RDP to some specific servers.

I know that is possible to integrate Azure MFA with a Remote Desktop Gateway Infrastructure but I was wondering if it is possible to integrate Azure MFA to request a second authentication factor while connecting directly to servers for administration purposes using RDP without a third party solution or if there are plans to bring this feature in the future.

Any comment or similar experience is welcome!

Thanks in advance

 

Cristian

2 Replies

Thanks Vasil

Definitely sounds like a comprehensive solution in this case, I'll just have to double check the upgrade plan to W10 as a big amount of workstations are still running Windows 7.

 

Best regards.

 

Cristian