RDP Sessions + MFA Client Software

When starting up a Windows RDP session from a computer that has the MFA Client software installed, the user will first be prompted to use their last provided authentication method.

Example: If you logged in with your contactless card, you will be asked to provide your card.

The MFA software is working as intended with this functionality but you will still have the "Other Options" to select a different means of logging in. To skip the "Other Options" workaround, the following methods can be used to "blank out" the last credential provider before launching the RDP connection and present all options available when prompted for credentials.

Method 1 - Command Line

1. Open an elevated command prompt on the machine performing the RDP session.
2. Run the following command:

REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\LogonUI" /v "LastLoggedOnProvider" /t REG_SZ /d "" /f

*The command above is all one line.

Method 2 - .reg File

1. Copy/paste the block of code below to your text editor of choice.
2. Save as .reg and run the file.

Windows Registry Editor Version 5.00 File
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\LogonUI]
"LastLoggedOnProvider"=""