lianne143
asked on
Setting up two factor authentication for Remote desktop services.
Hi
We are having Windows 2012 Remote Desktop services server in our network. Our staff use this service for connecting remotely to our organisation network and access home drives and shared drives.
Will it be possible to implement a 2 factor authentication to make it more secure?
Please post me the step by step tutorials to achieve this functionality.
Or
Are there any 3rd party software to achieve this 2 factor authentication?
Any help much appreciated.
Thanks in advance.
We are having Windows 2012 Remote Desktop services server in our network. Our staff use this service for connecting remotely to our organisation network and access home drives and shared drives.
Will it be possible to implement a 2 factor authentication to make it more secure?
Please post me the step by step tutorials to achieve this functionality.
Or
Are there any 3rd party software to achieve this 2 factor authentication?
Any help much appreciated.
Thanks in advance.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Duo is very quick and easy to setup, so I have heard.
I use Microsoft Azure MFA. The entire buying process of Azure is complicated. For that reason I do not really recommend it. On the plus side, we pay per authentication, not per user. We can provision all of our users, and not worry about paying for users not using it.
I use Microsoft Azure MFA. The entire buying process of Azure is complicated. For that reason I do not really recommend it. On the plus side, we pay per authentication, not per user. We can provision all of our users, and not worry about paying for users not using it.
As mentioned, both DUO and Microsoft's Multi-Factor Authentication can be integrated into an RD Gateway and each endpoint on the internal network to provide that extra layer of protection.
Both offer excellent documentation on what's needed and how to deploy.
Both offer excellent documentation on what's needed and how to deploy.
SMS Passcode is an option for 2FA on prem. The RDP Agent is working well.
https://www.entrustdatacard.com/products/categories/sms-passcode
https://www.entrustdatacard.com/products/categories/sms-passcode
https://www.eset.com/us/business/endpoint-security/two-factor-authentication/
If you want to save money, doing it yourself, having a VPN is already a second layer of security. If you teach your users to NOT save username/passwords, makes it even more secure. Technically, deploying a solution like ESET (in the link above), is a THIRD layers of security.