This isn't something that any Duo software would do for you.
However, it looks like you can already do this with existing Windows features:
- Deploy RD Gateway.
- Use RD Gateway CAP/RAP to make it send requests to your RADIUS server.
- Only allow RDP connections that use RD Gateway.
This isn't a config that is compatible with Duo to add 2FA though. The Duo for RD Gateway plugin disables RDG CAP/RAP so installing that would short-circuit RADIUS auth, and leaving RDG CAP/RAP intact but then creating a CAP that forwards RDG RADIUS requests to Duo Authentication Proxy RADIUS server won't work either as those requests don't contain info in the packet that can be used for the Duo proxy to complete primary authentication (and such a config does not allow for a Duo-only RADIUS config).
Duo, not DUO.