How to setup DUO 2FA on RDP

This is a guide on how to setup duo.com 2FA for Windows Server RDP.

Signup for Duo

Signup for Duo Trial: here

Setup Your Application

Click on the Protect an Application button in the top left

Search up "RDP" and you'll be able to see Microsoft RDP. This can be used for:

Clients:

  • Windows 8.1

  • Windows 10 (as of v1.1.8)

Servers (GUI and core installs):

  • Windows Server 2012

  • Windows Server 2012 R2

  • Windows Server 2016 (as of v2.1.0)

  • Windows Server 2019 (as of v4.0.0)

We highly suggest you leave everything as default unless you know what you're doing. Don't forget to click save when it shows.

Adding a User to Duo

Default username should be "Administrator" You will also be able to set Administrator as an alias under different account names. In our case, we use zestyadmin but for ALL zesty clients, you should be using Administrator.

Add a Phone

Download the Duo Mobile app onto your phone.

Back to your browser. Under the same user page, you will be able to add a phone using the "Add Phone" button.

You will now click on the Activate Duo Mobile text (in blue) under the "Device Info" section.

Generate the Duo Mobile Activation Code.

Send the link to your mobile device by SMS.

You will then click on the link and and it will open the Duo Mobile app and add your Application & User.

Installing Duo onto your Server

Download and install the Duo Authentication for Windows Logon installer package onto your server. You can download that here.

Back to your application home screen, you will see the integration key, secret key and API hostname.

Enter in your API hostname (Copy & Paste if you can).

Enter in the Integration Key and Secret Key (Copy & Paste if you can).

Select "Only prompt for Duo authentication when logging in via RDP" Make sure this is ticked.

Don't enable smart card unless you actually have one and know how to configure it.

You may now logout and then login to the server and see if it prompts on your phone.

Done!