We just deployed multi-factor authentication at another Managed Services Client

,

Quickly and Easily Secure Local Microsoft Windows Logins

Administrators and users often have a lot of sensitive information stored in their Windows laptops and desktops or local machines. Even with the availability of cloud file sharing and storage services such as Office 365, Google Docs, Box and Dropbox, users tend to keep copies of a file on their local machine. Users may download these files to make edits/changes or keep backup copies on their local machine. Once on the local drive, they remain on the device until actively removed by the user. Depending on their roles and responsibilities, users can have information about the company product, customers, financial, legal, etc.

While information on local machines is less prone to remote attacks, there are other risks to consider. A lost or stolen device could expose sensitive information to unauthorized users. In addition regulated industries such as healthcare, financial services, government require organizations protect login access to local machines. One of the ways to protect login access is to use multi-factor authentication (MFA) when users login to their devices. For example, government affiliated organizations such as military contractors are regulated by the Defense Federal Acquisition Regulation Supplement (DFARS).

DFARS requires these organizations follow strict data protection standards outlined in NIST SP 800-171, which mandates “multi-factor authentication for local and network access to privileged accounts.” DFARS requires that local machine logins are secure regardless of whether the machine is online or offline.

Compliance and Protection for Microsoft Windows Logins

To help protect against data exposure and easily meet industry compliance requirements, Duo provides administrators several easy options to protect Microsoft Windows machines. Duo protects the machines whether they are online or offline.

To protect Windows logins, Duo provides a simpler installer which can be installed in a few minutes. After the installation, admins can automatically enroll users through one of the techniques outlined in this document. After enrollment, Duo prompts the users to authenticate when they log into their Windows machines.