- #MICROSOFT REMOTE DESKTOP CONNECTION CLIENT FOR MAC GATEWAY INSTALL#
- #MICROSOFT REMOTE DESKTOP CONNECTION CLIENT FOR MAC GATEWAY WINDOWS#
The current version of the Duo for RD Gateway installer performs connectivity checks with Duo that use TLS v1.0.Ĭustomers in Australia must perform a silent installation to install this product. TLS Requirements for Australia Regionĭue to government restrictions, Duo’s services in Australia no longer support TLS versions prior to 1.2. If your organization requires IP-based rules, please review this Duo KB article. Firewall configurations that restrict outbound access to Duo's service with rules using destination IP addresses or IP address ranges aren't recommended, since these may change over time to maintain our service's high availability. This application communicates with Duo's service on TCP port 443. The PowerShell commands for this are: Import-Module ServerManagerĪdd-WindowsFeature NET-Framework-45-ASPNET You can do this, for example, by running the following PowerShell commands: Import-Module ServerManagerĪlso make sure you have installed ASP.NET 4.5 support for IIS. NET Framework 4.5 on your RD Gateway server.
#MICROSOFT REMOTE DESKTOP CONNECTION CLIENT FOR MAC GATEWAY WINDOWS#
These instructions are for installing Duo Authentication for RD Web on Windows Server 2012 and later. Make sure to complete these requirements before installing Duo Authentication for RD Gateway.Ĭheck your server version.
Read the enrollment documentation to learn more about enrolling your users in Duo. Duo users must have one of these methods available to complete 2FA authentication. When you create your new RD Gateway application in Duo the username normalization setting defaults to "Simple", which means that the if the application sends the usernames "jsmith," "DOMAIN\jsmith," and to Duo at login these would all resolve to a single "jsmith" Duo user.ĭuo for RD Gateway supports Duo Push and phone callback authentication methods. The Duo username (or username alias) should match the Windows username. Unenrolled users, that is, users that do not yet exist in Duo with an attached 2FA device, must be created manually by an administrator, imported by an administrator or self-enrolled through another application which supports Duo’s self-service enrollment (see Test Your Setup). Block direct RDP access to these hosts to mitigate the potential for bypass.ĭuo Authentication for RD Gateway doesn't support inline self-service enrollment for new Duo users. If clients can establish a direct connection to your RD Connection Broker and/or Session Host(s), then they may be able to bypass two-factor authentication. If you want to enforce two-factor authentication for all your clients, you should ensure that they must connect through RD Web Access with Duo and/or RD Gateway with Duo. Unlike Duo for RD Gateway, this alternative configuration featuring Duo for Windows Logon also supports passcode authentication.īefore you begin deploying Duo in your RDS environment, please read our Duo 2FA for Microsoft Remote Desktop Services overview to understand the capabilities and limitations of the different deployment options. If operational requirements mandate continued use of RD CAPs/RAPs, you may want to consider installing Duo for Windows Logon at your RDS Session Hosts instead.
The CAPs and RAPs become inaccessible from the Remote Desktop Gateway Manager and previously configured policy settings are ignored by Remote Desktop Gateway. Installing Duo's RD Gateway plugin disables Remote Desktop Connection Authorization Policies (RD CAP) and Resource Authorization Policies (RD RAP). This configuration does not support inline self-enrollment, nor the use of ther Duo authentication methods like SMS passcodes, hardware token passcodes, YubiKey passcodes, passcodes generated by Duo Mobile, U2F and WebAuthn security keys, and bypass codes. Users automatically receive a 2FA prompt in the form of a push request in Duo Mobile or a phone call when logging in. Overviewĭuo Authentication for Remote Desktop Gateway adds two-factor authentication to your RemoteApp Access logons, and blocks any connections to your Remote Desktop Gateway server(s) from users who have not completed two-factor authentication when all connection requests are proxied through a Remote Desktop Gateway. Duo integrates with Remote Desktop Web Access (previously Terminal Services) and Remote Desktop Gateway to add two-factor authentication to RD Web and RemoteApp logons.