Remote Desktop Protection

The ESA Remote Desktop Protection module adds 2FA into the authentication process of Remote Desktop users. The module will be loaded the next time a 2FA-enabled user attempts to use Remote Desktop to log in to a remote computer where the Remote Desktop plugin of ESA has been installed.

Users will log in using the standard authentication process of Remote Desktop. After being authenticated by Remote Desktop, users will be prompted for an OTP or prompted to approve the push notification or prompted to authenticate using FIDO. Users will only be allowed access to their computer if a valid OTP is entered or the push notification is approved, or FIDO authentication is successful.

The users' 2FA session will remain active until they log out or disconnect from the Remote Desktop session.


note

RDP client without username and password

ESA cannot protect RDP clients that do not provide username and password; if an RDP client does not have the username and password configured and it does not request a username and password, then no OTP is going to be requested either.