Reducing authentication prompts with remote desktop

robnicholson · ‎06-25-2021

Duo with Microsoft Remote Desktop works well with Duo push. One of my clients got ransomware in via brute force/poor password policy on RDS.

However, if you have a slightly flaky link, the RDS connection can sometimes drop and having to re-authenticate is a bit of a pain.

Is there anyway to cache the authentication for (say) an hour? Maybe if it’s from the same user on the same IP?

Amy2 · ‎06-25-2021

Hi @robnicholson, are you using the Duo integration for Remote Desktop Web? If so, that application does support Duo’s Remembered Devices feature. Remembered Devices is similar to the “remember my computer” or “keep me logged in” checkboxes users are accustomed to seeing while logging in to many websites. Read more about how to enable this option and control the settings in our docs on Remembered Devices here.

robnicholson · ‎06-25-2021

Thanks for the reference - looks interesting! At the moment RD Web and RD Gateway are installed so guess I need to have a look in the policies.

robnicholson · ‎06-30-2021

Sadly remembered devices only works with RD Web which users only tend to use once to download the RDP connection file. When launching the RDP, a Duo push is always sent.