Versions Compared

Old Version 14

changes.mady.by.user Adam Darwin

Saved on

compared with

New Version 15

changes.mady.by.user Adam Darwin

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Download the off-the-shelf installer package and unzip it to a local folder on your PC, e.g. "D:\Software\CLO for Entra ID\Custom Package"

Image RemovedImage Added


The package contains the following files:

FILEFile

Description
computer-logon-for-entra-id-win64ma.msiComputer Logon Agent installer

config.json

Configuration file
domain_policy.jsonDomain policy file
system_policy.jsonSystem policy file
install-clo.batBatch commands for custom installation
deploy.ps1

Power Shell PowerShell commands for Intune deployment

remove.ps1Power Shell PowerShell commands for Intune deployment
detection_rule.ps1Power Shell PowerShell commands for Intune deployment

...

The Deepnet Computer Logon Agent for Entra ID Modern Authentication requires a custom configuration file in order to function correctly for the users. You must customise the configuration file with your own data.

Open the config.json in a text editor, such as Notepad

Image Added

The Deepnet Computer Logon Modern Authentication support both Azure AD (Entra ID) joined PCs and On-Prem AD joined PCs. The block "Azure AD" includes MFA server settings for Azure AD, and the block "OnPremAD" includes MFA server settings for On-Prem AD.

Customise Azure AD SettingsImage Removed

If the application you set up for Computer Logon with MFA supports single tenant

...

Now, replace "YOUR-CLIENT-ID" with the "application (client) ID"

Image Added

Next, you need to add the list of netbios names and domain DNS names used in your organisation.
If you only need to implement Computer Logon MFA for Azure AD only, then you do not need to add netbios names.

Image Added

Save the configuration file.Image Removed

Step 3: Customise the domain policy

...


onlineoffline
bootup login
local\offline\MfaPolicy\loginMfa
screen unlock
local\offline\MfaPolicy\unlockMfa
elevated access
local\offline\MfaPolicy\uacMfa


Options for Domain Users


onlineoffline
bootup loginazuread\online\MfaPolicy\loginMfaazuread\offline\MfaPolicy\loginMfa
screen unlockazuread\online\MfaPolicy\unlockMfaazuread\offline\MfaPolicy\unlockMfa
elevated accessazuread\online\MfaPolicy\uacMfaazuread\offline\MfaPolicy\uacMfa


If you wish to customise some of those options, then you need to edit the "domain_policy.json" file in a text editor and change the corresponding options. 

...