Forum Discussion

JHanson1821's avatar
JHanson1821
Copper Contributor
May 12, 2021

Enabling MFA on admin level access to On premise AD

Hello everyone. I've run into a puzzler and I'm hoping someone can give me a tip on how to solve this. I have received a "cyber security attestation" document from a major insurance provider and must...
DaveSysAdmin83's avatar
DaveSysAdmin83
Copper Contributor
Oct 06, 2021

JHanson1821 

I believe that my company has the same cyberSec Insurance company because we received the exact same attestation statement. 

We have been scrambling a bit to find a viable solution for the requirements. Specifically the one referenced in your original post. Securing remote/internal access to ActiveDirectory and other RSAT tools. 

We currently use DUO as our MFA solution, and are in the process of deploying the DUO for RDP https://duo.com/docs/rdp to protect our endpoints and servers from remote login. 

 

I have not identified any viable solutions which integrate with DUO for remote access to the RSAT services. What were some of the solutions that you had identified and considered. 

JHanson1821's avatar
JHanson1821
Copper Contributor
Oct 07, 2021

DaveSysAdmin83 

As I said here, the only option I investigated thoroughly enough to complete a POC is the one I personally chose, which is Authlite. Most people who answered this question didn't understand the difference between putting MFA on a Domain Controller at log in (not at all the requirement) vs putting MFA on administrative access to AD and all it's component tools. So since the question is frequently misunderstood, your mileage may vary on if these are viable answers or not. Here are a couple of other ones that were suggested to me, in no particular order:

isdecisions UserLock

Secret Double Octopus

WiKID

 

Good Luck in your journey.

Resources