![]() This application communicates with Duo's service on SSL TCP port 443.įirewall configurations that restrict outbound access to Duo's service with rules using destination IP addresses or IP address ranges aren't recommended, since these may change over time to maintain our service's high availability. PowerShell example: Import-Module ServerManager The PowerShell commands for this are: Import-Module ServerManagerĪdd-WindowsFeature NET-Framework-45-ASPNETĮnsure that the IIS Management Scripts and Tools feature is turned on as well. You can do this, for example, by running the following PowerShell commands: Import-Module ServerManagerĪlso make sure you have installed ASP.NET 4.5 support for IIS. These instructions are for installing Duo Authentication for RD Web on Windows Server 2012 and later. Make sure to complete these requirements before installing Duo Authentication for RD Web.Ĭheck your server version. Then (when you're ready) change the "New user policy" to "Require Enrollment." This forces all your users to authenticate to Duo (or enroll) after RD Web logon. Enrolled users must complete two-factor authentication, while all other users are transparently let through. Set your application's New User Policy to "Allow Access" while testing. Block direct RDP access to these hosts to mitigate the potential for bypass. If clients can establish a direct connection to your RD Connection Broker and/or Session Host(s), then they may be able to bypass two-factor authentication. If you want to enforce two-factor authentication for all your clients, you should ensure that they must connect through RD Web Access with Duo and/or RD Gateway with Duo.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |