I'm trying to figure out if Windows Hello for Business can actually be used with a Remote Desktop Gateway. Currently, our team connects to their PCs through an RD Gateway server using Duo MFA. I'm looking into new login processes to enhance our security while making it easier for users to log in, whether they're on-site or remote. I've noticed that Windows Hello for Business is listed as a login method in the RD Gateway settings on the RDP client, but I can't find much information or real experiences from people who've set it up successfully. Has anyone tried this?
1 Answer
From what I understand, Windows Hello is typically designed for local authentication only. It uses FIDO credentials that require user verification directly on the device where they were registered, a concept known as 'proof of presence.' This makes it resistant to phishing attempts. Unfortunately, that means it won't work through something like an RD Gateway because it relies on local authentication, not a remote proxy.
That's interesting! But if it’s not feasible, then why is it even listed as a login method in the RD Gateway settings? Any ideas?