Versions Compared

Old Version 6

changes.mady.by.user Paul Ruvin

Saved on

compared with

New Version Current

changes.mady.by.user Paul Ruvin

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Section
bordertrue


Column

On the Administration Console go to Shortcuts>Check Policies


Column
width60%


Panel
borderColor#9EBEE5
bgColor#f0f0f0
borderWidth1px




First, create a domain-held policy Logon Policy to ensure MFA is required for all users on the StandAlone machine

Section
bordertrue


Column

Click on  on the top right.

Set these Values in the Policy - New Window

OptionValue
Category:

Computer Logon Client

Holder:

Domain

Domain:Enter the virtual domain name
Name:Enter a user-friendly name
Enabled:True



Column
width60%


Panel
borderColor#9EBEE5
bgColor#f0f0f0
borderWidth1px

Image RemovedImage Added




Section
bordertrue


Column

Expand General Authentication and check Enable MFA on local computer logonselect  MFA is required for all users from the drop down,


Column
width60%


Image Removed
Panel
borderColor#9EBEE5
bgColor#f0f0f0
borderWidth1px

Image Added




Save the new Logon policy.


It is also recommended to exempt at least one local account from MFA (usually the local administrator account)  just in case there is an issue that prevents the end user from being able to log on, the administrator will still have access without being challenged.

Section
bordertrue


Column

Click on Image Added on the top right.

Set these Values in the Policy - New Window

OptionValue
Category:

Logon

Holder:

User

Domain:Enter the virtual domain name
User:Enter the name of the account you wish to exempt (e.g Administrator) 
Name:Enter a user-friendly name
Enabled:True



Column
width60%


Panel
borderColor#9EBEE5
bgColor#f0f0f0
borderWidth1px

Image Added




Section
bordertrue


Column

Expand Authentication and select  MFA is not required for all users from the drop down,

Scroll down the policy and expand Offline Logon

Check Enforce MFA on Local Computer Logon and Download Offline Tokens Automatically


Column
width60%


Panel
borderColor#9EBEE5
bgColor#f0f0f0
borderWidth1px

Image RemovedImage Added




Save the new Computer Logon Client policypolicy.

Now create the offline policies that will be needed once you remove the machine from the network.

Section
bordertrue


Column

Click on  on the top right.

Set these Values in the Policy - New Window

OptionValue
Category:

Windows OfflineComputer Logon Client

Holder:

Domain

Domain:Enter the virtual domain name
Name:Enter a user-friendly name
Enabled:True



Column
width60%


Panel
borderColor#9EBEE5
bgColor#f0f0f0
borderWidth1px

Image Added




Section
bordertrue


Column

Expand General and check Enable MFA on local computer logon


Column
width60%


Panel
borderColor#9EBEE5
bgColor#f0f0f0
borderWidth1px

Image Added




Section
bordertrue


Column

Scroll down the policy and expand Offline Logon

Check Enforce MFA on Local Computer Logon and Download Offline Tokens Automatically


Column
width60%


Panel
borderColor#9EBEE5
bgColor#f0f0f0
borderWidth1px

Image RemovedImage Added




Save the new Windows Offline policyComputer Logon Client policy

Create an additional Computer Client Logon Policy which will exempt the Administrator account from MFA logonIt is also recommended to exempt at least one local account from MFA (usually the local administrator account)  just in case there is an issue that prevents the end user from being able to log on, the administrator will still have access without being challenged.

Section
bordertrue


Column

Click on  on the top right.

Set these Values in the Policy - New Window

OptionValue
Category:

Computer Logon Client

Holder:

User

Domain:Enter the virtual domain name
User:Enter the name of the account you wish to exempt (e.g Administrator) 
Name:Enter a user-friendly name
Enabled:True



Column
width60%


Panel
borderColor#9EBEE5
bgColor#f0f0f0
borderWidth1px

Image RemovedImage Added




Section
bordertrue


Column

Expand Authentication and select  MFA is not required for all users from the drop down,General. Leave all checkboxes blank.


Column
width60%


Panel
borderColor#9EBEE5
bgColor#f0f0f0
borderWidth1px

Image Added




Section
bordertrue


Column

Scroll down the policy and expand Offline Logon

Leave all checkboxes blank.


Column
width60%


Panel
borderColor#9EBEE5
bgColor#f0f0f0
borderWidth1px

Image Added




Save the new Computer Logon Client policy

Section
bordertrue


Column

Click on Image Added on the top right.

Set these Values in the Policy - New Window

OptionValue
Category:

Windows Offline

Holder:

Domain

Domain:Enter the virtual domain name
Name:Enter a user-friendly name
Enabled:True

Check Enforce MFA on Local Computer Logon and Download Offline Tokens Automatically



Column
width60%


Panel
borderColor#9EBEE5
bgColor#f0f0f0
borderWidth1px

Image RemovedImage Added



Save the new Logon policy.Windows Offline policy

Create an additional Windows Offline Policy which will exempt the Administrator account from MFA logon.

Section
bordertrue


Column

Click on Image Added on the top right.

Set these Values in the Policy - New Window

OptionValue
Category:

Computer Logon Client

Holder:

User

Domain:Enter the virtual domain name
User:Enter the name of the account you wish to exempt (e.g Administrator)
Name:Enter a user-friendly name
Enabled:True

Leave all the enforce MFA checkboxes blank.


Column
width60%


Panel
borderColor#9EBEE5
bgColor#f0f0f0
borderWidth1px

Image Added