A major issue we now have with RD Gateway and DUO is the limitation of authentication options with RD Gateway. We have to provide the push, pass code, and phone options to our users due to limited cell coverage areas. We cannot protect the RD Gateway from non-Duo access since all anyone needs to do is configure an RDP session with the gateway settings and go directly to the RDP session w/o MFA. We direct our users to RD Web for access, but the single factor option is not hard to figure out. How can we protect the RD Gateway from allowing access directly or can Duo develop a way to provide the pass code access option to RD Gateway?