Azure AD – Azure AD App Proxy now supports Remote Desktop web client

By now, you may already know the Azure Active Directory App Proxy (AAD App Proxy), the solution integrated with Azure AD to publish internal resources securely without having to configure firewall (open port, define target…) and providing Single Sign On with Azure AD (if the published application support it).

You may already using Azure App Proxy to publish your Remote Desktop farm/hosts through Remote Desktop Gateway.

Well, good news, Azure AD App Proxy is now supporting the Remote Desktop Web Client, you know the Remote Desktop (RDP) client embedded on the web browser (see https://docs.microsoft.com/en-us/windows-server/remote/remote-desktop-services/clients/remote-desktop-web-client and https://docs.microsoft.com/en-us/windows-server/remote/remote-desktop-services/clients/remote-desktop-web-client-admin).

First things first, there is few requirements or attention points you need to know before starting:

  • Your Azure AD App Proxy agent must be running the latest version –

    1.5.1975.0; this should be the case if you let the agent being automatically updated, otherwise you can get it from https://download.msappproxy.net/subscription/d3c8b69d-6bf7-42be-a529-3fe9c2e70c90/connector/download

  • Your RDP deployment must be configured to use per-user licenses; if you use per-device, you will ended to have all the license consumed
  • You need (off course) to have an RDP Gateway, Connection Broker and RD Web Access deployed using either Windows Server 2016 or 2019
  • Have deployed and installed the July 18, 2017 KB 4025334 (if you are maintaining properly your servers with Windows Update, WSUS or SCCM you should already have it)
  • You are using a public certificate for your RD Gateway and RD Web Access (it should go without saying but… you know Smile)
  • and finally the client must be running either Windows 10 or Windows Server 2012 or later (officially Windows Server 2008 R2 is possible but as it is out of support…) with a modern web browser (Chrome, Edge, Edge Chromium, Safari…)

Then you can get ready by deploying the remote desktop web client on your RD Web Access server(s) by running the commands with a PowerShell prompt using the run as administrator

Install-Module -Name RDWebClientManagement

NOTE you will be asked to accept the license terms

image_thumb4  image_thumb5

Install-RDWebClientPackage

image_thumb6

As always when getting a PowerShell module from the Galley you may be asked if you trust the repository

image_thumb2  image_thumb3 

You may be asked to update the PowerShellGet module first using the below command

Install-Module -Name PowerShellGet –Force

image_thumb  image_thumb1

If you already had the remote desktop web client installed when it was in preview, you will have first to uninstall it with the command

Uninstall-Module RDWebClientManagement

Then you need to connect to your RD Broker to export as crt the certificate used for Remote Desktop connection and copy this file back to the RD Web server and run the below command

Import-RDWebClientBrokerCert <.cer file path>

image_thumb[1]

And finally you can publish the package with the command

Publish-RDWebClientPackage -Type Production –Latest

image_thumb[2]

You are done, you can test by accessing your Remote Web Access URL

https://<remote desktop URL>/RDWeb/webclient/index.html

If you have been already using Azure App Proxy to publish your Remote Desktop, you have nothing more to do.

Otherwise just start using it.

If you want to share feedbacks, you can go there https://feedback.azure.com/forums/169401-azure-active-directory?category_id=160608

Benoit Hamet
Benoit Hamet
Benoit is working on Microsoft collaborative technologies He has been awarded as MVP for more than 12 years Currently MVP on Office 365 after being awarded on SharePoint (2011-2012) and Windows client & server (2002-2007) Speaker at various Microsoft events (TechDays, TechNet seminars) and Quest Software He works on on-premises (Active Directory, RADIUS/NPS, Exchange, Skype for Business, SharePoint, SQL, Terminal Server, Windows client and Windows Server) or online (Azure, Intune, Office 365, Exchange Online, SharePoint Online, Skype for Business Online, Teams) technologies