Allowing Non-2FA Users
The module can be configured to either allow or to prohibit users that do not have 2FA enabled from logging in to remote computers with Remote Desktop Protocol. This scenario occurs if the user is not configured for any authentication method nor the Mobile Application and the Remote Desktop configuration option to allow non-2FA users to log in is enabled. The configuration option to allow non-2FA users defaults to being enabled after installation.
In this configuration, a user can log into the remote computer with their Active Directory password.
If the configuration option to allow non-2FA users is disabled, then the user will not be able to log into remote computers with Remote Desktop Protocol.
To change the module configuration navigate in ESA Web Console to Components, click RDP and the Computer list window will appear listing all computers where Remote Desktop Protection of ESA is installed.