Log into the DualShield Admin Console and go to Administrator>Policies. In the policies page select Computer Logon Client from the Categories drop-down list, and then edit the relevant Computer Logon Client Policy.
Expand the UAC (User Access Control) tab on the Policy Edit screen.
Click on the Authentication drop-down list
Here is a breakdown on what these options do:
| Option | Details |
|---|---|
| Decided by Logon Policy | The Authentication setting in the Logon Policy determines if MFA is required or not. See Logon Policy - Authentication |
| Multi-Factor Authentication | The second factor will be enforced. The DualShield Computer Logon Client UI will pop up, prompting for the second factor, after the admin account credentials have been provided. |
| AD Password Authentication Only | The second factor will not be enforced. The DualShield Computer Logon Client UI will not pop up after the admin account credentials have been provided. |
| 2nd-Factor Authentication Only (Use Cached Password) | This Option will not work for UAC. |
Here is a breakdown for more information regarding the SKIP MFA options:
| Option | Details |
|---|---|
| Skip MFA within ? minutes of last UAC prompt: | If a second factor is required after entering the admin user credentials, the initial UAC prompt will only trigger it once. You will not be asked for the second factor again until after the number of minutes you have set here |
| Skip MFA within ? hours of last login: | This function will only work if the admin user has signed into the machine using their own account credentials. Once they have signed in, even if they log out and the PC is signed in as a domain user, MFA will not be required for UAC with admin user credentials for the specified time period. |