Thursday, May 7, 2020

Does Windows Server 2016 RRAS support two-factor authentication?

Hi, I wonder if anyone could share their experience / opinion about integrating two-factor authentication into Win2016 RRAS? We have been using simple L2TP for few remote users over years. Due to our business nature, we don't heavily rely on remote access, until the recent shelter-in-place. And we foresee that it could become "normal" down the road so we wanna a better protection.

I never did that before and Google search brings me a lot of info. Look like MS doesn't have one native come with RRAS. I saw few 3rd party options like Duo, or SAASPASS. But I have zero experience so I am looking for some. Hopefully, it would be just like FB, whenever the RRAS detects a login from a new IP, it sends out a txt, or email, or asking for the 6-digit code like Reddit does. We are not looking for a big complicate system. We have around 200 users in office. But during the normal time, we might have only 5 random connection over a month. So I am sure my boss will not want to pay monthly for this, but paying by connection license would be an option.

Some of you might agree with me. By working with some old age top management, it is very difficult to convince them making a 8-chars password would be much safer than just "1qaz". Yes, my boss never implement password enforcement policy as 99.9% of logins would be on LAN only.

Thanks to all. All inputs would be welcome.



No comments:

Post a Comment