Summary of Steps:
- Follow the doc for RDP
- Install Duo for Windows
- Set up user
- Set up MFA device (your phone)
It’s actually fairly quick and painless to get set up with Duo MFA for Windows, with the exception that you have to manually add a user and enroll your phone. With SSH on Linux there was some editing of text files, compiling code and command-line stuff, but with Windows it’s lots of clicking of those old familiar friends, “Next”, “Ok”, and “Finish”. Here is my topology:
![](https://www.questioncomputer.com/wp-content/uploads/2019/06/Screenshot-from-2019-06-25-22-29-26.png)
First, I log into my account dashboard at https://duo.com (for which I’m MFA prompted on my phone, of course) and go to “Applications”. I click “Protect an Application” and click “Microsoft RDP”. Reading the docs at https://duo.com/docs/rdp I download the Duo Windows installer and away I go:
![](https://www.questioncomputer.com/wp-content/uploads/2019/06/Screenshot-from-2019-06-25-22-02-50.png)
You can find the API hostname, integration key, and secret key by clicking “Protect this Application” for MS-RDP:
![](https://www.questioncomputer.com/wp-content/uploads/2019/06/image-9-1024x387.png)
![](https://www.questioncomputer.com/wp-content/uploads/2019/06/Screenshot-from-2019-06-25-22-03-29.png)
![](https://www.questioncomputer.com/wp-content/uploads/2019/06/Screenshot-from-2019-06-25-22-06-03.png)
Ready to install!
![](https://www.questioncomputer.com/wp-content/uploads/2019/06/Screenshot-from-2019-06-25-22-07-02.png)
And…. it’s done.
![](https://www.questioncomputer.com/wp-content/uploads/2019/06/Screenshot-from-2019-06-25-22-07-54.png)
Then we need to manually add a user, as I mentioned. From the Duo dashboard, just click “Add user”. For some reason when I created this VM some time ago I name the user “solarwinds”, I think I was doing some network testing. I regret nothing.
![](https://www.questioncomputer.com/wp-content/uploads/2019/06/Screenshot-from-2019-06-25-22-20-45.png)
Add my phone:
![](https://www.questioncomputer.com/wp-content/uploads/2019/06/Screenshot-from-2019-06-25-22-21-10.png)
Send the activation link to you phone, and you can activate Duo Push Mobile app if you have it.
![](https://www.questioncomputer.com/wp-content/uploads/2019/06/Screenshot-from-2019-06-25-22-26-35-1024x674.png)
Then log in! I use Remmina on Linux, but of course any RDP client will work.
![](https://www.questioncomputer.com/wp-content/uploads/2019/06/Screenshot-from-2019-06-25-22-14-43.png)
I’m prompted by Duo and a code is sent to my phone:
![](https://www.questioncomputer.com/wp-content/uploads/2019/06/Screenshot-from-2019-06-25-22-28-02-1024x500.png)
And I’m logged in!
![](https://www.questioncomputer.com/wp-content/uploads/2019/06/Screenshot-from-2019-06-25-22-28-57-1024x560.png)
There is much rejoicing.