Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1841
Views
2
Helpful
7
Replies

Showing the DUO prompt on RemoteApps

Go to solution
CoNETERm
Level 1
Level 1

‎09-01-2021 01:46 PM

I am looking to implement DUO to secure Remote Desktop connections as well as RemoteApps. When connecting to RemoteApps the DUO prompt is hidden, and the only way to reveal it is by clicking the “Show Details” button on the RemoteApp connection window. My concern is that because this window is not shown by default for RemoteApps, users will not know that they need to authenticate with DUO, and will not understand why they can’t get connected.

Is there a way I can have this login screen shown by default for RemoteApps so that users always see the DUO prompt?

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
DuoKristina
Cisco Employee
Cisco Employee
In response to CoNETERm

‎09-07-2021 06:08 AM

@robnicholson you have a different experience because I suspect you installed Duo for RD Gateway on your RDG server, which has no end-user UI for MFA. The experience @CoNETERm describes is what happens when you install Duo for Windows Logon on the remote session hosts or RDP servers and then try to access the app/desktop via RemoteFeed.

@CoNETERm to answer your original question, no, there is no way to expand that window automatically. Using autopush (the installation default for the Duo WinLogon application) and ensuring your users have Duo Mobile activated on an iOS/Android device is the best recommendation, so that way your users will receive a 2FA push request without needing to expand the session details window to interact with the remote Duo prompt.

Duo, not DUO.

View solution in original post

7 Replies 7

Go to solution
robnicholson
Level 1
Level 1

‎09-01-2021 02:13 PM

I suspect the answer is no because Duo has no control over the remote desktop connection window. There is no interface exposed for the user to interact with - that’s why it has to use Duo Push and the app. I’m not sure what you mean by “Show Details” as this is what we see when we launch the RDP file:

2X_6_69653ef082ee403aad74b28e37f44a66b4a800dd.png

If the user doesn’t twig and accept the Duo Push, they get this prompt:

2X_1_192d6053ba9acecad0cd7e3c29cf2df3e9d98ed3.png

They soon learn to check the Duo app when logging on. I personally have my mobile connected to the Phone app on Windows 10 so that the notification appears like this as a reminder:

2X_5_50ac790c040241b571af2ddafde3d18a77b09099.jpeg

Microsoft would have to make some significant changes to the protocol to allow an interface. I’m sure Duo has tried to discuss it with Microsoft…

0 Helpful

Go to solution
CoNETERm
Level 1
Level 1

‎09-02-2021 04:45 AM

Thanks for the reply.

When launching a RemoteApp, or more specifically connecting to the session host for the first time after being disconnected, we get this window on the client:

2X_7_76cd0eb989e45196feff7591021987f6e55bbe9e.png

You can see in the bottom left that there is a “Show details” button which when clicked shows the full login screen along with the Duo prompt:

2X_e_e7b3800603a9c52853abdfca2323167ce7af6de0.png

I’m trying to find if there is a way to by default show the login screen as in the second image, but without user interaction (having to click on the “Show Details” button). Or at the very least I would like to have a way to remind users that they need to authenticate with Duo, such as your example of connecting the phone to the computer to get that notification.

0 Helpful

Go to solution
robnicholson
Level 1
Level 1

‎09-02-2021 11:36 AM

Hmm, interesting - the dialog we get is different and there is no “Show Details” window. Is this simply downloading an RDP file and then double-clicking it to connect? Or some other method?

0 Helpful

Go to solution
CoNETERm
Level 1
Level 1

‎09-02-2021 01:53 PM

No, this is not simply downloading the RDP file. We have it setup so users are subscribed to the webfeed from RemoteApp and Desktop Connections. That way they can put shortcuts to the RemoteApps on their desktop, taskbar, start menu, and so on.

0 Helpful

Go to solution
DuoKristina
Cisco Employee
Cisco Employee
In response to CoNETERm

‎09-07-2021 06:08 AM

@robnicholson you have a different experience because I suspect you installed Duo for RD Gateway on your RDG server, which has no end-user UI for MFA. The experience @CoNETERm describes is what happens when you install Duo for Windows Logon on the remote session hosts or RDP servers and then try to access the app/desktop via RemoteFeed.

@CoNETERm to answer your original question, no, there is no way to expand that window automatically. Using autopush (the installation default for the Duo WinLogon application) and ensuring your users have Duo Mobile activated on an iOS/Android device is the best recommendation, so that way your users will receive a 2FA push request without needing to expand the session details window to interact with the remote Duo prompt.

Duo, not DUO.

Go to solution
robnicholson
Level 1
Level 1
In response to DuoKristina

‎09-07-2021 09:00 AM

Ahh thanks for explaining. I’m assuming that Duo for Windows Logon is protecting the standard Windows logon like you’d get on a Active Directory/private LAN kind of set-up? RemoteFeed - that’s new to me so something else to research

0 Helpful

Go to solution
DuoKristina
Cisco Employee
Cisco Employee
In response to robnicholson

‎09-07-2021 09:35 AM

@robnicholson Here is an article that describes some reasons one may choose to apply Duo at the session host/remote system instead of RDS. The Remote Feed URL from RDWeb lets users add shortcuts to RDS published apps to their Start Menu.

Duo, not DUO.
0 Helpful
Quick Links
     
                  Duo Release Notes   Duo Discussion Forums      
 
 
Customers Also Viewed These Support Documents