View Source

The MFA Policy controls whether MFA is enabled or not in the following 3 scenarios:

Boot Login
Screen Unlock
Elevated Access (UAC)

It also controls the frequency of the MFA requirement.

DualShield MFA Platform > Configuration : MFA Policy > image-2026-4-8_18-41-59.png

The Computer Login MFA solution provides a highly flexible and granular policy control system, enabling you to define MFA policies across multiple levels.

You can set the MFA Policy on the following levels:

System Policy
1. Online
2. Offline
Domain Policy
1. Local
2. Entra ID
  1. Online
  2. Offline
3. On-Prem AD
  1. Online
  2. Offline

In total, there are 7 scenarios where you can define the MFA Policy. Namely

Scenario	Location	Comment
1.a	System Policy\Online
1.b	System Policy\Offline
2.a	Domain Policy\Local\Online
2.b.i	Domain Policy\Entra ID\Online
2.b.ii	Domain Policy\Entra ID\Offline
2.c.i	Domain Policy\On-Prem AD\Online
2.c.ii	Domain Policy\On-Prem AD\Offline

To edit the MFA Policy, navigate to the specific location in the Deepnet Configuration Editor. For example, Domain Policy\Entra ID\Online

DualShield MFA Platform > Configuration : MFA Policy > image-2026-4-8_19-3-43.png