Thanks Sean
The idea is that people connecting from off-site go to a specific URL (i.e remote.mydomain.com).
When they connect they will need to be prompted for MFA, likely Azure. Once MFA is succesful, they should be able to connect desktop.
Internal connections will go via on-site specific URL (i.e. internal.mydomain.com). Internal connections may need to use MFA (or maybe only some of them based on access policy)
I am trying to determine the following, Is it advisable to use one set of connection servers for both external and internal connections. I know that this is a supportable configuration but not sure if it is when MFA comes in to play?
I am assuming that Azure MFA will be used so it involves setting up the enterprise application. Is it possible/advisable to use a single enterprise application for both external and internal MFA requirements?
External connections would go via a UAG but not planning to do that for internal connections, unless it simplifies the overall setup.
Hope this makes sense.
Cheers