So the real problem is that MS has made it difficult and/or expensive to implement native MFA for Windows login and RDP authentication. They do with smart cards / PIV (can use hardware secure keys like YubiKey) and Windows Hello. So, if you had like 10 computers, if they all login with the same username then that's only 1 user but also if you have 10 people validate with the same 2FA device you can bind those 10 usernames to one 'account' and that's only a single "user" as well. If you look how it's setup it, one of the methods for the push is by username. I feel like if you were creative you could use it for A LOT of users for free. It is included with certain other subs like M365 E3. Don't have personal experience with it so can't say if that is true.īeyond that, you also have Azure MFA which requires a 365 subscription. I have heard from an associate, but don't quote me, that if you implement Duo free they let it ride far beyond 10 users. I've used it for myself and our small business for a years for a grand total of $0. If you don't have many users and you make sure that you setup everything for Push notifications and not SMS then there's nothing you'd be required to pay for. This is technically a 'hybrid' setup but I believe you can setup a Hello certificate server and pass the MFA. In this scenario you can use federation services for MFA.
When you setup a system with TPM and deploy Hello for Business then you have an authorized device, an authorized user, encryption, SSO, use of a PIN and biometrics. That's really what they give you for free. Technically Windows Hello is multifactor authentication. Of course, the real answer is that if Microsoft took security seriously, there would be MFA baked into on premise AD at no additional cost. I'd also guess that there aren't all that many AD setups with only 10 users, so that's more of a trial/get you hooked thing. Sure, but the OP tossed out a 200 user environment. SO if you only have a few users, it's free
It's also pretty much free if you configure it properly.Ĭare to elaborate on how Duo can implemented for free?ĭuo is free for up to 10 users.
0 kommentar(er)
