Apr 06, 2019 In order to get started with Microsoft Remote Desktop, you must begin by downloading it from the Mac App Store. Click the blue 'App Store' icon in your dock. Or, you can download it from our sister site Download.com here. Once you've accessed the Mac App Store.
-->Requirements
- Windows 10
- Certificate trust deployments
- Hybrid and On-premises Windows Hello for Business deployments
- Azure AD joined, Hybrid Azure AD joined, and Enterprise joined devices
- Certificate trust deployments
Windows Hello for Business supports using a certificate deployed to a WHFB container to a remote desktop to a server or another device. This functionality is not supported for key trust deployments. This feature takes advantage of the redirected smart card capabilities of the remote desktop protocol.
Microsoft continues to investigate supporting this feature for key trust deployments in a future release.
Remote Desktop with Biometrics
Requirements
- Hybrid and On-premises Windows Hello for Business deployments
- Azure AD joined, Hybrid Azure AD joined, and Enterprise joined devices
- Certificate trust deployments
- Biometric enrollments
- Windows 10, version 1809
Users using earlier versions of Windows 10 could remote desktop to using Windows Hello for Business but were limited to the using their PIN as their authentication gesture. Windows 10, version 1809 introduces the ability for users to authenticate to a remote desktop session using their Windows Hello for Business biometric gesture. The feature is on by default, so your users can take advantage of it as soon as they upgrade to Windows 10, version 1809.
How does it work
Windows generates and stores cryptographic keys using a software component called a key storage provider (KSP). Software-based keys are created and stored using the Microsoft Software Key Storage Provider. Smart card keys are created and stored using the Microsoft Smart Card Key Storage Provider. Keys created and protected by Windows Hello for Business are created and stored using the Microsoft Passport Key Storage Provider.
A certificate on a smart card starts with creating an asymmetric key pair using the Microsoft Smart Card KSP. Windows requests a certificate based on the key pair from your enterprises issuing certificate authority, which returns a certificate that is stored in the user's Personal certificate store. The private key remains on the smart card and the public key is stored with the certificate. Metadata on the certificate (and the key) store the key storage provider used to create the key (remember the certificate contains the public key).
This same concept applies to Windows Hello for Business. Except, the keys are created using the Microsoft Passport KSP and the user's private key remains protected by the device's security module (TPM) and the user's gesture (PIN/biometric). The certificate APIs hide this complexity. When an application uses a certificate, the certificate APIs locate the keys using the saved key storage provider. The key storage providers directs the certificate APIs on which provider they use to find the private key associated with the certificate. This is how Windows knows you have a smart card certificate without the smart card inserted (and prompts you to insert the smart card).
Windows Hello for Business emulates a smart card for application compatibility. Versions of Windows 10 prior to version 1809, would redirect private key access for Windows Hello for Business certificate to use its emulated smart card using the Microsoft Smart Card KSP, which would enable the user to provide their PIN. Windows 10, version 1809 no longer redirects private key access for Windows Hello for Business certificates to the Microsoft Smart Card KSP-- it continues using the Microsoft Passport KSP. The Microsoft Passport KSP enabled Windows 10 to prompt the user for their biometric gesture or PIN.
Compatibility
Users appreciate convenience of biometrics and administrators value the security however, you may experience compatibility issues with your applications and Windows Hello for Business certificates. You can relax knowing a Group Policy setting and a MDM URI exist to help you revert to the previous behavior for those users who need it.
Important
The remote desktop with biometric feature does not work with Dual Enrollment feature or scenarios where the user provides alternative credentials. Microsoft continues to investigate supporting the feature.
Related topics
-->The following is a list of the Remote Desktop Services shortcut keys.
A note regarding missing keys: Many compact keyboards do not contain some keys. For example, many laptops do not have a dedicated BREAK key. However, they usually have keyboard shortcuts that replace dedicated keys. These key replacements are specified by the manufacturer of the keyboard, so you may need to look up key replacements in the documentation provided by your keyboard or laptop manufacturer.
There are two possible shortcut key combinations you can use on a remote desktop connection: the default Windows shortcut keys, or the shortcut keys originally designed for the remote desktop. You can set which shortcut keys you use on the local and remote machine through the Remote Desktop Connection client (ie, the dialog that appears when you click on the Remote Desktop Connection icon). From there, click Show Options (if you cannot see the options), and then click the Local Resources tab. In the Apply Windows key combinations drop-down, you have three options:
On this computer
the default key combinations will work on your local machine only. You must use the alternate combinations on the remote desktop.
On the remote computer
The default key combinations will work only on the remote desktop. You must use the alternate combinations on the local machine. Note that once you close down the Remote Desktop Connection, your local machine will once again use the default windows shortcuts.
Only when using the full screen
The default key combinations will work on whichever machine has the full desktop; functionally, this means that the default key combinations work for the local machine, unless you have the Remote Desktop Connection window in full-screen mode.
For more user information about Remote Desktop connection, See Remote Desktop Connection: frequently asked questions.
| Shortcut key | Description |
|---|---|
| CTRL+ALT+HOME | Activates the connection bar. |
CTRL+ALT+BREAK or one of these shortcuts:
| Switches the client between full-screen mode and window mode. If these shortcuts don't work, or the keys aren't available, you can try the following alternative:
|
| CTRL+ALT+END | Brings up the Windows Security dialog box for the Remote Desktop Session Host (RD Session Host) (provides the same functionality as pressing CTRL+ALT+DEL on the local computer). |
The following table describes the standard Windows shortcut keys and their equivalent Remote Desktop shortcuts that are different. (For example, Ctrl+Z is generally the 'Undo' shortcut on both standard Windows and Remote Desktop.)
Microsoft Remote Desktop Beta Mac
Microsoft Remote Desktop Mac Command Key
| Windows shortcut | Remote Desktop shortcut | Description |
|---|---|---|
| ALT+TAB | ALT+PAGE UP | Switches between programs from left to right. |
| ALT+SHIFT+TAB | ALT+PAGE DOWN | Switches between programs from right to left. |
| ALT+INSERT | Cycles through the programs in the order they were started. | |
| Windows key or CTRL+ESC | ALT+HOME | Displays the Start menu. |
| ALT+SPACE BAR | ALT+DELETE | Displays the system menu. |
| ALT+PRINT SCREEN | CTRL+ALT+MINUS SIGN (-) | Places a snapshot of the active window, within the client, on the clipboard. |
| PRINT SCREEN | CTRL+ALT+PLUS SIGN (+) | Places a snapshot of the entire client windows area on the clipboard . |