Solution
Due to shifting tactics of threat actors in the post-pandemic business environment, all non-Zscaler devices must authenticate with MFA to use the Remote Desktop Protocol when connecting to a VCU computer.
1. For Windows endpoints, DUO prompt will appear when individuals attempt to login to the endpoint over RDP under the following circumstances:
- When the Windows endpoint is on campus, and the individual is accessing the endpoint from a non-VCU managed machine, or a VCU managed machine without an active ZScaler connection.
- When the Windows endpoint is at home or an alternative location.
2. For Windows servers, MFA is already in place, however, we will be removing the VPN IP ranges from the trusted network list for the integration, so MFA prompts will appear if you RDP to a Windows server from a non-VCU managed machine, or from a VCU-managed machine without an active ZScaler connection.
The Windows login prompt will look similar to the following:
