Versions Compared

Old Version 15

changes.mady.by.user Adam Darwin

Saved on

compared with

New Version Current

changes.mady.by.user Adam Darwin

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Take Follow the following steps tp below to prepare the installation filesconfiguration files for Entra-joined PCs.

Table of Contents

Step 1: Download the off-the-shelf installer package

Include Page
Download the
off-the-shelf installer package and unzip it to a local folder on your PC, e.g. "D:\Software\CLO\Custom Package"

Image Removed

The package contains the following files:

...

File

...

config.json

...

PowerShell commands for Intune deployment

...

Computer Logon Modern Authentication package
Download the Computer Logon Modern Authentication package

Step 2: Customise the configuration file

The Deepnet Computer Logon Modern Authentication requires a custom configuration file in order to function correctly for the users. You must customise the configuration file with your own data.

...

The Deepnet Computer Logon Modern Authentication support supports both Azure AD (Entra ID) joined PCs and On-Prem AD joined PCs. The block "Azure AD" includes MFA server settings for Azure AD, and the block "OnPremAD" includes MFA server settings for On-Prem AD.Customise

Enter Azure AD Settings

If you have PCs that are joined to the Azure AD, then you need to change "YOUR-CLIENT-ID" and "YOUR-TENANT-ID" in the "AzureAD" data block.

We assume that for Azure AD joined PCs, you will use Azure MFA to authenticate users when the PC is connected to the internet.

If the application you set up for Computer Logon with MFA supports a single tenant only

thenThen, in the "AzureAD" block, replace "YOUR-TENANT-ID" in the configuration file with your Tenant ID in the Entra ID.

However, if the application you set up for Computer Logon with MFA supports multitenant

thenThen, in the "AzureAD" block, replace "YOUR-TENANT-ID" in the configuration file with the word "common"

NowNext, replace "YOUR-CLIENT-ID" with the "application Application (client) ID" of the application that you have set up for Computer Logon.

Below is an example:

Enter On-Prem AD Settings

If you have PCs that are joined to the On-Prem AD or hybrid joined, then you need to change "YOUR-CLIENT-ID" and "YOUR-DUALSHIELD-FQDN" in the "OnPremAD" data block.

We assume that for On-Prem AD joined PCs, you will use DualShield MFA to authenticate users when the PC is connected to the network.

Add Domain & NetBios Names

Next, you need to add the list of netbios NetBIOS names and domain DNS names used in your organisation. The Computer Logon solution utilizes NetBIOS names and domain DNS names to differentiate between personal and business accounts.  
If you only need to implement Computer Logon MFA for Azure AD only, then you do not need to add netbios NetBIOS names.

Save the configuration file.

Step 3: Customise the domain policy

Computer Logon for Entra ID supports many MFA scenarios, including

...

Expand
titleSet up policy options for offline MFA for local users...

Include Page
Set up policy options for offline MFA for local users
Set up policy options for offline MFA for local users

Step 4: Customise the license key file

Include Page
Customise the Computer Logon MA License
Customise the Computer Logon MA License