Securing devo server for public internet access

Hello,

For your first question, you can refer to the following topics, but please keep in mind the warning in the first link:

• https://docs.devolutions.net/server/getting-started/security-checklist/
• https://docs.devolutions.net/kb/devolutions-server/knowledge-base/dvls-security-hardening/

For the second question, you can refer to https://docs.devolutions.net/server/dgw/server-configuration/

For the last question, by using Microsoft / AAD authentication, the authentication will occur on the Microsoft side, including your MFA. However, if you want your Devolutions Server to be available online, you will still need to secure your Devolutions Server instance.

Best regards,

Thanks Richard, what is the best way to implement AAD/MS auth as the default auth method? Currently we have users added via LDAP using a local domain account. Is it 100% necessary to add the users through linking devolutions server and our azure instance together?

Hello Ross,

You must authenticate using Microsoft/AAD authentication instead of domain authentication. You can follow this KB to configure it - https://docs.devolutions.net/kb/devolutions-server/how-to-articles/azure-portal-configuration-guide-microsoft-authentication/

Once done, you can migrate your current domain users to Microsoft in Devolutions Server - https://docs.devolutions.net/kb/devolutions-server/how-to-articles/authentication-migration/ . This way, they will keep their user vault and their user-specific settings.

Best regards,