Questions about WVD

Iron Contributor

Can WVD be configured to only allow connections from trusted devices including ones that we don’t own and manage ourselves (such as devices from our business partners that we have no ability to manage)?  

 

Amazon workspaces have an option called “trusted devices” where you upload a copy of root CAs and you can configure it to only allow connections from devices that have a certificate installed from one of the root CAs you. uploaded.  It does not require the device to be from your own domain or for you to manage the device with an MDM and push your own certificates to it for this to work.  

 

Does WVD have anything that would accomplish the same requirement even if the methods to accomplish the goal are different?

 

Does WVD work with third party MFA such as Duo Security?

 

Can WVD be used a “jump server” to access our internal LAN resources via RDP and pass through RDP to the second device with full dual monitor functionality (remote laptop with external monitor attached>>>WVD>>>RDP to internal resource with multi-monitor support)?

 

Are IP ranges available so that we could add WVD access to split tunnel VPN and then require those accessing WVD to be coming from one of our trusted IPs such as the VPN gateway IP?

1 Reply

Hi @Kalimanne J 

 

Yes WVD can be configured to use Conditional Access. Here you can configure rules to determine whether your clients can access your WVD resources or not.  You can view more about conditional access policies here - https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/concept-conditional-acces...

 

I don't know about Duo but I do know that it definitely works on Okta. WVD authenticates via AzureAD & O365 so if Duo supports that, it will work.  It also supports native MFA. 

 

As for your jump server question, yes it can! That is how some people use it. See here for a good example - https://www.robinhobo.com/how-to-publish-the-remote-server-administration-tools-rsat-with-windows-vi...