Skip links
Turbo IT Solutions

Duo Authentication for Windows Logon and RDP

Author
Published on:
Published in: IT Tips

Why is Two-Factor Authentication (2FA) Important for Windows Logon?

In today’s digital landscape, cyber threats and hacking attempts are more common than ever. Since most businesses rely heavily on computers for day-to-day operations, ensuring that these systems are secure is absolutely essential.

That’s where Authentication for Windows with two-factor authentication (2FA) comes in. Adding a second layer of security—like Duo Security for Windows logon—helps protect your data even if your login credentials are compromised. With Duo 2FA, an attacker would need more than just a username and password—they’d also need access to your second authentication method (like your phone or a security token), making unauthorized access significantly harder.

What is Duo Authentication for Windows Logon?

Duo Authentication for Windows Logon enhances standard Authentication for Windows by requiring two-factor authentication during both local and remote (RDP) logins on Windows desktops and servers.

Starting from version 4.1.0, Duo also allows you to enforce 2FA for User Access Control (UAC) elevation requests—such as when a user selects “Run as administrator.” This adds an extra layer of protection against privilege escalation, giving your organization more control over how administrative access is granted.

Whether you’re managing a small business or a large IT infrastructure, integrating Duo 2FA into your Windows environment helps secure sensitive data, reduce the risk of breaches, and strengthen your overall cyber defense.

How to install and activate the Duo Authentication

1. Make sure your workstation matches the system requirements shown below

System Requirements

Duo Authentication for Windows Logon supports both client and server operating systems.

Clients:

  • Windows 8.1
  • Windows 10 (as of v1.1.8)

Servers (GUI and core installs):

  • Windows Server 2012
  • Windows Server 2012 R2
  • Windows Server 2016 (as of v2.1.0)
  • Windows Server 2019 (as of v4.0.0)

Ensure your system’s time is correct before installing Duo.

2. If you already have duo product, proceed to step 3. If not, follow the instruction here.

3. Click here to download the Duo Authentication for Windows Logon installer package.

If your workstation belongs to your company domain, it will request elevated permission for downloading. Please contact your IT department.

4. Sign in to the duo security admin portal, then go to Applications -> Protect an Application -> Search for  RDP -> Click Protect for Microsoft RDP.

5. Go to Applications -> Microsoft RDP.

These details will be used when we configure the Duo Authentication for Windows Logon installer.

 

6. Run the Duo Authentication for Windows Logon installer package downloaded on step 3.

a. Click on Next.

b. Copy API Hostname shown on step 5 and paste it in, then click Next.

c. Copy Integration Key & Secret Key shown on step 5 and paste it in, then click Next.

d. Keep the settings as default and click Next.

e. Keep the settings as default and click Next.

f. Keep the settings as default and click Next.

What is Password Protected UAC prompt?

When a user tries to do tasks that only system administrators are allowed to do, Windows will require an administrative account credential for security purposes. If you want to enable the duo two-factor authentication for password-protected UAC (User Access Control) prompts, click on Enable UAC Elevation Protection.

Verify the Duo 2FA for Windows Logon and RDP

1. Sign out from Windows and try signing in. You will get this prompt when signing in.

2. You will get a login request on your phone. Click on Approve.

You are now good to go!

Troubleshooting

Why do I not get notifications on the duo mobile app when signing in?

Make sure you have installed the duo mobile app on your phone first. You can simply go to App Store or Google Play Store, search for Duo Mobile, and install the software. If you already installed the software, but you still don’t get the notification, you should check the 2FA device on the duo security admin portal.

Go to 2FA devices -> Your device -> Device Info

This problem is mostly caused since you didn’t activate duo mobile from device info. Try it out after activating the duo mobile. If it still doesn’t work, please visit here for more information.

Why can’t I sign in and get this error message?

If you are not able to sign in and get the error message shown below, you probably didn’t add an alias for username on the duo security admin portal.

Go to Users -> Your name -> Username Aliases, then add your computer login username there.

For more information please contact us

Phone: (604) 757-9823

Email: [email protected]

You might be also interested in this article:

Strong Passwords and Multi-Factor Authentication

Download our Cybersecurity Essentials eBook

As small business owner, do you lose sleep, worrying that your business may shut down when (not if) hit by ransomware? Cybersecurity is critical to businesses today, without taking care of it, your business is at mercy of cybercrimes. Check out the Cybersecurity Essential eBook we tailored for small businesses. It will be emailed to you.