You're correct in your observation that Duo's protection for RD Gateway limits the factor selection for your users.
A popular alternative that provides more authentication options is to install Duo Authentication for Windows Logon on the target computers. In this scenario RDG authentication uses a single factor (password), and then the interactive Duo MFA prompt is seen when logging on to the remote computer, so users could enter a passcode.
Another option might be to publish RDG using TMG, and then add Duo RADIUS authentication to TMG (https://duo.com/docs/tmg) instead of at the RD Gateway. Duo's RADIUS authentication lets users append a passcode to the password (password,123456) when logging in.
I hope one of these solutions helps you. Thanks for trying Duo!