Avatar of David
David
Flag for United States of America asked on

MFA Procedure/Security Recommendations

Looking for recommendations regarding Duo MFA setup/should users be required to use MFA at login to PC and for VPN or one or the other.

What factors might affect this decision?
OS SecurityNetwork SecuritySecurity

Avatar of undefined
Last Comment
madunix

8/22/2022 - Mon
David Johnson, CD

both or at a minimum login
David

ASKER
That was my thought as well.... I was questioning the decision because a cyber security company we work with said VPN instead of login.
btan

My environment is both. Gone are days we rely in one factor as threat vector becomes sophisticated. I guess "they" are thinking of physical security, managed device and there is bitlocker in place hence one factor is risk mitigated.
Each security layer would assumed to fail and authentication is one critical layer which should target higher security level at machine and apps level. Ultimately dependent on risk appetite.

Here is Authentication method strength and security:(source: link)
48255-capture.pngIf you don't want to use Windows hello for business, you could try with hardware token or phone.
Your help has saved me hundreds of hours of internet surfing.
fblack61
David

ASKER
Thank you both!
kevinhsieh

Absolutely for VPN, and maybe for device login.

I would never do no MFA on VPN unless you were using certificate based authentication for the VPN.

If you can also do strong authentication to a device, that is a bonus.
ASKER CERTIFIED SOLUTION
madunix

THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
GET A PERSONALIZED SOLUTION
Ask your own question & get feedback from real experts
Find out why thousands trust the EE community with their toughest problems.