Adding Multi-Factor Authentication to Windows LogonMichael Urgero 01/04/2021, Company News
Look at how far we’ve come over the years. The introduction and mainstream use of virtualization in the data center, cloud and the work from anywhere – software as a service movement - has sparked some amazing opportunities from the rapid development of business ideas to remotely supporting critical systems and customers. Not all that long ago, we were a much more analog group, much more manual and hands-on in our methods.
Coming with the high-speed rush of new technologies that are fully intended to make lives easier, there are also new security threats and new issues to care for and consider. We’ve gone to great lengths to ensure that our employees have easy and secure access to the business, and that our system operators can keep those systems running. Have we done enough? How will we know? These are some of the things on the minds of IT execs as they lay awake into the night.
This is where trust comes in. It’s talked about often in the tech circles these days, especially when it comes to employees and contract workers. It sounds simple enough to trust the people you work with and most of us do, sometimes blindly.
I’ve recently implemented our SecurEnvoy SecurAccess solution with a mid-size customer here in Chicago. Securing the Cisco VPN was a breeze. Now that their workforce was remote, they felt the need to provide multi-factor authentication to employees using the VPN to assure they know, factually, that the person logging in, is who they say they are.
One of the parts that’s often missed is the authentication to the laptop or the server itself. The desktop interface of these devices is where all the action is and it should be just as secure. New virtualized, cloud and hybrid solutions make accessing these devices almost an entirely remote affair. With the exception of accessing your laptop directly, everything else you do in a day is pretty much done on systems elsewhere. One could argue that Microsoft simply doesn’t do enough with it’s traditional username and password and what’s more; Windows Hello is difficult to deploy, manage and has it’s own share of issues, ask any help desk administrator and you’ll get an ear full.
Securing these corporate assets is an urgent issue, and our customer knew that. They selected our solution specifically for our integrated SecurEnvoy Windows Logon Agent. Our solution installs directly on the laptop or server and protects the Windows Logon process with true multi-factor authentication.
By doing this, verification of the username and password is challenged and verified with the trust of multi-factor authentication quickly and easily. Our customer has deployed our SecurEnvoy Windows Logon Agent to all corporate end-point devices as well as all servers in the data center, both physical and virtual to assure the identity of employees as they authenticate.
Here’s the experience;
The initial prompt is the same as it always has been, asking for a username and password.
You are immediately prompted for the multi-factor token, which is available in a variety of methods. Everything from push notifications to a mobile device, SMS messaging, physical tokens or manual entry to name just a few.
Here’s what the configuration looks like;
The configuration above in essence, secures the Windows 10 laptop with multi-factor authentication for both in-person local authentication and remote connections over RDP. You can secure other ports as needed.
There are two SecurEnvoy SecurAccess Authentication Servers set for failover availability, however the system will operate even when completely off-line. You can also see that membership to a Microsoft Active Directory Security Group is a trigger that determines if the user will be prompted for the second factor.
This is the same agent that would be loaded on both Windows 10 devices and Windows Servers as well. This software can be distributed using any of the common methods, from Active Directory to third party deployment tools.
For more details, and to get a demo and talk about our solutions, feel free to give us a call. Be sure. Be Confident. SecurEnvoy.