Prevent users from using mstsc from Outside

Hello Forum,

i have a new customer with microsoft RDS Farm, i have the RDS Gateway and RDWEB Access Role on the same server.
Now the users can bypass the DUO Login with using the .rdp file and the mstsc from outside.
The solution would be to install the duo rd Gateway component too… but this dont work there.

The “authorized network” policy dont work and every user from inside is prompted on login .
I had to set all users on bypass to get the system working .

Now …the question.
Do you know a way to deny using the mstsc.exe from outside and restrict the users to only use the Remote Apps the RDWEB Website login ?

Hi @eblok2001,
It looks like this may be your first time posting here, so I wanted to say welcome to the Community! Thanks for sharing your question here. You’ve provided a good amount of info here that we should be able to point you in the right direction. Just wanted to let you know that I saw your post and will be looking into this to try to assist. In the meantime, hopefully someone else can weigh in with some pointers or guidance!

Hi again! Following up here, may I ask why installing Duo Authentication for RD Gateway won’t work in your situation?
Also, I would want to look into why the Authorized Networks policy isn’t working, because it should work as Authorized Networks is supported for Duo for Remote Desktop Web.
I think your best bet here is to reach out to our official Duo Support team so they can troubleshoot with you further.