Securing Windows Logon with Cisco DUO - Tesrex

With secure remote working during the COVID-19 pandemic of greater importance than ever, Duo’s Multi-Factor Authentication solution is seeing increased adoption to secure remote access VPN connections. 

However, given the increased risk of loss or theft of corporate-owned laptops due to a greatly increased time off-premises, wouldn’t it be good to have a way to enforce MFA when logging into Windows on these devices? Perhaps you also have jumpboxes which your employees use for access to sensitive or legacy applications over Remote Desktop Protocol, and wish to add MFA to the login prompt for these servers? 

Duo also has a solution with Duo for Windows Logon. It can be configured by searching for “Windows” in the Applications menu option and selecting the Microsoft RDP option. 

Proceed to carry out the standard Duo app configuration, making note of the Integration key, Secret key and API hostname – these are required in the client configuration. The client application can then be downloaded from here and installed via your corporate endpoint management solution or manually.

The client application has Fail Open/Closed, auto Push and RDP-only configuration options.

In version 4.1 User Account Control Elevation can also be protected via MFA, to further protect administrative actions being taken on the endpoint.

The next time a user logs into the endpoint, providing their account exists in Duo they will be prompted to authenticate using their registered Duo device.

Offline access can also be configured using Duo OTPs or Yubikeys for scenarios in which users will not always have a network connection available when first logging in.

To enquire about DUO, please click here.