Remote Desktop Protection

The ESA Remote Desktop Protection module adds 2FA into the authentication process of Remote Desktop users. The module will be loaded the next time a 2FA-enabled user attempts to use Remote Desktop to log in to a remote computer on which the Remote Desktop plugin of ESA has been installed.

Users will log in using the normal authentication process of Remote Desktop. After being authenticated by Remote Desktop, the user will be prompted for an OTP. The user will only be allowed access to his or her computer if a valid OTP is entered.

The user's 2FA session will remain active until they log out or disconnect from the Remote Desktop session.



ESA cannot protect RDP clients that do not provide username and password, meaning, if there is an RDP client that does not have the username and password configured and it does not even request a username and password, then no OTP is going to be requested either.