Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1861
Views
0
Helpful
4
Replies

Using Microsoft RDP Agent on Win10 Multi-User

RZomerman
Level 1
Level 1

‎09-24-2020 01:35 AM

Hello everyone,

I managed to get a combination of Azure Windows Virtual Desktop and Duo for Microsoft RDP working… (requiring WVD users to Duo Authenticate upon login to the desktop itself), but I was wondering of Duo actually supported the Win10 multi-user OS?

Labels:
0 Helpful
4 Replies 4

DuoKristina
Cisco Employee
Cisco Employee

‎09-30-2020 06:27 AM

This should be fine, as Duo Authentication for Windows logon has supported the multi-session RDP environment on Win server platforms for years. Thanks for taking the time to try it yourself and document your findings!

Duo, not DUO.
0 Helpful

Lancord
Level 1
Level 1
In response to DuoKristina

‎09-13-2022 10:07 AM

Hello, I was wondering if Duo had a step by step (quick reference) guide to properly deploy Duo MFA for the Microsoft Azure Virtual Desktop. I am familiar with Duo for the previous Microsoft Remote Desktop Services (RD) product where you could directly access RD Web or RD Gateway servers to install the Duo Microsoft RDP application. However, with the new Azure Virtual Desktop, you no longer have access to these servers as they are run as PaaS. I only have access to the Session Hosts. I have already configured the Microsoft Azure AD for Conditional Access (per Duo instructions to deploy the Duo Microsoft Azure Active Direcotry ) and in the Conditional Access, I have only 1 Microsoft app, the Azure Virtual Desktop. With this, I am only getting the Duo MFA challenge when I set the Remote Desktop client that requires a feed for subscription. After this point, when I try to access the AVD, I supply the login credentials but no Duo MFA is presented. I have been advised to go back to Duo and add another Duo app the Microsoft RDP and Windows Logon app. I have 2 questions, is this the right move? And since I can only access Session Hosts, do I install the Duo executables on this VM or another VM (like a file server)? Please advise. Thanks.

0 Helpful

DuoKristina
Cisco Employee
Cisco Employee
In response to Lancord

‎09-13-2022 10:27 AM

It is correct that the Duo custom control for Azure conditional access would only add 2FA to the Azure web sign-in, and not also extend Duo 2FA to the AVD itself. If subscribing to the feed is the only time it goes through the Azure web sign in and CA policies, it makes sense that would be the only time the Duo CA custom control comes into play.

If the AVS session host performs in an analogous role to the session host in an on-premises RDS deployment, then yes, it would make sense to install the Duo for Windows Logon 2FA credential provider at the session host, and it should apply desktop 2FA to apps published through it (which it sounds like would include the AVD).

I don’t have any personal experience with this myself though, and to my knowledge this scenario hasn’t been tested by R&D yet. Please do reach out to your Duo account exec or customer success manager if you have one to log your feature request for official AVD support. If you don’t have an account contact you can also submit feature requests by contacting Duo Support.

Duo, not DUO.
0 Helpful

Lancord
Level 1
Level 1

‎09-13-2022 04:17 PM

Thanks Kristina. I do have an MSP account manager and will be working with his SE to deploy the remaining parts. FYI, I would be interested to beta test any new Duo app related to Microsoft Azure Virtual Desktop (AVD). I am primarily involved with Azure, AVD, Windows 365 and other Azure related solutions.

0 Helpful
Quick Links
     
                  Duo Release Notes   Duo Discussion Forums      
 
 
Customers Also Viewed These Support Documents