You are here: Reference > Console > Server administration > MFA restrictions
UserLock MFA can be enabled for any user, group or OU in your Domain. Choose granular settings to define your MFA policy by the type of operating system (Workstation or Server), the connection type (Local or Remote), and the frequency with which MFA is asked (at every connection, every N days.) There is also an option to help with the onboarding process to allow users to skip the MFA configuration for a defined number of days.
Configure all these settings in the "Multi-factor authentication" section of the protected account properties.