MFA for Windows machines

Identity360 offers MFA designed specifically for the Windows operating system. This ensures that users—when attempting Windows interactive login, RDP sessions, and UAC prompts—undergo a secondary authentication process, strengthening the security of these access points. This critical measure ensures that only authorized personnel, with the right credentials, can make significant changes to the system or access the data stored on the systems.

Prerequisites for enabling MFA for Windows logins

  1. Identity360 MFA supports Azure AD-joined devices and Azure AD hybrid-joined devices. It is essential to configure Azure AD in Identity360 to ensure seamless and secure MFA on your Windows devices. Learn how to set up Azure AD in Identity360.
  2. Identity360's MFA and SSO license is required to enable MFA for Windows login.
  3. Install the IDSecurity Agent on the necessary devices to enable MFA for endpoints.
Actions Azure AD-joined devices Azure AD hybrid-joined devices
Interactive login Yes Yes
Unlock Yes Yes
UAC Yes Yes
RDP server No Yes
RDP client No Yes
Note: Azure-registered devices are not supported as of now.

Steps to enable MFA for Windows machines

MFA configuration

  1. Navigate to the Applications tab and go to Multi-factor Authentication > MFA for Endpoints.
  2. Enable MFA for Windows machines by selecting the Enable option.
  3. Select the number of authentication factors from the drop-down menu available. Refer to the Authenticators Setup page for the list of supported authentication methods, and how to configure them.
  4. Choose the authenticators from the Choose Authenticators drop-down menu.
  5. In the Advanced Settings section, configure Windows actions such as RDP, UAC, machine logins, and other settings.
    6. MFA for endpoints
Navigate to Previous Previous Topic Next Topic Navigate to next

Copyright © 2024, ZOHO Corp. All Rights Reserved.