Azure Multi Factor Authentication and Remote Desktop Services (RDS)

implementing azure mfa

Are you implementing Microsoft Azure Multi-Factor Authentication (MFA) in your Remote Desktop Services/RemoteApp (RDS) deployments? You better be….

Don’t Put Mobility Ahead of Security. You Can Have Both!

As the business landscape continues to evolve and “mobility” becomes less of a buzzword and more of a necessity, many companies are implementing mobile first and Bring-Your-Own-Device (BYOD) IT strategies to alleviate expensive hardware costs and rents. An added bonus – it gives employees the autonomy to fully execute their job functions.

A widely used solution, and one of the most popular mobile infrastructure deployments, Microsoft Remote Desktop Services provides users remote access to company owned Windows virtual desktops, data, and applications from almost any device. Users simply log in using the Remote Desktop Client from a preferred device and gain secure access to the corporate assets they need to perform their duties.

Whether you are deploying your Microsoft Remote Desktop Services environment on-premises, to the Microsoft Azure Cloud, or your preferred Datacenter, Microsoft RDS is the platform of choice for building virtualization solutions for every business.

But how do you protect corporate assets and your user credentials from being stolen when using RDS?

Add a little salt to those AD credentials.

Is authenticating using Active Directory 100% secure? The short answer is no. Although AD provides a layer of security to your credentials, even an amateur hacker using specialized tools can quickly gain access to AD credentials.

In the best-case scenario, a hacker will be able to gain access to your RDS deployment and sensitive data. In some cases, a sophisticated hacker will use a service attack to gain admin credentials, giving the hacker access to your company network and even control over user domain. Both scenarios are considered a data breach and put your company in harm’s way.

Average cost of a data breach in 2018.

According to the 12th annual Cost of Data Breach Study, the average cost of data breach is $3.62 million with an average per stolen record cost of $141. Simply put, a data breach can cripple your business even if you are able to survive it at all. 

What is Azure MFA?

Microsoft Azure Multi-Factor Authentication (MFA) is Microsoft’s two-step verification solution, a crucial step in protecting your RDS. Two-step verification is a process of authentication that requires more than one verification method and adds a critical second layer of security to user sign-ins. Azure MFA helps safeguard access to data and applications while meeting user demand for an easy sign-in process. It delivers strong authentication across a range of verification methods, including phone calls, text messages, and mobile app verifications.

Azure MFA is an easy to use and reliable solution that provides an extra layer of security to protect users and your data.

Make Microsoft Azure MFA Standard Across all Your RDS Deployments

Although Microsoft Azure Multi-Factor Authentication (MFA) provides an inexpensive, easy to deploy, and necessary layer of security to your RDS environments.

With Azure MFA successfully deployed, users and admins attempting to connect to company resources via the Remote Desktop Client will be prompted to enter a 6-digit code as a second layer of authentication to connect. This code is delivered automatically to the user’s mobile device, by either a phone call, text, or mobile app verification, after AD credentials are entered.

Hackers may still be able to get a hold of your AD credentials; however, with MFA deployed, without access to your phone or network, their efforts are essentially useless.

Full proof? Not quite. Is it necessary? Absolutely.

Where can you purchase Microsoft Azure MFA Licenses?

Azure Multi-Factor Authentication (MFA) is usually purchased through an Office 365 subscription as Azure Active Directory Premium or included in a bundled plan.

Our recommendation would be to purchase a license through a CSP partner like Total Cloud IT as part of the Enterprise Mobility + Security bundle. The. Enterprise Mobility + Security includes numerous security tools necessary to protect your data on-premises or in the Cloud.

Need Deployment help?

Total Cloud IT is a Microsoft CSP Partner specializing in Office 365 and Azure Enterprise Deployments.

Purchasing and implementing the right solution can be a tricky endeavor. Let Total Cloud IT take the guess work out of the equation.

Please contact joel@totalcloudit.com for a free consultation and get your business on the path to security.

My name is Joel McElroy. I’ve been thinking about data security, you should be too.