How to configure two-factor authentication in Windows VPS/RDP?

Last updated on 

Adding two-factor authentication (2FA) to your Windows VPS or RDP sessions enhances security by requiring an extra layer of verification. This guide will walk you through the steps to configure 2FA using Duo Security, helping you protect your remote access from unauthorized use and ensure a more secure environment.

To configure two-factor authentication (2FA) in a Windows VPS or RDP session using Duo Security, follow these steps:

Setting Up Duo account:

Go to the Duo website (https://signup.duo.com) and sign up for an account if you don’t already have one.

After Signup, Log in to the Duo Admin Panel navigate to "Applications" and click on "Protect an Application."

Search for and select "Microsoft RDP" from the list of applications. Then, click "Protect".

Follow the prompts to name the application and note the integration key, secret key, and API hostname provided. You'll need these for configuration.

Install Duo Authentication on Windows RDP VPS

On your Windows Server, download the installer from: Here.

Enter the "API Hostname" received earlier, In the text field under "API Hostname" and click "Next".

On the next window, Enter the integration key and secret key, from the Duo Admin Panel.

Check the following option and click "Next".

In the next step, you can choose to enable Smart Card support if needed.

In the next window, you can choose to enable UAC elevation protection if needed.

Now Duo Authentication is ready to begin installing, click "Install" to initiate the installation.

Well done! Duo Two-Factor Authentication is now installed on your Windows server. Simply click "Finish" to exit the setup process.

Add user in Duo:

Now you need to enrol the user in Duo, Log back into the Duo dashboard Navigate to "users" click on "Add user".

Next, provide the necessary information as shown below. After entering the details, click "Save Changes," then select "Send Enrollment Email".

Next, check the email address you provided earlier for the Duo Security Enrollment email and follow the instructions included in it.

After setting up Duo on your mobile device, you'll be prompted to use two-factor authentication each time you log into your Windows server. You have now successfully configured two-factor authentication (2FA) for Windows Server using Duo.