...
| Option | Details |
|---|
| Decided by Logon Policy | The Authentication setting in the Logon Policy determines if MFA is required or not. See Logon Policy - Authentication |
| Multi-Factor Authentication | The second factor will be enforced. The DualShield Computer Logon Client UI will pop up, prompting for the second factor, after the admin account credentials have been provided. |
| AD Password Authentication Only | The second factor will not be enforced. The DualShield Computer Logon Client UI will not pop up after the admin account credentials have been provided. |
| 2nd-Factor Authentication Only (Use Cached Password) | This Option will not work for this policy. Instead, refer to Passwordless Authentication in Computer LogonUAC. |
Here is a breakdown for more information regarding the SKIP MFA options:
| Option | Details |
|---|
| Skip MFA within ? minutes of last UAC prompt: | If a second factor is required after entering the admin user |
admin | credentials, the initial UAC prompt will only trigger it once. You will not be asked for the second factor again until after the number of minutes you have set here |
| Skip MFA within ? hours of last login: | This function will only work if the admin |
_| user has signed into the machine using their own account credentials. Once they have signed in, even if they log out and the PC is signed in as a domain user, MFA will not be required for UAC with admin user credentials for the specified time period. |