-1

We want to require Multi-factor Authentication for RDP login (and local login) going forward on our Windows Server systems. Currently all of our Windows Server systems are Windows Server 2016. We are using Azure Active Directory free tier (but are open to upgrading if that is required). We do not want to use third-party products in the mix.

So ideally we would join the Windows Server 2016 systems to the Azure AD. Then we would require Multi-factor authentication somehow.

We have not been able to find a simple guide on how to do this. There are some questions on StackExchange about this topic, but there either are no answers, or the questions are multiple years old and say it cannot be done.

Since it is 2020, and there is also the new Windows Server 2019 and 2016 OSes available, and since Windows 10 desktop supports MFA I wanted to ask this question:

How to achieve Azure AD + MFA + Windows Server 2016 RDP login?

esqew
  • 144
  • 7
A X
  • 382
  • 2
  • 8
  • 23

1 Answers1

2

The possible ways to do this would be as follow:

If your servers are in a local network and not hosted on Azure then deploy a Remote Desktop Gateway (RDG) farm and integrate it with Azure AD using Network Policy Server (NPS) extension, this will let Azure handle MFA requests: https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-mfa-nps-extension-rdg

If your servers are hosted on Azure, you'd be able to use the new (Preview) feature that allows you to authenticate using Azure AD user accounts, which will allow you to request MFA from users when they RDP into the servers: https://docs.microsoft.com/en-us/azure/active-directory/devices/howto-vm-sign-in-azure-ad-windows

Mind you the second way has a lot of limitations though, where:

  1. You need to have the machines for both ends of the RDP session to be joined to the same Azure AD tenant
  2. The only type of MFA you can request would be the Windows Hello For Business PRT, since RDP does not have an interactive login capability... yet.
  3. Per user MFA is not supported at the moment
Noor Khaldi
  • 3,829
  • 3
  • 18
  • 28