Select this option if you use RD Web Access on a public computer. Be sure to log off when you have finished using RD Web Access and close all windows to end your session. This is a private computer: Select this option if you are the only person who uses this computer. Your server will allow a longer period of inactivity before logging you off. These Microsoft RD Web Access Servers provide a web based login page where users have to provide their domain username and password to access published applications. For those who are familier with Microsoft RD Web Access, is there any information or guidance on setting OKTA up to access these RD Web Access sites?
I am going to assume you have a domain infrastructure but no Certificate Infrastructure. If thats the case you need to export the certificate and then import it into your certificate store on your local PC's. This can be done by a group policy.
The one thing I am not sure on is what the LEAST privileged store happens to be. Trusted Root Certification Authorities would certainly do it but there's probably a lower level that would work as well in your domain without granting that server the highest permissions.
Trusted Devices? Not sure. I would experiment locally and see which one does it for you, you may need to do it and then reboot. Again, not sure. Once you find out, open up a GPO at the highest level of your OU infrastructure that you want to configure and then add that certificate into the correct object.
Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016
Below are various configurations for deploying Remote Desktop Services to host Windows apps and desktops for end-users.
Note
The architecture diagrams below show using RDS in Azure. However, you can deploy Remote Desktop Services on-premises and on other clouds. These diagrams are primarily intended to illustrate how the RDS roles are colocated and use other services.
Standard RDS deployment architectures
Remote Desktop Services has two standard architectures:
Microsoft Rdweb Html5
- Basic deployment – This contains the minimum number of servers to create a fully effective RDS environment
- Highly available deployment – This contains all necessary components to have the highest guaranteed uptime for your RDS environment
What Is Rd Web Access
Basic deployment
Rdweb Microsoft Login
Highly available deployment
RDS architectures with unique Azure PaaS roles
Though the standard RDS deployment architectures fit most scenarios, Azure continues to invest in first-party PaaS solutions that drive customer value. Below are some architectures showing how they incorporate with RDS.
RDS deployment with Azure AD Domain Services
The two standard architecture diagrams above are based on a traditional Active Directory (AD) deployed on a Windows Server VM. However, if you don't have a traditional AD and only have an Azure AD tenant—through services like Office365—but still want to leverage RDS, you can use Azure AD Domain Services to create a fully managed domain in your Azure IaaS environment that uses the same users that exist in your Azure AD tenant. This removes the complexity of manually syncing users and managing more virtual machines. Azure AD Domain Services can work in either deployment: basic or highly available.
RDS deployment with Azure AD Application Proxy
The two standard architecture diagrams above use the RD Web/Gateway servers as the Internet-facing entry point into the RDS system. For some environments, administrators would prefer to remove their own servers from the perimeter and instead use technologies that also provide additional security through reverse proxy technologies. The Azure AD Application Proxy PaaS role fits nicely with this scenario.
Download Microsoft Rd Web Client
For supported configurations and how to create this setup, see how to publish Remote Desktop with Azure AD Application Proxy.
Comments are closed.