We are currently blocking port 3389. However, does anyone know if you can configure a rule to only allow an RDP over 3389 if Multi Factor is used?
I know it is vague, but I am just starting to look into it.
You can do this in many ways... Two ways we handle similar types of rules are below.
1. Connection-Aware grouping so that when connect to a trusted network you would allow RDP.
2. Create a rule based on a executable file and set the (File Description, Fingerprint, Signer). Setting all depends on how restrictive you want to be for your rules. If you go this way this rule will need to be above your blocking rule for RDP.