I am currently investigating in royal server but yet alone the windows server license exceeds the cost of authlite for one user. So probably I will stick to RoyalTS without Royal Server (but I need some kind of 2FA anyway).
Authlite is a two-factor authentication for Active Directory. It works with YubiKeys.
It supports native windows rdp protocol by installing a small program on the rdp target machine.