How do we restrict PDQ Link/NPS/RRAC to only allow connections from domain joined machines?

Follow

Anthony Rettig

• August 20, 2020 17:17

Forgive me if this was already made clear. One of the questions that came up several times during the PDQ Link webcast was about MFA. 

I have to think that the need for MFA with PDQ Link would be far less of a concern if only domain joined machines were allowed to connect to the NPS/RRAC server. Is that inherent in the setup out of the box? Essentially there would be two forms of authentication: 1) user's password, 2) a physical domain joined machine. 

If not, is there a way to configure it that way?

Removing MFA from the equation would also ensure that the clients are able to connect without any user interaction. Adding MFA into the mix would effectively render the solution wildly less useful. 

1

• 

  Adam Nofsinger

  • August 24, 2020 12:48

  Someone correct me if I'm wrong, but I believe it was said several times during the webinar (and some people in BYOD organizations were unhappy) that a limitation/requirement of using RAS/NPS is that the client must be a domain-joined PC.  There was even some question of whether it would not work if you had a domain joined PC, but logged in with a local user.

  0

  Comment actions Permalink
• 

  Anthony Rettig

  • August 24, 2020 13:40

  I believe that is what I also heard, but I was not 100% clear. We will certainly be testing this in the near future and will update here when we confirm, unless someone else gets to it before we do.

  0

  Comment actions Permalink

Please sign in to leave a comment.