Allowing RDP users to only authenticate once every


As RDP doesn’t have inline auth, and they are not able to ok a device for a period of time, would it be possible to set a timeframe for users to have to re authenticate when connecting form a certain device in the admin console?


Hi Moses,

As far as I’ve read, tested, or validated it is not yet possible to make a conditional access rule like this yet. However, they have a feature in beta called Duo Trust Monitor which will provide some UEBA functionality that could make this possible in the future. It’s intended as more of a security monitor and alert tool, but in talking with them it could enable other features like what you’re hoping for by Duo being able to tell that over time User A routinely logins in to System B using RDP from Trusted IP C so it would not prompt for MFA, but if he tries for another IP it would.