Duo with Microsoft Remote Desktop works well with Duo push. One of my clients got ransomware in via brute force/poor password policy on RDS.
However, if you have a slightly flaky link, the RDS connection can sometimes drop and having to re-authenticate is a bit of a pain.
Is there anyway to cache the authentication for (say) an hour? Maybe if it’s from the same user on the same IP?