Is it possible to extra authentication in rdp connection - azure

I am new to Azure. I have created a Virtual Machine windows server 2016 in Azure. When I connect it a rdp file wil download so that I can do remote desktop to my server in Azure. This is a normal rdp connection with authentication of username and password for the machine.
My question is , Is it possible to add an extra authentication , which is similar to Remote desktop gateway in server 2012 on-premise , in Azure server 2016.
Could anyone help me in this, Is there any documentation ?
Thanks

Yes, you can add further authentication for your RDP. Here is link.
Azure Authentication

Related

Azure devops server (on premise) integrate with SourceTree or Gitkraken

I've recently setup an azure devops server on a VM but I can't seem to connect to it using Gitkraken. GitKraken will give the error "Could not reach the specified host domain"
SourceTree will give an error "TF400813: Resource not available for anonymous access. Client authentication required"
I used devops.ourdomain.com/MyCollection on sourcetree/gitkraken to try and connect. I tried it with the /MyCollection and without.
On IIS Anonymous Authentication is enabled, and so is Windows authentication.
Currently the devops environment is not connected to our AD but authentication is done through local windows accounts on the VM.
Are there any settings on the server that I'm possibly missing? The Devops environment is only reachable when you are connected to our VPN, so maybe that could be the issue?
Connecting through Visual Studio directly does work
Regarding GitKraken: The Azure DevOps integration is intended for hosted instances only. There is an active feature request to support on premises Azure DevOps Server instances.
https://feedback.gitkraken.com/suggestions/184569/azure-devops-server-integration

Azure VNet Point to Site VPN and OpenVPN with Azure AD on MAC

I have setup an Azure VNet and a Point to Site VPN using the OpenVPN tunnel to maintain use of the Azure AD username and password for login.
I have sample .ovpn config files but they all require certificates, beyond what is provided by Azure.
Azure provides me with the following three files:
AzureVPN\azurevpnconfig.xml
Generic\VpnServerRoot.cer
Generic\VpnSettings.xml
How should I go about using these files to configure a .ovpn document allowing me to connect to this VPN using my MacBook?
My understanding is that the certs aren't needed since we're using a username and password to login? The downloaded VpnServerRoot.cer doesn't import to the OS Keychain...
Thank for any pointers!
Unfortunately, currently, MAC OS client is not available for connecting Azure point to site VPN with Azure AD authentication. The table below shows the client operating systems and the authentication options that are available to them. Refer to https://learn.microsoft.com/en-us/azure/vpn-gateway/work-remotely-support
With using the OpenVPN tunnel, you can select RADIUS and Azure Certificate authentication for your MAC OS X clients. For Mac clients, Read Configure OpenVPN clients for Azure VPN Gateway.
Only iOS 11.0 and above and MacOS 10.13 and above are supported with
OpenVPN protocol.
and Create and install VPN client configuration files for native Azure certificate authentication P2S configurations.

IIS 8.5 connecting to remote report services

Here is the scenario:
A web server is running on IIS 8.5 using AppPoolIdendtity to pass through the credential to connect to Reporting Service which is remotely installed in a MSSQL Server.
The reporting service has added the machine account DOMAIN\MACHINENAME$ to the system role assignment from http://MSSSQLRS/ReportServer as System Administrator like this:
The permissions granted to user ' are insufficient for performing this operation. (rsAccessDenied)"}
Testing local MSSQL server is smooth with local access. However, whenever the connection is established from the IIS web server. The "rsAccessDenied" error came up as DOMAIN\MACHINENAME$ user.
Not sure what else is wrong either on the WEB IIS or MSSQL server....
Sounds like RS Windows NTLM is not configured correctly. See this article.

RemoteApp working with Azure Windows Server 2012

Hoping someone can shed some light on my RemoteApp/Azure dilemma
I have successfully setup RDS on Server 2012 VMs in Azure - session host, rdweb and connection broker, opted not to have a gateway as only running one session host.
Created an self-signed certificate in RDS tools in Server Manager and bound this to rdweb, named the cert remote.cloudapp.net. I also uploaded this to the cloud service for the VMs using Azure powershell.
So via an Azure VM on the domain in Azure I can connect to remoteapp and successfully run an application.
However when I connect externally via a browser on my standalone laptop I get the following error in the RDS Log:
Remote Desktop Connection Broker Client failed to redirect the user
REMOTE\appuser. Error: NULL
I have tried the fix of look for an Pool ID of NULL in the Windows Internal Database and I only have one pool ID which is the collection I created, so can't be that.
Also get this error returned when I try to run a remoteapp after successfully logging into the RDweb page:
Remote Desktop Services cannot connect to the remote computer for one
of these reasons: Remote Access is not enabled to the server Remote
computer turned off Remote computer not available on the network
I am totally stumped, is there something I am missing that is so simple.

Azure RDP requires certificate installed on client machine?

On a project I’m working on at my current job, we need to enable the RDP on azure web role. I've enabled the RDP but client is not being able to connect. We confirmed RDP port is opened as well.
Doesn't client needs to install certificate on his/her machine as well?
No the client doesn't need to install a certificate on their machine. When you deploy a cloud service from Azure you can opt to have an RDP account created at the point of deployment, this will automatically configure the endpoints for 3389 on the instance. Are you sure the client is using the correct case on the password and has their firewall open on 3389?
No it does not. If you're having problems try to download the assistant file that will set up everything BUT your firewall, leaving you to just hit "Connect"

Resources