locked
RemoteApp Two Factor Authentication RRS feed

  • Question

  • Hello,

    I have a RD Gateway server setup running RemoteApp to serve an application. However, it has been requested that 2FA using soft tokens be setup to secure the system. This would need to be done on the Remote Desktop connection itself rather than through RDWeb as users could just reuse the same file. From looking at it there doesn't seem to be a solid solution built into the current version of RD Gateway; PAA seems like a possibility, and from the sounds of it something can be done by putting it behind ADFS and a WAP, but I haven't been able to get it working.

    With that said, is there any way to secure a RemoteApp using a certificate presented by the client?

    Thanks!

    Friday, April 22, 2016 10:31 PM

Answers

  • Hi,

    As far as I know, there is no built-in method to enable two-factor authentication for only RemoteApp connections.

    What we can do is to enable multi-factor authentication on RD Gateway server for all Remote Desktop connections (both RemoteApp and full desktop connections) for users who cannot bypass RD Gateway; or we can also enable multi-factor authentication on RD Connection Broker since users need to connect to RD CB first, then redirected to RD Session Hosts.

    Best Regards,

    Amy


    Please remember to mark the replies as answers if they help and un-mark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    • Proposed as answer by Amy Wang_ Tuesday, April 26, 2016 3:19 AM
    • Marked as answer by Amy Wang_ Thursday, May 5, 2016 7:25 AM
    Monday, April 25, 2016 7:14 AM

All replies

  • Hi,

    As far as I know, there is no built-in method to enable two-factor authentication for only RemoteApp connections.

    What we can do is to enable multi-factor authentication on RD Gateway server for all Remote Desktop connections (both RemoteApp and full desktop connections) for users who cannot bypass RD Gateway; or we can also enable multi-factor authentication on RD Connection Broker since users need to connect to RD CB first, then redirected to RD Session Hosts.

    Best Regards,

    Amy


    Please remember to mark the replies as answers if they help and un-mark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    • Proposed as answer by Amy Wang_ Tuesday, April 26, 2016 3:19 AM
    • Marked as answer by Amy Wang_ Thursday, May 5, 2016 7:25 AM
    Monday, April 25, 2016 7:14 AM
  • Hey Amy,

    I appreciate your response! From looking into it the way to do MFA with RD Gateway is using Azure MFA, which uses text messages rather than certificates; or a third party product such as this one: https://duo.com/docs/rdgateway. which also doesn't look to do certificates. As far as you know, is there any way to do MFA using certificates with an RD Gateway or RD Connection Broker?

    Thanks!

    Monday, April 25, 2016 9:38 PM
  • As far as you know, is there any way to do MFA using certificates with an RD Gateway or RD Connection Broker?

    Hi,

    You may configure smart card authentication.

    More information for you:

    Set the Remote Desktop Gateway Server Authentication Method

    https://technet.microsoft.com/en-us/library/cc770545.aspx

    Best Regards,

    Amy


    Please remember to mark the replies as answers if they help and un-mark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    • Proposed as answer by Amy Wang_ Sunday, May 1, 2016 9:54 AM
    Tuesday, April 26, 2016 3:25 AM
  • Hi,

    Is further assistance required?

    Best Regards,

    Amy


    Please remember to mark the replies as answers if they help and un-mark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Sunday, May 1, 2016 9:54 AM