Configuration in an Active Directory environment

To configure Remote Desktop 2FA for ADUC users, you must enable 2FA for the desired user(s). They must also be allowed Remote Desktop users.

In order to use Remote Desktop protection, RD Session Host must be configured to use SSL (TLS 1.0) or Negotiate.

To modify the settings on Windows Server 2008 or earlier, follow these steps:

1.Go to the Start menu > Administrative Tools > Remote Desktop Services > Remote Desktop Session Host Configuration

2.In the Connections section, open RDP-Tcp

3.Click the General tab

4.In the Security section, the Security Layer setting must be set to SSL (TLS 1.0) or Negotiate

 

To modify the settings on Windows Server 2012, follow these steps:

1.Open Server Manager

2.Click Remote Desktop Services from the left pane

3.Open the Collections properties

4.In the Security section, the Security Layer setting must be set to SSL (TLS 1.0) or Negotiate

 

rdp_security_layer