We want to set up RDP Gateway (intended only for remote users who are not using VPN) and require that users must always use multifactor authentication to connect from outside connections.
Apparently, even if you setup your RDP Web site to require 2FA, users can easily bypass this if they enter the gateway info in their local mstsc.exe client.
How can we either force connections through the rdweb site's 2FA or, better yet, force 2FA even if the user opens their remote desktop client directly?
The only solution I found says you can only do this with ISA ot TMG. We don't have these and they are not even a valid option available for sale anymore even if we wanted to purchase them.
http://microsoftplatform.blogspot.com/2011/05/force-use-of-rd-webaccess-block-direct.html
These blogs posts are quite old now. Is there a new, better solution for this problem now?