MFA on RDP Gateway best option

Zoldy2000
Zoldy2000 used Ask the Experts™
on
MFA on RDP Gateway.     Currently we have office 365 plans that include Azure MFA for office 365.    We are synced with active directory and this works well for Office 365.     However we have identified that our RDP gateway server presents some risks as it is not using MFA.      In researching how to use MFA on RDP gateway its seems only paid options exists.    while I am not against paying for a solution everything I have found thus far is extremely expensive considering we only need it for RDP gateway MFA.       We have a paid solution for office 365 already included in our plans.    Azure plans that allow RDP MFA are around 6 dollars per user per month as are other third parties.    As an all around solution I suppose that is reasonable but just for RDP gateway it is alot.

My question is what are others doing?   Are there other options available to me I am not aware of?    What do you recommend?

Thanks in advance
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Philip ElderTechnical Architect - HA/Compute/Storage

Commented:
You can integrate the O365/Azure MFA into your RD Gateway. This improves the user's Single Sign-On experience significantly.

It works quite well.

Author

Commented:
Okay the information I found was that the license required for this is NOT included with office 365 plans.     Are you saying it is?   just to clarify?
Philip ElderTechnical Architect - HA/Compute/Storage

Commented:
I'm pointing specifically to MFA being integrated into RD Gateway. No idea on the licensing side.

Author

Commented:
Thank you but I am already aware of this as mentioned in the post.    But what I found was this is not included in our plans and cost an additional 6 dollars per user per month.     So I am looking for alternatives to Azure.    Unless wrong about not included in the Azure for office 365 plans
Philip ElderTechnical Architect - HA/Compute/Storage

Commented:
The only other product we'd trust to get the job done would be DUO. Cost is in the same neighbourhood.

Author

Commented:
is it possible since everything we use in the company authenticates to Active Directory to just implement an on premise Multifactor solution on our Active Directory and then all logons of any kind from any app with use Multifactor.

The more I think this through this makes the most sense for total user account security.
Philip ElderTechnical Architect - HA/Compute/Storage

Commented:
O365 MFA would be the direction we'd go in since it's already there. It's seamless.

Author

Commented:
I looked into O365 MFA... its only for office 365 logon.    Unless you upgrade your package.     And the documentation is confusing about how to apply a cloud based solution like O365 MFA to local domain logons.
Technical Architect - HA/Compute/Storage
Commented:
We work with a client that has their Azure AD MFA fully integrated with their on-premises AD, Remote Desktop Services access for both servers and endpoints, and more.

The alternative is DUO as mentioned. There is a cost associated with it that would probably put it close to the Microsoft offering.

Our preference is to keep things as homogeneous as is possible thus the recommendation to stick with Azure/O365.

Author

Commented:
Okay I am on the right track I am looking at DUO and Azure AD MFA.      The only reason I might lean towards DUO is access to support is much easier.

Thanks
Philip ElderTechnical Architect - HA/Compute/Storage

Commented:
Got it.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial