In order to secure an organization by protecting the endpoints in its network, you can implement the following:
Enforce Endpoint MFA
To protect the organization's endpoint machines (Windows, macOS, and Linux machines), you can enable the Endpoint MFA feature. This feature adds a layer of MFA along with the existing Active Directory domain authentication. So, even if attackers misappropriate domain users' credentials, they still need to complete the successive stages of authentication to gain access to the users' machines. Endpoint MFA also protects endpoints during remote access.
Click here to know how to configure the feature.
Configure the Password Policy Enforcer
Passwords, when compromised, end up as a huge security risk for organizations. The creation of strong passwords is a necessary step in protecting an organization's resources. You can set advanced password policy controls using ADSelfService Plus' Password Policy Enforcer. Using this feature, a custom password policy can be created for an organization and users can be forced to adhere to it strictly, thereby preventing them from setting weak passwords that may jeopardize the security of an organization. These password policies are also enforced across all the on-premises and cloud enterprise applications integrated using the Password Synchronization and Single-Sign On feature.
A variety of complexity rules like a minimum number of special and numeric characters, disallowing the use of dictionary words, disallowing palindromes and much more are provided. Once configured, an interactive UI is rendered to ensure that the newly created passwords are compliant with the configured password policy.
To truly secure the endpoints in an organization, the password policies created using the feature can be enforced password changes using the Windows GINA/CP (Ctrl+Alt+Del) screen and Active Directory Users and Computers (ADUC) console password resets. This can be achieved by installing the ADSelfService Plus login agent and the Password Sync Agent. To know how to configure the Password Policy Enforcer,
Click here.
Password expiration notification
By configuring a password expiration time, AD domain users are encouraged to change their passwords regularly, thereby preventing security attacks on the organization’s endpoints. Unfortunately, users may sometimes forget to change their passwords before expiry, leading to them losing access to their machines. Through ADSelfService Plus'
Password Expiration Notification feature, users can receive e-mail, SMS and push notifications for password and account expiration. This ensures that users change their passwords well in advance, thereby having constant access to their domain accounts.
Click here to know more about Password Expiration Notification.