MFA for Windows machines

Identity360 offers MFA designed specifically for the Windows operating system. This ensures that users—when attempting Windows interactive login, RDP sessions, and UAC prompts—undergo a secondary authentication process, strengthening the security of these access points. This critical measure ensures that only authorized personnel, with the right credentials, can make significant changes to the system or access the data stored on the systems.

Prerequisites for enabling MFA for Windows logins

1. Identity360 MFA supports AD-joined, Azure AD-joined devices and Azure AD hybrid-joined devices.
2. The User Principal Name (UPN) of AD or Azure AD users must match the primary email address of the corresponding Universal Directory user to link the accounts for MFA verification.
3. Identity360's MFA and SSO license is required to enable MFA for Windows login.
4. Install the IDSecurity Agent on the necessary devices to enable MFA for endpoints.

Steps to enable MFA for Windows machines

MFA configuration

1. Navigate to the Applications tab and go to Multi-factor Authentication > MFA for Endpoints > Windows Machines.
2. For configuring MFA, ensure that the Enable additional authentication factors box is checked, and choose the number of authentication factors and authenticators of your choice from the drop-down menu. Refer to the Authenticators Setup page for the list of supported authentication methods and their configuration details. For further customization such as RDP, UAC, machine logins, and other settings check the Advanced Settings.

Previous Topic Next Topic