How to Login to Windows Remote Desktop with Duo Authentication

How to Login to Windows Remote Desktop with Duo Authentication

This guide explains how to securely log in to a Windows machine using the Microsoft Remote Desktop / Windows App together with Duo Security two-factor authentication (2FA).

What You Need

• Microsoft Windows App (formerly "Microsoft Remote Desktop") installed on your device.
• Duo Mobile app on your phone for 2FA approval.
• Your Windows username/password and the target machine's hostname or IP.

Download Links — Windows App (Remote Desktop)

• Windows 10 / 11 — Windows App (new): Microsoft Store – Windows App
  Or built-in Remote Desktop Connection (mstsc.exe) — press Win+R, type mstsc.
• macOS: Mac App Store – Windows App
• iOS / iPadOS: App Store – Windows App Mobile
• Android / ChromeOS: Google Play – Microsoft Remote Desktop
• Web client: windows.cloud.microsoft

Download Links — Duo Mobile (2FA)

• Duo Mobile (iOS): App Store
• Duo Mobile (Android): Google Play  ( Diretlink  ) Or ZIP 

Step 1 — Open the Windows App / Remote Desktop

1. Launch the Windows App (or Remote Desktop Connection / mstsc.exe) on your device.
2. Click + Add > PCs (Windows App), or type the address into the Computer field (mstsc).
3. Enter the target Windows machine's hostname or IP (e.g., 10.10.0.25 or server01.corp.local).

Step 2 — Enter Your Windows Credentials

1. Enter your Windows username and password.
2. Click Connect; accept the certificate prompt if shown.

Step 3 — Approve the Duo 2FA Prompt

1. After credentials are accepted, Duo will trigger a 2FA challenge.
2. Choose your authentication method:
   • Duo Push — open Duo Mobile on your phone and tap Approve (recommended).
   • Passcode — enter the 6-digit code generated by Duo Mobile.
   • Phone Call — answer the callback and press a key to approve.
   • SMS — receive a one-time passcode by text message.
3. Once approved, the Remote Desktop session will open and you'll be logged in to the Windows machine.

Microsoft official guide: How to use Remote Desktop – Microsoft Support

Troubleshooting

• No Duo push received? Make sure your phone has internet access and Duo Mobile is up to date — try the passcode option instead.
• RDP fails to connect? Confirm the target machine has Remote Desktop enabled (Settings > System > Remote Desktop).
• Verify the firewall allows TCP 3389 from your network.
• If you receive "Access Denied" after Duo approval, ensure your account is in the allowed Duo group / Remote Desktop Users group on the target machine.

Other Languages / 其他语言: See the Chinese version of this article in the Knowledgebase (cross-linked translation).