We are considering letting users use RD gateway to work remotely via their personal devices.
Since only screen pixels are being transferred, it doesn't appear as if this is a possible way to transmit malware from their PC to the corporate network via a RD Gateway connection that has file transfer and clipboard use disabled, but if their machine is compromised, they could have a keylogger installed that could capture credentials.
I know we can use MFA for the RD Gateway login, but once they are logged in, the keylogger on their infected device could still capture credentials as the user logs into other things.
Is there any way to protect against this other than having MFA authentication on everything the user ever logs into?