MFA for Windows machines
Identity360 offers MFA designed specifically for the Windows operating system. This ensures that users—when attempting Windows interactive login, RDP sessions, and UAC prompts—undergo a secondary authentication process, strengthening the security of these access points. This critical measure ensures that only authorized personnel, with the right credentials, can make significant changes to the system or access the data stored on the systems.
Prerequisites for enabling MFA for Windows logins
- Identity360 MFA supports Azure AD-joined devices and Azure AD hybrid-joined devices. It is essential to configure Azure AD in Identity360 to ensure seamless and secure MFA on your Windows devices. Learn how to set up Azure AD in Identity360.
- Identity360's MFA and SSO license is required to enable MFA for Windows login.
- Install the IDSecurity Agent on the necessary devices to enable MFA for endpoints.
Actions |
Azure AD-joined devices |
Azure AD hybrid-joined devices |
Interactive login |
Yes |
Yes |
Unlock |
Yes |
Yes |
UAC |
Yes |
Yes |
RDP server |
No |
Yes |
RDP client |
No |
Yes |
Note: Azure-registered devices are not supported as of now.
Steps to enable MFA for Windows machines
MFA configuration
- Navigate to the Applications tab and go to Multi-factor Authentication > MFA for Endpoints.
- Enable MFA for Windows machines by selecting the Enable option.
- Select the number of authentication factors from the drop-down menu available. Refer to the Authenticators Setup page for the list of supported authentication methods, and how to configure them.
- Choose the authenticators from the Choose Authenticators drop-down menu.
- In the Advanced Settings section, configure Windows actions such as RDP, UAC, machine logins, and other settings.