I was reading through the v19 Admin guide and came across the option below, Would it be beneficial to disable the RD Connection Broker for performance reasons? If RAS is doing the brokering, why would one need the Microsoft RD Connection Broker enabled?
No, I've tried that. But interesting question, how to disable direct RDP login on to RDSH if 2FA is enabled locally. Is there a possibility to block that for MS RDP Client?
Hi, not sure what you mean with "2fa is enabled locally". if you enable MFA in Parallels, i think, it does not have any affect to MSTSC. We secured the RDSH server with local Firewall: Allow Access only from Administrative Workstation and Gateway (TCP/UDP 3389) Configured Ras Client to use Gateway SSL Mode. (a little bit more complex because we enalbed also ipsec in backend, and allow unsecured connections only to Gateway (SSL). This means all connections are connected through Gateway, but we can secure RDS Port. br Chris