Configuration

To configure Remote Desktop 2FA for the desired user(s), enable 2FA in their profile(s). They also must be authorized Remote Desktop users.

To use Remote Desktop protection, RD Session Host must be configured to use an available SSL (TLS) option or Negotiate. Usually, the Security Layer is configured correctly. If you run into issues, check and adjust the settings as described below.

RDP without Remote Desktop Services

Use Group Policy to adjust the settings. For example, to modify the Local Computer Policy:

1.Press the Windows key and R simultaneously.

2.Type gpedit.msc and press Enter.

3.In the left pane, click Computer Configuration > Administrative Templates > Windows Components > Remote Desktop Services > Remote Desktop Session Host > Security.

4.In the right pane, double-click Require use of specific security layer for remote (RDP) connections.

5.Select Enabled.

6.From Security Layer, select an available SSL (TLS) option or Negotiate.

RDP using RD Services

To modify the settings on Windows Server 2008:

1.Go to the Start menu > Administrative Tools > Remote Desktop Services > Remote Desktop Session Host Configuration.

2.In the Connections section, open RDP-Tcp.

3.Click the General tab.

4.In the Security section, the Security Layer setting must be configured to use an available SSL (TLS) option or Negotiate.

To modify the settings on Windows Server 2012 and later, follow these steps:

1.Open Server Manager.

2.Click Remote Desktop Services from the left pane.

3.Open the Collections properties.

4.In the Security section, the Security Layer setting must be configured to use an available SSL (TLS) option or Negotiate.