I'm curious if there's a way to enforce Multi-Factor Authentication (MFA) for Remote Desktop Protocol (RDP) connections specifically based on a certain IP range for client-side PCs. Has anyone tackled this issue?
5 Answers
I don't think there's a built-in method for this, but we've successfully implemented Duo for our server logins. Simply create a Duo tenant, set it up for RDP/Windows logins, and install the client on the devices you wish to secure.
To get started, the Azure MFA extension can help you set this up. Just check out some guides online to walk you through the process! They can be a bit tricky, but they should get you most of the way there.
It really depends on which MFA solution you use. Duo allows you to specify authorized networks in the RDP application settings, which might help with what you're trying to achieve.
I've been using Duo for this purpose for about five years now, and it works well for RDP security.
While Duo is great, don't forget that Entra GSA can also protect RDP connections without needing an agent on the server, if that's something you're interested in.
Related Questions
Can't Load PhpMyadmin On After Server Update
Redirect www to non-www in Apache Conf
How To Check If Your SSL Cert Is SHA 1
Windows TrackPad Gestures