I’m currently using the Duo Free edition, I believe we’ll need to move onto the Duo MFA edition as we have over 10 remote users to onboard eventually.
We’re looking to implement Duo for our remote users who currently connect via RD Gateway to an RDServer.
The RDGateway uses a CAP to decide who can/can’t connect through it.
I understand Duo replaces the CAP and RAP.
Whilst testing I want to only implement 2FA for those who are enrolled, letting the other remote users sign on as usual.
In replacing the CAP and RAP, that will remove the restriction for non-remote users connecting through the gateway won’t it?
How can I block non-authorised users from connecting remotely, whilst allowing non-enrolled users to connect and test 2FA for a handful of users?
In replacing the CAP and RAP, that will remove the restriction for non-remote users connecting through the gateway won’t it?
Yes you will no longer be able to restrict who can access using CAP RAP, however you can still restrict who can log on to the terminal server on the terminal server itself.
How can I block non-authorised users from connecting remotely, whilst allowing non-enrolled users to connect and test 2FA for a handful of users?
Given CAP and RAP will not be an option, and given you wish to allow unenrolled users to be able to authenticate, then your only option would be to use log on restrictions on the session host itself rather than on the RDG.
It is possible to use RDGateway to protect your systems.
However it is recommended to use the RDP client instead if this is an option.