How to enable multi-factor authentication for RDP
Generally, remote employees use Microsoft Remote Desktop Protocol (RDP) to connect to their work devices from an external network, using only a password to authenticate their devices. This makes RDP-based access highly vulnerable to password-based attacks like brute-force attacks.
Implementing multi-factor authentication (MFA) helps thwart unauthorized remote access attempts to employee devices. ADSelfService Plus' MFA feature can secure local and remote access to Windows, macOS, and Linux machines and help secure logins via RDP.
How to enable MFA for RDP using ADSelfService Plus
- Your ADSelfService Plus license must include the Endpoint MFA add-on. Visit the store to purchase the add-on.
- SSL must be enabled in ADSelfService Plus.
- The Windows logon agent that comes bundled with ADSelfService Plus must be installed on the machines that are going to be secured via RDP MFA.
- Access URL must be set to HTTPS: Navigate to Admin > Product Settings > Connection > Connection Settings > Configure Access URL and set the Protocol option to HTTPS.
- Log in to the ADSelfService Plus admin portal.
- Navigate to Configuration > Multi-factor Authentication > Authenticators Setup.
- Click the Choose the Policy drop-down, and select the policy for which you wish to enable MFA. This policy will determine which users will have MFA for RDP logins enabled.
Note: ADSelfService Plus allows you to create OU- and group-based policies. To create a policy, go to Configuration > Self-Service > Policy Configuration > Add New Policy. Click Select OUs/Groups, and make the selection based on your requirements. You need to select at least one self-service feature. Finally, click Save Policy.
- Configure any of the authenticators present according to organizational preference. ADSelfService Plus supports 19 authentication methods.
- Navigate to Configuration > Multi-factor Authentication > MFA for Endpoints.
- In the MFA for Machine Login section, check the box next to Enable _ factor authentication for machine login, and choose the number of authentication factors you'd like to implement.
- Choose the authentication methods you would like to implement.
- Click Save Settings.
Benefits of using MFA for RDP logins using ADSelfService Plus
- Customized configuration: Enforce MFA for RDP and use different sets of authentication techniques for different users based on domain, OU, and group memberships.
- Ensure user adoption: Automate user enrollment for MFA for RDP by importing domain information of users through CSV files or force enrollment using login scripts.
- Get detailed reports: Gain comprehensive insights on user activities such as identity verification failures and login attempts, and find users with weak passwords.
- Simplify authentication: Use authentication techniques like fingerprint authentication, push notification authentication, YubiKey, and QR-code-based authentication to help users complete the RDP MFA process with minimal effort.
Enable MFA for privileged user accounts using ADSelfService Plus
Download a free trial now!
Need further assistance? Fill this form, and we'll contact you rightaway.
Free Active Directory users from attending lengthy help desk calls by allowing them to self-service their password resets/ account unlock tasks. Hassle-free password change for Active Directory users with ADSelfService Plus ‘Change Password’ console.
Get seamless one-click access to 100+ cloud applications. With enterprise single sign-on, users can access all their cloud applications with their Active Directory credentials. Thanks to ADSelfService Plus!
Intimate Active Directory users of their impending password/account expiry by mailing them these password/account expiry notifications.
Synchronize Windows Active Directory user password/account changes across multiple systems, automatically, including Office 365, G Suite, IBM iSeries and more.
Ensure strong user passwords that resist various hacking threats with ADSelfService Plus by enforcing Active Directory users to adhere to compliant passwords via displaying password complexity requirements.
Portal that lets Active Directory users update their latest information and a quick search facility to scout for information about peers by using search keys, like contact number, of the personality being searched.