hi
https://learn.microsoft.com/en-us/azure/active-directory/authentication/howto-mfa-getstarted
https://learn.microsoft.com/en-us/azure/active-directory/authentication/howto-mfa-mfasettings
This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
We currently require MFA to authenticate workstations to login to windows 10 each day, we also use azure MFA for O365 access. Would like to reduce our cost with duo and utilize our Azure Premium P2 subscription to require MFA for workstation logins. Is this possible? We are a hybrid environment (on prem AD) syncing with Azure AD and password writeback .
Documentation or other material to accomplish this goal would be appreciated.
@Anonymous Thank you for reaching out to us, As I understand you are looking to have a mfa solution for your client devices at the time of login ( at ctrl-alt-del screen), we don't have a direct mfa integration like duo at login screen, however you can refer to this article for detailed steps - https://learn.microsoft.com/en-us/azure/active-directory/authentication/howto-mfa-nps-extension-rdg enables secure verification for users attempting to sign in to a Remote Desktop Gateway.
Would recommend Windows Hello for Business option - replaces passwords with strong two-factor authentication on devices. This authentication consists of a type of user credential that is tied to a device and uses a biometric or PIN.
Refer to this article for more information - Windows Hello for Business Overview
We have different windows hello for business deployment models based on the existing environment - https://learn.microsoft.com/en-us/windows/security/identity-protection/hello-for-business/hello-identity-verification
Windows Hello for Business cloud Kerberos trust is the recommended deployment model when compared to the key trust model. It is also the preferred deployment model if you do not need to support certificate authentication scenarios.
Let me know if you have any further questions, feel free to post back.
Please remember to "Accept Answer" if answer helped, so that others in the community facing similar issues can easily find the solution.