By now, you may already know the Azure Active Directory App Proxy (AAD App Proxy), the solution integrated with Azure AD to publish internal resources securely without having to configure firewall (open port, define target…) and providing Single Sign On with Azure AD (if the published application support it).
You may already using Azure App Proxy to publish your Remote Desktop farm/hosts through Remote Desktop Gateway.
Well, good news, Azure AD App Proxy is now supporting the Remote Desktop Web Client, you know the Remote Desktop (RDP) client embedded on the web browser (see https://docs.microsoft.com/en-us/windows-server/remote/remote-desktop-services/clients/remote-desktop-web-client and https://docs.microsoft.com/en-us/windows-server/remote/remote-desktop-services/clients/remote-desktop-web-client-admin).
First things first, there is few requirements or attention points you need to know before starting:
- Your Azure AD App Proxy agent must be running the latest version –
1.5.1975.0; this should be the case if you let the agent being automatically updated, otherwise you can get it from https://download.msappproxy.net/subscription/d3c8b69d-6bf7-42be-a529-3fe9c2e70c90/connector/download
- Your RDP deployment must be configured to use per-user licenses; if you use per-device, you will ended to have all the license consumed
- You need (off course) to have an RDP Gateway, Connection Broker and RD Web Access deployed using either Windows Server 2016 or 2019
- Have deployed and installed the July 18, 2017 KB 4025334 (if you are maintaining properly your servers with Windows Update, WSUS or SCCM you should already have it)
- You are using a public certificate for your RD Gateway and RD Web Access (it should go without saying but… you know )
- and finally the client must be running either Windows 10 or Windows Server 2012 or later (officially Windows Server 2008 R2 is possible but as it is out of support…) with a modern web browser (Chrome, Edge, Edge Chromium, Safari…)
Then you can get ready by deploying the remote desktop web client on your RD Web Access server(s) by running the commands with a PowerShell prompt using the run as administrator
Install-Module -Name RDWebClientManagement
NOTE you will be asked to accept the license terms
As always when getting a PowerShell module from the Galley you may be asked if you trust the repository
You may be asked to update the PowerShellGet module first using the below command
Install-Module -Name PowerShellGet –Force
If you already had the remote desktop web client installed when it was in preview, you will have first to uninstall it with the command
Then you need to connect to your RD Broker to export as crt the certificate used for Remote Desktop connection and copy this file back to the RD Web server and run the below command
Import-RDWebClientBrokerCert <.cer file path>
And finally you can publish the package with the command
Publish-RDWebClientPackage -Type Production –Latest
You are done, you can test by accessing your Remote Web Access URL
https://<remote desktop URL>/RDWeb/webclient/index.html
If you have been already using Azure App Proxy to publish your Remote Desktop, you have nothing more to do.
Otherwise just start using it.
If you want to share feedbacks, you can go there https://feedback.azure.com/forums/169401-azure-active-directory?category_id=160608