Microsoft RD Web Access Applications

How to deploy MFA authentication for applications published with Microsoft RD Web Access using ADFS SecureMFA OTP Provider


Command adds Relying Party Trust (RP) configuration on ADFS server which is required for Microsoft RD Web Access to work with windows authentication and enforce MFA authentication when accessing published applications. Provide a valid HTTPS URL for your MS RD Web Access portal.””

Add-ADFS_RelyingPartyTrust -RP_WEBSITE_URL "https://RDWEB_FQDN/RDWeb/Pages/Default.aspx" -SampleRP RDWeb -Force

Please write down output information for “ADFS Issuer” , “ADFS Identifier” and “ADFS TokenSigning Thumbprint” which will be required for MS RD Web Access portal configuration.

 Deployment Steps

Install-Module -Name SecureMFA -Repository PSGallery -Scope AllUsers

Add-xRDWeb_ADFSConfig -RDP_WEBSITE_URL "https://ardswebl01.adatum.labnet/RDWeb/Pages/Default.aspx" -ADFS_ISSUER "https://adfs.adatum.labnet/adfs/ls/" -ADFS_SERVICE_IDENTIFIER "http://adfs.adatum.labnet/adfs/services/trust" -ADFS_SINGING_CERT_THUMBPRINT "B0F421A6F5E298175CE2369E4237A1FD4A619F82"

 Deployment Video

Video shows deployment steps how Microsoft RD Web Access server  can be linked to ADFS service for MFA authentication to Microsoft remote desktop services published applications or desktops. Free provider version (which runs for limited number of 24 users) can be downloaded from

This deployment allows to use Windows authentication and OTP tokens to provide MFA access for  published RDP applications via Microsoft RD Web Access server.

Each connection is first pre-authorized by the ADFS and, if successful, the session is authenticated and authorized on the RD Web Access server itself.

All components of the MFA-OTP provider are hosted on-premise infrastructure and do not depend on 3rd party services in the cloud.