Deploying a Windows Logon Agent

The AuthAnvil Windows logon Agent offers companies the ability to add strong multi-factor authentication to Microsoft’s Windows client and server operating systems. It provides a simple and consistent logon experience no matter if they logon at the local desktop or through a terminal session. And it offers identity assurance by requiring users to provide their AuthAnvil MFA Auth passcode during the logon process.

Note: This agent is installed on a per machine basis. 

Note: This agent requires that the AAoD username and the Windows username must be matching.

Supported Operating Systems

  • Windows 8
  • Windows 8.1
  • Windows 10
  • Server 2012
  • Server 2012r2
  • Server 2016

Note: This agent does not support x86 versions of Windows. If you need an x86 agent please see the agents listed in this section.

To configure a Windows Logon agent please follow these steps

First create a Policy for this agent.

  1. Log into your tenant https://(your company)
  2. Select Policy Manager.
  3. Select the Add icon (small green + sign in the bottom right corner). 
  4. Name the Policy
    Example: Windows Logon Agent.
    Set your Policy Elements & Actions.
    Note: This policy must not allow for simple passwords. Require MFA must be used.
  5. When you have your policy completed select Save changes.



  1. Select Auth Manager.
  2. Select the Add icon (small green + sign in the bottom right corner). 
  3. Select Windows Logon.
  4. Configure the agent.
    Select Agent is enabled.
    Select the policy you created in Step 4.
  5. Select Windows Logon Configuration.
    Note: 'Enforce MFA on RDP Only' is not supported on versions of Windows earlier than Windows 8 and Windows Server 2012.                                                                                                           Note: It is recommend that you set an Override Password for all installs.
    Note: You will need to manually create the AuthAnvil Override Group in Active Directory (Windows security group for stand alone machines).
  6. Select Add Agent.
  7. Select the Agent from the agent list in Auth Manager.
  8. Select Download Installer.
  9. Copy the installer AAWinLogonCP.msi file to the target x64 Windows Server/Desktop/Workstation.
    Note: The installer must be on the local machine and not run from a shared drive like Lancache.
  10. Run the MSI AAWinLogonCP.msi
    Note: If installing on a DC or where there might be excessive UAC style controls enabled you can run the MSI from an elevated command.
  11. Select Run if prompted.
  12. Select Next.
  13. Accept the Terms of Use. Select Next.

  14. Logon Agent configuration. Set the following.
    Home Realm: (This your tenant (your company)
    ID: (This will be provided on the agent information screen where you downloaded the agent).
    Key: (This will be provided on the agent information screen where you downloaded the agent).
  15. Select Next.
  16. Select Install.
  17. Select Finish.


Test the agent

  1. Lock the desktop. You should now see the following.
  2. Enter the user's Windows Password.
  3. You should receive a Push notification automatically. If the push fails you will receive an MFA prompt for the passcode. Open the Authenticator app. Tap your username. This will provide you with your one time password.


Was this article helpful?
0 out of 0 found this helpful
Have more questions? Contact us