I read this in the documentation " Installing Duo’s RD Gateway plugin disables Remote Desktop Connection Authorization Policies (RD CAP) and Resource Authorization Policies (RD RAP). The CAPs and RAPs become inaccessible from the Remote Desktop Gateway Manager and previously configured policy settings are ignored by Remote Desktop Gateway. If operational requirements mandate continued use of RD CAPs/RAPs, you may want to consider installing Duo for Windows Logon at your RDS Session Hosts instead.
But I could not find anything on what the RD Gateway will use instead of RAP/CAP? I followed the instructions to install the RD Gateway software and now all users that we test with get an error stating they do not have access. I am sure I missed something simple but I am unable to tell what.