Windows Logon Agent Advanced Policies

The Passly Windows Logon Agent has some unique policies that can be enabled. This article contains some working examples that will help you with your agents.
Note: For help deploying a Windows Logon agent please see this article

 

2FA Base Logon Policy

This policy requires the user to provide second factor authentication. The supported second factor authentication types are listed in the ‘Require 2FA’ Section of the Policy.
NOTE: The ‘Set Allowed Methods’ section with all options unchecked MUST be included.

1.png

 

Policy With Internal IP Restrictions

This policy adds an Internal IP restriction. In this case, if the Internal IP is 10.1.1.1 then the Authentication request will be rejected.
NOTE: The ‘Set Allowed Methods’ section with all options unchecked MUST be included.

2.png

Policy With IP Restrictions

This Policy adds a ‘Sign In IP’ (IP address of the device) restriction. In this case any IP address that in within the range of 4.34.208.146/31 (this is CIDR notation and this range means anything between 4.34.208.146 and 4.34.208.147) will be rejected.
NOTE: The ‘Set Allowed Methods’ section with all options unchecked MUST be included.
3.png

Policy With Trusted Devices

This policy will trust the device where the Windows Logon Agent is deployed once the user has successfully signed in using 2FA. The trust will remain in place based on the Time criteria set in the ‘Device Behaviors’. This means that the next time the user signs into this device, here will be no 2FA prompt. Assuming the loggin attempt falls within the given time criteria range.
NOTE
: The ‘Set Allowed Methods’ section with all options unchecked MUST be included.

4.png

 

 

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Contact us