Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
700
Views
2
Helpful
1
Replies

Differentiating Between Remote Desktop Sessions and RemoteApp Sessions with Duo Winlogon

WhelymedRemblis12
Level 1
Level 1

‎10-12-2022 09:30 AM

I’m currently trying to protect administrative Remote Desktop, UAC, and console access to our organization’s servers with Duo Winlogon. Most of our servers act as Remote Desktop Session hosts, and in testing I’ve found that Duo prompts for both full Remote Desktop sessions as well as RemoteApp sessions. Now the obvious solutions is to make a bypass policy for the application and an enforce policy for the administrative group which I have done and works fine.

However I’m trying to plan ahead for when we want to protect RemoteApp and Remote Desktop logons for all users. I’m concerned that I won’t be able to differentiate between the two types of traffic in Duo for creating policies that differ between applications. Is it possible to have Winlogon only pick up on full Remote Desktop sessions and ignore RemoteApp sessions?

1 Reply 1

DuoKristina
Cisco Employee
Cisco Employee

‎10-21-2022 05:47 AM

I don’t believe this is possible today. The Duo credential provider recognizes RDP and Local (as in, “not RDP”) logon types, and wouldn’t distinguish between RDP for full desktop or RDP for just an app.

You can submit this as a feature request by contacting your account exec or customer success manager (if you have one), or by contacting Duo Support.

Duo, not DUO.
Quick Links
     
                  Duo Release Notes   Duo Discussion Forums      
 
 
Customers Also Viewed These Support Documents